Change to pages_external_url breaks access control app authorisation/secrets config
While setting up pages to run on a wildcard domain with TLS as per the following guide: https://docs.gitlab.com/ce/administration/pages/#wildcard-domains-with-tls-support
A change to
/etc/gitlab/gitlab.rb (for example if changing the url for pages content) appears to break the application authorisation when access control is enabled for gitlab pages with no clear way to fix/recreate it.
On attempting to access controlled pages, the auth redirect responds with the following error due to a mismatch (or missing app) in the client-id/secret.
An error has occurred
Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.
After trying several different things including manually adding a new gitlab-pages application and many reconfigures, the only way to get a working configuration was to delete the
"gitlab_pages" entry in
/etc/gitlab/gitlab-secrets.json which forces the reconfiguration to create a new application and set the secrets configuration to match it. (╯°□°)╯︵ ┻━┻
Maybe I missed something in the documentation about how to handle a change to the url?