External GitLab Pages and pages_external_url using HTTPS - Nginx fails to restart
Summary
When using an external GitLab Pages server, Nginx on the the main GitLab server fails to start after a reconfigure if pages_external_url
is set to a https
url.
Steps to reproduce
On the GitLab server, use this configuration in the /etc/gitlab/gitlab.rb
file:
pages_external_url "https://<GITLAB_PAGES_DOMAIN>"
gitlab_pages['enable'] = false
After a reconfigure, Nginx will fail to restart as it is expecting a certificate to exist in /etc/gitlab/ssl
for the pages hostname.
If gitlab_pages['enable']
is false
but no pages_external_url
is specified, there is no problem.
If gitlab_pages['enable']
is false
and pages_external_url
is set to a https
url, GitLab creates the Nginx Pages vhost file /var/opt/gitlab/nginx/conf/gitlab-pages.conf
which should not be created, since we are using an external GitLab Pages.
What is the current bug behavior?
gitlab_pages['enable'] = false
seems to be ignored and a Nginx vhost is created if pages_external_url
with a https
url exists.
What is the expected correct behavior?
gitlab_pages['enable'] = false
should be respected and the Nginx vhost for Pages should not be created if pages_external_url
with a https
url exists.
Workarounds
- Use a
http
(insecure) url forpages_external_url
- Add a SSL certificate to
/etc/gitlab/ssl
(untested)
Relevant logs
Relevant logs
==> /var/log/gitlab/nginx/current <== 2019-12-02_06:29:59.78343 nginx: [emerg] cannot load certificate "/etc/gitlab/ssl/GITLAB_PAGES_DOMAIN.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/gitlab/ssl/GITLAB_PAGES_DOMAIN.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)