尝试安装gitlab 6-5-stable，但有403 Forbidden

I followed all the installation process, but when I try to access the url gitlab an error displays "403 You do not have permission to access / on this server."

我遵循了所有安装过程，但是当我尝试访问url gitlab时，错误显示“403您无权访问/在此服务器上”。

bundle exec rake gitlab:env:info RAILS_ENV=production

捆绑exec rake gitlab：env：info RAILS_ENV =生产

System information
System: CentOS release 6.5 (Final)
Current User: root
Using RVM: yes
RVM Version: 1.21.7
Ruby Version: 1.9.3p448
Gem Version: 1.8.25
Bundler Version:1.3.5
Rake Version: 10.1.0

GitLab information
Version: 6.5.1
Revision: 2ffa03a
Directory: /home/git/gitlab
DB Adapter: mysql2
URL: http://git.intranet.ecore.com.br
HTTP Clone URL: http://git.intranet.ecore.com.br/some-project.git
SSH Clone URL: git@git.intranet.ecore.com.br:some-project.git
Using LDAP: yes
Using Omniauth: no

GitLab Shell
Version: 1.8.0
Repositories: /home/git/repositories/
Hooks: /home/git/gitlab-shell/hooks/
Git: /usr/bin/git

bundle exec rake gitlab:check RAILS_ENV=production

捆绑exec rake gitlab：检查RAILS_ENV =生产

Checking Environment ...

Git configured for git user? ... yes
Has python2? ... yes
python2 is supported version? ... yes

Checking Environment ... Finished

Checking GitLab Shell ...

GitLab Shell version >= 1.7.9 ? ... OK (1.8.0)
Repo base directory exists? ... yes
Repo base directory is a symlink? ... no
Repo base owned by git:git? ... yes
Repo base access is drwxrws---? ... yes
update hook up-to-date? ... yes
update hooks in repos are links: ... can't check, you have no projects
Running /home/git/gitlab-shell/bin/check
/usr/local/rvm/gems/ruby-1.9.3-p448/gems/bundler-1.3.5/lib/bundler/runtime.rb:216: warning: Insecure world writable dir /home/git/gitlab/vendor/bundle/ruby/1.9.1/bin in PATH, mode 042777
Check GitLab API access: FAILED. code: 403
gitlab-shell self-check failed
  Try fixing it:
  Make sure GitLab is running;
  Check the gitlab-shell configuration file:
  sudo -u git -H editor /home/git/gitlab-shell/config.yml
  Please fix the error above and rerun the checks.

Checking GitLab Shell ... Finished

Checking Sidekiq ...

Running? ... yes
Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Checking LDAP ...

LDAP users with access to your GitLab server (only showing the first 100 results)
rake aborted!
SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1132:in `connect'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1132:in `wrap_with_ssl'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1169:in `setup_encryption'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1116:in `initialize'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:634:in `new'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:634:in `search'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1044:in `search_root_dse'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1095:in `paged_searches_supported?'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:619:in `search'
/home/git/gitlab/lib/tasks/gitlab/check.rake:702:in `print_users'
/home/git/gitlab/lib/tasks/gitlab/check.rake:692:in `block (3 levels) in <top (required)>'
Tasks: TOP => gitlab:check => gitlab:ldap:check
(See full trace by running task with --trace)

2 个解决方案

#1

warning: Insecure world writable dir /home/git/gitlab/vendor/bundle/ruby/1.9.1/bin in PATH, mode 042777

警告：不安全的世界可写dir /home/git/gitlab/vendor/bundle/ruby/1.9.1/bin in PATH，模式042777

It seems you have some issues with the permissions being too open. Fix that by going to /home/git/gitlab/ and run:

看来你的权限过于开放存在一些问题。通过转到/ home / git / gitlab /并修复它：

find . -type f -print0 | xargs -0 chmod 644 (all files 644 recursively)
找。 -type f -print0 | xargs -0 chmod 644（所有文件644递归）
find . -type d -print0 | xargs -0 chmod 755 (all directories 755 recursively)
找。 -type d -print0 | xargs -0 chmod 755（所有目录755递归）
sudo -u git -H chmod o-rwx config/database.yml (extra security for the database)
sudo -u git -H chmod o-rwx config / database.yml（数据库的额外安全性）

If that is not the case then maybe its SELinux. You can check that quickly by disabling it temporarily:

如果不是这样的话那么也许就是它的SELinux。您可以通过暂时禁用它来快速检查：

setenforce 0

If the 403 error goes away then enable it back (setenforce 1) and see here at the SELinux section how to make it work.

如果403错误消失，则启用它（setenforce 1），并在SELinux部分看到如何使其工作。

#2

Despite the errors that are displayed by executing:

尽管执行时显示错误：

bundle exec rake gitlab:check RAILS_ENV=production

The problem was in the Nginx configuration, below is the configuration that I realized:

问题出在Nginx配置中，下面是我意识到的配置：

upstream gitlab {
  server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
}

server {
  #  listen *:80 default_server;         # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea
  server_name git.intranet.ecore.com.br;     # e.g., server_name source.example.com;
  server_tokens off;     # don't show the version number, a security best practice
  root /home/git/gitlab/public;

  # individual nginx logs for this gitlab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    # serve static files from defined root folder;.
    # @gitlab is a named location for the upstream fallback, see below
    try_files $uri $uri/index.html $uri.html @gitlab;
  }

  # if a file, which is not found in the root folder is requested,
  # then the proxy pass the request to the upsteam (gitlab unicorn)
  location @gitlab {
    proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_redirect     off;

    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;

    proxy_pass http://gitlab;
  }
}

#1