Nginx config to allow git clone via http

Question

Background to my server: I have everything put into docker container. There is a docker network. All of the docker container are on the same network. And I use aliases to address my container. My container aliases for gitlab is gitlab.docker. The interesting container for this question is my gitlab_runner container, my gitlab container and my nginx container.

I noticed my gitlab-runner container throw an error 18 when it was supposed to clone a project.

I am pretty sure this is a nginx issue. I know that because I went into a container on the same docker network and once tried to clone via my public dns address and once via the internal network circumnavigating my own nginx with this as a result (replaced my domain and my top level domain. Rest is untouched):

bash-5.0# git clone "http://gitlab.myHost.com/docker/sbt.git"
Cloning into 'sbt'...
Username for 'https://gitlab.myHost.com': root
Password for 'https://root@gitlab.myHost.com': 
warning: redirecting to https://gitlab.myHost.com/docker/sbt.git/
remote: Enumerating objects: 16, done.
remote: Counting objects: 100% (16/16), done.
remote: Compressing objects: 100% (12/12), done.
error: RPC failed; curl 18 transfer closed with outstanding read data remaining
fatal: the remote end hung up unexpectedly
fatal: early EOF
fatal: unpack-objects failed

bash-5.0# git clone "http://gitlab.docker/docker/sbt.git"
Cloning into 'sbt'...
Username for 'http://gitlab.docker': root
Password for 'http://root@gitlab.docker': 
remote: Enumerating objects: 16, done.
remote: Counting objects: 100% (16/16), done.
remote: Compressing objects: 100% (12/12), done.
remote: Total 16 (delta 1), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (16/16), done.

This is my nginx config:

server {
  server_name gitlab.myHost.com;

  listen 80;
  listen 443 ssl;

  ssl_certificate /etc/letsencrypt/live/gitlab.myHost.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/gitlab.myHost.com/privkey.pem;

  include /etc/letsencrypt/options-ssl-nginx.conf; 

  if ($scheme != "https") {
      return 301 https://$host$request_uri;
  } 

  location / {
    proxy_pass http://gitlab.docker;
  }
}

Anyone any idea why this isn't working? I should mention that the website of gitlab works just fine. Except for the web IDE, which doesn't load. Just in case it is connected, but that's actually an issue very far down my todo.

score 0 · Answer 1 · answered Feb 22 '20 at 21:10

0

Okay, I figured it out. There was a 55Mb binary file in my repo which was too big. Adding this to my config solved it:

client_max_body_size 4G;

The question is, is 4GB too big to allow. But since it is only for Gitlab, I guess it is fine for the moment.

answered Feb 22 '20 at 21:10

TheCommoner282

103
4

You will have a similar issue with pushes and POST body sizes. The good thing is, you can enforce SSH on users, while GL runner forces HTTP(S). – jaskij Feb 24 '20 at 08:54
And in case you didn't know, nginx is perfectly capable of tunneling SSH traffic. – jaskij Feb 24 '20 at 08:55
How is that working? Nginx gets an http request and forwards it further over ssh? Or does it get an ssh request and forward it further via ssh? And if it is the latter, how does it figure out the server name without the http protocol. – TheCommoner282 Feb 24 '20 at 09:00
I would have to check the details, but as far as I can tell it's a simple TCP tunnel. The reverse proxy has it's own sshd on a different port – jaskij Feb 24 '20 at 12:54

Nginx config to allow git clone via http

1 Answers1