Why I have a 302 redirect after changing SSL certificate?

Question

I have a VPS with Ubuntu Server 14.04 and I installed GitLab with different sites served by Apache2. The GitLab version is Omnibus package 7.14.1.

I had successfully configured GitLab with HTTPS and with a self-signed certificate for testing (say it's with olddomain.com). I bought a wildcard SSL certificate (for *.newdomain.io) and installed it for other websites served by Apache and they work perfectly.

For GitLab the story is a little different. I searched for all references to gitlab.olddomain.com and changed them for gitlab.newdomain.io. So in the file /etc/gitlab/gitlab.rb the change is:

external_url 'https://gitlab.newdomain.io:2443'

That's the only setting changed, the other are left with their default values.

The configuration of Apache is:

<VirtualHost *:80>
    ServerName gitlab.newdomain.io
    Redirect / https://gitlab.newdomain.io/

    CustomLog /var/log/apache2/gitlab/access.log combined
    ErrorLog  /var/log/apache2/gitlab/error.log
</VirtualHost>

With the config for the HTTPS:

<VirtualHost *:443>
    ServerName gitlab.newdomain.io

    SSLProxyEngine On
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off

    SSLEngine On
    SSLCertificateFile /etc/ssl/certs/newdomain.io.crt
    SSLCertificateKeyFile /etc/ssl/private/newdomain.io.key

    ProxyRequests Off
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / https://localhost:2443/
    ProxyPassReverse / https://localhost:2443/

    <Location />
            Order allow,deny
            Allow from all
    </Location>

    CustomLog /var/log/apache2/gitlab/access.log combined
    ErrorLog  /var/log/apache2/gitlab/error.log
</VirtualHost>

After the changes I made the gitlab-ctl reconfigure and even the gitlab-ctl restart. For Apache, the service apache2 reload has been executed.

When I look into Chrome's Developer Tools > Network, I see the Request URL to https://gitlab.newdomain.io, the Status Code is 302 and Location is https://gitlab.olddomain.com. The interesting thing is Server: nginx. The Remote address is xxx.xxx.xxx.xxx:443, but the service listening the port is supposed to be Apache2.

Running netstat I see those two lines:

tcp6  0  0 :::443          :::*          LISTEN      1849/apache2
tcp   0  0 0.0.0.0:2443    0.0.0.0:*     LISTEN      32493/nginx

Both DNS records for gitlab.olddomain.com and gitlab.newdomain.io are pointing to the same machine. When I check the certificate in the browser, I have the good certificate, the wildcard one of newdomain.io, but I'm visiting the wrong domain.

Browser cache has been cleared, server restarted, etc.

Maybe it might seem a newbie question, but why nginx is sending a redirect, should it be Apache supposed to respond to port 443? nginx is configured to port 2443 on this machine, as the netstat command is showing. — sgy, Sep 01 '15 at 03:14
Take a look at your Apache configuration. It is obvious why nginx is responding to the request. — Michael Hampton, Sep 01 '15 at 03:20
Well it's the ReverseProxy yes, but the question is why a redirect? — sgy, Sep 02 '15 at 02:19

score 0 · Answer 1 · answered Nov 12 '16 at 17:36

There is a problem with your Gitlab configuration, I already had too.

Within Gitlab you have a config for "startpage". This is the page you are redirected to, when you are currently not signed in.
So go to https://gitlab.newdomain.io/users/sign_in log in and change this setting in the adminpanel under settings.

Why I have a 302 redirect after changing SSL certificate?

1 Answers1