1

I just installed Gitlab on an Ubuntu 18.04 fresh install. I am now trying to set up Gitlab runner (on the same machine, 192.168.1.8). I created a project and ran the test that comes predefined with the following error:

Running with gitlab-runner 10.5.0 (10.5.0)
  on gitlab xxxxx
Using Shell executor...
Running on gitlab...
Cloning repository...
Cloning into '/var/lib/gitlab-runner/builds/xxxxxx/0/alexandgu/exporttool'...
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@gitlab.aandraka.com/alexandgu/exporttool.git/': SSL: certificate subject name (192.168.0.1) does not match target host name 'gitlab.aandraka.com'
ERROR: Job failed: exit status 1

Currently, Gitlab is behind a reverse proxy. So when a request arrives it goes as follows: - 192.168.1.1 (router) - 192.168.1.7 (proxy) - 192.168.1.8 (gitlab)

I have noticed that from outside my network (192.168.1.0/24). I can access gitlab with no problem:

$ curl https://gitlab.aandraka.com
<html><body>You are being <a href="https://gitlab.aandraka.com/users/sign_in">redirected</a>.</body></html>

However if I try the same thing from inside the network (i.e. my gitlab machine). 

curl https://gitlab.aandraka.com
curl: (51) SSL: certificate subject name '192.168.0.1' does not match target host name 'gitlab.aandraka.com'

As if instead of being redirected to the reverse proxy I am being redirected to the router config page.

Also my router came with the default network 192.168.0.0/24, so that's probably why the Certificate subject name is 192.168.0.1 instead of 192.168.1.1

alexandgu
  • 85
  • 1
  • 1
  • 8

2 Answers2

1

So, turns out I found a way around it.

I just added my gitlab domain to /etc/hosts pointing to the reverse proxy.

Still, it would be interesting a proper way of accesing machines inside your network with a domain that points to the router.

alexandgu
  • 85
  • 1
  • 1
  • 8
0

It looks as though you forgot to configure your local DNS server to point at your reverse proxy. Fix that and the rest will follow.

Mikael H
  • 5,031
  • 2
  • 9
  • 18
  • I don't have a local DNS server. Would it be interesting to set up one? – alexandgu Dec 15 '19 at 10:38
  • Perhaps your question is better asked in a different forum, then? https://serverfault.com/help/on-topic – Mikael H Dec 15 '19 at 11:32
  • You mean https://superuser.com/ ? – alexandgu Dec 15 '19 at 22:43
  • For example; my reasoning being that while your problem is server related, your environment looks a lot like a home lab, not "information technology systems in a business environment". Now if you earn money using your systems, it is technically a business environment, on one hand, and on the other I don't want to discourage learning, but this is probably the wrong forum for questions relating to networking basics. – Mikael H Dec 16 '19 at 08:05
  • My set up is a homelab, so yes wrong forum then. Thank you anyways, I got it sorted out with the /etc/hosts and I will have a look for setting up an internal DNS. – alexandgu Dec 16 '19 at 22:20