I'm afraid "grep nginx /var/log/audit/audit.log" returns nothing. In fact "grep failure /var/log/audit/audit.log" also returns nothing. Any clue?
Den lørdag den 14. februar 2015 kl. 11.55.06 UTC+1 skrev Achilleas Pipis: > > On 14/02/2015 04:19 πμ, Casper Færgemand wrote: > > I have Omnibus Gitlab running with the default Nginx disabled on a > > Centos 6.5 x64 machine. My other Nginx logs the following error: > > > > 2015/02/14 02:01:36 [crit] 3669#0: *155 connect() to > > unix:/var/opt/gitlab/gitlab-rails/tmp/sockets/gitlab.socket failed (13: > > Permission denied) while connecting to upstream, client: 10.215.76.40, > > server: gitlab.domain.net, request: "GET / HTTP/1.1", upstream: > > "http://unix:/var/opt/gitlab/gitlab-rails/tmp/sockets/gitlab.socket:/";, > > host: "gitlab.domain.net" > > > > "ls -la /var/opt/gitlab/gitlab-rails/tmp/sockets/" gives me: > > > > "total 8 > > drwx------. 2 git root 4096 Dec 5 15:51 . > > drwx------. 4 git root 4096 Dec 5 12:14 .. > > srwxrwxrwx. 1 git git 0 Dec 5 15:51 gitlab.socket" > > > > "groups nginx" returns "nginx : nginx gitlab-www". > > > > /etc/gitlab/gitlab.rb contains > > > > "external_url 'https://gitlab.domain.net' > > redis['port'] = 1234 > > postgresql['port'] = 5432 > > nginx['enable'] = false > > web_server['external_users'] = ['gitlab-www']" > > > > On loading gitlab in a browser, I get a "502, Gitlab is not responding." > > as well as a error in the log as listed above. > > > > The guide > > > https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#using-a-non-bundled-web-server > > > refers to another guide here > > > https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#using-a-non-bundled-web-server > > > which seems outdated. Any help as to what I should change to make > > SELinux accept Nginx reading the Gitlab socket? I do not what to turn > > off the firewall. > > I had the same trouble almost 2 years ago and I had written a small > guide on making a SELinux policy for nginx [0]. > > Bottom line is: > > yum install -y policycoreutils-{python,devel} > grep nginx /var/log/audit/audit.log | audit2allow -M gitlab_nginx > semodule -i gitlab_nginx.pp > usermod -a -G git nginx > > > [0] > > http://axilleas.me/en/blog/2013/selinux-policy-for-nginx-and-gitlab-unix-socket-in-fedora-19/ > > > > -- > GPG : 0x3A7DDABC985EDC6E > Blog: http://axilleas.me > -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/9b2cfa5f-52a7-4b3b-a021-c8a030402117%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
