It's apparently not SELinux complaining, it's the file permission for the socket. As root:
# head /var/opt/gitlab/gitlab-rails/tmp/sockets/gitlab.socket head: cannot open `/var/opt/gitlab/gitlab-rails/tmp/sockets/gitlab.socket' for reading: No such device or address # sudo -u nginx head /var/opt/gitlab/gitlab-rails/tmp/sockets/gitlab.socket head: cannot open `/var/opt/gitlab/gitlab-rails/tmp/sockets/gitlab.socket' for reading: Permission denied I tried adding nginx to the git group, tried setting the gitlab-www group which nginx is in as group owner of the file and the directory it's in, but it doesn't seem to matter. But at least it's not SELinux. Den lørdag den 14. februar 2015 kl. 13.06.05 UTC+1 skrev Casper Færgemand: > > I'm afraid "grep nginx /var/log/audit/audit.log" returns nothing. In fact > "grep failure /var/log/audit/audit.log" also returns nothing. Any clue? > > Den lørdag den 14. februar 2015 kl. 11.55.06 UTC+1 skrev Achilleas Pipis: >> >> On 14/02/2015 04:19 πμ, Casper Færgemand wrote: >> > I have Omnibus Gitlab running with the default Nginx disabled on a >> > Centos 6.5 x64 machine. My other Nginx logs the following error: >> > >> > 2015/02/14 02:01:36 [crit] 3669#0: *155 connect() to >> > unix:/var/opt/gitlab/gitlab-rails/tmp/sockets/gitlab.socket failed (13: >> > Permission denied) while connecting to upstream, client: 10.215.76.40, >> > server: gitlab.domain.net, request: "GET / HTTP/1.1", upstream: >> > "http://unix:/var/opt/gitlab/gitlab-rails/tmp/sockets/gitlab.socket:/";, >> > host: "gitlab.domain.net" >> > >> > "ls -la /var/opt/gitlab/gitlab-rails/tmp/sockets/" gives me: >> > >> > "total 8 >> > drwx------. 2 git root 4096 Dec 5 15:51 . >> > drwx------. 4 git root 4096 Dec 5 12:14 .. >> > srwxrwxrwx. 1 git git 0 Dec 5 15:51 gitlab.socket" >> > >> > "groups nginx" returns "nginx : nginx gitlab-www". >> > >> > /etc/gitlab/gitlab.rb contains >> > >> > "external_url 'https://gitlab.domain.net' >> > redis['port'] = 1234 >> > postgresql['port'] = 5432 >> > nginx['enable'] = false >> > web_server['external_users'] = ['gitlab-www']" >> > >> > On loading gitlab in a browser, I get a "502, Gitlab is not >> responding." >> > as well as a error in the log as listed above. >> > >> > The guide >> > >> https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#using-a-non-bundled-web-server >> >> > refers to another guide here >> > >> https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#using-a-non-bundled-web-server >> >> > which seems outdated. Any help as to what I should change to make >> > SELinux accept Nginx reading the Gitlab socket? I do not what to turn >> > off the firewall. >> >> I had the same trouble almost 2 years ago and I had written a small >> guide on making a SELinux policy for nginx [0]. >> >> Bottom line is: >> >> yum install -y policycoreutils-{python,devel} >> grep nginx /var/log/audit/audit.log | audit2allow -M gitlab_nginx >> semodule -i gitlab_nginx.pp >> usermod -a -G git nginx >> >> >> [0] >> >> http://axilleas.me/en/blog/2013/selinux-policy-for-nginx-and-gitlab-unix-socket-in-fedora-19/ >> >> >> >> -- >> GPG : 0x3A7DDABC985EDC6E >> Blog: http://axilleas.me >> > -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/b583535b-e299-449d-b3ea-73a1c6a33c0f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
