nginx对Gitlab-workhorse套接字有什么权限？

Question

nginx对Gitlab-workhorse套接字有什么权限？

RyG*_*Guy 4 nginx plesk gitlab gitlab-omnibus

我一直在努力让这一天整理好.我正在使用现有的nginx安装在Ubuntu 14.04上运行GitLab的omnibus安装.我可以登录,创建项目,问题等,但我不能从外部推送/拉动,克隆或任何东西(不是通过web gui).一个问题......我在这台服务器上运行Plesk 12.5.这是一些输出:

nginx报告错误:

2016/02/10 16:00:50 [crit] 24866#0: *53 connect() to unix://var/opt/gitlab/gitlab-workhorse/socket 
failed (13: Permission denied) while connecting to upstream, client: XXX.XXX.X.X, 
server: git.example.com, 
request: "GET /namespace/project-name.git/info/refs?service=git-upload-pack HTTP/1.1", 
upstream: "http://unix://var/opt/gitlab/gitlab-workhorse/socket:/namespace/project-name.git/info/refs?service=git-upload-pack", host: "git.example.com"

Run Code Online (Sandbox Code Playgroud)

主力套接字的权限:

srwxrwxrwx 1 git git 0 Feb 2 18:40 socket

我试图将所有者更改为nginx(www-data),并将组更改为gitlab-www,但没有运气.我没有使用任何不同的目录....只是不知道从哪里去.我已经非常接近这个运行但感觉到目前为止!

Gitlab:检查(是的,IMAP设置中有错误,但我不认为这是相关的???)

Checking GitLab Shell ...

GitLab Shell version >= 2.6.10 ? ... OK (2.6.10)
Repo base directory exists? ... yes
Repo base directory is a symlink? ... no
Repo base owned by git:git? ... yes
Repo base access is drwxrws---? ... yes
hooks directories in repos are links: ...
[... project checks all ok ...]
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Check GitLab API access: OK
Check directories and files:
        /var/opt/gitlab/git-data/repositories: OK
        /var/opt/gitlab/.ssh/authorized_keys: OK
Test redis-cli executable: redis-cli 2.8.21
Send ping to redis server: PONG
gitlab-shell self-check successful

Checking GitLab Shell ... Finished

Checking Sidekiq ...

Running? ... yes
Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Checking Reply by email ...

Address formatted correctly? ... yes
IMAP server credentials are correct? ... no
  Try fixing it:
  Check that the information in config/gitlab.yml is correct
  For more information see:
  doc/incoming_email/README.md
  Please fix the error above and rerun the checks.
Init.d configured correctly? ... skipped (omnibus-gitlab has no init script)
MailRoom running? ... can't check because of previous errors

Checking Reply by email ... Finished

Checking LDAP ...

LDAP is disabled in config/gitlab.yml

Checking LDAP ... Finished

Checking GitLab ...

Git configured with autocrlf=input? ... yes
Database config exists? ... yes
Database is SQLite ... no
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config outdated? ... no
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory setup correctly? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
projects have namespace: ...
[... project checks all yes ...]
Redis version >= 2.8.0? ... yes
Ruby version >= 2.1.0 ? ... yes (2.1.8)
Your git bin path is "/opt/gitlab/embedded/bin/git"
Git version >= 1.7.10 ? ... yes (2.6.2)
Active users: 4

Checking GitLab ... Finished

Run Code Online (Sandbox Code Playgroud)

这是vhost的nginx配置:

location /uploads/ {
    ## If you use HTTPS make sure you disable gzip compression
    ## to be safe against BREACH attack.
    gzip off;

    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    X-Frame-Options     SAMEORIGIN;

    proxy_pass https://gitlab;
}

location @gitlab {
    ## If you use HTTPS make sure you disable gzip compression
    ## to be safe against BREACH attack.
    gzip off;

    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    X-Frame-Options     SAMEORIGIN;

    #proxy_pass http://gitlab;

    # Returns 502 error if not changed to localhost
    proxy_pass http://localhost:8080;
}

location ~ ^/[\w\.-]+/[\w\.-]+/gitlab-lfs/objects {
    client_max_body_size 0;
    error_page 418 = @gitlab-workhorse;
    return 418;
}

location ~ ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$ {
    client_max_body_size 0;
    error_page 418 = @gitlab-workhorse;
    return 418;
}

location ~ ^/[\w\.-]+/[\w\.-]+/repository/archive {
    client_max_body_size 0;
    error_page 418 = @gitlab-workhorse;
    return 418;
}

location ~ ^/api/v3/projects/.*/repository/archive {
    client_max_body_size 0;
    error_page 418 = @gitlab-workhorse;
    return 418;
}

location ~ ^/[\w\.-]+/[\w\.-]+/builds/download {
    client_max_body_size 0;
    error_page 418 = @gitlab-workhorse;
    return 418;
}

location ~ /ci/api/v1/builds/[0-9]+/artifacts {
    client_max_body_size 0;
    error_page 418 = @gitlab-workhorse;
    return 418;
}

location @gitlab-workhorse {
    client_max_body_size 0;
    ## If you use HTTPS make sure you disable gzip compression
    ## to be safe against BREACH attack.
    gzip off;

    #   proxy_read_timeout      300;
    #   proxy_connect_timeout   300;
    #   proxy_redirect          off;

    proxy_buffering off;

    # The following settings only work with NGINX 1.7.11 or newer
    #
    # # Pass chunked request bodies to gitlab-workhorse as-is
    #proxy_request_buffering off;

    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_pass http://gitlab-workhorse;

}

location ~ ^/(assets)/ {
    root /opt/gitlab/embedded/service/gitlab-rails/public;
    gzip_static on; # to serve pre-gzipped version
    expires max;
    add_header Cache-Control public;
}

location ~ / {
    root /opt/gitlab/embedded/service/gitlab-rails/public;
    try_files $uri $uri/index.html $uri.html @gitlab;
}

error_page 502 /502.html;

Run Code Online (Sandbox Code Playgroud)

最后,这是vhost的服务器块级别的配置:

upstream gitlab {
  server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket fail_timeout=0;
}

upstream gitlab-workhorse {
  server unix://var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
}

Run Code Online (Sandbox Code Playgroud)

查看https://github.com/gitlabhq/omnibus-gitlab/blob/master/doc/settings/nginx.md上的文档我看到了这个注释,但它没有指定权限应该是什么: