Running with Ruby

Tag: apache2 (page 1 of 2)

GitLab: Your changes could not be commited, because the file has been changed

Not long ago I’ve migrated last of my SVN-managed projects into Git with GitLab (finally!). Everything was OK, until this message occurred, when I tried to do an web-based repository file update:

Your changes could not be commited, because the file has been changed

After googling I’ve executed following command (because I didn’t create satellites earlier):

sudo -u git -H bundle exec rake gitlab:satellites:create RAILS_ENV=production

Unfortunately this didn’t solve my problem (although I’m pretty sure, that either way this was required). I’ve decided to check GitLab logs, but unluckily nothing suspicious was there. I suddenly remembered, that by default all my Rails/Rack Passenger applications are executed using www-data user. This was a good guess. I’ve added a user declaration in Apache vhost configuration file:

PassengerUser git

and after that I’ve finally started to get some new things in application log:

Errno::EACCES (Permission denied - /home/git/gitlab/tmp/satellite_15.lock):
  lib/gitlab/satellite/satellite.rb:57:in `initialize'
  lib/gitlab/satellite/satellite.rb:57:in `open'
  lib/gitlab/satellite/satellite.rb:57:in `lock'
  lib/gitlab/satellite/action.rb:23:in `block in in_locked_and_timed_satellite'
  lib/gitlab/satellite/action.rb:22:in `in_locked_and_timed_satellite'
  lib/gitlab/satellite/edit_file_action.rb:22:in `commit!'
  app/controllers/edit_tree_controller.rb:18:in `update'

All my satellite locks were created by www-data user with different set of privileges, so git user was not able to use them. After I removed all the locks and restarted both GitLab and Apache server, everything started to work just fine:

sudo rm /home/gitlab/tmp/satellite_*
/etc/init.d/apache2 restart
/etc/init.d/gitlab restart

Jenkins behind Apache with HTTPS – Proxy pass with SSL

Jenkins in an awesome integration server, that can be used for free. However, having it on a non-standard www port, without a SSL, might be a problem. Accessing it from a public network might create a security threat. If you’ve got a Apache in front of your server, you can easily provide a secured proxy to Jenkins.

To do so, you need to create a VirtualHost for Apache, which will contain both: Proxy and SSL. Also it would be wise, to redirect standard HTTP requests.

VirtualHost to redirect from HTTP to HTTPS

So, first lets create our HTTP VirtualHost and let’s redirect it to HTTPS version:

<VirtualHost *:80>
  ServerName jenkins.my.domain
  ServerAlias www.jenkins.my.domain

  RewriteEngine on
  ReWriteCond %{SERVER_PORT} !^443$
  RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

SSL keys

To get things started, we will need a key. To generate it, follow given steps (as root):

sudo su # or any other way to be a root
cd /etc/apache2/
mkdir ssl
cd ssl/
mkdir crt
mkdir key
openssl req -new -x509 -days 365 -keyout key/jenkins.key -out crt/jenkins.crt -nodes -subj  '/O=Jenkins/OU=Jenkins/CN=jenkins.my.domain'

Just remember to replace all the domain references from “jenkins.my.domain” to an appropriate one. After you execute the above commands, you should have a ssl key and ssl cert generated.

Installing Apache necessary mods

To create a SSL Proxy pass we need to install some Apache mods (still as a root):

a2enmod proxy
a2enmod proxy_http
a2enmod rewrite
a2enmod ssl

/etc/init.d/apache2 restart

HTTPS Jenkins Virtual Host

And finally, the virtual host for secured Jenkins proxy pass:

<VirtualHost *:443>
  ServerName jenkins.my.domain
  ServerAlias www.jenkins.my.domain

  SSLEngine On
  SSLCertificateFile    /etc/apache2/ssl/crt/jenkins.my.domain.crt
  SSLCertificateKeyFile /etc/apache2/ssl/key/jenkins.my.domain.key

  ProxyRequests     Off
  ProxyPass         /  http://localhost:8080/
  ProxyPassReverse  /  http://localhost:8080/
  ProxyPassReverse  /  http://my.jenkins.host/
  <Proxy http://localhost:8080/*>
    Order allow,deny
    Allow from all
  </Proxy>
  ProxyPreserveHost on
</VirtualHost>
Olderposts

Copyright © 2018 Running with Ruby

Theme by Anders NorenUp ↑