OAuth redirect_uri_mismatch error when listen_https is false and external_url has https
GitHub OAuth login won't work on my setup.
When I try to do GitHub OAuth login I see a request like this: https://github.com/login/oauth/authorize?response_type=code&client_id=xxxxxx&redirect_uri=https%3A%2F%2Fmy.site%3A80%2Fusers%2Fauth%2Fgithub%2Fcallback&state=xxxxxxxx&scope=user%3Aemail
That is, redirect_uri
query parameter is https://my.site:80/users/auth/github/callback
but should be https://my.site/users/auth/github/callback
.
This causes GitHub to respond: Location: https://my.site/?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fv3%2Foauth%2F%23redirect-uri-mismatch&state=xxxxxxxx
I'm using an external nginx with proxy_pass that listens on https and passes to the omnibus nginx on http.
/etc/gitlab/gitlab.rb
external_url 'https://my.site'
nginx['listen_addresses'] = ['127.0.0.1']
nginx['listen_port'] = 8123
nginx['listen_https'] = false
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = true
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_providers'] = [
{
"name" => "github",
"app_id" => "xxxxx",
"app_secret" => "xxxxxxxxxxxx",
"url" => "https://github.com/",
"args" => { "scope" => "user:email" }
}
]
Possible solution?
This may be what's needed but I couldn't find where I could try it on my omnibus install: http://awesomeprogrammer.com/blog/2012/12/09/dealing-with-omniauth-redirect-uri-mismatch-invalid-port-number-gotcha/
gitlab:check
# gitlab-rake gitlab:check SANITIZE=true
Checking GitLab Shell ...
GitLab Shell version >= 2.6.3 ? ... OK (2.6.3)
Repo base directory exists? ... yes
Repo base directory is a symlink? ... no
Repo base owned by git:git? ... yes
Repo base access is drwxrws---? ... yes
Satellites access is drwxr-x---? ... yes
hooks directories in repos are links: ...
2/1 ... ok
2/2 ... ok
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Check GitLab API access: OK
Check directories and files:
/var/opt/gitlab/git-data/repositories: OK
/var/opt/gitlab/.ssh/authorized_keys: OK
Test redis-cli executable: redis-cli 2.8.20
Send ping to redis server: PONG
gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Sidekiq ...
Running? ... yes
Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking LDAP ...
LDAP is disabled in config/gitlab.yml
Checking LDAP ... Finished
Checking GitLab ...
Git configured with autocrlf=input? ... yes
Database config exists? ... yes
Database is SQLite ... no
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config outdated? ... no
Log directory writable? ... yes
Tmp directory writable? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
projects have namespace: ...
2/1 ... yes
2/2 ... yes
Projects have satellites? ...
2/1 ... yes
2/2 ... yes
Redis version >= 2.0.0? ... yes
Ruby version >= 2.0.0 ? ... yes (2.1.6)
Your git bin path is "/opt/gitlab/embedded/bin/git"
Git version >= 1.7.10 ? ... yes (2.4.3)
Active users: 2
Checking GitLab ... Finished
Version
GitLab 7.12.2 30bffd5
Environment
Ubuntu 14.04.2 LTS