OAuth user sign-in redirect to external identity provider with relative_url
Summary
OAuth user sign-in redirect to external identity provider is broken when using relative_url
Steps to reproduce
- Install Gitlab CE v9.3.0 on CentOS 7.3
- Prepare gitlab.rb with:
external_url=http://<hostname>/gitlab
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
gitlab_rails['omniauth_sync_email_from_provider'] = 'openid_connect'
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'openid_connect'
gitlab_rails['omniauth_block_auto_created_users'] = false
- Start chef reconfigure
- Start Gitlab
- Browser address:
http://<hostname>/gitlab
What is the current bug behavior?
User is redirected to http://<hostname>/users/signin
What is the expected correct behavior?
User should be redirected to http://<hostname>/gitlab/users/signin
Relevant logs and/or screenshots
- NGINX proxy access.log
172.18.0.1 - - [26/Jun/2017:22:54:04 +0200] "GET /gitlab/users/sign_in HTTP/1.1" 302 0.348 0.348 98 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36"
172.18.0.1 - - [26/Jun/2017:22:54:04 +0200] "GET /users/sign_in HTTP/1.1" 404 0.000 - 1489 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36"
- NGINX proxy error.log
2017/06/26 22:54:04 [error] 629#0: *3 open() "/opt/dol/var/gitlab/nginx/html/users/sign_in" failed (2: No such file or directory), client: 172.18.0.1, server: nginx, request: "GET /users/sign_in HTTP/1.1", host: "nginx:18080"
- Workhorse log
080 172.18.0.11:38092 - - [2017-06-26 22:54:04.457304441 +0200 CEST] "GET /gitlab/users/sign_in HTTP/1.1" 302 98 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36" 0.347015
- Unicorn production.log
Scoped order and limit are ignored, it's forced to be batch order and batch size
Started GET "/gitlab/users/sign_in" for 172.18.0.10 at 2017-06-26 22:54:04 +0200
Processing by ApplicationController#route_not_found as HTML
Parameters: {"unmatched_route"=>"gitlab/users/sign_in"}
Completed 401 Unauthorized in 7ms (ActiveRecord: 0.9ms)
Raven 2.4.0 configured not to capture errors: DSN not set
Output of checks
(If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com)
Results of GitLab environment info
Expand for output related to GitLab environment info
# gitlab-rake gitlab:env:infoSystem information System: CentOS 7.3.1611 Current User: whoami: cannot find name for user ID 100002000 Using RVM: no Ruby Version: 2.3.3p222 Gem Version: 2.6.6 Bundler Version:1.13.7 Rake Version: 10.5.0 Redis Version: 3.2.5 Git Version: 2.13.0 Sidekiq Version:5.0.0 Go Version: unknown
GitLab information Version: 9.3.0 Revision: acb7f25 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: postgresql URL: http://nginx:18080/gitlab HTTP Clone URL: http://nginx:18080/gitlab/some-group/some-project.git SSH Clone URL: git@nginx:some-group/some-project.git Using LDAP: yes Using Omniauth: yes Omniauth Providers: openid_connect
GitLab Shell Version: unknown Repository storage paths:
- default: /opt/dol/shared/git-data/repositories Hooks: /opt/dol/var/gitlab/hooks Git: /opt/gitlab/embedded/bin/git
Results of GitLab application Check
Expand for output related to the GitLab application check
gitlab-rake gitlab:check SANITIZE=true Warning You are running as user whoami: cannot find name for user ID 1000090000, we hope you know what you are doing. Things may work/fail for the wrong reasons. For correct results you should run this as user git.Checking GitLab Shell ...
GitLab Shell version >= 5.0.5 ? ... OK (5.0.5) Repo base directory exists? default... yes Repo storage directories are symlinks? default... no Repo paths owned by git:root, or git:git? default... no User id for git: 1000. Groupd id for root: 0 Try fixing it: sudo chown -R git:root /opt/dol/shared/git-data/repositories For more information see: doc/install/installation.md in section "GitLab Shell" Please fix the error above and rerun the checks. Repo paths access is drwxrws---? default... yes hooks directories in repos are links: ... 3/1 ... wrong or missing hooks Try fixing it: sudo -u git -H /opt/gitlab/embedded/service/gitlab-shell/bin/create-hooks /opt/dol/shared/git-data/repositories Check the hooks_path in config/gitlab.yml Check your gitlab-shell installation For more information see: doc/install/installation.md in section "GitLab Shell" Please fix the error above and rerun the checks. 4/3 ... wrong or missing hooks Try fixing it: sudo -u git -H /opt/gitlab/embedded/service/gitlab-shell/bin/create-hooks /opt/dol/shared/git-data/repositories Check the hooks_path in config/gitlab.yml Check your gitlab-shell installation For more information see: doc/install/installation.md in section "GitLab Shell" Please fix the error above and rerun the checks. 4/5 ... wrong or missing hooks Try fixing it: sudo -u git -H /opt/gitlab/embedded/service/gitlab-shell/bin/create-hooks /opt/dol/shared/git-data/repositories Check the hooks_path in config/gitlab.yml Check your gitlab-shell installation For more information see: doc/install/installation.md in section "GitLab Shell" Please fix the error above and rerun the checks. 7/7 ... wrong or missing hooks Try fixing it: sudo -u git -H /opt/gitlab/embedded/service/gitlab-shell/bin/create-hooks /opt/dol/shared/git-data/repositories Check the hooks_path in config/gitlab.yml Check your gitlab-shell installation For more information see: doc/install/installation.md in section "GitLab Shell" Please fix the error above and rerun the checks. 12/8 ... repository is empty Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Check GitLab API access: OK Access to /opt/dol/shared/git-data/authorized_keys: OK Send ping to redis server: OK gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Sidekiq ...
Running? ... no Try fixing it: sudo -u git -H RAILS_ENV=production bin/background_jobs start For more information see: doc/install/installation.md in section "Install Init Script" see log/sidekiq.log for possible errors Please fix the error above and rerun the checks.
Checking Sidekiq ... Finished
Checking Reply by email ...
Reply by email is disabled in config/gitlab.yml
Checking Reply by email ... Finished
Checking LDAP ...
Server: ldapmain LDAP authentication... Failed. Check
bind_dn
andpassword
configuration values LDAP users with access to your GitLab server (only showing the first 100 results) DN: uid=dummyalpha,cn=users,cn=accounts,dc=gitlab,dc=example,dc=de uid: dummyalpha DN: uid=dummybravo,cn=users,cn=accounts,dc=gitlab,dc=example,dc=de uid: dummybravo DN: uid=dummycharly,cn=users,cn=accounts,dc=gitlab,dc=example,dc=de uid: dummycharly DN: uid=dummydelta,cn=users,cn=accounts,dc=gitlab,dc=example,dc=de uid: dummydelta DN: uid=doladmin,cn=users,cn=accounts,dc=gitlab,dc=example,dc=de uid: doladmin DN: uid=test,cn=users,cn=accounts,dc=gitlab,dc=example,dc=de uid: test DN: uid=johnnes,cn=users,cn=accounts,dc=gitlab,dc=example,dc=de uid: john DN: uid=dol,cn=users,cn=accounts,dc=gitlab,dc=example,dc=de uid: dolChecking LDAP ... Finished
Checking GitLab ...
Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... skipped (no tmp uploads folder yet) Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 3/1 ... yes 4/3 ... yes 4/5 ... yes 7/7 ... yes 12/8 ... yes Redis version >= 2.8.0? ... yes Ruby version >= 2.3.3 ? ... yes (2.3.3) Git version >= 2.7.3 ? ... yes (2.13.0) Active users: ... 6
Checking GitLab ... Finished
Possible fixes
Initialize unicorn chpst environment from env_dir