Expand pages chroot fix for /etc/hosts

7d4fef44 · Vladimir Shushlin · Achilleas Pipinellis · 10700efe · 7d4fef44
Commit 7d4fef44 authored Jul 02, 2021 by Vladimir Shushlin Committed by Achilleas Pipinellis Jul 02, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 31 additions and 3 deletions

doc/administration/pages/index.md doc/administration/pages/index.md +31 -3

No files found.
--- a/doc/administration/pages/index.md
+++ b/doc/administration/pages/index.md
@@ -1119,18 +1119,44 @@ open /opt/gitlab/embedded/ssl/certs/cacert.pem: no such file or directory
 x509: certificate signed by unknown authority
 ```

-The reason for those errors is that the files `resolv.conf` and `ca-bundle.pem` are missing inside the `chroot`.
-The fix is to copy the host's `/etc/resolv.conf` and the GitLab certificate bundle inside the `chroot`:
+The reason for those errors is that the files `resolv.conf`, `/etc/hosts/`, `/etc/nsswitch.conf` and `ca-bundle.pem` are missing inside the `chroot`.
+The fix is to copy these files inside the `chroot`:

 ```shell
 sudo mkdir -p /var/opt/gitlab/gitlab-rails/shared/pages/etc/ssl
 sudo mkdir -p /var/opt/gitlab/gitlab-rails/shared/pages/opt/gitlab/embedded/ssl/certs/

-sudo cp /etc/resolv.conf /var/opt/gitlab/gitlab-rails/shared/pages/etc
+sudo cp /etc/resolv.conf /var/opt/gitlab/gitlab-rails/shared/pages/etc/
+sudo cp /etc/hosts /var/opt/gitlab/gitlab-rails/shared/pages/etc/
+sudo cp /etc/nsswitch.conf /var/opt/gitlab/gitlab-rails/shared/pages/etc/
 sudo cp /opt/gitlab/embedded/ssl/certs/cacert.pem /var/opt/gitlab/gitlab-rails/shared/pages/opt/gitlab/embedded/ssl/certs/
 sudo cp /opt/gitlab/embedded/ssl/certs/cacert.pem /var/opt/gitlab/gitlab-rails/shared/pages/etc/ssl/ca-bundle.pem
 ```

+### `unsupported protocol scheme \"\""`
+
+If you see the following error:
+
+```plaintext
+{"error":"failed to connect to internal Pages API: Get \"/api/v4/internal/pages/status\": unsupported protocol scheme \"\"","level":"warning","msg":"attempted to connect to the API","time":"2021-06-23T20:03:30Z"}
+```
+
+It means you didn't set the HTTP(S) protocol scheme in the Pages server settings.
+To fix it:
+
+1. Edit `/etc/gitlab/gitlab.rb`:
+
+   ```ruby
+   gitlab_pages['gitlab_server'] = "https://<your_pages_domain_name>"
+   gitlab_pages['internal_gitlab_server'] = "https://<your_pages_domain_name>"
+   ```
+
+1. Reconfigure GitLab:
+
+   ```shell
+   sudo gitlab-ctl reconfigure
+   ```
+
 ### 502 error when connecting to GitLab Pages proxy when server does not listen over IPv6

 In some cases, NGINX might default to using IPv6 to connect to the GitLab Pages
@@ -1339,6 +1365,8 @@ GitLab 14.0 introduces a number of changes to GitLab Pages which may require man
 1. Firstly [follow the migration guide](#migrate-gitlab-pages-to-140).
 1. If it doesn't work, see [GitLab Pages logs](#how-to-see-gitlab-pages-logs), and if you see any errors there then search them on this page.

+The most common problem is when using [`inplace_chroot`](#dial-tcp-lookup-gitlabexamplecom-and-x509-certificate-signed-by-unknown-authority).
+
 WARNING:
 As the last resort you can temporarily enable legacy storage and configuration mechanisms. Support for them [will be removed in GitLab 14.3](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6166), so GitLab Pages will stop working if don't resolve the underlying issue.