Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
677380ad
Commit
677380ad
authored
Feb 19, 2020
by
Ben Prescott
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add Pages troubleshooting for /etc/ssl/ca-bundle.pem
parent
1d48192b
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
45 additions
and
0 deletions
+45
-0
doc/administration/pages/index.md
doc/administration/pages/index.md
+45
-0
No files found.
doc/administration/pages/index.md
View file @
677380ad
...
...
@@ -566,6 +566,51 @@ GitLab Pages are part of the [regular backup][backup], so there is no separate b
You should strongly consider running GitLab Pages under a different hostname
than GitLab to prevent XSS attacks.
<!-- ## Troubleshooting
Include any troubleshooting steps that you can foresee. If you know beforehand what issues
one might have when setting this up, or when something is changed, or on upgrading, it's
important to describe those, too. Think of things that may go wrong and include them here.
This is important to minimize requests for support, and to avoid doc comments with
questions that you know someone might ask.
Each scenario can be a third-level heading, e.g.
`### Getting error message X`
.
If you have none to add when creating a doc, leave this section in place
but commented out to help encourage others to add to it in the future. -->
## Troubleshooting
### `open /etc/ssl/ca-bundle.pem: permission denied`
GitLab Pages runs inside a
`chroot`
jail, usually in a uniquely numbered directory like
`/tmp/gitlab-pages-*`
.
Within the jail, a bundle of trusted certificates is
provided at
`/etc/ssl/ca-bundle.pem`
. It's
[
copied there
](
https://gitlab.com/gitlab-org/gitlab-pages/-/merge_requests/51
)
from
`/opt/gitlab/embedded/ssl/certs/cacert.pem`
as part of starting up Pages.
If the permissions on the source file are incorrect (they should be
`0644`
) then
the file inside the
`chroot`
jail will also be wrong.
Pages will log errors in
`/var/log/gitlab/gitlab-pages/current`
like:
```
plaintext
x509: failed to load system roots and no roots provided
open /etc/ssl/ca-bundle.pem: permission denied
```
The use of a
`chroot`
jail makes this error misleading, as it is not
referring to
`/etc/ssl`
on the root filesystem.
The fix is to correct the source file permissions and restart Pages:
```
shell
sudo chmod
644 /opt/gitlab/embedded/ssl/certs/cacert.pem
sudo
gitlab-ctl restart gitlab-pages
```
[
backup
]:
../../raketasks/backup_restore.md
[
ce-14605
]:
https://gitlab.com/gitlab-org/gitlab-foss/issues/14605
[
ee-80
]:
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/80
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment