<div dir="ltr"><div>I am making a snapshot of the place my VPS it at now with the broken gitlab install.</div><div>I am considering going back to a default gninx configuration and setting up gitlab again. I had it working on a previous build before I decided to start again and openldap for auth. Even though it will break the phpLDAPadmin setup I can compare the /etc/nginx/sites-available/default files to work out how to make a hybrid.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Aug 22, 2020 at 4:06 PM Chris Caston <<a href="mailto:chris@caston.id.au">chris@caston.id.au</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div>Hi everyone,</div><div><br></div>I have installed Ubuntu 20.04 with openldap, nginx and phpLDAPadmin with SSL and basic http auth. This part is working fine but next I want to install gitlab. <br><div><br></div><div>It errors out with:</div><div><br></div><div>```</div><div>There was an error running gitlab-ctl reconfigure:<br><br>letsencrypt_certificate[<a href="http://gitlab.themarketplace.space" target="_blank">gitlab.themarketplace.space</a>]</div><div>``` *snipped*<br></div><div><br></div>I'm a bit uncertain as to how my nginx configuration should be set.<br><br>```<br>sudo nginx -t<br>nginx: the configuration file /etc/nginx/nginx.conf syntax is ok<br>nginx: configuration file /etc/nginx/nginx.conf test is successful``````<br>certbot --nginx -d <a href="http://gitlab.themarketplace.space" target="_blank">gitlab.themarketplace.space</a><br><br>IMPORTANT NOTES:<br> - Unable to install the certificate<br> - Congratulations! Your certificate and chain have been saved at:<br> /etc/letsencrypt/live/<a href="http://gitlab.themarketplace.space/fullchain.pem" target="_blank">gitlab.themarketplace.space/fullchain.pem</a><br> Your key file has been saved at:<br> /etc/letsencrypt/live/<a href="http://gitlab.themarketplace.space/privkey.pem" target="_blank">gitlab.themarketplace.space/privkey.pem</a><br> Your cert will expire on 2020-11-20. To obtain a new or tweaked<br> version of this certificate in the future, simply run certbot again<br> with the "certonly" option. To non-interactively renew *all* of<br> your certificates, run "certbot renew"<br>```<br>I assume that I need to get that working for gitlab will install.<br><br><br><br>```<br>cat /etc/nginx/sites-available/default<br>server {<br>server_name <a href="http://ldap.themarketplace.space" target="_blank">ldap.themarketplace.space</a>;<br><br># document root<br>root /var/www/html;<br>index index.php index.html index.htm;<br><br># application: phpldapadmin<br>location /phpldapadmin {<br>auth_basic "Please authenticate:";<br>auth_basic_user_file /etc/apache2/htpasswd;<br>alias /usr/share/phpldapadmin/htdocs;<br>index index.php index.html index.htm;<br>}<br><br><br><br><br>location ~ ^/phpldapadmin/.*\.php$ {<br>root /usr/share;<br>if ($request_filename !~* htdocs) {<br>rewrite ^/phpldapadmin(/.*)?$ /phpldapadmin/htdocs$1;<br>}<br>fastcgi_pass unix:/run/php/php7.4-fpm.sock;<br>fastcgi_index index.php;<br>fastcgi_param SCRIPT_FILENAME $request_filename;<br>include fastcgi_params;<br>}<br><br># logging<br>error_log /var/log/nginx/phpldapadmin.error.log;<br>access_log /var/log/nginx/phpldapadmin.access.log;<br><br> listen 443 ssl; # managed by Certbot<br> ssl_certificate /etc/letsencrypt/live/<a href="http://ldap.themarketplace.space/fullchain.pem" target="_blank">ldap.themarketplace.space/fullchain.pem</a>; # managed by Certbot<br> ssl_certificate_key /etc/letsencrypt/live/<a href="http://ldap.themarketplace.space/privkey.pem" target="_blank">ldap.themarketplace.space/privkey.pem</a>; # managed by Certbot<br> include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot<br> ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot<br><br>}<br>server {<br> if ($host = <a href="http://ldap.themarketplace.space" target="_blank">ldap.themarketplace.space</a>) {<br> return 301 https://$host$request_uri;<br> } # managed by Certbot<br><br><br>server_name <a href="http://ldap.themarketplace.space" target="_blank">ldap.themarketplace.space</a>;<br>listen 80;<br> return 404; # managed by Certbot<br><br>}```<br>I have four A resource records:</div><div>```<br><a href="http://themarketplace.space" target="_blank">themarketplace.space</a> A 139.180.171.63<br><a href="http://gitlab.themarketplace.space" target="_blank">gitlab.themarketplace.space</a> A 139.180.171.63<br><a href="http://ldap.themarketplace.space" target="_blank">ldap.themarketplace.space</a> A 139.180.171.63<br><a href="http://www.themarketplace.space" target="_blank">www.themarketplace.space</a> A 139.180.171.63</div><div>```<br></div><div>So I'm not sure if my /etc/nginx/sites-available/default should have multiple server blocks each with it's own server_name and exactly what format it needs to be in for gitlab to work.</div><div><br></div><div>Any help would be much appreciated.</div><div><br></div><div>Thank you.</div><div><br></div><div>Chris Caston<br></div></div>
</blockquote></div>