While trying to proxy my main nginx instance to a GitLab docker container I wasted hours and hours and hours trying to fix the following error:
fatal: unable to access 'https://gitlab.burgundywall.com/kneufeld/myproject.git/': \ SSL read: error:00000000:lib(0):func(0):reason(0), errno 54
It turns out that nginx config option
ssl_session_cache is super f'n important to not screw up. I'm not totally sure what the problem is, but in my main
server clause i had
and I didn't have any such option in my
server gitlab stanza. So something something something I could not do any git commands via
And even with logging everything looked okay
GIT_CURL_VERBOSE=1 git clone https://gitlab.burgundywall.com/kneufeld/myproject.git Cloning into 'myproject'... * Couldn't find host gitlab.burgundywall.com in the .netrc file; using defaults * Trying 192.168.5.6... * Connected to gitlab.burgundywall.com (192.168.5.6) port 443 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /usr/local/etc/openssl/cert.pem CApath: none * NPN, negotiated HTTP1.1 * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=gitlab.burgundywall.com * start date: Sep 3 16:53:00 2016 GMT * expire date: Dec 2 16:53:00 2016 GMT * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 * SSL certificate verify ok. > GET /kneufeld/myproject.git/info/refs?service=git-upload-pack HTTP/1.1 Host: gitlab.burgundywall.com User-Agent: git/2.9.3 Accept: */* Accept-Encoding: gzip Pragma: no-cache * SSL read: error:00000000:lib(0):func(0):reason(0), errno 54 * Closing connection 0 fatal: unable to access 'https://gitlab.burgundywall.com/kneufeld/myproject.git/': SSL read: error:00000000:lib(0):func(0):reason(0), errno 54
except it didn't work.
Anyhow, when I finally figured out that
ssl_session_cache was the issue and did some reading I just made sure that each ssl server has it's own cache.