While trying to proxy my main nginx instance to a GitLab docker container I wasted hours and hours and hours trying to fix the following error:
fatal: unable to access 'https://gitlab.burgundywall.com/kneufeld/myproject.git/': \
SSL read: error:00000000:lib(0):func(0):reason(0), errno 54
It turns out that nginx config option ssl_session_cache
is super f'n important to not screw up. I'm not totally sure what the problem is, but in my main server
clause i had
ssl_session_cache shared:SSL:1m;
and I didn't have any such option in my server gitlab
stanza. So something something something I could not do any git commands via https
.
And even with logging everything looked okay
GIT_CURL_VERBOSE=1 git clone https://gitlab.burgundywall.com/kneufeld/myproject.git
Cloning into 'myproject'...
* Couldn't find host gitlab.burgundywall.com in the .netrc file; using defaults
* Trying 192.168.5.6...
* Connected to gitlab.burgundywall.com (192.168.5.6) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /usr/local/etc/openssl/cert.pem
CApath: none
* NPN, negotiated HTTP1.1
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=gitlab.burgundywall.com
* start date: Sep 3 16:53:00 2016 GMT
* expire date: Dec 2 16:53:00 2016 GMT
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
> GET /kneufeld/myproject.git/info/refs?service=git-upload-pack HTTP/1.1
Host: gitlab.burgundywall.com
User-Agent: git/2.9.3
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache
* SSL read: error:00000000:lib(0):func(0):reason(0), errno 54
* Closing connection 0
fatal: unable to access 'https://gitlab.burgundywall.com/kneufeld/myproject.git/': SSL read: error:00000000:lib(0):func(0):reason(0), errno 54
except it didn't work.
Anyhow, when I finally figured out that ssl_session_cache
was the issue and did some reading I just made sure that each ssl server has it's own cache.
ssl_session_cache shared:SSL-gitlab:1m;
Hours.