Home  >  Article  >  Development Tools  >  Gitlab cannot be opened after clearing the firewall

Gitlab cannot be opened after clearing the firewall

WBOY
WBOYOriginal
2023-05-17 12:41:07779browse

Among enterprise-level code hosting platforms, GitLab is a highly respected choice. In the daily operation and maintenance of the platform, it is very common to add firewall rules. However, if the firewall rules are set improperly, GitLab may be unable to be accessed. If this happens, users can first consider clearing the firewall. However, some users may find that GitLab is still unable to access normally after clearing the firewall. This article will introduce you to the relevant processing methods in detail.

Problem description

When users clear the firewall, they usually use the following command:

iptables -F

This is done by Flushing (F) all chains (iptables' rule set) restore iptables to its initial state. However, if this command does not resolve the issue, you will find that you cannot access GitLab.

Cause of the problem

There may be many reasons. Before explaining the specific reasons, we need to understand a basic knowledge point, which is GitLab's default port number. The default port number used by GitLab is 80. If the platform uses the HTTPS protocol, the port number will be changed to 443.

When we set up a firewall, we often open a rule with an output port number of 80 in iptables first. However, in the configuration of GitLab, the business agent port number of gitlab-workhorse is not changed to port 80. , some problems will occur at this time.

Processing method

Since the problem is caused by not changing the business agent port number of GitLab, the best solution is to change the configuration file of GitLab. You can use the SSH tool to enter the server where GitLab is located, and use the vim editor to open the GitLab configuration file.

vim /etc/gitlab/gitlab.rb

Search the file for the following:

nginx['listen_port'] = nil
web_server['external_users' ] = []

Modify it to:

nginx['listen_port'] = 80
web_server['external_users'] = ['www-data']

Save and exit, use the following command to reload the configuration file:

gitlab-ctl reconfigure

After completing the above steps, access GitLab through port 80 again, and the problem should be solved .

Reminder

In actual operation, you also need to pay attention to the following points:

  1. GitLab not only uses nginx as the reverse proxy server, but also uses gitlab-workhorse as Business agent. When using iptables to set firewall rules, you need to open the ports of both services at the same time.
  2. Once again, users are reminded to make sure to add GitLab's port to the rule list when configuring the firewall. The port number can be opened with the following command:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT (Port 22 is the SSH port)

  1. Intruders can use port 80 and port 443 to carry out DDoS attacks on the server. Therefore, as a server operation and maintenance personnel, you must always check whether the server's iptable rules are reasonable.

Conclusion

Through the introduction of this article, I believe everyone already knows how to solve the problem of GitLab not being able to open after clearing the firewall. Among enterprise-level code hosting platforms, GitLab is a popular tool that provides us with efficient project management and code hosting. At the same time, firewall settings are also an important part of ensuring server security. I hope that this article can help you use GitLab better and ensure the security and stability of the server.

The above is the detailed content of Gitlab cannot be opened after clearing the firewall. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn