Enabling SSL For GitLab Results in ERR_CONNECTION_REFUSED

Question

I have had an existing GitLab installation for a few months, and I decided it was time to add a real SSL certificate (not self-signed).

Following the documentation, I change the following line:

external_url 'http://<domain>.com'

to:

external_url 'https://<domain>.com'

And uncommented the following lines:

nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt"
nginx['ssl_certificate_key'] "/etc/gitlab/ssl/gitlab.key"

And just to be sure, I double-checked the key files:

root@host:/etc/gitlab# cat /etc/gitlab/ssl/gitlab.crt
-----BEGIN CERTIFICATE-----
...

root@host:/etc/gitlab# cat /etc/gitlab/ssl/gitlab.key
-----BEGIN PRIVATE KEY-----
...

Then I ran gitlab-ctl reconfigure, and I got a successful message at the end. However, navigating to the GitLab URL, I get an ERR_CONNECTION_REFUSED. When I comment out all the lines above and run gitlab-ctl reconfigure, everything goes back to normal on HTTP port 80.

What might cause nginx to refuse connections when I feed the configuration file two certificates and adjust the URL? Thanks!

Nothing relating to nginx or the URL. That's about all I can think qualifies as relevant. — David, Jan 16 '17 at 02:18
Possible duplicate of [What causes the 'Connection Refused' message?](http://serverfault.com/questions/725262/what-causes-the-connection-refused-message) — user9517, Jan 16 '17 at 07:23
Have you installed an intermediate certificate? does'nt look like it? — Orphans, Jan 16 '17 at 08:41

score 2 · Accepted Answer · answered Jan 16 '17 at 03:54

2

It sounds like GitLab is not listening on 443. The redirect on 80 sends you to 443 where you get Connection Refused. The config should have a listen 443 line (see http://nginx.org/en/docs/http/configuring_https_servers.html) that allows it to receive SSL requests.

Example from the page:

server {
    listen              443 ssl;
    server_name         www.example.com;
    ssl_certificate     www.example.com.crt;
    ssl_certificate_key www.example.com.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ...
}

answered Jan 16 '17 at 03:54

Jason Martin

4,865
15
24

Thanks for the response. It turns out that `/etc/gitlab/gitlab.rb/` - the file you're supposed to put your SSL settings in - did not actually configure the nginx file like it was supposed to. Manually configuring SSL in the built-in nginx bundle solved the problem! – David Jan 16 '17 at 14:21
4

So how exactly can this be fixed? I'm having the same issue, not sure how to proceed – JacobTheDev Dec 15 '17 at 22:33
Anyone else have an answer? Followed the link (Took forever to figure out that the config file is in /var/opt/gitlab/nginx/conf/gitlab-http.conf ) It has TWO server {} configuration sections, the first one for port 80, the 2nd one for SSL, so I configured the 2nd one, but don't know if that is good or not... I just tried flipping which server entry was on top... we will see if that works.. – Traderhut Games Jul 25 '18 at 03:52

Enabling SSL For GitLab Results in ERR_CONNECTION_REFUSED

1 Answers1