Summary
When GITLAB_PAGES_ENABLED=true and GITLAB_PAGES_ACCESS_CONTROL=true, the generated gitlab-pages-config keeps a literal, unsubstituted {{GITLAB_RELATIVE_URL_ROOT}} token, producing an invalid internal-gitlab-server URL. The gitlab-pages daemon then crashes on every start.
Environment
- Image:
sameersbn/gitlab:18.11.2 (logic is also present in master)
- Pages enabled with access control, no relative URL root (GitLab served at domain root)
Symptom
gitlab-pages is FATAL in supervisorctl status, and /var/log/gitlab/gitlab/gitlab-pages.log shows:
ERROR could not create domains config source: parse
"http://127.0.0.1:8080{{GITLAB_RELATIVE_URL_ROOT}}": invalid port
":8080{{GITLAB_RELATIVE_URL_ROOT}}" after host
/home/git/gitlab/gitlab-pages-config contains:
internal-gitlab-server=http://127.0.0.1:8080{{GITLAB_RELATIVE_URL_ROOT}}
Root cause
In assets/runtime/functions, configure_gitlab_pages() substitutes the config differently per branch. The access-control-disabled branch passes GITLAB_RELATIVE_URL_ROOT to update_template:
update_template ${GITLAB_PAGES_CONFIG} \
GITLAB_RELATIVE_URL_ROOT \
GITLAB_PAGES_NAMESPACE_IN_PATH \
GITLAB_PAGES_LOG_VERBOSE \
GITLAB_INSTALL_DIR…but the access-control-enabled branch does not:
update_template ${GITLAB_PAGES_CONFIG} \
GITLAB_PAGES_ACCESS_CLIENT_ID \
GITLAB_PAGES_ACCESS_CLIENT_SECRET \
GITLAB_PAGES_ACCESS_REDIRECT_URI \
GITLAB_PAGES_ACCESS_SECRET \
GITLAB_PAGES_ACCESS_CONTROL_SERVER \
GITLAB_PAGES_NAMESPACE_IN_PATH \
GITLAB_PAGES_LOG_VERBOSE \
GITLAB_INSTALL_DIRSo with access control on, the {{GITLAB_RELATIVE_URL_ROOT}} placeholder in the template is never replaced.
Proposed fix
Add GITLAB_RELATIVE_URL_ROOT to the update_template argument list in the access-control-enabled branch (matching the disabled branch). With an empty GITLAB_RELATIVE_URL_ROOT this yields a valid internal-gitlab-server=http://127.0.0.1:8080.
Workaround
Strip the token after config generation and restart the daemon:
sed -i 's|{{GITLAB_RELATIVE_URL_ROOT}}||g' /home/git/gitlab/gitlab-pages-config
supervisorctl restart gitlab-pages
Summary
When
GITLAB_PAGES_ENABLED=trueandGITLAB_PAGES_ACCESS_CONTROL=true, the generatedgitlab-pages-configkeeps a literal, unsubstituted{{GITLAB_RELATIVE_URL_ROOT}}token, producing an invalidinternal-gitlab-serverURL. Thegitlab-pagesdaemon then crashes on every start.Environment
sameersbn/gitlab:18.11.2(logic is also present inmaster)Symptom
gitlab-pagesisFATALinsupervisorctl status, and/var/log/gitlab/gitlab/gitlab-pages.logshows:/home/git/gitlab/gitlab-pages-configcontains:Root cause
In
assets/runtime/functions,configure_gitlab_pages()substitutes the config differently per branch. The access-control-disabled branch passesGITLAB_RELATIVE_URL_ROOTtoupdate_template:update_template ${GITLAB_PAGES_CONFIG} \ GITLAB_RELATIVE_URL_ROOT \ GITLAB_PAGES_NAMESPACE_IN_PATH \ GITLAB_PAGES_LOG_VERBOSE \ GITLAB_INSTALL_DIR…but the access-control-enabled branch does not:
update_template ${GITLAB_PAGES_CONFIG} \ GITLAB_PAGES_ACCESS_CLIENT_ID \ GITLAB_PAGES_ACCESS_CLIENT_SECRET \ GITLAB_PAGES_ACCESS_REDIRECT_URI \ GITLAB_PAGES_ACCESS_SECRET \ GITLAB_PAGES_ACCESS_CONTROL_SERVER \ GITLAB_PAGES_NAMESPACE_IN_PATH \ GITLAB_PAGES_LOG_VERBOSE \ GITLAB_INSTALL_DIRSo with access control on, the
{{GITLAB_RELATIVE_URL_ROOT}}placeholder in the template is never replaced.Proposed fix
Add
GITLAB_RELATIVE_URL_ROOTto theupdate_templateargument list in the access-control-enabled branch (matching the disabled branch). With an emptyGITLAB_RELATIVE_URL_ROOTthis yields a validinternal-gitlab-server=http://127.0.0.1:8080.Workaround
Strip the token after config generation and restart the daemon:
sed -i 's|{{GITLAB_RELATIVE_URL_ROOT}}||g' /home/git/gitlab/gitlab-pages-config supervisorctl restart gitlab-pages