Manuel Vacelet (vaceletm)2023-08-29 09:37Status changed from New to ClosedClose date set to 2023-08-29
Jörg Bernau (joerg_bernau)2023-08-28 18:01 last edited by: Jörg Bernau (joerg_bernau) 2023-08-28 20:26 Manuel, THX, you are right. Well git.example.com:443 is the nginx-proxy for gitlab worhhouse. So I removed sys_proxy and ended up in 500: Internal Server Error 2023-08-28T19:49:47+02:00 [18138] [error] Unhandled exception: Encryption key must be SODIUM_CRYPTO_SECRETBOX_KEYBYTES long but is: 0 bytes: *) #0 /usr/share/tuleap/src/common/Cryptography/KeyFactory.php(45): Tuleap\Cryptography\Symmetric\EncryptionKey->__construct() #1 /usr/share/tuleap/plugins/gitlab/include/Repository/Webhook/WebhookCreator.php(99): Tuleap\Cryptography\KeyFactory->getEncryptionKey() #2 /usr/share/tuleap/plugins/gitlab/include/Repository/Webhook/WebhookCreator.php(80): Tuleap\Gitlab\Repository\Webhook\WebhookCreator->createNewGitlabWebhook() #3 /usr/share/tuleap/plugins/gitlab/include/Repository/GitlabRepositoryCreator.php(140): Tuleap\Gitlab\Repository\Webhook\WebhookCreator->generateWebhookInGitlabProject() #4 /usr/share/tuleap/plugins/gitlab/include/Repository/GitlabRepositoryCreator.php(115): Tuleap\Gitlab\Repository\GitlabRepositoryCreator->createGitlabRepositoryIntegration() #5 /usr/share/tuleap/src/vendor/paragonie/easydb/src/EasyDB.php(1263): Tuleap\Gitlab\Repository\GitlabRepositoryCreator->Tuleap\Gitlab\Repository\{closure}() #6 /usr/share/tuleap/src/common/DB/DBTransactionExecutorWithConnection.php(44): ParagonIE\EasyDB\EasyDB->tryFlatTransaction() #7 /usr/share/tuleap/plugins/gitlab/include/Repository/GitlabRepositoryCreator.php(120): Tuleap\DB\DBTransactionExecutorWithConnection->execute() #8 /usr/share/tuleap/plugins/gitlab/include/REST/v1/GitlabRepositoryResource.php(177): Tuleap\Gitlab\Repository\GitlabRepositoryCreator->integrateGitlabRepositoryInProject() #9 [internal function]: Tuleap\Gitlab\REST\v1\GitlabRepositoryResource->createGitlabRepository() #10 /usr/share/tuleap/src/vendor/luracast/restler/vendor/Luracast/Restler/Restler.php(1058): ReflectionMethod->invokeArgs() #11 /usr/share/tuleap/src/vendor/luracast/restler/vendor/Luracast/Restler/Restler.php(304): Luracast\Restler\Restler->call() #12 /usr/share/tuleap/src/www/api/index.php(91): Luracast\Restler\Restler->handle() #13 {main} *) source code modified for debugging FIXED: Just for google search: /etc/tuleap/conf/encryption_secret.key was empty. So close this request. Thanks for your support.
Manuel Vacelet (vaceletm)2023-08-28 09:28 I doubt that git.example.com is actually a proxy server so it's likely that tuleap config-set sys_proxy: git.example.com:443 causes the issue.
Jörg Bernau (joerg_bernau)2023-08-25 17:29 last edited by: Jörg Bernau (joerg_bernau) 2023-08-25 17:34 @vaceletm #> tuleap config-set sys_proxy: git.example.com:443 #> tuleap config-get http_outbound_requests_deny_ranges: 0.0.0.0/0,::/0 #> tuleap config-get http_outbound_requests_allow_ranges: '172.XXX.AAA.192/32,172.XXX.BBB.0/24,192.168.CCC.0/24' with 172.XXX.AAA.192/32 IP to public VPN proxy (nginx) on that gitlab is accessible externally; 172.XXX.BBB.0/24 company's VPN net and 192.168.CCC.0/24 LAN I which both servers are running (tuleap and gitlab are on the same machine)
Jörg Bernau (joerg_bernau)2023-08-25 17:05 @tgerbet Thank you for the notice. I changed it already on the day I submitted this issue.
Thomas Gerbet (tgerbet)2023-08-25 15:46 On a side note you have leaked what looks like a GitLab token, I would strongly recommend to revoke it if it is a valid one.
Manuel Vacelet (vaceletm)2023-08-25 15:41 It's likely that you have a misconfiguration of https://docs.tuleap.org/administration-guide/system-administration/filtering-outbound-requests.html Esp. check for sys_proxy value