Chrome以https访问gitlab的问题:Your connection is not private
在Chrome中以https访问自己搭建的gitlab站点时经常出现下面的错误:
Attackers might be trying to steal your information from xxx.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
xxx.com normally uses encryption to protect your information. When Chrome tried to connect to xxx.com this time, the website sent back unusual and incorrect credentials. Either an attacker is trying to pretend to be xxx.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
You cannot visit xxx.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
出现这个问题时,无法正常访问gitlab站点,只能换Firefox访问。
这个问题是两方面的原因引起的:
1)Chrome检查证书权威失败(用的是GoDaddy证书,可能是GoDaddy证书本身的问题);
2)gitlab在http response headers中强制添加了下面的内容:
Strict-Transport-Security: max-age=31536000
这个响应头会造成Chrome在检查证书失败后不允许继续访问。
临时解决方法
修改gitlatb的代码,用vim打开下面的文件
vi /opt/gitlab/embedded/service/gitlab-rails/app/controllers/application_controller.rb
注释掉下面的代码:
# if Gitlab.config.gitlab.https and Gitlab.config.gitlab.port == 443
# headers['Strict-Transport-Security'] = 'max-age=31536000'
# end
然后重启gitlab服务
gitlab-ctl restart