在Chrome中以https訪問自己搭建的gitlab站點時經常出現下面的錯誤:
Attackers might be trying to steal your information from xxx.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
xxx.com normally uses encryption to protect your information. When Chrome tried to connect to xxx.com this time, the website sent back unusual and incorrect credentials. Either an attacker is trying to pretend to be xxx.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
You cannot visit xxx.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
出現這個問題時,無法正常訪問gitlab站點,只能換Firefox訪問。
這個問題是兩方面的原因引起的:
1)Chrome檢查證書權威失敗(用的是GoDaddy證書,可能是GoDaddy證書本身的問題);
2)gitlab在http response headers中強制添加了下面的內容:
Strict-Transport-Security: max-age=31536000
這個響應頭會造成Chrome在檢查證書失敗后不允許繼續訪問。
臨時解決方法
修改gitlatb的代碼,用vim打開下面的文件
vi /opt/gitlab/embedded/service/gitlab-rails/app/controllers/application_controller.rb
注釋掉下面的代碼:
# if Gitlab.config.gitlab.https and Gitlab.config.gitlab.port == 443
# headers['Strict-Transport-Security'] = 'max-age=31536000'
# end
然后重啟gitlab服務
gitlab-ctl restart