I have Gitlab Omnibus (12.4.2-ee) set up in Ubuntu and was trying to get Gitlab Pages to work with access control turned on. It always returns a 503 after the Gitlab Auth page. Using it with access control turned off works fine.
Gitlab and Gitlab Pages are both running on the same server with Gitlab running on https://gitlab.example.com and pages on https://pages.example.com
I am using Apache to serve the sites and Gitlab's nginx is not enabled.
Both have SSL enabled and http requests will be redirected to https via a RewriteRule.
I have tried turning inplace_chroot on and off and it does not appear to be the problem.
After doing some digging, what I have found is that when Gitlab Pages tries to retrieve the token from https://gitlab.example.com/oauth/token, it is given the redirect response and stops there.
The error in gitlab-ctl tail shows this:
{"error":"Post https://gitlab.example.com/oauth/token: Moved Permanently","host":"examplegroup.pages.example.com","level":"error","msg":"Fetching access token failed","path":"/auth","redirect_uri":"https://examplegroup.pages.example.com/example","state":"...","time":"2019-11-09T01:00:00Z"}
Doing a curl POST to https://gitlab.example.com/oauth/token returns a json response which is different from what the Gitlab Pages Go server is getting.
From /var/log/apache2/other_vhosts_access.log:
gitlab.example.com:80 46.137.245.184 - - [09/Nov/2019:01:00:00 +0000] "CONNECT gitlab.example.com:443 HTTP/1.1" 301 451 "-" "Go-http-client/1.1"
I assume the Gitlab Pages program is not following the 301 that it was given? Could this be a result of something configured wrongly in Apache or with /etc/gitlab/gitlab.rb?
