GitLab redirects to another page, or the old server, when restored to a new server
Description
- After restoring a GitLab backup to a new server, as part of migrating to a new server, attempts to load the new server's login page are redirected elsewhere.
- This can happen even after changing
external_url
ingitlab.rb
and reconfiguring - Visiting the restored site with
curl -v
shows HTTP 302 redirects
Environment
-
Sign-in information is set on source system, and therefore it is also set on restored system
-
Impacted offerings:
- GitLab Self-Managed
Solution
Since you cannot log into the restored system to clear the setting, this must be done from the GitLab rails console.
- Connect to the Rails console of your restored GitLab installation:
- Linux:
sudo gitlab-rails console
- Kubernetes:
kubectl exec -it <toolbox-pod-name> -- gitlab-rails console
- Docker:
docker exec -it <rails-container-id> gitlab-rails console
- Linux:
- Confirm that the Home Path URL is the same as the URL that visitors are 302 redirected to:
pp ApplicationSetting.current.home_path_url
- Clear the Home Path URL application setting:
ApplicationSetting.current.update!(home_path_url: '')
- Exit the Rails console by typing
exit
You may now open a web browser to the new server's external_url
, and it will no longer redirect you.
Cause
If the system that is being migrated has Sign-in information set in it's Sign-in Restrictions, then this is restored along with all the other application settings. All users that are not logged in are redirected to the page represented by the configured Home page URL, if value is not empty.
Additional Information
Example redirect output from curl when broken:
~► curl -v http://34.127.83.216
* Trying 34.127.83.216:80...
* Connected to 34.127.83.216 (34.127.83.216) port 80
> GET / HTTP/1.1
> Host: 34.127.83.216
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 302 Found
< Server: nginx
< Date: Wed, 22 Jan 2025 00:30:33 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: no-cache
< Content-Security-Policy:
< Location: https://example.com/wombat
< Permissions-Policy: interest-cohort=()
< X-Content-Type-Options: nosniff
< X-Download-Options: noopen
< X-Frame-Options: SAMEORIGIN
< X-Gitlab-Meta: {"correlation_id":"01JJ5PP0SNVC74WDH8FAE91SS1","version":"1"}
< X-Permitted-Cross-Domain-Policies: none
< X-Request-Id: 01JJ5PP0SNVC74WDH8FAE91SS1
< X-Runtime: 0.037282
< X-Ua-Compatible: IE=edge
< X-Xss-Protection: 1; mode=block
< Strict-Transport-Security: max-age=63072000
< Referrer-Policy: strict-origin-when-cross-origin
<
* Connection #0 to host 34.127.83.216 left intact
<html><body>You are being <a href="https://example.com/wombat">redirected</a>.</body></html>