I’m attempting to use git integration with a “work” gitlab instance that isn’t run by me. Currently, when I attempt the integration I’m getting the following error in the server pod:
{"@type":"type.googleapis.com/google.devtools.clouderrorreporting.v1beta1.ReportedErrorEvent","serviceContext":{"service":"server","version":"0.6.0"},"stack_trace":"InternalOAuthError: Failed to obtain access token\n at GenericOAuth2Strategy.OAuth2Strategy._createOAuthError (/app/node_modules/passport-oauth2/lib/strategy.js:379:17)\n at /app/node_modules/passport-oauth2/lib/strategy.js:166:45\n at patchedCallback (/app/node_modules/@gitpod/server/dist/src/auth/generic-auth-provider.js:859:28)\n at /app/node_modules/oauth/lib/oauth2.js:191:18\n at ClientRequest.<anonymous> (/app/node_modules/oauth/lib/oauth2.js:162:5)\n at ClientRequest.emit (events.js:315:20)\n at ClientRequest.EventEmitter.emit (domain.js:483:12)\n at TLSSocket.socketErrorListener (_http_client.js:426:9)\n at TLSSocket.emit (events.js:315:20)\n at TLSSocket.EventEmitter.emit (domain.js:483:12)\n at emitErrorNT (internal/streams/destroy.js:92:8)\n at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)\n at processTicksAndRejections (internal/process/task_queues.js:84:21)","component":"server","severity":"ERROR","time":"2021-03-27T11:26:32.697Z","environment":"production","region":"local","context":{},"message":"(Auth-With-gitlab.REDACTED) Redirect to /sorry from verify callback","error":"InternalOAuthError: Failed to obtain access token\n at GenericOAuth2Strategy.OAuth2Strategy._createOAuthError (/app/node_modules/passport-oauth2/lib/strategy.js:379:17)\n at /app/node_modules/passport-oauth2/lib/strategy.js:166:45\n at patchedCallback (/app/node_modules/@gitpod/server/dist/src/auth/generic-auth-provider.js:859:28)\n at /app/node_modules/oauth/lib/oauth2.js:191:18\n at ClientRequest.<anonymous> (/app/node_modules/oauth/lib/oauth2.js:162:5)\n at ClientRequest.emit (events.js:315:20)\n at ClientRequest.EventEmitter.emit (domain.js:483:12)\n at TLSSocket.socketErrorListener (_http_client.js:426:9)\n at TLSSocket.emit (events.js:315:20)\n at TLSSocket.EventEmitter.emit (domain.js:483:12)\n at emitErrorNT (internal/streams/destroy.js:92:8)\n at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)\n at processTicksAndRejections (internal/process/task_queues.js:84:21)","payload":"{\n authFlow: {\n host: 'gitlab.REDACTED',\n returnTo: 'https://gitpod.dragns.net/access-control/?updated=gitlab.REDACTED',\n overrideScopes: false\n },\n clientInfo: {\n ua: 'Mozilla/5.0 (X11; CrOS x86_64 13729.45.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36',\n fingerprint: 'd308b9e2d34f51df0ea1dd2c6d149ac14170275d34375515086e70dc0ec96976'\n },\n authProviderId: '5ef08512-0d20-4cb1-91ba-c05fd474f2ec',\n request: IncomingMessage {\n _readableState: ReadableState {\n objectMode: false,\n highWaterMark: 16384,\n buffer: BufferList { head: null, tail: null, length: 0 },\n length: 0,\n pipes: null,\n pipesCount: 0,\n flowing: null,\n ended: true,\n endEmitted: false,\n reading: false,\n sync: true,\n needReadable: false,\n emittedReadable: false,\n readableListening: false,\n resumeScheduled: false,\n emitClose: true,\n autoDestroy: false,\n destroyed: false,\n defaultEncoding: 'utf8',\n awaitDrainWriters: null,\n multiAwaitDrain: false,\n readingMore: true,\n decoder: null,\n encoding: null,\n [Symbol(kPaused)]: null\n },\n readable: true,\n _events: [Object: null prototype] {\n end: [Function: resetHeadersTimeoutOnReqEnd]\n },\n _eventsCount: 1,\n _maxListeners: undefined,\n socket: Socket {\n connecting: false,\n _hadError: false,\n _parent: null,\n _host: null,\n _readableState: [ReadableState],\n readable: true,\n _events: [Object: null prototype],\n _eventsCount: 8,\n _maxListeners: undefined,\n _writableState: [WritableState],\n writable: true,\n allowHalfOpen: true,\n _sockname: null,\n _pendingData: null,\n _pendingEncoding: '',\n server: [Server],\n _server: [Server],\n timeout: 120000,\n parser: [HTTPParser],\n on: [Function: socketListenerWrap],\n addListener: [Function: socketListenerWrap],\n prependListener: [Function: socketListenerWrap],\n _paused: false,\n _httpMessage: [ServerResponse],\n _peername: [Object],\n [Symbol(asyncId)]: 614,\n [Symbol(kHandle)]: [TCP],\n [Symbol(kSetNoDelay)]: false,\n [Symbol(lastWriteQueueSize)]: 0,\n [Symbol(timeout)]: Timeout {\n _idleTimeout: 120000,\n _idlePrev: [TimersList],\n _idleNext: [TimersList],\n _idleStart: 22735,\n _onTimeout: [Function: bound ],\n _timerArgs: undefined,\n _repeat: null,\n _destroyed: false,\n [Symbol(refed)]: false,\n [Symbol(asyncId)]: 679,\n [Symbol(triggerId)]: 616\n },\n [Symbol(kBuffer)]: null,\n [Symbol(kBufferCb)]: null,\n [Symbol(kBufferGen)]: null,\n [Symbol(kCapture)]: false,\n [Symbol(kBytesRead)]: 0,\n [Symbol(kBytesWritten)]: 0\n },\n connection: Socket {\n connecting: false,\n _hadError: false,\n _parent: null,\n _host: null,\n _readableState: [ReadableState],\n readable: true,\n _events: [Object: null prototype],\n _eventsCount: 8,\n _maxListeners: undefined,\n _writableState: [WritableState],\n writable: true,\n allowHalfOpen: true,\n _sockname: null,\n _pendingData: null,\n _pendingEncoding: '',\n server: [Server],\n _server: [Server],\n timeout: 120000,\n parser: [HTTPParser],\n on: [Function: socketListenerWrap],\n addListener: [Function: socketListenerWrap],\n prependListener: [Function: socketListenerWrap],\n _paused: false,\n _httpMessage: [ServerResponse],\n _peername: [Object],\n [Symbol(asyncId)]: 614,\n [Symbol(kHandle)]: [TCP],\n [Symbol(kSetNoDelay)]: false,\n [Symbol(lastWriteQueueSize)]: 0,\n [Symbol(timeout)]: Timeout {\n _idleTimeout: 120000,\n _idlePrev: [TimersList],\n _idleNext: [TimersList],\n _idleStart: 22735,\n _onTimeout: [Function: bound ],\n _timerArgs: undefined,\n _repeat: null,\n _destroyed: false,\n [Symbol(refed)]: false,\n [Symbol(asyncId)]: 679,\n [Symbol(triggerId)]: 616\n },\n [Symbol(kBuffer)]: null,\n [Symbol(kBufferCb)]: null,\n [Symbol(kBufferGen)]: null,\n [Symbol(kCapture)]: false,\n [Symbol(kBytesRead)]: 0,\n [Symbol(kBytesWritten)]: 0\n },\n httpVersionMajor: 1,\n httpVersionMinor: 1,\n httpVersion: '1.1',\n complete: true,\n headers: {\n host: 'gitpod.dragns.net',\n 'x-real-ip': '10.42.2.17',\n 'x-forwarded-for': '10.42.2.17',\n 'x-forwarded-proto': 'https',\n 'x-forwarded-host': 'gitpod.dragns.net:443',\n 'cache-control': 'max-age=0',\n 'upgrade-insecure-requests': '1',\n 'user-agent': 'Mozilla/5.0 (X11; CrOS x86_64 13729.45.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36',\n accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',\n 'sec-fetch-site': 'cross-site',\n 'sec-fetch-mode': 'navigate',\n 'sec-fetch-user': '?1',\n 'sec-fetch-dest': 'document',\n 'sec-ch-ua': '\"Google Chrome\";v=\"89\", \"Chromium\";v=\"89\", \";Not A Brand\";v=\"99\"',\n 'sec-ch-ua-mobile': '?0',\n referer: 'https://gitlab.REDACTED/',\n 'accept-encoding': 'gzip, deflate, br',\n 'accept-language': 'en-US,en;q=0.9',\n cookie: \"_ga=GA1.2.387577407.1600121073; user-platform=ce5a3edc-b049-47fa-83e1-89a1ddfe8444; gitpod-user=loggedIn; theme={%22id%22:%22dark%22%2C%22mode%22:%22dark%22%2C%22colors%22:{%22brand%22:%22#0e639c%22%2C%22brand2%22:%22#1177bb%22%2C%22background1%22:%22#1e1e1e%22%2C%22background2%22:%22#252526%22%2C%22background3%22:%22#1e1e1e%22%2C%22paperShadow%22:%22#000000%22%2C%22fontColor1%22:%22#d4d4d4%22%2C%22fontColor2%22:%22#cccccc%22%2C%22fontColor3%22:%22rgba(255%2C%20255%2C%20255%2C%200.25)%22%2C%22disabled%22:%22rgba(14%2C%2099%2C%20156%2C%200.5)%22}}; _gitpod_dragns_net_=s%3Ae7db344f-ed2e-4f81-a767-beea61a28467.vZlePVq419cn5NxCxbCdOXP5MFQUYu%2FbnJWXroKW01w; _gitpod_dragns_net_ws_4019f076-85b5-49c7-9e25-2ca680fc0c21_owner_=Lf5%23h9c%7Dw%3B%7C%25_Ta-Nus'4%2CX8%7Bl%5B%3EJ8J2\"\n },\n rawHeaders: [\n 'Host',\n 'gitpod.dragns.net',\n 'X-Real-IP',\n '10.42.2.17',\n 'X-Forwarded-For',\n '10.42.2.17',\n 'X-Forwarded-Proto',\n 'https',\n 'X-Forwarded-Host',\n 'gitpod.dragns.net:443',\n 'Cache-Control',\n 'max-age=0',\n 'Upgrade-Insecure-Requests',\n '1',\n 'User-Agent',\n 'Mozilla/5.0 (X11; CrOS x86_64 13729.45.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36',\n 'Accept',\n 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',\n 'Sec-Fetch-Site',\n 'cross-site',\n 'Sec-Fetch-Mode',\n 'navigate',\n 'Sec-Fetch-User',\n '?1',\n 'Sec-Fetch-Dest',\n 'document',\n 'sec-ch-ua',\n '\"Google Chrome\";v=\"89\", \"Chromium\";v=\"89\", \";Not A Brand\";v=\"99\"',\n 'sec-ch-ua-mobile',\n '?0',\n 'Referer',\n 'https://gitlab.REDACTED/',\n 'Accept-Encoding',\n 'gzip, deflate, br',\n 'Accept-Language',\n 'en-US,en;q=0.9',\n 'Cookie',\n \"_ga=GA1.2.387577407.1600121073; user-platform=ce5a3edc-b049-47fa-83e1-89a1ddfe8444; gitpod-user=loggedIn; theme={%22id%22:%22dark%22%2C%22mode%22:%22dark%22%2C%22colors%22:{%22brand%22:%22#0e639c%22%2C%22brand2%22:%22#1177bb%22%2C%22background1%22:%22#1e1e1e%22%2C%22background2%22:%22#252526%22%2C%22background3%22:%22#1e1e1e%22%2C%22paperShadow%22:%22#000000%22%2C%22fontColor1%22:%22#d4d4d4%22%2C%22fontColor2%22:%22#cccccc%22%2C%22fontColor3%22:%22rgba(255%2C%20255%2C%20255%2C%200.25)%22%2C%22disabled%22:%22rgba(14%2C%2099%2C%20156%2C%200.5)%22}}; _gitpod_dragns_net_=s%3Ae7db344f-ed2e-4f81-a767-beea61a28467.vZlePVq419cn5NxCxbCdOXP5MFQUYu%2FbnJWXroKW01w; _gitpod_dragns_net_ws_4019f076-85b5-49c7-9e25-2ca680fc0c21_owner_=Lf5%23h9c%7Dw%3B%7C%25_Ta-Nus'4%2CX8%7Bl%5B%3EJ8J2\"\n ],\n trailers: {},\n rawTrailers: [],\n aborted: false,\n upgrade: false,\n url: '/auth/gitlab.REDACTED/callback?code=1df5ef44209a7f0f51928a44b249abb3049626575e78d752b7983d294b8eeeb6',\n method: 'GET',\n statusCode: null,\n statusMessage: null,\n client: Socket {\n connecting: false,\n _hadError: false,\n _parent: null,\n _host: null,\n _readableState: [ReadableState],\n readable: true,\n _events: [Object: null prototype],\n _eventsCount: 8,\n _maxListeners: undefined,\n _writableState: [WritableState],\n writable: true,\n allowHalfOpen: true,\n _sockname: null,\n _pendingData: null,\n _pendingEncoding: '',\n server: [Server],\n _server: [Server],\n timeout: 120000,\n parser: [HTTPParser],\n on: [Function: socketListenerWrap],\n addListener: [Function: socketListenerWrap],\n prependListener: [Function: socketListenerWrap],\n _paused: false,\n _httpMessage: [ServerResponse],\n _peername: [Object],\n [Symbol(asyncId)]: 614,\n [Symbol(kHandle)]: [TCP],\n [Symbol(kSetNoDelay)]: false,\n [Symbol(lastWriteQueueSize)]: 0,\n [Symbol(timeout)]: Timeout {\n _idleTimeout: 120000,\n _idlePrev: [TimersList],\n _idleNext: [TimersList],\n _idleStart: 22735,\n _onTimeout: [Function: bound ],\n _timerArgs: undefined,\n _repeat: null,\n _destroyed: false,\n [Symbol(refed)]: false,\n [Symbol(asyncId)]: 679,\n [Symbol(triggerId)]: 616\n },\n [Symbol(kBuffer)]: null,\n [Symbol(kBufferCb)]: null,\n [Symbol(kBufferGen)]: null,\n [Symbol(kCapture)]: false,\n [Symbol(kBytesRead)]: 0,\n [Symbol(kBytesWritten)]: 0\n },\n _consuming: false,\n _dumped: false,\n next: [Function: next],\n baseUrl: '',\n originalUrl: '/auth/gitlab.REDACTED/callback?code=1df5ef44209a7f0f51928a44b249abb3049626575e78d752b7983d294b8eeeb6',\n _parsedUrl: Url {\n protocol: null,\n slashes: null,\n auth: null,\n host: null,\n port: null,\n hostname: null,\n hash: null,\n search: '?code=1df5ef44209a7f0f51928a44b249abb3049626575e78d752b7983d294b8eeeb6',\n query: 'code=1df5ef44209a7f0f51928a44b249abb3049626575e78d752b7983d294b8eeeb6',\n pathname: '/auth/gitlab.REDACTED/callback',\n path: '/auth/gitlab.REDACTED/callback?code=1df5ef44209a7f0f51928a44b249abb3049626575e78d752b7983d294b8eeeb6',\n href: '/auth/gitlab.REDACTED/callback?code=1df5ef44209a7f0f51928a44b249abb3049626575e78d752b7983d294b8eeeb6',\n _raw: '/auth/gitlab.REDACTED/callback?code=1df5ef44209a7f0f51928a44b249abb3049626575e78d752b7983d294b8eeeb6'\n },\n params: {},\n query: {\n code: '1df5ef44209a7f0f51928a44b249abb3049626575e78d752b7983d294b8eeeb6'\n },\n res: ServerResponse {\n _events: [Object: null prototype],\n _eventsCount: 1,\n _maxListeners: undefined,\n outputData: [],\n outputSize: 0,\n writable: true,\n _last: false,\n chunkedEncoding: false,\n shouldKeepAlive: true,\n useChunkedEncodingByDefault: true,\n sendDate: true,\n _removedConnection: false,\n _removedContLen: false,\n _removedTE: false,\n _contentLength: null,\n _hasBody: true,\n _trailer: '',\n finished: false,\n _headerSent: false,\n socket: [Socket],\n connection: [Socket],\n _header: null,\n _onPendingData: [Function: bound updateOutgoingData],\n _sent100: false,\n _expect_continue: false,\n req: [Circular],\n locals: [Object: null prototype] {},\n writeHead: [Function: writeHead],\n end: [Function: end],\n [Symbol(kCapture)]: false,\n [Symbol(kNeedDrain)]: false,\n [Symbol(corked)]: 0,\n [Symbol(kOutHeaders)]: [Object: null prototype]\n },\n body: {},\n _parsedOriginalUrl: Url {\n protocol: null,\n slashes: null,\n auth: null,\n host: null,\n port: null,\n hostname: null,\n hash: null,\n search: '?code=1df5ef44209a7f0f51928a44b249abb3049626575e78d752b7983d294b8eeeb6',\n query: 'code=1df5ef44209a7f0f51928a44b249abb3049626575e78d752b7983d294b8eeeb6',\n pathname: '/auth/gitlab.REDACTED/callback',\n path: '/auth/gitlab.REDACTED/callback?code=1df5ef44209a7f0f51928a44b249abb3049626575e78d752b7983d294b8eeeb6',\n href: '/auth/gitlab.REDACTED/callback?code=1df5ef44209a7f0f51928a44b249abb3049626575e78d752b7983d294b8eeeb6',\n _raw: '/auth/gitlab.REDACTED/callback?code=1df5ef44209a7f0f51928a44b249abb3049626575e78d752b7983d294b8eeeb6'\n },\n sessionStore: MySQLStore {\n connection: [Pool],\n options: [Object],\n generate: [Function],\n _events: [Object: null prototype],\n _eventsCount: 2,\n _expirationInterval: Timeout {\n _idleTimeout: 900000,\n _idlePrev: [TimersList],\n _idleNext: [TimersList],\n _idleStart: 2235,\n _onTimeout: [Function: bound ],\n _timerArgs: undefined,\n _repeat: 900000,\n _destroyed: false,\n [Symbol(refed)]: true,\n [Symbol(asyncId)]: 94,\n [Symbol(triggerId)]: 58\n }\n },\n sessionID: 'e7db344f-ed2e-4f81-a767-beea61a28467',\n session: Session {\n cookie: [Object],\n passport: [Object],\n authFlow: undefined,\n tosFlowInfo: undefined\n },\n _passport: { instance: [Authenticator], session: [Object] },\n user: DBUser {\n id: '18a18588-47dc-4742-ae23-b02ba23f85e5',\n creationDate: '2021-02-16T23:33:14.751Z',\n avatarUrl: 'https://avatars.githubusercontent.com/u/6917732?v=4',\n name: 'darkdragn',\n fullName: undefined,\n allowsMarketingCommunication: false,\n blocked: false,\n privileged: false,\n featureFlags: null,\n rolesOrPermissions: [Array],\n markedDeleted: false,\n noReleasePeriod: false,\n additionalData: [Object],\n identities: [Array]\n },\n [Symbol(kCapture)]: false\n },\n err: InternalOAuthError: Failed to obtain access token\n at GenericOAuth2Strategy.OAuth2Strategy._createOAuthError (/app/node_modules/passport-oauth2/lib/strategy.js:379:17)\n at /app/node_modules/passport-oauth2/lib/strategy.js:166:45\n at patchedCallback (/app/node_modules/@gitpod/server/dist/src/auth/generic-auth-provider.js:859:28)\n at /app/node_modules/oauth/lib/oauth2.js:191:18\n at ClientRequest.<anonymous> (/app/node_modules/oauth/lib/oauth2.js:162:5)\n at ClientRequest.emit (events.js:315:20)\n at ClientRequest.EventEmitter.emit (domain.js:483:12)\n at TLSSocket.socketErrorListener (_http_client.js:426:9)\n at TLSSocket.emit (events.js:315:20)\n at TLSSocket.EventEmitter.emit (domain.js:483:12)\n at emitErrorNT (internal/streams/destroy.js:92:8)\n at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)\n at processTicksAndRejections (internal/process/task_queues.js:84:21) {\n oauthError: Error: self signed certificate in certificate chain\n at TLSSocket.onConnectSecure (_tls_wrap.js:1501:34)\n at TLSSocket.emit (events.js:315:20)\n at TLSSocket.EventEmitter.emit (domain.js:483:12)\n at TLSSocket._finishInit (_tls_wrap.js:936:8)\n at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:710:12) {\n code: 'SELF_SIGNED_CERT_IN_CHAIN'\n }\n }\n}"}
To protect the agency that’s hosting the gitlab instance I’ve removed the FQDN for them.
The short and sweet is: oauthError: Error: self signed certificate in certificate chain
Is there an option I can set to allow this server to work with oauth?
Thanks for any input!