Chrome以https访问gitlab的问题：Your connection is not private

最新推荐文章于 2024-07-11 15:09:30 发布

转载最新推荐文章于 2024-07-11 15:09:30 发布 · 1.2k 阅读

0 ·

CC 4.0 BY-SA版权

原文链接：http://www.cnblogs.com/dudu/p/chrome-your-connection-is-not-private.html

文章标签：

#开发工具

本文介绍了使用Chrome浏览器访问自建GitLab站点时遇到的证书验证失败问题，并提供了临时解决方案，涉及Chrome的安全策略及GitLab配置调整。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

在Chrome中以https访问自己搭建的gitlab站点时经常出现下面的错误：

Attackers might be trying to steal your information from xxx.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
xxx.com normally uses encryption to protect your information. When Chrome tried to connect to xxx.com this time, the website sent back unusual and incorrect credentials. Either an attacker is trying to pretend to be xxx.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
You cannot visit xxx.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

出现这个问题时，无法正常访问gitlab站点，只能换Firefox访问。

这个问题是两方面的原因引起的：
1）Chrome检查证书权威失败（用的是GoDaddy证书，可能是GoDaddy证书本身的问题）；
2）gitlab在http response headers中强制添加了下面的内容：

Strict-Transport-Security: max-age=31536000

这个响应头会造成Chrome在检查证书失败后不允许继续访问。

临时解决方法

修改gitlatb的代码，用vim打开下面的文件

vi /opt/gitlab/embedded/service/gitlab-rails/app/controllers/application_controller.rb

注释掉下面的代码：

# if Gitlab.config.gitlab.https and Gitlab.config.gitlab.port == 443
# headers['Strict-Transport-Security'] = 'max-age=31536000'
# end

然后重启gitlab服务

gitlab-ctl restart

参考资料

转载于:https://www.cnblogs.com/dudu/p/chrome-your-connection-is-not-private.html