Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
13b6bad1
Commit
13b6bad1
authored
Feb 10, 2016
by
Kamil Trzcinski
Committed by
James Edwards-Jones
Jan 31, 2017
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Implement extra domains and save pages configuration
parent
6e99226c
Changes
17
Show whitespace changes
Inline
Side-by-side
Showing
17 changed files
with
249 additions
and
208 deletions
+249
-208
app/controllers/projects/pages_controller.rb
app/controllers/projects/pages_controller.rb
+33
-61
app/helpers/projects_helper.rb
app/helpers/projects_helper.rb
+0
-4
app/models/pages_domain.rb
app/models/pages_domain.rb
+80
-4
app/services/projects/update_pages_configuration_service.rb
app/services/projects/update_pages_configuration_service.rb
+19
-13
app/views/projects/pages/_access.html.haml
app/views/projects/pages/_access.html.haml
+4
-25
app/views/projects/pages/_destroy.haml
app/views/projects/pages/_destroy.haml
+1
-1
app/views/projects/pages/_form.html.haml
app/views/projects/pages/_form.html.haml
+32
-32
app/views/projects/pages/_list.html.haml
app/views/projects/pages/_list.html.haml
+16
-0
app/views/projects/pages/_no_domains.html.haml
app/views/projects/pages/_no_domains.html.haml
+6
-0
app/views/projects/pages/_remove_certificate.html.haml
app/views/projects/pages/_remove_certificate.html.haml
+0
-16
app/views/projects/pages/_upload_certificate.html.haml
app/views/projects/pages/_upload_certificate.html.haml
+0
-32
app/views/projects/pages/index.html.haml
app/views/projects/pages/index.html.haml
+25
-0
app/views/projects/pages/new.html.haml
app/views/projects/pages/new.html.haml
+6
-0
app/views/projects/pages/show.html.haml
app/views/projects/pages/show.html.haml
+21
-17
config/gitlab.yml.example
config/gitlab.yml.example
+2
-0
config/initializers/1_settings.rb
config/initializers/1_settings.rb
+2
-1
config/routes/project.rb
config/routes/project.rb
+2
-2
No files found.
app/controllers/projects/pages_controller.rb
View file @
13b6bad1
...
...
@@ -2,25 +2,45 @@ class Projects::PagesController < Projects::ApplicationController
layout
'project_settings'
before_action
:authorize_update_pages!
,
except:
[
:show
]
before_action
:authorize_remove_pages!
,
only: :destroy
before_action
:authorize_remove_pages!
,
only:
[
:remove_pages
]
before_action
:label
,
only:
[
:destroy
]
before_action
:domain
,
only:
[
:show
]
helper_method
:valid_certificate?
,
:valid_certificate_key?
helper_method
:valid_key_for_certificiate?
,
:valid_certificate_intermediates?
helper_method
:certificate
,
:certificate_key
def
index
@domains
=
@project
.
pages_domains
.
order
(
:domain
)
end
def
show
end
def
update
if
@project
.
update_attributes
(
pages_params
)
def
new
@domain
=
@project
.
pages_domains
.
new
end
def
create
@domain
=
@project
.
pages_domains
.
create
(
pages_domain_params
)
if
@domain
.
valid?
redirect_to
namespace_project_pages_path
(
@project
.
namespace
,
@project
)
else
render
'
sho
w'
render
'
ne
w'
end
end
def
certificate
@project
.
remove_pages_certificate
def
destroy
@domain
.
destroy
respond_to
do
|
format
|
format
.
html
do
redirect_to
(
namespace_project_pages_path
(
@project
.
namespace
,
@project
),
notice:
'Domain was removed'
)
end
format
.
js
end
end
def
destroy
...
...
@@ -33,63 +53,15 @@ class Projects::PagesController < Projects::ApplicationController
private
def
pages_params
params
.
require
(
:project
).
permit
(
:pages_custom_certificate
,
:pages_custom_certificate_key
,
:pages_custom_domain
,
:pages_redirect_http
,
def
pages_domain_params
params
.
require
(
:pages_domain
).
permit
(
:certificate
,
:key
,
:domain
)
end
def
valid_certificate?
certificate
.
present?
end
def
valid_certificate_key?
certificate_key
.
present?
end
def
valid_key_for_certificiate?
return
false
unless
certificate
return
false
unless
certificate_key
# We compare the public key stored in certificate with public key from certificate key
certificate
.
public_key
.
to_pem
==
certificate_key
.
public_key
.
to_pem
rescue
OpenSSL
::
X509
::
CertificateError
,
OpenSSL
::
PKey
::
PKeyError
false
end
def
valid_certificate_intermediates?
return
false
unless
certificate
store
=
OpenSSL
::
X509
::
Store
.
new
store
.
set_default_paths
# This forces to load all intermediate certificates stored in `pages_custom_certificate`
Tempfile
.
open
(
'project_certificate'
)
do
|
f
|
f
.
write
(
@project
.
pages_custom_certificate
)
f
.
flush
store
.
add_file
(
f
.
path
)
end
store
.
verify
(
certificate
)
rescue
OpenSSL
::
X509
::
StoreError
false
end
def
certificate
return
unless
@project
.
pages_custom_certificate
@certificate
||=
OpenSSL
::
X509
::
Certificate
.
new
(
@project
.
pages_custom_certificate
)
rescue
OpenSSL
::
X509
::
CertificateError
nil
end
def
certificate_key
return
unless
@project
.
pages_custom_certificate_key
@certificate_key
||=
OpenSSL
::
PKey
::
RSA
.
new
(
@project
.
pages_custom_certificate_key
)
rescue
OpenSSL
::
PKey
::
PKeyError
,
OpenSSL
::
Cipher
::
CipherError
nil
def
domain
@domain
||=
@project
.
pages_domains
.
find_by
(
domain:
params
[
:id
].
to_s
)
end
end
app/helpers/projects_helper.rb
View file @
13b6bad1
...
...
@@ -85,10 +85,6 @@ module ProjectsHelper
"You are going to remove the pages for
#{
project
.
name_with_namespace
}
.
\n
Are you ABSOLUTELY sure?"
end
def
remove_pages_certificate_message
(
project
)
"You are going to remove a certificates for
#{
project
.
name_with_namespace
}
.
\n
Are you ABSOLUTELY sure?"
end
def
project_nav_tabs
@nav_tabs
||=
get_project_nav_tabs
(
@project
,
current_user
)
end
...
...
app/models/pages_domain.rb
View file @
13b6bad1
...
...
@@ -2,19 +2,25 @@ class PagesDomain < ActiveRecord::Base
belongs_to
:project
validates
:domain
,
hostname:
true
validates_uniqueness_of
:domain
,
allow_nil:
true
,
allow_blank:
tru
e
validates_uniqueness_of
:domain
,
case_sensitive:
fals
e
validates
:certificate
,
certificate:
true
,
allow_nil:
true
,
allow_blank:
true
validates
:key
,
certificate_key:
true
,
allow_nil:
true
,
allow_blank:
true
attr_encrypted
:pages_custom_certificate_key
,
mode: :per_attribute_iv_and_salt
,
key:
Gitlab
::
Application
.
secrets
.
db_key_base
validate
:validate_matching_key
,
if:
->
(
domain
)
{
domain
.
certificate
.
present?
&&
domain
.
key
.
present?
}
validate
:validate_intermediates
,
if:
->
(
domain
)
{
domain
.
certificate
.
present?
}
attr_encrypted
:key
,
mode: :per_attribute_iv_and_salt
,
key:
Gitlab
::
Application
.
secrets
.
db_key_base
after_create
:update
after_save
:update
after_destroy
:update
def
to_param
domain
end
def
url
return
unless
domain
return
unless
Dir
.
exist?
(
project
.
public_pages_path
)
if
certificate
return
"https://
#{
domain
}
"
...
...
@@ -23,7 +29,77 @@ class PagesDomain < ActiveRecord::Base
end
end
def
has_matching_key?
return
unless
x509
return
unless
pkey
# We compare the public key stored in certificate with public key from certificate key
x509
.
check_private_key
(
pkey
)
end
def
has_intermediates?
return
false
unless
x509
store
=
OpenSSL
::
X509
::
Store
.
new
store
.
set_default_paths
# This forces to load all intermediate certificates stored in `certificate`
Tempfile
.
open
(
'certificate_chain'
)
do
|
f
|
f
.
write
(
certificate
)
f
.
flush
store
.
add_file
(
f
.
path
)
end
store
.
verify
(
x509
)
rescue
OpenSSL
::
X509
::
StoreError
false
end
def
expired?
return
false
unless
x509
current
=
Time
.
new
return
current
<
x509
.
not_before
||
x509
.
not_after
<
current
end
def
subject
return
unless
x509
return
x509
.
subject
.
to_s
end
def
fingerprint
return
unless
x509
@fingeprint
||=
OpenSSL
::
Digest
::
SHA256
.
new
(
x509
.
to_der
).
to_s
end
private
def
x509
return
unless
certificate
@x509
||=
OpenSSL
::
X509
::
Certificate
.
new
(
certificate
)
rescue
OpenSSL
::
X509
::
CertificateError
nil
end
def
pkey
return
unless
key
@pkey
||=
OpenSSL
::
PKey
::
RSA
.
new
(
key
)
rescue
OpenSSL
::
PKey
::
PKeyError
,
OpenSSL
::
Cipher
::
CipherError
nil
end
def
update
UpdatePagesConfigurationService
.
new
(
project
).
execute
::
Projects
::
UpdatePagesConfigurationService
.
new
(
project
).
execute
end
def
validate_matching_key
unless
has_matching_key?
self
.
errors
.
add
(
:key
,
"doesn't match the certificate"
)
end
end
def
validate_intermediates
unless
has_intermediates?
self
.
errors
.
add
(
:certificate
,
'misses intermediates'
)
end
end
end
app/services/projects/update_pages_configuration_service.rb
View file @
13b6bad1
...
...
@@ -7,9 +7,7 @@ module Projects
end
def
execute
update_file
(
pages_cname_file
,
project
.
pages_custom_domain
)
update_file
(
pages_certificate_file
,
project
.
pages_custom_certificate
)
update_file
(
pages_certificate_file_key
,
project
.
pages_custom_certificate_key
)
update_file
(
pages_config_file
,
pages_config
)
reload_daemon
success
rescue
=>
e
...
...
@@ -18,6 +16,22 @@ module Projects
private
def
pages_config
{
domains:
pages_domains_config
}
end
def
pages_domains_config
project
.
pages_domains
.
map
do
|
domain
|
{
domain:
domain
.
domain
,
certificate:
domain
.
certificate
,
key:
domain
.
key
,
}
end
end
def
reload_daemon
# GitLab Pages daemon constantly watches for modification time of `pages.path`
# It reloads configuration when `pages.path` is modified
...
...
@@ -28,16 +42,8 @@ module Projects
@pages_path
||=
project
.
pages_path
end
def
pages_cname_file
File
.
join
(
pages_path
,
'CNAME'
)
end
def
pages_certificate_file
File
.
join
(
pages_path
,
'domain.crt'
)
end
def
pages_certificate_key_file
File
.
join
(
pages_path
,
'domain.key'
)
def
pages_config_file
File
.
join
(
pages_path
,
'config.jso'
)
end
def
update_file
(
file
,
data
)
...
...
app/views/projects/pages/_access.html.haml
View file @
13b6bad1
...
...
@@ -5,30 +5,9 @@
.panel-body
%p
%strong
Congratulations! Your pages are served at:
%p
=
link_to
@project
.
pages_url
,
@project
.
pages_url
-
if
Settings
.
pages
.
custom_domain
&&
@project
.
pages_custom_url
%p
=
link_to
@project
.
pages_custom_url
,
@project
.
pages_custom_url
-
if
@project
.
pages_custom_certificate
-
unless
valid_certificate?
#error_explanation
.alert.alert-warning
Your certificate is invalid.
Congratulations! Your pages are served under:
-
unless
valid_certificate_key?
#error_explanation
.alert.alert-warning
Your private key is invalid.
-
unless
valid_key_for_certificiate?
#error_explanation
.alert.alert-warning
Your private key can't be used with your certificate.
%p
=
link_to
@project
.
pages_url
,
@project
.
pages_url
-
unless
valid_certificate_intermediates?
#error_explanation
.alert.alert-warning
Your certificate doesn't have intermediates.
Your page may not work properly.
-
@project
.
pages_domains
.
each
do
|
domain
|
%p
=
link_to
domain
.
url
,
domain
.
url
app/views/projects/pages/_destroy.haml
View file @
13b6bad1
...
...
@@ -3,7 +3,7 @@
.panel-heading
Remove pages
.errors-holder
.panel-body
=
form_tag
(
namespace_project_pages_path
(
@project
.
namespace
,
@project
),
method: :delete
,
class:
'form-horizontal'
)
do
=
form_tag
(
remove_pages_
namespace_project_pages_path
(
@project
.
namespace
,
@project
),
method: :delete
,
class:
'form-horizontal'
)
do
%p
Removing the pages will prevent from exposing them to outside world.
.form-actions
...
...
app/views/projects/pages/_form.html.haml
View file @
13b6bad1
-
if
can?
(
current_user
,
:update_pages
,
@project
)
.panel.panel-default
.panel-heading
Settings
.panel-body
=
form_for
[
@project
],
url:
namespace_project_pages_path
(
@project
.
namespace
,
@project
),
html:
{
class:
'form-horizontal fieldset-form'
}
do
|
f
|
-
if
@project
.
errors
.
any?
=
form_for
[
@domain
],
url:
namespace_project_pages_path
(
@project
.
namespace
,
@project
),
html:
{
class:
'form-horizontal fieldset-form'
}
do
|
f
|
-
if
@domain
.
errors
.
any?
#error_explanation
.alert.alert-danger
-
@project
.
errors
.
full_messages
.
each
do
|
msg
|
-
@domain
.
errors
.
full_messages
.
each
do
|
msg
|
%p
=
msg
.form-group
=
f
.
label
:pages_
domain
,
class:
'control-label'
do
Custom d
omain
=
f
.
label
:
domain
,
class:
'control-label'
do
D
omain
.col-sm-10
-
if
Settings
.
pages
.
custom_domain
=
f
.
text_field
:pages_custom_domain
,
required:
false
,
autocomplete:
'off'
,
class:
'form-control'
%span
.help-inline
Allows you to serve the pages under your domain
=
f
.
text_field
:domain
,
required:
true
,
autocomplete:
'off'
,
class:
'form-control'
%span
.help-inline
* required
-
if
Settings
.
pages
.
external_https
.form-group
=
f
.
label
:certificate
,
class:
'control-label'
do
Certificate (PEM)
.col-sm-10
=
f
.
text_area
:certificate
,
rows:
5
,
class:
'form-control'
,
value:
''
%span
.help-inline
Upload a certificate for your domain with all intermediates
.form-group
=
f
.
label
:key
,
class:
'control-label'
do
Key (PEM)
.col-sm-10
=
f
.
text_area
:key
,
rows:
5
,
class:
'form-control'
,
value:
''
%span
.help-inline
Upload a certificate for your domain with all intermediates
-
else
.nothing-here-block
Support for custom domains and
certificates is disabled.
Support for custom
certificates is disabled.
Ask your system's administrator to enable it.
-
if
Settings
.
pages
.
https
.form-group
.col-sm-offset-2.col-sm-10
.checkbox
=
f
.
label
:pages_redirect_http
do
=
f
.
check_box
:pages_redirect_http
%span
.descr
Force HTTPS
.help-block
Redirect the HTTP to HTTPS forcing to always use the secure connection
.form-actions
=
f
.
submit
'Save changes
'
,
class:
"btn btn-save"
=
f
.
submit
'Create New Domain
'
,
class:
"btn btn-save"
app/views/projects/pages/_list.html.haml
0 → 100644
View file @
13b6bad1
.panel.panel-default
.panel-heading
Domains (
#{
@domains
.
count
}
)
%ul
.well-list
-
@domains
.
each
do
|
domain
|
%li
.pull-right
=
link_to
'Details'
,
namespace_project_page_path
(
@project
.
namespace
,
@project
,
domain
),
class:
"btn btn-sm btn-grouped"
=
link_to
'Remove'
,
namespace_project_page_path
(
@project
.
namespace
,
@project
,
domain
),
data:
{
confirm:
'Are you sure?'
},
method: :delete
,
class:
"btn btn-remove btn-sm btn-grouped"
.clearfix
%span
=
link_to
domain
.
domain
,
domain
.
url
%p
-
if
domain
.
subject
%span
.label.label-gray
Certificate:
#{
domain
.
subject
}
-
if
domain
.
expired?
%span
.label.label-danger
Expired
app/views/projects/pages/_no_domains.html.haml
0 → 100644
View file @
13b6bad1
.panel.panel-default
.panel-heading
Domains
.nothing-here-block
Support for domains and certificates is disabled.
Ask your system's administrator to enable it.
app/views/projects/pages/_remove_certificate.html.haml
deleted
100644 → 0
View file @
6e99226c
-
if
can?
(
current_user
,
:update_pages
,
@project
)
&&
@project
.
pages_custom_certificate
.panel.panel-default.panel.panel-danger
.panel-heading
Remove certificate
.errors-holder
.panel-body
=
form_tag
(
certificates_namespace_project_pages_path
(
@project
.
namespace
,
@project
),
method: :delete
,
class:
'form-horizontal'
)
do
%p
Removing the certificate will stop serving the page under HTTPS.
-
if
certificate
%p
%pre
=
certificate
.
to_text
.form-actions
=
button_to
'Remove certificate'
,
'#'
,
class:
"btn btn-remove js-confirm-danger"
,
data:
{
"confirm-danger-message"
=>
remove_pages_certificate_message
(
@project
)
}
app/views/projects/pages/_upload_certificate.html.haml
deleted
100644 → 0
View file @
6e99226c
-
if
can?
(
current_user
,
:update_pages
,
@project
)
&&
Settings
.
pages
.
https
&&
Settings
.
pages
.
custom_domain
.panel.panel-default
.panel-heading
Certificate
.panel-body
%p
Allows you to upload your certificate which will be used to serve pages under your domain.
%br
=
form_for
[
@project
],
url:
namespace_project_pages_path
(
@project
.
namespace
,
@project
),
html:
{
class:
'form-horizontal fieldset-form'
}
do
|
f
|
-
if
@project
.
errors
.
any?
#error_explanation
.alert.alert-danger
-
@project
.
errors
.
full_messages
.
each
do
|
msg
|
%p
=
msg
.form-group
=
f
.
label
:pages_custom_certificate
,
class:
'control-label'
do
Certificate (PEM)
.col-sm-10
=
f
.
text_area
:pages_custom_certificate
,
required:
true
,
rows:
5
,
class:
'form-control'
,
value:
''
%span
.help-inline
Upload a certificate for your domain with all intermediates
.form-group
=
f
.
label
:pages_custom_certificate_key
,
class:
'control-label'
do
Key (PEM)
.col-sm-10
=
f
.
text_area
:pages_custom_certificate_key
,
required:
true
,
rows:
5
,
class:
'form-control'
,
value:
''
%span
.help-inline
Upload a certificate for your domain with all intermediates
.form-actions
=
f
.
submit
'Update certificate'
,
class:
"btn btn-save"
app/views/projects/pages/index.html.haml
0 → 100644
View file @
13b6bad1
-
page_title
"Pages"
%h3
.page_title
Pages
=
link_to
new_namespace_project_page_path
(
@project
.
namespace
,
@project
),
class:
"btn btn-new pull-right"
,
title:
"New Domain"
do
%i
.fa.fa-plus
New Domain
%p
.light
With GitLab Pages you can host for free your static websites on GitLab.
Combined with the power of GitLab CI and the help of GitLab Runner
you can deploy static pages for your individual projects, your user or your group.
%hr
.clearfix
-
if
Settings
.
pages
.
enabled
=
render
'access'
=
render
'use'
-
if
Settings
.
pages
.
external_http
||
Settings
.
pages
.
external_https
=
render
'list'
-
else
=
render
'no_domains'
=
render
'destroy'
-
else
=
render
'disabled'
app/views/projects/pages/new.html.haml
0 → 100644
View file @
13b6bad1
-
page_title
'Pages'
%h3
.page_title
New Pages Domain
%hr
.clearfix
%div
=
render
'form'
app/views/projects/pages/show.html.haml
View file @
13b6bad1
-
page_title
"Pages"
%h3
.page_title
Pages
%p
.light
With GitLab Pages you can host for free your static websites on GitLab.
Combined with the power of GitLab CI and the help of GitLab Runner
you can deploy static pages for your individual projects, your user or your group.
%hr
-
page_title
"
#{
@domain
.
domain
}
"
,
"Pages Domain"
-
if
Settings
.
pages
.
enabled
=
render
'access'
=
render
'use'
-
if
@project
.
pages_url
=
render
'form'
=
render
'upload_certificate'
=
render
'remove_certificate'
=
render
'destroy'
-
else
=
render
'disabled'
%h3
.page-title
#{
@domain
.
domain
}
.table-holder
%table
.table
%tr
%td
Domain
%td
=
link_to
@domain
.
domain
,
@domain
.
url
%tr
%td
Certificate
%td
-
if
@domain
.
certificate
%pre
=
@domain
.
certificate
.
to_text
-
else
.light
missing
config/gitlab.yml.example
View file @
13b6bad1
...
...
@@ -165,6 +165,8 @@ production: &base
host: example.com
port: 80 # Set to 443 if you serve the pages with HTTPS
https: false # Set to true if you serve the pages with HTTPS
# external_http: "1.1.1.1:80" # if defined notifies the GitLab pages do support Custom Domains
# external_https: "1.1.1.1:443" # if defined notifies the GitLab pages do support Custom Domains with Certificates
## Mattermost
## For enabling Add to Mattermost button
...
...
config/initializers/1_settings.rb
View file @
13b6bad1
...
...
@@ -273,7 +273,8 @@ Settings.pages['https'] = false if Settings.pages['https'].nil?
Settings
.
pages
[
'port'
]
||=
Settings
.
pages
.
https
?
443
:
80
Settings
.
pages
[
'protocol'
]
||=
Settings
.
pages
.
https
?
"https"
:
"http"
Settings
.
pages
[
'url'
]
||=
Settings
.
send
(
:build_pages_url
)
Settings
.
pages
[
'custom_domain'
]
||=
false
if
Settings
.
pages
[
'custom_domain'
].
nil?
Settings
.
pages
[
'external_http'
]
||=
false
if
Settings
.
pages
[
'external_http'
].
nil?
Settings
.
pages
[
'external_https'
]
||=
false
if
Settings
.
pages
[
'external_https'
].
nil?
#
# Git LFS
...
...
config/routes/project.rb
View file @
13b6bad1
...
...
@@ -39,8 +39,8 @@ constraints(ProjectUrlConstrainer.new) do
end
end
resource
:pages
,
only:
[
:show
,
:update
,
:destroy
]
do
delete
:
certificat
es
resource
s
:pages
,
except:
[
:edit
,
:update
]
do
delete
:
remove_pag
es
end
resources
:compare
,
only:
[
:index
,
:create
]
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment