Commit 151e676d authored by Achilleas Pipinellis's avatar Achilleas Pipinellis

Merge branch 'docs-code-block-style-5' into 'master'

Fix whitespace in install and integration docs

See merge request gitlab-org/gitlab-ce!30600
parents 3b423390 33c867b7
...@@ -63,6 +63,7 @@ Here's a list of the AWS services we will use, with links to pricing information ...@@ -63,6 +63,7 @@ Here's a list of the AWS services we will use, with links to pricing information
NOTE: **Note:** Please note that while we will be using EBS for storage, we do not recommend using EFS as it may negatively impact GitLab's performance. You can review the [relevant documentation](../../administration/high_availability/nfs.md#avoid-using-awss-elastic-file-system-efs) for more details. NOTE: **Note:** Please note that while we will be using EBS for storage, we do not recommend using EFS as it may negatively impact GitLab's performance. You can review the [relevant documentation](../../administration/high_availability/nfs.md#avoid-using-awss-elastic-file-system-efs) for more details.
## Creating an IAM EC2 instance role and profile ## Creating an IAM EC2 instance role and profile
To minimize the permissions of the user, we'll create a new [IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) To minimize the permissions of the user, we'll create a new [IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html)
role with limited access: role with limited access:
......
...@@ -74,6 +74,7 @@ The first items we need to configure are the basic settings of the underlying vi ...@@ -74,6 +74,7 @@ The first items we need to configure are the basic settings of the underlying vi
public keys)_ public keys)_
1. If you chose **Password** - enter the password you wish to use _(this is the password that you 1. If you chose **Password** - enter the password you wish to use _(this is the password that you
will use later in this tutorial to [SSH] into the VM, so make sure it's a strong password/passphrase)_ will use later in this tutorial to [SSH] into the VM, so make sure it's a strong password/passphrase)_
1. Choose the appropriate `Subscription` tier for your Azure account 1. Choose the appropriate `Subscription` tier for your Azure account
1. Choose an existing `Resource Group` or create a new one - e.g. **"GitLab-CE-Azure"** 1. Choose an existing `Resource Group` or create a new one - e.g. **"GitLab-CE-Azure"**
...@@ -248,6 +249,7 @@ rules in the list: ...@@ -248,6 +249,7 @@ rules in the list:
![Azure - Inbound security rules - List](img/azure-inbound-sec-rules-list.png) ![Azure - Inbound security rules - List](img/azure-inbound-sec-rules-list.png)
## Connecting to GitLab ## Connecting to GitLab
Use the domain name you set up earlier (or the public IP address) to visit your new GitLab instance Use the domain name you set up earlier (or the public IP address) to visit your new GitLab instance
in your browser. If everything has gone according to plan you should be presented with the in your browser. If everything has gone according to plan you should be presented with the
following page, asking you to set a _new_ password for the administrator account automatically following page, asking you to set a _new_ password for the administrator account automatically
...@@ -348,6 +350,7 @@ your VM, you can use the IP address in its place in the following command: ...@@ -348,6 +350,7 @@ your VM, you can use the IP address in its place in the following command:
```bash ```bash
ssh username@your-azure-domain-name.com ssh username@your-azure-domain-name.com
``` ```
Provide your password at the prompt to authenticate. Provide your password at the prompt to authenticate.
#### SSH from Windows (PuTTY) #### SSH from Windows (PuTTY)
......
...@@ -851,6 +851,7 @@ Using a self-signed certificate is discouraged but if you must use it, follow th ...@@ -851,6 +851,7 @@ Using a self-signed certificate is discouraged but if you must use it, follow th
sudo openssl req -newkey rsa:2048 -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key sudo openssl req -newkey rsa:2048 -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key
sudo chmod o-r gitlab.key sudo chmod o-r gitlab.key
``` ```
1. In the `config.yml` of gitlab-shell set `self_signed_cert` to `true`. 1. In the `config.yml` of gitlab-shell set `self_signed_cert` to `true`.
### Enable Reply by email ### Enable Reply by email
......
...@@ -12,6 +12,7 @@ special searches: ...@@ -12,6 +12,7 @@ special searches:
- [Advanced Syntax Search](../user/search/advanced_search_syntax.md) - [Advanced Syntax Search](../user/search/advanced_search_syntax.md)
## Version Requirements ## Version Requirements
<!-- Please remember to update ee/lib/system_check/app/elasticsearch_check.rb if this changes --> <!-- Please remember to update ee/lib/system_check/app/elasticsearch_check.rb if this changes -->
| GitLab version | Elasticsearch version | | GitLab version | Elasticsearch version |
...@@ -511,4 +512,3 @@ Here are some common pitfalls and how to overcome them: ...@@ -511,4 +512,3 @@ Here are some common pitfalls and how to overcome them:
AWS has [fixed limits](http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-limits.html) AWS has [fixed limits](http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-limits.html)
for this setting ("Maximum Size of HTTP Request Payloads"), based on the size of for this setting ("Maximum Size of HTTP Request Payloads"), based on the size of
the underlying instance. the underlying instance.
...@@ -127,7 +127,7 @@ and changing the global Git `sslVerify` option to `false` in the GitLab server. ...@@ -127,7 +127,7 @@ and changing the global Git `sslVerify` option to `false` in the GitLab server.
For omnibus package: For omnibus package:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "github", "name" => "github",
"app_id" => "YOUR_APP_ID", "app_id" => "YOUR_APP_ID",
...@@ -136,7 +136,7 @@ For omnibus package: ...@@ -136,7 +136,7 @@ For omnibus package:
"verify_ssl" => false, "verify_ssl" => false,
"args" => { "scope" => "user:email" } "args" => { "scope" => "user:email" }
} }
] ]
``` ```
You will also need to disable Git SSL verification on the server hosting GitLab. You will also need to disable Git SSL verification on the server hosting GitLab.
...@@ -148,7 +148,7 @@ omnibus_gitconfig['system'] = { "http" => ["sslVerify = false"] } ...@@ -148,7 +148,7 @@ omnibus_gitconfig['system'] = { "http" => ["sslVerify = false"] }
For installation from source: For installation from source:
``` ```
- { name: 'github', app_id: 'YOUR_APP_ID', - { name: 'github', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET', app_secret: 'YOUR_APP_SECRET',
url: "https://github.example.com/", url: "https://github.example.com/",
verify_ssl: false, verify_ssl: false,
......
...@@ -161,13 +161,13 @@ want their accounts to be upgraded to full internal accounts. ...@@ -161,13 +161,13 @@ want their accounts to be upgraded to full internal accounts.
**For Omnibus installations** **For Omnibus installations**
```ruby ```ruby
gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2'] gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
``` ```
**For installations from source** **For installations from source**
```yaml ```yaml
omniauth: omniauth:
external_providers: ['twitter', 'google_oauth2'] external_providers: ['twitter', 'google_oauth2']
``` ```
...@@ -188,21 +188,29 @@ from the Omniauth provider's documentation. ...@@ -188,21 +188,29 @@ from the Omniauth provider's documentation.
- Stop GitLab: - Stop GitLab:
```sh
sudo service gitlab stop sudo service gitlab stop
```
- Add the gem to your [Gemfile](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/Gemfile): - Add the gem to your [Gemfile](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/Gemfile):
```sh
gem "omniauth-your-auth-provider" gem "omniauth-your-auth-provider"
```
- Install the new Omniauth provider gem by running the following command: - Install the new Omniauth provider gem by running the following command:
```sh
sudo -u git -H bundle install --without development test mysql --path vendor/bundle --no-deployment sudo -u git -H bundle install --without development test mysql --path vendor/bundle --no-deployment
```
> These are the same commands you used during initial installation in the [Install Gems section](../install/installation.md#install-gems) with `--path vendor/bundle --no-deployment` instead of `--deployment`. > These are the same commands you used during initial installation in the [Install Gems section](../install/installation.md#install-gems) with `--path vendor/bundle --no-deployment` instead of `--deployment`.
- Start GitLab: - Start GitLab:
```sh
sudo service gitlab start sudo service gitlab start
```
### Examples ### Examples
...@@ -247,7 +255,7 @@ gitlab_rails['omniauth_enabled'] = false ...@@ -247,7 +255,7 @@ gitlab_rails['omniauth_enabled'] = false
**For installations from source** **For installations from source**
```yaml ```yaml
omniauth: omniauth:
enabled: false enabled: false
``` ```
...@@ -258,14 +266,14 @@ You can enable profile syncing from selected OmniAuth providers and for all or f ...@@ -258,14 +266,14 @@ You can enable profile syncing from selected OmniAuth providers and for all or f
When authenticating using LDAP, the user's name and email are always synced. When authenticating using LDAP, the user's name and email are always synced.
```ruby ```ruby
gitlab_rails['sync_profile_from_provider'] = ['twitter', 'google_oauth2'] gitlab_rails['sync_profile_from_provider'] = ['twitter', 'google_oauth2']
gitlab_rails['sync_profile_attributes'] = ['name', 'email', 'location'] gitlab_rails['sync_profile_attributes'] = ['name', 'email', 'location']
``` ```
**For installations from source** **For installations from source**
```yaml ```yaml
omniauth: omniauth:
sync_profile_from_provider: ['twitter', 'google_oauth2'] sync_profile_from_provider: ['twitter', 'google_oauth2']
sync_profile_attributes: ['email', 'location'] sync_profile_attributes: ['email', 'location']
``` ```
...@@ -17,12 +17,14 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create ...@@ -17,12 +17,14 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create
- **Description**: Description for the application. - **Description**: Description for the application.
![Salesforce App Details](img/salesforce_app_details.png) ![Salesforce App Details](img/salesforce_app_details.png)
1. Select **API (Enable OAuth Settings)** and click on **Enable OAuth Settings**. 1. Select **API (Enable OAuth Settings)** and click on **Enable OAuth Settings**.
1. Fill in the application details into the following fields: 1. Fill in the application details into the following fields:
- **Callback URL**: The callback URL of your GitLab installation. For example, `https://gitlab.example.com/users/auth/salesforce/callback`. - **Callback URL**: The callback URL of your GitLab installation. For example, `https://gitlab.example.com/users/auth/salesforce/callback`.
- **Selected OAuth Scopes**: Move **Access your basic information (id, profile, email, address, phone)** and **Allow access to your unique identifier (openid)** to the right column. - **Selected OAuth Scopes**: Move **Access your basic information (id, profile, email, address, phone)** and **Allow access to your unique identifier (openid)** to the right column.
![Salesforce Oauth App Details](img/salesforce_oauth_app_details.png) ![Salesforce Oauth App Details](img/salesforce_oauth_app_details.png)
1. Click **Save**. 1. Click **Save**.
1. On your GitLab server, open the configuration file. 1. On your GitLab server, open the configuration file.
...@@ -64,8 +66,10 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create ...@@ -64,8 +66,10 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create
app_secret: 'SALESFORCE_CLIENT_SECRET' app_secret: 'SALESFORCE_CLIENT_SECRET'
} }
``` ```
1. Change `SALESFORCE_CLIENT_ID` to the Consumer Key from the Salesforce connected application page. 1. Change `SALESFORCE_CLIENT_ID` to the Consumer Key from the Salesforce connected application page.
1. Change `SALESFORCE_CLIENT_SECRET` to the Consumer Secret from the Salesforce connected application page. 1. Change `SALESFORCE_CLIENT_SECRET` to the Consumer Secret from the Salesforce connected application page.
![Salesforce App Secret Details](img/salesforce_app_secret_details.png) ![Salesforce App Secret Details](img/salesforce_app_secret_details.png)
1. Save the configuration file. 1. Save the configuration file.
......
...@@ -97,44 +97,44 @@ The order of the first 2 Location directives is important. If they are reversed, ...@@ -97,44 +97,44 @@ The order of the first 2 Location directives is important. If they are reversed,
you will not get a shibboleth session! you will not get a shibboleth session!
``` ```
<Location /> <Location />
Require all granted Require all granted
ProxyPassReverse http://127.0.0.1:8181 ProxyPassReverse http://127.0.0.1:8181
ProxyPassReverse http://YOUR_SERVER_FQDN/ ProxyPassReverse http://YOUR_SERVER_FQDN/
</Location> </Location>
<Location /users/auth/shibboleth/callback> <Location /users/auth/shibboleth/callback>
AuthType shibboleth AuthType shibboleth
ShibRequestSetting requireSession 1 ShibRequestSetting requireSession 1
ShibUseHeaders On ShibUseHeaders On
Require shib-session Require shib-session
</Location> </Location>
Alias /shibboleth-sp /usr/share/shibboleth Alias /shibboleth-sp /usr/share/shibboleth
<Location /shibboleth-sp> <Location /shibboleth-sp>
Require all granted Require all granted
</Location> </Location>
<Location /Shibboleth.sso> <Location /Shibboleth.sso>
SetHandler shib SetHandler shib
</Location> </Location>
RewriteEngine on RewriteEngine on
#Don't escape encoded characters in api requests #Don't escape encoded characters in api requests
RewriteCond %{REQUEST_URI} ^/api/v4/.* RewriteCond %{REQUEST_URI} ^/api/v4/.*
RewriteCond %{REQUEST_URI} !/Shibboleth.sso RewriteCond %{REQUEST_URI} !/Shibboleth.sso
RewriteCond %{REQUEST_URI} !/shibboleth-sp RewriteCond %{REQUEST_URI} !/shibboleth-sp
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE] RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
#Forward all requests to gitlab-workhorse except existing files #Forward all requests to gitlab-workhorse except existing files
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.* RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteCond %{REQUEST_URI} !/Shibboleth.sso RewriteCond %{REQUEST_URI} !/Shibboleth.sso
RewriteCond %{REQUEST_URI} !/shibboleth-sp RewriteCond %{REQUEST_URI} !/shibboleth-sp
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA] RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
RequestHeader set X_FORWARDED_PROTO 'https' RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on RequestHeader set X-Forwarded-Ssl on
``` ```
...@@ -11,11 +11,17 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe ...@@ -11,11 +11,17 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe
1. Navigate to [Create an App](https://ultraauth.com/select-strategy) and click on "Ruby on Rails". 1. Navigate to [Create an App](https://ultraauth.com/select-strategy) and click on "Ruby on Rails".
1. Scroll down the page that is displayed to locate the **Client ID** and **Client Secret**. 1. Scroll down the page that is displayed to locate the **Client ID** and **Client Secret**.
Keep this page open as you continue configuration. Keep this page open as you continue configuration.
![UltraAuth Credentials: OPENID_CLIENT_ID and OPENID_CLIENT_SECRET](img/ultra_auth_credentials.png) ![UltraAuth Credentials: OPENID_CLIENT_ID and OPENID_CLIENT_SECRET](img/ultra_auth_credentials.png)
1. Click on "Edit Callback URL" link. 1. Click on "Edit Callback URL" link.
![Edit UltraAuth Callback URL](img/ultra_auth_edit_callback_url_highlighted.png) ![Edit UltraAuth Callback URL](img/ultra_auth_edit_callback_url_highlighted.png)
1. The callback URL will be `http(s)://<your_domain>/users/auth/ultraauth/callback` 1. The callback URL will be `http(s)://<your_domain>/users/auth/ultraauth/callback`
![UltraAuth Callback URL](img/ultra_auth_edit_callback_url.png) ![UltraAuth Callback URL](img/ultra_auth_edit_callback_url.png)
1. Select **Register application**. 1. Select **Register application**.
1. On your GitLab server, open the configuration file. 1. On your GitLab server, open the configuration file.
...@@ -31,6 +37,7 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe ...@@ -31,6 +37,7 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe
cd /home/git/gitlab cd /home/git/gitlab
sudo -u git -H editor config/gitlab.yml sudo -u git -H editor config/gitlab.yml
``` ```
1. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings. 1. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings.
1. Add the provider configuration: 1. Add the provider configuration:
...@@ -64,11 +71,13 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe ...@@ -64,11 +71,13 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe
} }
} }
``` ```
__Replace `https://example.com/users/auth/ultraauth/callback` with your application's Callback URL.__ __Replace `https://example.com/users/auth/ultraauth/callback` with your application's Callback URL.__
1. Change `OPENID_CLIENT_ID` to the Client ID from the UltraAuth application page. 1. Change `OPENID_CLIENT_ID` to the Client ID from the UltraAuth application page.
1. Change `OPENID_CLIENT_SECRET` to the Client Secret from the UltraAuth application page. 1. Change `OPENID_CLIENT_SECRET` to the Client Secret from the UltraAuth application page.
1. Save the configuration file. 1. Save the configuration file.
1. [Reconfigure GitLab]( ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure ) or [restart GitLab]( ../administration/restart_gitlab.md#installations-from-source ) for the changes to take effect if you 1. [Reconfigure GitLab](../administration/restart_gitlab.md#omnibus-gitlab-reconfigure) or [restart GitLab](../administration/restart_gitlab.md#installations-from-source) for the changes to take effect if you
installed GitLab via Omnibus or from source respectively. installed GitLab via Omnibus or from source respectively.
On the sign in page, there should now be an UltraAuth icon below the regular sign in form. On the sign in page, there should now be an UltraAuth icon below the regular sign in form.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment