Commit 716b93e4 authored by Kirill Smelkov's avatar Kirill Smelkov

gitlab: Merge in upstream config updates

This does only pure merge. We will slaposify / adjust config and
corresponding md5sum in the following patches.

/cc @kazuhiko, @jerome
parents d87fa020 02d0063b
......@@ -28,7 +28,7 @@ production: &base
# WARNING: See config/application.rb under "Relative url support" for the list of
# other files that need to be changed for relative url support
# relative_url_root: /gitlab
relative_url_root: <%= @gitlab_relative_url %>
# Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
user: {{ backend_info.user }}
......@@ -141,6 +141,8 @@ production: &base
host: <%= @pages_host %>
port: <%= @pages_port %>
https: <%= @pages_https %>
external_http: <%= @pages_external_http %>
external_https: <%= @pages_external_https %>
#}
{# we do not support Elasticsearch
......@@ -282,15 +284,22 @@ production: &base
auto_sign_in_with_provider: <%= @omniauth_auto_sign_in_with_provider %>
# CAUTION!
# This allows users to login without having a user account first (default: false).
# This allows users to login without having a user account first. Define the allowed
# providers using an array, e.g. ["saml", "twitter"]
# User accounts will be created automatically when authentication was successful.
allow_single_sign_on: <%= @omniauth_allow_single_sign_on %>
allow_single_sign_on: <%= @omniauth_allow_single_sign_on.to_json %>
# Locks down those users until they have been cleared by the admin (default: true).
block_auto_created_users: <%= @omniauth_block_auto_created_users %>
# Look up new users in LDAP servers. If a match is found (same uid), automatically
# link the omniauth identity with the LDAP account. (default: false)
auto_link_ldap_user: <%= @omniauth_auto_link_ldap_user %>
# Allow users with existing accounts to login and auto link their account via SAML
# login, without having to do a manual login first and manually add SAML
# (default: false)
auto_link_saml_user: <%= @omniauth_auto_link_saml_user.to_json %>
## Auth providers
# Uncomment the following lines and fill in the data of the auth provider you want to use
......
......@@ -56,7 +56,7 @@ server {
#}
server {
listen [{{ backend_info.host }}]:{{ backend_info.port }}{% if cfg_https %} ssl spdy{% endif %};
listen [{{ backend_info.host }}]:{{ backend_info.port }}{% if cfg_https %} ssl http2{% endif %};
{# we don't use: kerbeeros
<% if @kerberos_enabled && @kerberos_use_dedicated_port %>
......@@ -104,7 +104,8 @@ server {
access_log {{ nginx.log }}/gitlab_access.log gitlab_access;
error_log {{ nginx.log }}/gitlab_error.log;
location / {
<% path = @relative_url ? @relative_url : "/" %>
location <%= path %> {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
{{ 'gzip off;' if cfg_https else ''}}
......@@ -117,13 +118,10 @@ server {
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
{% if cfg_https %}
proxy_set_header X-Forwarded-Ssl on;
{% endif %}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto {{ "https" if cfg_https else "http" }};
<% @proxy_set_headers.each do |header| %>
<% next if header[1].nil? %>
proxy_set_header <%= header[0] %> <%= header[1] %>;
<% end %>
proxy_pass http://gitlab-workhorse;
}
......
......@@ -71,3 +71,9 @@ stderr_path '{{ unicorn.log }}/unicorn_stderr.log'
# Where stdout gets logged
stdout_path '{{ unicorn.log }}/unicorn_stdout.log'
<%- if @relative_url %>
# Relative url from where GitLab is served
ENV['RAILS_RELATIVE_URL_ROOT'] = "<%= @relative_url %>"
<%- end %>
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment