Commit f6f97d72 authored by Kirill Smelkov's avatar Kirill Smelkov

gitlab: Sync upstream configs from omnibus-gitlab

Like 02d0063b - pristine copy from omnibus-gitlab 8.6.5+ce.0-0-g342f8be

Changes are in:

    - gitlab.yml.erb

      * + ldap.sync_time    (we do not use LDAP)
      * artifacts.storage_path -> artifacts.path

    - nginx.conf.erb

      * proxy cache can be configured (gitlab defaults to up to 1GB
        on-disk cache)

            https://gitlab.com/gitlab-org/omnibus-gitlab/commit/8b91c071

        This cache was introduced by upstream instead of accepting
        https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17

        For raw blobs downloading the cache is activated essentially for
        public projects only (only for them cache-control is public)

            https://gitlab.com/gitlab-org/gitlab-ce/commit/fc90d9e5#a587159e3f053514fa2a9a4fa9a9cb56e6928df0_155_157

        The cache is not very effective, and under load can do more harm
        than good:

            https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17#note_4082683

        Since we have fast raw blobs serving by our gitlab-workhorse
        patches, and caches on frontends, for this cache, offhand we are
        not very interested.

    - nginx-gitlab-http.conf.erb

      * nginx can connect to gitlab-workhorse not via unix://  (we
        always use unix://)

      * HTTP/2 support can be disabled (we are going to always support HTTP/2)

      * All static content (except 404,422,500,502) is now served by
        gitlab-workhorse (under nginx), not nginx directly

        https://gitlab.com/gitlab-org/omnibus-gitlab/commit/48dce4ec

The following files stay the same:

    - database.yml.erb
    - gitconfig.erb
    - gitlab-rails-config.ru.erb
    - gitlab-shell-config.yml.erb
    - rack_attack.rb.erb
    - resque.yml.erb
    - smtp_settings.rb.erb
    - unicorn.rb.erb
parent 02d0063b
...@@ -108,7 +108,7 @@ production: &base ...@@ -108,7 +108,7 @@ production: &base
artifacts: artifacts:
enabled: <%= @artifacts_enabled %> enabled: <%= @artifacts_enabled %>
# The location where Build Artifacts are stored (default: shared/artifacts). # The location where Build Artifacts are stored (default: shared/artifacts).
storage_path: <%= @artifacts_path %> path: <%= @artifacts_path %>
## Git LFS ## Git LFS
lfs: lfs:
...@@ -191,6 +191,7 @@ production: &base ...@@ -191,6 +191,7 @@ production: &base
# bundle exec rake gitlab:ldap:check RAILS_ENV=production # bundle exec rake gitlab:ldap:check RAILS_ENV=production
ldap: ldap:
enabled: <%= @ldap_enabled %> enabled: <%= @ldap_enabled %>
sync_time: <%= @ldap_sync_time %>
<% if @ldap_servers.any? %> <% if @ldap_servers.any? %>
servers: servers:
<% @ldap_servers.each do |provider_id, settings| %> <% @ldap_servers.each do |provider_id, settings| %>
......
...@@ -31,7 +31,7 @@ ...@@ -31,7 +31,7 @@
################################### ###################################
upstream gitlab-workhorse { upstream gitlab-workhorse {
server unix:<%= node['gitlab']['gitlab-workhorse']['listen_addr'] %>; server <%= "unix:" if node['gitlab']['gitlab-workhorse']['listen_network'] == "unix" %><%= node['gitlab']['gitlab-workhorse']['listen_addr'] %>;
} }
<% if @https && @redirect_http_to_https %> <% if @https && @redirect_http_to_https %>
...@@ -50,7 +50,7 @@ server { ...@@ -50,7 +50,7 @@ server {
server { server {
<% @listen_addresses.each do |listen_address| %> <% @listen_addresses.each do |listen_address| %>
listen <%= listen_address %>:<%= @listen_port %><% if @https %> ssl http2<% end %>; listen <%= listen_address %>:<%= @listen_port %><% if @https %> ssl<% if @http2_enabled %> http2<% end %><% end %>;
<% if @kerberos_enabled && @kerberos_use_dedicated_port %> <% if @kerberos_enabled && @kerberos_use_dedicated_port %>
listen <%= listen_address %>:<%= @kerberos_port %><% if @kerberos_https %> ssl<% end %>; listen <%= listen_address %>:<%= @kerberos_port %><% if @kerberos_https %> ssl<% end %>;
...@@ -59,7 +59,6 @@ server { ...@@ -59,7 +59,6 @@ server {
<% end %> <% end %>
server_name <%= @fqdn %>; server_name <%= @fqdn %>;
server_tokens off; ## Don't show the nginx version number, a security best practice server_tokens off; ## Don't show the nginx version number, a security best practice
root /opt/gitlab/embedded/service/gitlab-rails/public;
## Increase this if you want to upload large attachments ## Increase this if you want to upload large attachments
## Or if you want to accept large git objects over http ## Or if you want to accept large git objects over http
...@@ -113,5 +112,14 @@ server { ...@@ -113,5 +112,14 @@ server {
proxy_pass http://gitlab-workhorse; proxy_pass http://gitlab-workhorse;
} }
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;
location ~ ^/(404|422|500|502)\.html$ {
root /opt/gitlab/embedded/service/gitlab-rails/public;
internal;
}
<%= @custom_gitlab_server_config %> <%= @custom_gitlab_server_config %>
} }
...@@ -32,6 +32,9 @@ http { ...@@ -32,6 +32,9 @@ http {
include /opt/gitlab/embedded/conf/mime.types; include /opt/gitlab/embedded/conf/mime.types;
proxy_cache_path <%= @proxy_cache_path %>;
proxy_cache <%= @proxy_cache %>;
<% if @gitlab_http_config %> <% if @gitlab_http_config %>
include <%= @gitlab_http_config %>; include <%= @gitlab_http_config %>;
<% end %> <% end %>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment