Commit 08874d2b authored by Douwe Maan's avatar Douwe Maan

Make changes to nginx config less likely to break something.

parent 0c4d27e8
...@@ -180,7 +180,7 @@ sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab ...@@ -180,7 +180,7 @@ sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
* HTTP setups: Make `/etc/nginx/sites-available/gitlab` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-8-stable/lib/support/nginx/gitlab but with your settings. * HTTP setups: Make `/etc/nginx/sites-available/gitlab` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-8-stable/lib/support/nginx/gitlab but with your settings.
* HTTPS setups: Make `/etc/nginx/sites-available/gitlab-ssl` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-8-stablef/lib/support/nginx/gitlab-ssl but with your settings. * HTTPS setups: Make `/etc/nginx/sites-available/gitlab-ssl` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-8-stablef/lib/support/nginx/gitlab-ssl but with your settings.
* Take special note of the `location /uploads/` section that has been added, the directives from `# gzip off;` up to `proxy_set_header X-Frame-Options SAMEORIGIN;` that have been moved from `location @gitlab` to `server`, and the `gzip on;` directive that has been added to `location ~ ^/(assets)/`. * A new `location /uploads/` section has been added that needs to have the same content as the existing `location @gitlab` section.
## 9. Start application ## 9. Start application
......
...@@ -77,7 +77,7 @@ git diff origin/7-6-stable:config/gitlab.yml.example origin/7-8-stable:config/gi ...@@ -77,7 +77,7 @@ git diff origin/7-6-stable:config/gitlab.yml.example origin/7-8-stable:config/gi
* HTTP setups: Make `/etc/nginx/sites-available/gitlab` the same as [`lib/support/nginx/gitlab`](/lib/support/nginx/gitlab) but with your settings. * HTTP setups: Make `/etc/nginx/sites-available/gitlab` the same as [`lib/support/nginx/gitlab`](/lib/support/nginx/gitlab) but with your settings.
* HTTPS setups: Make `/etc/nginx/sites-available/gitlab-ssl` the same as [`lib/support/nginx/gitlab-ssl`](/lib/support/nginx/gitlab-ssl) but with your settings. * HTTPS setups: Make `/etc/nginx/sites-available/gitlab-ssl` the same as [`lib/support/nginx/gitlab-ssl`](/lib/support/nginx/gitlab-ssl) but with your settings.
* Take special note of the `location /uploads/` section that has been added, the directives from `# gzip off;` up to `proxy_set_header X-Frame-Options SAMEORIGIN;` that have been moved from `location @gitlab` to `server`, and the `gzip on;` directive that has been added to `location ~ ^/(assets)/`. * A new `location /uploads/` section has been added that needs to have the same content as the existing `location @gitlab` section.
#### Setup time zone (optional) #### Setup time zone (optional)
......
...@@ -50,22 +50,6 @@ server { ...@@ -50,22 +50,6 @@ server {
access_log /var/log/nginx/gitlab_access.log; access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log; error_log /var/log/nginx/gitlab_error.log;
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
# gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
location / { location / {
## Serve static files from defined root folder. ## Serve static files from defined root folder.
## @gitlab is a named location for the upstream fallback, see below. ## @gitlab is a named location for the upstream fallback, see below.
...@@ -74,12 +58,44 @@ server { ...@@ -74,12 +58,44 @@ server {
## We route uploads through GitLab to prevent XSS and enforce access control. ## We route uploads through GitLab to prevent XSS and enforce access control.
location /uploads/ { location /uploads/ {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
# gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab; proxy_pass http://gitlab;
} }
## If a file, which is not found in the root folder is requested, ## If a file, which is not found in the root folder is requested,
## then the proxy passes the request to the upsteam (gitlab unicorn). ## then the proxy passes the request to the upsteam (gitlab unicorn).
location @gitlab { location @gitlab {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
# gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab; proxy_pass http://gitlab;
} }
...@@ -89,7 +105,6 @@ server { ...@@ -89,7 +105,6 @@ server {
## See config/application.rb under "Relative url support" for the list of ## See config/application.rb under "Relative url support" for the list of
## other files that need to be changed for relative url support ## other files that need to be changed for relative url support
location ~ ^/(assets)/ { location ~ ^/(assets)/ {
gzip on;
gzip_static on; # to serve pre-gzipped version gzip_static on; # to serve pre-gzipped version
expires max; expires max;
add_header Cache-Control public; add_header Cache-Control public;
......
...@@ -94,23 +94,6 @@ server { ...@@ -94,23 +94,6 @@ server {
## Individual nginx logs for this GitLab vhost ## Individual nginx logs for this GitLab vhost
access_log /var/log/nginx/gitlab_access.log; access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log; error_log /var/log/nginx/gitlab_error.log;
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
location / { location / {
## Serve static files from defined root folder. ## Serve static files from defined root folder.
...@@ -120,12 +103,46 @@ server { ...@@ -120,12 +103,46 @@ server {
## We route uploads through GitLab to prevent XSS and enforce access control. ## We route uploads through GitLab to prevent XSS and enforce access control.
location /uploads/ { location /uploads/ {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab; proxy_pass http://gitlab;
} }
## If a file, which is not found in the root folder is requested, ## If a file, which is not found in the root folder is requested,
## then the proxy passes the request to the upsteam (gitlab unicorn). ## then the proxy passes the request to the upsteam (gitlab unicorn).
location @gitlab { location @gitlab {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab; proxy_pass http://gitlab;
} }
...@@ -135,7 +152,6 @@ server { ...@@ -135,7 +152,6 @@ server {
## See config/application.rb under "Relative url support" for the list of ## See config/application.rb under "Relative url support" for the list of
## other files that need to be changed for relative url support ## other files that need to be changed for relative url support
location ~ ^/(assets)/ { location ~ ^/(assets)/ {
gzip on;
gzip_static on; # to serve pre-gzipped version gzip_static on; # to serve pre-gzipped version
expires max; expires max;
add_header Cache-Control public; add_header Cache-Control public;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment