Commit a60f5f6c authored by Achilleas Pipinellis's avatar Achilleas Pipinellis Committed by James Edwards-Jones

GitLab Pages admin guide clean up [ci skip]

- Fix markdown
- Remove how it works section, maybe add it at a later point
parent ab220022
...@@ -41,56 +41,55 @@ See the relevant documentation at <http://doc.gitlab.com/omnibus/settings/pages. ...@@ -41,56 +41,55 @@ See the relevant documentation at <http://doc.gitlab.com/omnibus/settings/pages.
1. Go to the GitLab installation directory: 1. Go to the GitLab installation directory:
```bash ```bash
cd /home/git/gitlab cd /home/git/gitlab
``` ```
1. Edit `gitlab.yml` and under the `pages` setting, set `enabled` to `true` in 1. Edit `gitlab.yml` and under the `pages` setting, set `enabled` to `true`:
order to enable the pages feature:
```bash
```bash ## GitLab Pages
## GitLab Pages pages:
pages: enabled: true
enabled: true # The location where pages are stored (default: shared/pages).
# The location where pages are stored (default: shared/pages). # path: shared/pages
# path: shared/pages
# The domain under which the pages are served:
# The domain under which the pages are served: # http://group.example.com/project
# http://group.example.com/project # or project path can be a group page: group.example.com
# or project path can be a group page: group.example.com host: example.com
host: example.com port: 80 # Set to 443 if you serve the pages with HTTPS
port: 80 # Set to 443 if you serve the pages with HTTPS https: false # Set to true if you serve the pages with HTTPS
https: false # Set to true if you serve the pages with HTTPS
``` ```
1. Make sure you have copied the new `gitlab-pages` Nginx configuration file: 1. Make sure you have copied the new `gitlab-pages` Nginx configuration file:
```bash ```bash
sudo cp lib/support/nginx/gitlab-pages /etc/nginx/sites-available/gitlab-pages.conf sudo cp lib/support/nginx/gitlab-pages /etc/nginx/sites-available/gitlab-pages.conf
sudo ln -sf /etc/nginx/sites-{available,enabled}/gitlab-pages.conf sudo ln -sf /etc/nginx/sites-{available,enabled}/gitlab-pages.conf
``` ```
Don't forget to add your domain name in the Nginx config. For example if your Don't forget to add your domain name in the Nginx config. For example if
GitLab pages domain is `gitlabpages.com`, replace your GitLab pages domain is `gitlabpages.com`, replace
```bash ```bash
server_name ~^(?<group>.*)\.YOUR_GITLAB_PAGES\.DOMAIN$; server_name ~^(?<group>.*)\.YOUR_GITLAB_PAGES\.DOMAIN$;
``` ```
with with
``` ```
server_name ~^(?<group>.*)\.gitlabpages\.com$; server_name ~^(?<group>.*)\.gitlabpages\.com$;
``` ```
You must be extra careful to not remove the backslashes. You must be extra careful to not remove the backslashes.
1. Restart Nginx and GitLab: 1. Restart Nginx and GitLab:
```bash ```bash
sudo service nginx restart sudo service nginx restart
sudo service gitlab restart sudo service gitlab restart
``` ```
### Running GitLab pages with HTTPS ### Running GitLab pages with HTTPS
...@@ -99,29 +98,29 @@ required. ...@@ -99,29 +98,29 @@ required.
1. In `gitlab.yml`, set the port to `443` and https to `true`: 1. In `gitlab.yml`, set the port to `443` and https to `true`:
```bash ```bash
## GitLab Pages ## GitLab Pages
pages: pages:
enabled: true enabled: true
# The location where pages are stored (default: shared/pages). # The location where pages are stored (default: shared/pages).
# path: shared/pages # path: shared/pages
# The domain under which the pages are served: # The domain under which the pages are served:
# http://group.example.com/project # http://group.example.com/project
# or project path can be a group page: group.example.com # or project path can be a group page: group.example.com
host: gitlabpages.com host: gitlabpages.com
port: 443 # Set to 443 if you serve the pages with HTTPS port: 443 # Set to 443 if you serve the pages with HTTPS
https: true # Set to true if you serve the pages with HTTPS https: true # Set to true if you serve the pages with HTTPS
``` ```
1. Use the `gitlab-pages-ssl` Nginx configuration file 1. Copy the `gitlab-pages-ssl` Nginx configuration file:
```bash ```bash
sudo cp lib/support/nginx/gitlab-pages-ssl /etc/nginx/sites-available/gitlab-pages-ssl.conf sudo cp lib/support/nginx/gitlab-pages-ssl /etc/nginx/sites-available/gitlab-pages-ssl.conf
sudo ln -sf /etc/nginx/sites-{available,enabled}/gitlab-pages.conf sudo ln -sf /etc/nginx/sites-{available,enabled}/gitlab-pages.conf
``` ```
Make sure to edit the config and add your domain as well as correctly point Make sure to edit the config to add your domain as well as correctly point
to the right location where the SSL certificates reside. to the right location where the SSL certificates reside.
## Set maximum pages size ## Set maximum pages size
...@@ -129,18 +128,14 @@ The maximum size of the unpacked archive can be configured in the Admin area ...@@ -129,18 +128,14 @@ The maximum size of the unpacked archive can be configured in the Admin area
under the Application settings in the **Maximum size of pages (MB)**. under the Application settings in the **Maximum size of pages (MB)**.
The default is 100MB. The default is 100MB.
## Security ## Backup
You should strongly consider running GitLab pages under a different hostname Pages are part of the regular backup so there is nothing to configure.
than GitLab to prevent XSS.
## How it works ## Security
- The public/ is extracted from artifacts and content is served as static pages You should strongly consider running GitLab pages under a different hostname
- Pages asynchronous worker use `dd` to limit the unpacked tar size than GitLab to prevent XSS attacks.
- Pages are part of backups
- Pages notify the deployment status using Commit Status API
- Pages use a new sidekiq queue: pages
[ee-80]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/80 [ee-80]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/80
[wiki-wildcard-dns]: https://en.wikipedia.org/wiki/Wildcard_DNS_record [wiki-wildcard-dns]: https://en.wikipedia.org/wiki/Wildcard_DNS_record
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment