Skip to content

G
gitlab-ce
Commit 960d2c88 authored by Evan Read's avatar Evan Read
Browse files
Options

Remove more future tense from documentation

parent caa4847e
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 8 deletions
doc/administration/gitaly/index.md
View file @ 960d2c88
...@@ -22,11 +22,15 @@ In the Gitaly documentation: ...@@ -22,11 +22,15 @@ In the Gitaly documentation:
GitLab end users do not have direct access to Gitaly. Gitaly only manages Git GitLab end users do not have direct access to Gitaly. Gitaly only manages Git
repository access for GitLab. Other types of GitLab data aren't accessed using Gitaly. repository access for GitLab. Other types of GitLab data aren't accessed using Gitaly.
<!-- vale gitlab.FutureTense = NO -->
WARNING: WARNING:
From GitLab 13.0, Gitaly support for NFS is deprecated. As of GitLab 14.0, NFS-related issues From GitLab 13.0, Gitaly support for NFS is deprecated. As of GitLab 14.0, NFS-related issues
with Gitaly will no longer be addressed. Upgrade to [Gitaly Cluster](praefect.md) as soon as with Gitaly will no longer be addressed. Upgrade to [Gitaly Cluster](praefect.md) as soon as
possible. Watch for [tools to enable bulk move](https://gitlab.com/groups/gitlab-org/-/epics/4916) possible. Tools to [enable bulk moves](https://gitlab.com/groups/gitlab-org/-/epics/4916)
of projects to Gitaly Cluster. of projects to Gitaly Cluster are planned.
<!-- vale gitlab.FutureTense = YES -->
## Architecture ## Architecture
......
doc/administration/integration/terminal.md
View file @ 960d2c88
...@@ -27,7 +27,7 @@ In brief: ...@@ -27,7 +27,7 @@ In brief:
- When a user navigates to the terminal page for an environment, they are served - When a user navigates to the terminal page for an environment, they are served
a JavaScript application that opens a WebSocket connection back to GitLab. a JavaScript application that opens a WebSocket connection back to GitLab.
- The WebSocket is handled in [Workhorse](https://gitlab.com/gitlab-org/gitlab-workhorse), - The WebSocket is handled in [Workhorse](https://gitlab.com/gitlab-org/gitlab-workhorse),
rather than the Rails application server. rather than the Rails application server.
- Workhorse queries Rails for connection details and user permissions. Rails - Workhorse queries Rails for connection details and user permissions. Rails
queries Kubernetes for them in the background using [Sidekiq](../troubleshooting/sidekiq.md). queries Kubernetes for them in the background using [Sidekiq](../troubleshooting/sidekiq.md).
- Workhorse acts as a proxy server between the user's browser and the Kubernetes - Workhorse acts as a proxy server between the user's browser and the Kubernetes
...@@ -44,7 +44,7 @@ everything protected with authorization guards. This is described in more ...@@ -44,7 +44,7 @@ everything protected with authorization guards. This is described in more
detail below. detail below.
- Interactive web terminals are completely disabled unless [`[session_server]`](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-session_server-section) is configured. - Interactive web terminals are completely disabled unless [`[session_server]`](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-session_server-section) is configured.
- Every time the runner starts, it will generate an `x509` certificate that will be used for a `wss` (Web Socket Secure) connection. - Every time the runner starts, it generates an `x509` certificate that is used for a `wss` (Web Socket Secure) connection.
- For every created job, a random URL is generated which is discarded at the end of the job. This URL is used to establish a web socket connection. The URL for the session is in the format `(IP|HOST):PORT/session/$SOME_HASH`, where the `IP/HOST` and `PORT` are the configured [`listen_address`](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-session_server-section). - For every created job, a random URL is generated which is discarded at the end of the job. This URL is used to establish a web socket connection. The URL for the session is in the format `(IP|HOST):PORT/session/$SOME_HASH`, where the `IP/HOST` and `PORT` are the configured [`listen_address`](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-session_server-section).
- Every session URL that is created has an authorization header that needs to be sent, to establish a `wss` connection. - Every session URL that is created has an authorization header that needs to be sent, to establish a `wss` connection.
- The session URL is not exposed to the users in any way. GitLab holds all the state internally and proxies accordingly. - The session URL is not exposed to the users in any way. GitLab holds all the state internally and proxies accordingly.
...@@ -72,7 +72,7 @@ guides document the necessary steps for a selection of popular reverse proxies: ...@@ -72,7 +72,7 @@ guides document the necessary steps for a selection of popular reverse proxies:
- [HAProxy](https://www.haproxy.com/blog/websockets-load-balancing-with-haproxy/) - [HAProxy](https://www.haproxy.com/blog/websockets-load-balancing-with-haproxy/)
- [Varnish](https://varnish-cache.org/docs/4.1/users-guide/vcl-example-websockets.html) - [Varnish](https://varnish-cache.org/docs/4.1/users-guide/vcl-example-websockets.html)
Workhorse won't let WebSocket requests through to non-WebSocket endpoints, so Workhorse doesn't let WebSocket requests through to non-WebSocket endpoints, so
it's safe to enable support for these headers globally. If you'd rather had a it's safe to enable support for these headers globally. If you'd rather had a
narrower set of rules, you can restrict it to URLs ending with `/terminal.ws` narrower set of rules, you can restrict it to URLs ending with `/terminal.ws`
(although this may still have a few false positives). (although this may still have a few false positives).
...@@ -85,7 +85,7 @@ document for more details. ...@@ -85,7 +85,7 @@ document for more details.
If you'd like to disable web terminal support in GitLab, just stop passing If you'd like to disable web terminal support in GitLab, just stop passing
the `Connection` and `Upgrade` hop-by-hop headers in the *first* HTTP reverse the `Connection` and `Upgrade` hop-by-hop headers in the *first* HTTP reverse
proxy in the chain. For most users, this will be the NGINX server bundled with proxy in the chain. For most users, this is the NGINX server bundled with
Omnibus GitLab, in which case, you need to: Omnibus GitLab, in which case, you need to:
- Find the `nginx['proxy_set_headers']` section of your `gitlab.rb` file - Find the `nginx['proxy_set_headers']` section of your `gitlab.rb` file
...@@ -95,9 +95,9 @@ Omnibus GitLab, in which case, you need to: ...@@ -95,9 +95,9 @@ Omnibus GitLab, in which case, you need to:
For your own load balancer, just reverse the configuration changes recommended For your own load balancer, just reverse the configuration changes recommended
by the above guides. by the above guides.
When these headers are not passed through, Workhorse will return a When these headers are not passed through, Workhorse returns a
`400 Bad Request` response to users attempting to use a web terminal. In turn, `400 Bad Request` response to users attempting to use a web terminal. In turn,
they will receive a `Connection failed` message. they receive a `Connection failed` message.
## Limiting WebSocket connection time ## Limiting WebSocket connection time
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7