Update init scripts and installation guide

b3e60816 · Kamil Trzcinski · 44f5645f · b3e60816 · b3e60816 · b3e60816
Commit b3e60816 authored Feb 16, 2016 by Kamil Trzcinski
7 changed files
--- a/doc/install/installation.md
+++ b/doc/install/installation.md
@@ -363,6 +363,14 @@ GitLab Shell is an SSH access and repository management software developed speci
    cd gitlab-workhorse
    sudo -u git -H git checkout 0.6.4
    sudo -u git -H make
+    
+### Install gitlab-pages daemon
+
+    cd /home/git
+    sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-pages.git
+    cd gitlab-pages
+    sudo -u git -H git checkout 0.1.0
+    sudo -u git -H make

 ### Initialize Database and Activate Advanced Features


--- a/doc/pages/README.md
+++ b/doc/pages/README.md
@@ -47,13 +47,42 @@ URL it will be accessible.

 ## Enable the pages feature in your project

-The GitLab Pages feature needs to be explicitly enabled for each project
-under its **Settings**.
+The GitLab Pages feature is enabled when the valid `.gitlab-ci.yml` is configured
+in your project.
+
+## Use custom domain
+
+You can define multiple domains for your pages.
+Go to **Settings > Pages** and click a **New Domain**.
+You will be asked to fill simple form where you put the **Domain** name.
+You can use the specified domain only once.
+
+After adding domain you need to configure your DNS to point to your Pages.
+To do so add the **CNAME** record for your domain pointing to: `walter.example.com`.
+Where `walter` is your group or username.
+
+If you are unable to add a **CNAME**, because your is top-level domain.
+You can check the IP address of server serving GitLab Pages:
+
+    $ dig walter.example.com
+    walter.example.com.		300	IN	A	1.1.1.1
+
+Add a **A** record pointing to **1.1.1.1**.
+
+## Use custom domain with custom certificates
+
+_**Note:** This feature was [introduced][ee-80] in GitLab EE 8.5_
+
+When defining the domain you can also paste the custom certificates.
+You need to paste the certificate with all intermediate certificates required to build a trust chain in PEM format.
+The second you need to send us the private key for your certificate.
+
+_**Note:** This feature was [introduced][ee-80] in GitLab EE 8.5 and needs to be explicitly enabled by your Administrator_

 ## Remove the contents of your pages

 Pages can be explicitly removed from a project by clicking **Remove Pages**
-in a project's **Settings**.
+in a project's **Settings > Pages**.

 ## Explore the contents of .gitlab-ci.yml


--- a/doc/update/8.5-ce-to-ee.md
+++ b/doc/update/8.5-ce-to-ee.md
@@ -47,12 +47,32 @@ sudo -u git -H bundle exec rake db:migrate RAILS_ENV=production
 sudo -u git -H bundle exec rake assets:clean assets:precompile cache:clear RAILS_ENV=production
 ```

-### 4. Start application
+### 4. Install gitlab-pages daemon
+
+    cd /home/git
+    sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-pages.git
+    cd gitlab-pages
+    sudo -u git -H git checkout 0.1.0
+    sudo -u git -H make
+
+### 5. Update the init scripts
+
+Download the init script (will be `/etc/init.d/gitlab`):
+
+    sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab
+
+And if you are installing with a non-default folder or user copy and edit the defaults file:
+
+    sudo cp lib/support/init.d/gitlab.default.example /etc/default/gitlab
+
+**Note:** This is required to have a support for GitLab Pages.
+
+### 6. Start application

    sudo service gitlab start
    sudo service nginx restart

-### 5. Check application status
+### 7. Check application status

 Check if GitLab and its environment are configured correctly:


--- a/lib/support/init.d/gitlab
+++ b/lib/support/init.d/gitlab
@@ -89,6 +89,13 @@ check_pids(){
      mpid=0
    fi
  fi
+  if [ "$gitlab_pages_enabled" = true ]; then
+    if [ -f "$gitlab_pages_pid_path" ]; then
+      gppid=$(cat "$gitlab_pages_pid_path")
+    else
+      gppid=0
+    fi
+  fi
 }

 ## Called when we have started the two processes and are waiting for their pid files.
@@ -144,7 +151,15 @@ check_status(){
      mail_room_status="-1"
    fi
  fi
-  if [ $web_status = 0 ] && [ $sidekiq_status = 0 ] && [ $gitlab_workhorse_status = 0 ] && { [ "$mail_room_enabled" != true ] || [ $mail_room_status = 0 ]; }; then
+  if [ "$gitlab_pages_enabled" = true ]; then
+    if [ $gppid -ne 0 ]; then
+      kill -0 "$gppid" 2>/dev/null
+      gitlab_pages_status="$?"
+    else
+      gitlab_pages_status="-1"
+    fi
+  fi
+  if [ $web_status = 0 ] && [ $sidekiq_status = 0 ] && [ $gitlab_workhorse_status = 0 ] && { [ "$mail_room_enabled" != true ] || [ $mail_room_status = 0 ]; } && { [ "$gitlab_pages_enabled" != true ] || [ $gitlab_pages_status = 0 ]; }; then
    gitlab_status=0
  else
    # http://refspecs.linuxbase.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
@@ -186,12 +201,19 @@ check_stale_pids(){
      exit 1
    fi
  fi
+  if [ "$gitlab_pages_enabled" = true ] && [ "$gppid" != "0" ] && [ "$gitlab_pages_status" != "0" ]; then
+    echo "Removing stale GitLab Pages job dispatcher pid. This is most likely caused by GitLab Pages crashing the last time it ran."
+    if ! rm "$gitlab_pages_pid_path"; then
+      echo "Unable to remove stale pid, exiting"
+      exit 1
+    fi
+  fi
 }

 ## If no parts of the service is running, bail out.
 exit_if_not_running(){
  check_stale_pids
-  if [ "$web_status" != "0" ] && [ "$sidekiq_status" != "0" ] && [ "$gitlab_workhorse_status" != "0" ] && { [ "$mail_room_enabled" != true ] || [ "$mail_room_status" != "0" ]; }; then
+  if [ "$web_status" != "0" ] && [ "$sidekiq_status" != "0" ] && [ "$gitlab_workhorse_status" != "0" ] && { [ "$mail_room_enabled" != true ] || [ "$mail_room_status" != "0" ]; } && { [ "$gitlab_pages_enabled" != true ] || [ "$gitlab_pages_status" != "0" ]; }; then
    echo "GitLab is not running."
    exit
  fi
@@ -213,6 +235,9 @@ start_gitlab() {
  if [ "$mail_room_enabled" = true ] && [ "$mail_room_status" != "0" ]; then
    echo "Starting GitLab MailRoom"
  fi
+  if [ "$mail_room_enabled" = true ] && [ "$gitlab_pages_status" != "0" ]; then
+    echo "Starting GitLab Pages"
+  fi

  # Then check if the service is running. If it is: don't start again.
  if [ "$web_status" = "0" ]; then
@@ -252,6 +277,16 @@ start_gitlab() {
    fi
  fi

+  if [ "$gitlab_pages_enabled" = true ]; then
+    if [ "$gitlab_pages_status" = "0" ]; then
+      echo "The GitLab Pages is already running with pid $spid, not restarting"
+    else
+      $app_root/bin/daemon_with_pidfile $gitlab_pages_pid_path  \
+          $gitlab_pages_dir/gitlab-pages $gitlab_pages_options \
+        >> $gitlab_pages_log 2>&1 &
+    fi
+  fi
+
  # Wait for the pids to be planted
  wait_for_pids
  # Finally check the status to tell wether or not GitLab is running
@@ -278,13 +313,17 @@ stop_gitlab() {
    echo "Shutting down GitLab MailRoom"
    RAILS_ENV=$RAILS_ENV bin/mail_room stop
  fi
+  if [ "$gitlab_pages_status" = "0" ]; then
+    echo "Shutting down gitlab-pages"
+    kill -- $(cat $gitlab_pages_pid_path)
+  fi

  # If something needs to be stopped, lets wait for it to stop. Never use SIGKILL in a script.
-  while [ "$web_status" = "0" ] || [ "$sidekiq_status" = "0" ] || [ "$gitlab_workhorse_status" = "0" ] || { [ "$mail_room_enabled" = true ] && [ "$mail_room_status" = "0" ]; }; do
+  while [ "$web_status" = "0" ] || [ "$sidekiq_status" = "0" ] || [ "$gitlab_workhorse_status" = "0" ] || { [ "$mail_room_enabled" = true ] && [ "$mail_room_status" = "0" ]; } || { [ "$gitlab_pages_enabled" = true ] && [ "$gitlab_pages_status" = "0" ]; }; do
    sleep 1
    check_status
    printf "."
-    if [ "$web_status" != "0" ] && [ "$sidekiq_status" != "0" ] && [ "$gitlab_workhorse_status" != "0" ] && { [ "$mail_room_enabled" != true ] || [ "$mail_room_status" != "0" ]; }; then
+    if [ "$web_status" != "0" ] && [ "$sidekiq_status" != "0" ] && [ "$gitlab_workhorse_status" != "0" ] && { [ "$mail_room_enabled" != true ] || [ "$mail_room_status" != "0" ]; } && { [ "$gitlab_pages_enabled" != true ] || [ "$gitlab_pages_status" != "0" ]; }; then
      printf "\n"
      break
    fi
@@ -298,6 +337,7 @@ stop_gitlab() {
  if [ "$mail_room_enabled" = true ]; then
    rm "$mail_room_pid_path" 2>/dev/null
  fi
+  rm -f "$gitlab_pages_pid_path"

  print_status
 }
@@ -305,7 +345,7 @@ stop_gitlab() {
 ## Prints the status of GitLab and its components.
 print_status() {
  check_status
-  if [ "$web_status" != "0" ] && [ "$sidekiq_status" != "0" ] && [ "$gitlab_workhorse_status" != "0" ] && { [ "$mail_room_enabled" != true ] || [ "$mail_room_status" != "0" ]; }; then
+  if [ "$web_status" != "0" ] && [ "$sidekiq_status" != "0" ] && [ "$gitlab_workhorse_status" != "0" ] && { [ "$mail_room_enabled" != true ] || [ "$mail_room_status" != "0" ]; } && { [ "$gitlab_pages_enabled" != true ] || [ "$gitlab_pages_status" != "0" ]; }; then
    echo "GitLab is not running."
    return
  fi
@@ -331,7 +371,14 @@ print_status() {
        printf "The GitLab MailRoom email processor is \033[31mnot running\033[0m.\n"
    fi
  fi
-  if [ "$web_status" = "0" ] && [ "$sidekiq_status" = "0" ] && [ "$gitlab_workhorse_status" = "0" ] && { [ "$mail_room_enabled" != true ] || [ "$mail_room_status" = "0" ]; }; then
+  if [ "$gitlab_pages_enabled" = true ]; then
+    if [ "$gitlab_pages_status" = "0" ]; then
+        echo "The GitLab Pages with pid $mpid is running."
+    else
+        printf "The GitLab Pages is \033[31mnot running\033[0m.\n"
+    fi
+  fi
+  if [ "$web_status" = "0" ] && [ "$sidekiq_status" = "0" ] && [ "$gitlab_workhorse_status" = "0" ] && { [ "$mail_room_enabled" != true ] || [ "$mail_room_status" = "0" ]; } && { [ "$gitlab_pages_enabled" != true ] || [ "$gitlab_pages_status" = "0" ]; }; then
    printf "GitLab and all its components are \033[32mup and running\033[0m.\n"
  fi
 }
@@ -362,7 +409,7 @@ reload_gitlab(){
 ## Restarts Sidekiq and Unicorn.
 restart_gitlab(){
  check_status
-  if [ "$web_status" = "0" ] || [ "$sidekiq_status" = "0" ] || [ "$gitlab_workhorse" = "0" ] || { [ "$mail_room_enabled" = true ] && [ "$mail_room_status" = "0" ]; }; then
+  if [ "$web_status" = "0" ] || [ "$sidekiq_status" = "0" ] || [ "$gitlab_workhorse" = "0" ] || { [ "$mail_room_enabled" = true ] && [ "$mail_room_status" = "0" ]; } || { [ "$gitlab_pages_enabled" = true ] && [ "$gitlab_pages_status" = "0" ]; }; then
    stop_gitlab
  fi
  start_gitlab

--- a/lib/support/init.d/gitlab.default.example
+++ b/lib/support/init.d/gitlab.default.example
@@ -47,6 +47,19 @@ gitlab_workhorse_pid_path="$pid_path/gitlab-workhorse.pid"
 gitlab_workhorse_options="-listenUmask 0 -listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket -authBackend http://127.0.0.1:8080 -authSocket $socket_path/gitlab.socket -documentRoot $app_root/public"
 gitlab_workhorse_log="$app_root/log/gitlab-workhorse.log"

+# The GitLab Pages Daemon needs to use separate IP address on which it will listen
+# You can also use the different ports (80 or 443) that will be forwarded to GitLab Pages Daemon
+# To enable HTTP support for custom domains:
+#   -listen-http 1.1.1.1:80
+# The value of -listen-http must be set to `gitlab.yml:pages:external_http`
+# To enable HTTPS support for custom domains and certificates:
+#   -listen-https 1.1.1.1:443 -root-cert /path/to/example.com.crt -root-key /path/to/example.com.key
+# The value of -listen-https must be set to `gitlab.yml:pages:external_http`
+# The -pages-domain must be specified the same as in `gitlab.yml`
+gitlab_pages_enabled=true
+gitlab_pages_options="-pages-domain example.com -pages-root $app_root/shared/pages -listen-proxy 127.0.0.1:8282"
+gitlab_pages_log="$app_root/log/gitlab-pages.log"
+
 # mail_room_enabled specifies whether mail_room, which is used to process incoming email, is enabled.
 # This is required for the Reply by email feature.
 # The default is "false"

--- a/lib/support/nginx/gitlab-pages
+++ b/lib/support/nginx/gitlab-pages
@@ -7,21 +7,19 @@ server {
  listen [::]:80 ipv6only=on;

  ## Replace this with something like pages.gitlab.com
-  server_name ~^(?<group>.*)\.YOUR_GITLAB_PAGES\.DOMAIN$;
-  root /home/git/gitlab/shared/pages/${group};
+  server_name *.YOUR_GITLAB_PAGES.DOMAIN;

  ## Individual nginx logs for GitLab pages
  access_log  /var/log/nginx/gitlab_pages_access.log;
  error_log   /var/log/nginx/gitlab_pages_error.log;

-  # 1. Try to get /path/ from shared/pages/${group}/${path}/public/
-  # 2. Try to get / from shared/pages/${group}/${host}/public/
-  location ~ ^/([^/]*)(/.*)?$ {
-    try_files "/$1/public$2"
-              "/$1/public$2/index.html"
-              "/${host}/public/${uri}"
-              "/${host}/public/${uri}/index.html"
-              =404;
+  location / {
+    proxy_set_header    Host                $http_host;
+    proxy_set_header    X-Real-IP           $remote_addr;
+    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+    proxy_set_header    X-Forwarded-Proto   $scheme;
+    # The same address as passed to GitLab Pages: `-listen-proxy`
+    proxy_pass          http://localhost:8282/;
  }

  # Define custom error pages

--- a/lib/support/nginx/gitlab-pages-ssl
+++ b/lib/support/nginx/gitlab-pages-ssl
@@ -11,7 +11,7 @@ server {
  listen [::]:80 ipv6only=on;

  ## Replace this with something like pages.gitlab.com
-  server_name ~^(?<group>.*)\.YOUR_GITLAB_PAGES\.DOMAIN$;
+  server_name *.YOUR_GITLAB_PAGES.DOMAIN;
  server_tokens off; ## Don't show the nginx version number, a security best practice

  return 301  https://$http_host$request_uri;
@@ -26,9 +26,8 @@ server {
  listen [::]:443 ipv6only=on ssl;

  ## Replace this with something like pages.gitlab.com
-  server_name ~^(?<group>.*)\.YOUR_GITLAB_PAGES\.DOMAIN$;
+  server_name *.YOUR_GITLAB_PAGES.DOMAIN;
  server_tokens off; ## Don't show the nginx version number, a security best practice
-  root /home/git/gitlab/shared/pages/${group};

  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
@@ -63,14 +62,13 @@ server {
  access_log  /var/log/nginx/gitlab_pages_access.log;
  error_log   /var/log/nginx/gitlab_pages_error.log;

-  # 1. Try to get /path/ from shared/pages/${group}/${path}/public/
-  # 2. Try to get / from shared/pages/${group}/${host}/public/
-  location ~ ^/([^/]*)(/.*)?$ {
-    try_files "/$1/public$2"
-              "/$1/public$2/index.html"
-              "/${host}/public/${uri}"
-              "/${host}/public/${uri}/index.html"
-              =404;
+  location / {
+    proxy_set_header    Host                $http_host;
+    proxy_set_header    X-Real-IP           $remote_addr;
+    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+    proxy_set_header    X-Forwarded-Proto   $scheme;
+    # The same address as passed to GitLab Pages: `-listen-proxy`
+    proxy_pass          http://localhost:8282/;
  }

  # Define custom error pages