Commit 0f85f570 authored by Kirill Smelkov's avatar Kirill Smelkov

gitlab: Merge in upstream config updates

This does almost(*) only pure merge. We will slaposify / adjust config
and corresponding md5sum in the following patches.

(*) smtp ssl option is only added as comment.
parents bf688f44 64e2d666
{{ autogenerated }}
# see:
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config.ru
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab-rails-config.ru.erb
# (last updated for omnibus-gitlab 8.6.5+ce.0-0-g342f8be)
# This file is used by Rack-based servers to start the application.
{% from 'macrolib.cfg.in' import cfg with context %}
if defined?(Unicorn)
require 'unicorn'
if ENV['RAILS_ENV'] == 'production' || ENV['RAILS_ENV'] == 'staging'
# Unicorn self-process killer
require 'unicorn/worker_killer'
# Max memory size (RSS) per worker
use Unicorn::WorkerKiller::Oom, ({{ cfg('unicorn_worker_memory_limit_min') }}), ({{ cfg('unicorn_worker_memory_limit_max') }})
end
end
require ::File.expand_path('../config/environment', __FILE__)
map ENV['RAILS_RELATIVE_URL_ROOT'] || "/" do
run Gitlab::Application
end
...@@ -23,5 +23,6 @@ production: ...@@ -23,5 +23,6 @@ production:
socket: socket:
{# not needed for unix socket {# not needed for unix socket
sslmode: <%= single_quote(@db_sslmode) %> sslmode: <%= single_quote(@db_sslmode) %>
sslrootcert: <%= single_quote(@db_sslrootcert) %> sslrootcert: <%= single_quote(@db_sslrootcert) || single_quote(@db_sslca) %>
sslca: <%= single_quote(@db_sslca) || single_quote(@db_sslrootcert) %>
#} #}
...@@ -22,3 +22,5 @@ ...@@ -22,3 +22,5 @@
email = {{ cfg('email_from') }} email = {{ cfg('email_from') }}
[core] [core]
autocrlf = input autocrlf = input
[gc]
auto = 0
...@@ -32,6 +32,14 @@ production: &base ...@@ -32,6 +32,14 @@ production: &base
relative_url_root: <%= @gitlab_relative_url %> relative_url_root: <%= @gitlab_relative_url %>
#} #}
# Trusted Proxies
# Customize if you have GitLab behind a reverse proxy which is running on a different machine.
# Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address.
trusted_proxies:
<% @trusted_proxies.each do |proxy| %>
- <%= proxy %>
<% end %>
# Uncomment and customize if you can't use the default user to run GitLab (default: 'git') # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
user: {{ backend_info.user }} user: {{ backend_info.user }}
...@@ -96,7 +104,7 @@ production: &base ...@@ -96,7 +104,7 @@ production: &base
enabled: <%= @incoming_email_enabled %> enabled: <%= @incoming_email_enabled %>
# The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to. # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
# The `%{key}` placeholder is added after the user part, after a `+` character, before the `@`. # The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
address: <%= single_quote(@incoming_email_address) %> address: <%= single_quote(@incoming_email_address) %>
# Email account username # Email account username
...@@ -176,6 +184,10 @@ production: &base ...@@ -176,6 +184,10 @@ production: &base
stuck_ci_builds_worker: stuck_ci_builds_worker:
cron: <%= @stuck_ci_builds_worker_cron %> cron: <%= @stuck_ci_builds_worker_cron %>
# Remove outdated repository archives
repository_archive_cache_worker:
cron: <%= @repository_archive_cache_worker_cron %>
## ##
# GitLab EE only jobs: # GitLab EE only jobs:
...@@ -187,11 +199,20 @@ production: &base ...@@ -187,11 +199,20 @@ production: &base
update_all_mirrors_worker: update_all_mirrors_worker:
cron: <%= @update_all_mirrors_worker_cron %> cron: <%= @update_all_mirrors_worker_cron %>
# Update remote mirrors
update_all_remote_mirrors_worker:
cron: <%= @update_all_remote_mirrors_worker_cron %>
# In addition to refreshing users when they log in, # In addition to refreshing users when they log in,
# periodically refresh LDAP users membership. # periodically refresh LDAP users membership.
# NOTE: This will only take effect if LDAP is enabled # NOTE: This will only take effect if LDAP is enabled
ldap_sync_worker: ldap_sync_worker:
cron: <%= @ldap_sync_worker_cron %> cron: <%= @ldap_sync_worker_cron %>
# Gitlab Geo nodes notification worker
# NOTE: This will only take effect if Geo is enabled
geo_bulk_notify_worker:
cron: <%= @geo_bulk_notify_worker_cron %>
#} #}
# #
...@@ -303,6 +324,12 @@ production: &base ...@@ -303,6 +324,12 @@ production: &base
# (default: false) # (default: false)
auto_link_saml_user: <%= @omniauth_auto_link_saml_user.to_json %> auto_link_saml_user: <%= @omniauth_auto_link_saml_user.to_json %>
# Set different Omniauth providers as external so that all users creating accounts
# via these providers will not be able to have access to internal projects. You
# will need to use the full name of the provider, like `google_oauth2` for Google.
# Refer to the examples below for the full names of the supported providers.
# (default: [])
external_providers: <%= @omniauth_external_providers.to_json %>
## Auth providers ## Auth providers
# Uncomment the following lines and fill in the data of the auth provider you want to use # Uncomment the following lines and fill in the data of the auth provider you want to use
......
...@@ -99,6 +99,18 @@ server { ...@@ -99,6 +99,18 @@ server {
#} #}
{% endif %} {% endif %}
## Real IP Module Config
## http://nginx.org/en/docs/http/ngx_http_realip_module.html
<% if @real_ip_header %>
real_ip_header <%= @real_ip_header %>;
<% end %>
<% if @real_ip_recursive %>
real_ip_recursive <%= @real_ip_recursive %>;
<% end %>
<% @real_ip_trusted_addresses.each do |trusted_address| %>
set_real_ip_from <%= trusted_address %>;
<% end %>
## Individual nginx logs for this GitLab vhost ## Individual nginx logs for this GitLab vhost
access_log {{ nginx.log }}/gitlab_access.log gitlab_access; access_log {{ nginx.log }}/gitlab_access.log gitlab_access;
error_log {{ nginx.log }}/gitlab_error.log; error_log {{ nginx.log }}/gitlab_error.log;
......
...@@ -18,6 +18,7 @@ if Rails.env.production? ...@@ -18,6 +18,7 @@ if Rails.env.production?
domain: "{{ cfg('smtp_domain') }}", domain: "{{ cfg('smtp_domain') }}",
authentication: :{{ cfg('smtp_authentication') }}, authentication: :{{ cfg('smtp_authentication') }},
enable_starttls_auto: {{ cfg('smtp_enable_starttls_auto') }}, enable_starttls_auto: {{ cfg('smtp_enable_starttls_auto') }},
# ssl:
openssl_verify_mode: '{{ cfg("smtp_openssl_verify_mode") }}' openssl_verify_mode: '{{ cfg("smtp_openssl_verify_mode") }}'
# ca_path: # ca_path:
# ca_file: # ca_file:
......
...@@ -79,3 +79,14 @@ ENV['RAILS_RELATIVE_URL_ROOT'] = "<%= @relative_url %>" ...@@ -79,3 +79,14 @@ ENV['RAILS_RELATIVE_URL_ROOT'] = "<%= @relative_url %>"
<%- end %> <%- end %>
#} #}
<%- if @worker_memory_limit_min %>
# Min memory size (RSS) per worker
ENV['GITLAB_UNICORN_MEMORY_MIN'] = (<%= @worker_memory_limit_min %>).to_s
<%- end %>
<%- if @worker_memory_limit_max %>
# Max memory size (RSS) per worker
ENV['GITLAB_UNICORN_MEMORY_MAX'] = (<%= @worker_memory_limit_max %>).to_s
<%- end %>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment