diff --git a/software/gitlab/gitlab-parameters.cfg b/software/gitlab/gitlab-parameters.cfg index 91b3582338d39fdd9bc9bd2285fbf53cab1c918b..970d117b55d439c03eeed75847ffb49a6f86ceed 100644 --- a/software/gitlab/gitlab-parameters.cfg +++ b/software/gitlab/gitlab-parameters.cfg @@ -6,7 +6,7 @@ # # TODO better autogenerate from ^^^ (?) # -# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) +# (last updated for omnibus-gitlab 8.4.2+ce.0-3-g68d5ee8) [gitlab-parameters] configuration.external_url = http://lab.example.com @@ -45,8 +45,6 @@ configuration.default_projects_features.issues = true configuration.default_projects_features.merge_requests = true configuration.default_projects_features.wiki = true configuration.default_projects_features.snippets = true -# NOTE can be public|private|internal -configuration.default_projects_features.visibility_level= public #configuration.default_projects_features.builds = false configuration.webhook_timeout = 10 @@ -72,12 +70,12 @@ configuration.unicorn_worker_processes = 2 # unicorn advanced configuration.unicorn_backlog_socket = 1024 -configuration.unicorn_worker_memory_limit_min = 200*(1024**2) -configuration.unicorn_worker_memory_limit_max = 250*(1024**2) +configuration.unicorn_worker_memory_limit_min = 300*(1024**2) +configuration.unicorn_worker_memory_limit_max = 350*(1024**2) # nginx -configuration.nginx_client_max_body_size = 250m +configuration.nginx_client_max_body_size = 0 # NOTE: we don't really need old ciphers - usually we talk directly to frontend only configuration.nginx_ssl_ciphers = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 diff --git a/software/gitlab/gitlab-unicorn-startup.in b/software/gitlab/gitlab-unicorn-startup.in index 590304e701c153e81ae2ed4735716015f594b649..3f58bf8e2147d366a4945a27f8e878d742205945 100644 --- a/software/gitlab/gitlab-unicorn-startup.in +++ b/software/gitlab/gitlab-unicorn-startup.in @@ -15,11 +15,21 @@ die() { # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/recipes/postgresql.rb # initial db setup -pgtables="$({{ psql_bin }} \ - -h {{ pgsql['pgdata-directory'] }} \ - -U {{ pgsql.superuser }} \ - -d {{ pgsql.dbname }} \ - -c '\d')" || die "pg query problem" +# ( first quering PG several times waiting a bit till postgresql is started and ready ) +tpgwait=5 +while true; do + pgtables="$({{ psql_bin }} \ + -h {{ pgsql['pgdata-directory'] }} \ + -U {{ pgsql.superuser }} \ + -d {{ pgsql.dbname }} \ + -c '\d')" && break + + tpgwait=$(( $tpgwait - 1 )) + test $tpgwait = 0 && die "pg query problem" + echo "I: PostgreSQL is not ready (yet ?); will retry $tpgwait times..." 1>&2 + sleep 1 +done +echo "I: PostgreSQL ready." 1>&2 if echo "$pgtables" | grep -q '^No relations found' ; then $RAKE db:schema:load db:seed_fu || die "initial db setup failed" diff --git a/software/gitlab/instance-gitlab.cfg.in b/software/gitlab/instance-gitlab.cfg.in index 3d2548bb0b24a271bd434aec22ec894623a4bf55..7aeee3f956e8b8dca242c7635c2a679f18c20d2a 100644 --- a/software/gitlab/instance-gitlab.cfg.in +++ b/software/gitlab/instance-gitlab.cfg.in @@ -118,6 +118,10 @@ var = ${directory:var}/gitlab tmp = ${:var}/tmp uploads = ${:var}/uploads assets = ${:var}/assets +shared = ${:var}/shared +artifacts = ${:shared}/artifacts +lfs-objects = ${:shared}/lfs-objects +builds = ${:var}/builds backup = ${directory:var}/backup [gitlab-repo-dir] @@ -139,6 +143,10 @@ var = ${gitlab-dir:var} tmp = ${gitlab-dir:tmp} uploads = ${gitlab-dir:uploads} assets = ${gitlab-dir:assets} +shared = ${gitlab-dir:shared} +artifacts = ${gitlab-dir:artifacts} +lfs-objects = ${gitlab-dir:lfs-objects} +builds = ${gitlab-dir:builds} backup = ${gitlab-dir:backup} repositories = ${gitlab-repo-xdir:repositories} @@ -241,7 +249,6 @@ context-extra = section nginx nginx section gitlab_work gitlab-work section gitlab_workhorse gitlab-workhorse - section unicorn unicorn [rack_attack.rb] <= gitlab-etc-template @@ -358,14 +365,16 @@ update-command = <= work-base software = {{ gitlab_repository_location }} tune-command = -# secret* config.ru tmp/ log/ +# secret* config.ru tmp/ log/ shared/ builds/ rm -f .secret && rm -f config.ru && - rm -rf log tmp && + rm -rf log tmp shared builds && ln -sf ${secrets:secrets}/gitlab_rails_secret .secret && ln -sf ${config.ru:rendered} config.ru && ln -sf ${gitlab:log} log && ln -sf ${gitlab:tmp} tmp && + ln -sf ${gitlab:shared} shared && + ln -sf ${gitlab:builds} builds && # config/ cd config && ln -sf ${unicorn.rb:rendered} unicorn.rb && @@ -515,6 +524,7 @@ command-line = {{ gitlab_workhorse }} -listenNetwork unix -listenAddr ${gitlab-workhorse:socket} -authSocket ${unicorn:socket} + -documentRoot ${gitlab-work:location}/public # NOTE for profiling # -pprofListenAddr ... @@ -532,10 +542,7 @@ depend = [promise-gitlab-workhorse] <= promise-byurl -# gitlab-workhorse works on repositories. Here we only check it accepts an -# serves requests, so request is non-existent URL and expected code is 403 -url = --unix-socket ${gitlab-workhorse:socket} http:/non-existent -http_code = 403 +url = --unix-socket ${gitlab-workhorse:socket} http:/static.css # gitlab-workhorse logs to stdout/stderr - logs are handled by slapos not us @@ -625,7 +632,7 @@ log = ${sidekiq-dir:log} # NOTE see queue list here: # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/Procfile # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/sv-sidekiq-run.erb -# (last updated for ominbus-gitlab 8.2.3+ce.0-0-g8eda093) +# (last updated for omnibus-gitlab 8.4.2+ce.0-3-g68d5ee8) [service-sidekiq] recipe = slapos.cookbook:wrapper wrapper-path = ${directory:service}/sidekiq @@ -638,6 +645,7 @@ command-line = ${gitlab-sidekiq:wrapper-path} # XXX -q runner ? (present in gitlab-ce/Procfile but not in omnibus) +# XXX -q pages -q elasticsearch ? (present in omnibus but not in gitlab-ce -- those features are gitlab-ee only) # XXX -P ? (pidfile) -e production -r ${gitlab-work:location} @@ -729,6 +737,8 @@ depend = [promise-nginx] <= promise-byurl +# XXX this depends on gitlab-workhorse being up +# (nginx is configured to proxy all requests to gitlab-workhorse) url = ${backend-info:url}/static.css [logrotate-entry-nginx] diff --git a/software/gitlab/software.cfg b/software/gitlab/software.cfg index 97098d663e0ab40b4aeb1d21edf0744d3fb3cedc..52bbd746dd9ff30f6cf8b2c0d122fd735824a349 100644 --- a/software/gitlab/software.cfg +++ b/software/gitlab/software.cfg @@ -109,25 +109,25 @@ git-executable = ${git:location}/bin/git <= git-repository #repository = https://gitlab.com/gitlab-org/gitlab-ce.git repository = https://lab.nexedi.com/kirr/gitlab-ce.git -# 8.2.X + NXD patches: -revision = v8.2.3-9-g79c127e6e068a619c53a8c22f1db8c1e28ec87d2 +# 8.4.X + NXD patches: +revision = v8.4.4-17-ga5965b5475ebb7ee4bc0d30995590fa82baaf875 location = ${buildout:parts-directory}/gitlab [gitlab-shell-repository] <= git-repository repository = https://gitlab.com/gitlab-org/gitlab-shell.git -# gitlab 8.2 wants gitlab-shell 2.6.8 -# 2.6.8 + NXD patches -revision = v2.6.8-2-g216d7e15fe06917198891a895f762ba84fdcc4d4 +# gitlab 8.4 wants gitlab-shell 2.6.10 +# 2.6.10 +revision = v2.6.10-0-g82b3a4e8f70692ec679d880628fdb0f5844d42b9 location = ${buildout:parts-directory}/gitlab-shell [gitlab-workhorse-repository] <= git-repository #repository = https://gitlab.com/gitlab-org/gitlab-workhorse.git repository = https://lab.nexedi.com/kirr/gitlab-workhorse.git -# 0.4.X + NXD patches for blob download speedup +# 0.6.X + NXD patches for blob download speedup # (https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17) -revision = 0.4.1-23-g2beb8c9539433f072e3db540f91f75894ca6b1b0 +revision = 0.6.1-2-ga23a5e18486b0de6e3435711dc555c8bfe08fde2 location = ${buildout:parts-directory}/gitlab-workhorse @@ -219,35 +219,35 @@ url = ${:_profile_base_location_}/template/${:_buildout_section_name_} [config.ru.in] <= download-template -md5sum = bb12852c28079f40a0751f7f3559e2a6 +md5sum = 3ed3c439ac1b93f75121dabcea126078 [database.yml.in] <= download-template -md5sum = ee656cfd96e1c82df167f68bb5773291 +md5sum = b33f4f2f49a5a3e3e6542357c555a3a3 [gitconfig.in] <= download-template -md5sum = f4cb11e8bca379e016b062d0db859b74 +md5sum = 75f620ea0751fc8d2dc717cf929d29f3 [gitlab-parameters.cfg] <= download-file -md5sum = bc98ec10209bc53f6a49888b1a2b9382 +md5sum = 2cfd3bbf9da10627044ca3a9a149fdbb [gitlab-shell-config.yml.in] <= download-template -md5sum = ea351e16b47f0008f61211eb2d7685e2 +md5sum = f061d529b71241d58affbf7aec5c8af1 [gitlab-unicorn-startup.in] <= download-file -md5sum = 2716afaa9445c0c429c6b211356ebe8f +md5sum = 14c5632182d830c03f7788c85d6f4da1 [gitlab.yml.in] <= download-template -md5sum = cc32f5053dd2a2461aa5952a5b925310 +md5sum = cd7aaeeb1917fdedb7656943065c0a9c [instance-gitlab.cfg.in] <= download-file -md5sum = dfd2b14f846eda999fe9d12108d513b4 +md5sum = 33309e35eb67ea27f7c7a4a5abd459cc [macrolib.cfg.in] <= download-file @@ -255,27 +255,27 @@ md5sum = a56a44e96f65f5ed20211bb6a54279f4 [nginx-gitlab-http.conf.in] <= download-template -md5sum = 590da2b00cd198c7bc261c3d893bc199 +md5sum = 3b494fe8425a12e4a7fd3a9bb17f88f8 [nginx.conf.in] <= download-template -md5sum = f1a6e2bce3f28a2243fed49d1e1601df +md5sum = dc16257d49d1fc1ae6e7d10865898201 [rack_attack.rb.in] <= download-template -md5sum = 16503c029159ea6db7d0fb5ab67093a3 +md5sum = fbea569a1ac9ee46e37d0b98b5441169 [resque.yml.in] <= download-template -md5sum = 7d9cba658f9315cd058dfc74db943a66 +md5sum = 2cd97d9f5906d06e00774dd2e4e6af0e [smtp_settings.rb.in] <= download-template -md5sum = c7c09c241b5fa8163e4995260be52604 +md5sum = 75b9e0325737ca5ecbf938443a5d3321 [unicorn.rb.in] <= download-template -md5sum = 9bdca16362fe19c727bca38383e57068 +md5sum = 1b55105a3de1ef13260ac3faa30d6e85 [versions] diff --git a/software/gitlab/template/config.ru.in b/software/gitlab/template/config.ru.in index 64e8eafdc5eded804e294a6f29d3280d5721db6e..823164b790fc46d36d5776e7d10714e189a23e0f 100644 --- a/software/gitlab/template/config.ru.in +++ b/software/gitlab/template/config.ru.in @@ -2,7 +2,7 @@ # see: # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config.ru # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab-rails-config.ru.erb -# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) +# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742) # This file is used by Rack-based servers to start the application. diff --git a/software/gitlab/template/database.yml.in b/software/gitlab/template/database.yml.in index c2ca900b5b8222ced4e7b6e3cd20f4ba0d3662bb..4754edeaef7413cd791ab0824ee067da2eecda5b 100644 --- a/software/gitlab/template/database.yml.in +++ b/software/gitlab/template/database.yml.in @@ -2,7 +2,7 @@ # see: # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/database.yml.postgresql # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/database.yml.erb -# (last updated for 8.2.3+ce.0-0-g8eda093) +# (last updated for 8.4.4+ce.0-0-g1680742) {% from 'macrolib.cfg.in' import cfg with context %} diff --git a/software/gitlab/template/gitconfig.in b/software/gitlab/template/gitconfig.in index 4d48f1712837082efabfb02f83fcb3ecd8e5083b..b0bc997566633dcfb8289e7a1ae00a1d7147bddf 100644 --- a/software/gitlab/template/gitconfig.in +++ b/software/gitlab/template/gitconfig.in @@ -3,7 +3,7 @@ # see: # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/attributes/default.rb # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitconfig.erb -# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) +# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742) # {% from 'macrolib.cfg.in' import cfg with context %} diff --git a/software/gitlab/template/gitlab-shell-config.yml.in b/software/gitlab/template/gitlab-shell-config.yml.in index d88b02f0dbda7111395d6f9903d56ef5737fbfeb..9d3c03aa5dde123c1eb51ec081c434a9df25f6ce 100644 --- a/software/gitlab/template/gitlab-shell-config.yml.in +++ b/software/gitlab/template/gitlab-shell-config.yml.in @@ -2,7 +2,7 @@ # see: # https://gitlab.com/gitlab-org/gitlab-shell/blob/master/config.yml.example # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab-shell-config.yml.erb -# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) +# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742) # GitLab user. git by default user: {{ backend_info.user }} diff --git a/software/gitlab/template/gitlab.yml.in b/software/gitlab/template/gitlab.yml.in index 8f85e9641007a3de884550c77424533c85ab665d..a6f735b84a479c1c6414c6e7c73a537db6b8ece0 100644 --- a/software/gitlab/template/gitlab.yml.in +++ b/software/gitlab/template/gitlab.yml.in @@ -2,7 +2,7 @@ # see: # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb -# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) +# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742) {% from 'macrolib.cfg.in' import cfg, cfg_https, external_url with context %} @@ -50,19 +50,14 @@ production: &base default_can_create_group: {{ cfg('default_can_create_group') }} # default: true username_changing_enabled: {{ cfg('username_changing_enabled') }} # default: true - User can change her username/namespace ## Default theme - ## BASIC = 1 - ## MARS = 2 - ## MODERN = 3 - ## GRAY = 4 - ## COLOR = 5 + ## 1 - Graphite + ## 2 - Charcoal + ## 3 - Green + ## 4 - Gray + ## 5 - Violet + ## 6 - Blue default_theme: {{ cfg('default_theme') }} # default: 2 - {# we do not need to restrict visibility levels - # Restrict setting visibility levels for non-admin users. - # The default is to allow all levels. - restricted_visibility_levels: <%= @gitlab_restricted_visibility_levels unless @gitlab_restricted_visibility_levels.nil? %> - #} - {# for now we are ok with default issue-closing pattern ## Automatic issue closing # If a commit message matches this regular expression, all issues referenced from the matched text will be closed. @@ -78,7 +73,6 @@ production: &base merge_requests: {{ cfg('default_projects_features.merge_requests') }} wiki: {{ cfg('default_projects_features.wiki') }} snippets: {{ cfg('default_projects_features.snippets') }} - visibility_level: '{{ cfg("default_projects_features.visibility_level") }}' # can be "private" | "internal" | "public" builds: false {# builds not supported yet <%= @gitlab_default_projects_features_builds %> #} ## Webhook settings @@ -139,6 +133,26 @@ production: &base storage_path: <%= @lfs_storage_path %> #} + {# we do not support Pages + ## GitLab Pages (EE only) + pages: + enabled: <%= @pages_enabled %> + path: <%= @pages_path %> + host: <%= @pages_host %> + port: <%= @pages_port %> + https: <%= @pages_https %> + #} + + {# we do not support Elasticsearch + ## Elasticsearch (EE only) + # Enable it if you are going to use elasticsearch instead of + # regular database search + elasticsearch: + enabled: <%= @elasticsearch_enabled %> + host: <%= @elasticsearch_host %> + port: <%= @elasticsearch_port %> + #} + ## Gravatar ## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html gravatar: @@ -149,6 +163,33 @@ production: &base #} + {# XXX cron jobs are disabled for now - we do not support CI and EE features + ## Auxiliary jobs + # Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc. + # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job + cron_jobs: + # Flag stuck CI builds as failed + stuck_ci_builds_worker: + cron: <%= @stuck_ci_builds_worker_cron %> + + ## + # GitLab EE only jobs: + + # Snapshot active users statistics + historical_data_worker: + cron: <%= @historical_data_worker_cron %> + + # Update mirrored repositories + update_all_mirrors_worker: + cron: <%= @update_all_mirrors_worker_cron %> + + # In addition to refreshing users when they log in, + # periodically refresh LDAP users membership. + # NOTE: This will only take effect if LDAP is enabled + ldap_sync_worker: + cron: <%= @ldap_sync_worker_cron %> + #} + # # 2. GitLab CI settings # ========================== @@ -272,7 +313,7 @@ production: &base <% end %> #} - {# default ($RAILS_ROOT/shared/) is just ok + {# default ($RAILS_ROOT/shared/) is ok - we symlinked it to proper place # Shared file storage settings shared: path: <%= @shared_path %> @@ -330,6 +371,10 @@ production: &base ssh_port: <%= @gitlab_shell_ssh_port %> #} + # git-annex support (EE only) + # If this setting is set to true, the same setting in config.yml of + # gitlab-shell needs to be set to true + git_annex_enabled: <%= @git_annex_enabled %> ## Git settings # CAUTION! diff --git a/software/gitlab/template/nginx-gitlab-http.conf.in b/software/gitlab/template/nginx-gitlab-http.conf.in index f8750a91da2b8451aca6c09a0ae567223e125555..d24fffa945194b43c9ded30d1d45c7d54a0d6a14 100644 --- a/software/gitlab/template/nginx-gitlab-http.conf.in +++ b/software/gitlab/template/nginx-gitlab-http.conf.in @@ -1,7 +1,7 @@ {{ autogenerated }} # see: # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb -# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) +# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742) {% from 'macrolib.cfg.in' import cfg, cfg_bool, cfg_https, fqdn with context %} @@ -33,10 +33,6 @@ ## configuration ## ################################### -upstream gitlab { - server unix:{{ unicorn.socket }} fail_timeout=0; -} - upstream gitlab-workhorse { server unix:{{ gitlab_workhorse.socket }}; } @@ -109,12 +105,6 @@ server { error_log {{ nginx.log }}/gitlab_error.log; location / { - ## Serve static files from defined root folder. - ## @gitlab is a named location for the upstream fallback, see below. - try_files $uri /index.html $uri.html @gitlab; - } - - location /uploads/ { ## If you use HTTPS make sure you disable gzip compression ## to be safe against BREACH attack. {{ 'gzip off;' if cfg_https else ''}} @@ -125,105 +115,7 @@ server { proxy_connect_timeout {{ cfg('nginx_proxy_connect_timeout') }}; proxy_redirect off; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - {% if cfg_https %} - proxy_set_header X-Forwarded-Ssl on; - {% endif %} - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto {{ "https" if cfg_https else "http" }}; - proxy_set_header X-Frame-Options SAMEORIGIN; - - proxy_pass http://gitlab; - } - - ## If a file, which is not found in the root folder is requested, - ## then the proxy passes the request to the upsteam (gitlab unicorn). - location @gitlab { - ## If you use HTTPS make sure you disable gzip compression - ## to be safe against BREACH attack. - {{ 'gzip off;' if cfg_https else ''}} - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout {{ cfg('nginx_proxy_read_timeout') }}; - proxy_connect_timeout {{ cfg('nginx_proxy_connect_timeout') }}; - proxy_redirect off; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - {% if cfg_https %} - proxy_set_header X-Forwarded-Ssl on; - {% endif %} - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto {{ "https" if cfg_https else "http" }}; - proxy_set_header X-Frame-Options SAMEORIGIN; - - proxy_pass http://gitlab; - } - - location ~ ^/[\w\.-]+/[\w\.-]+/gitlab-lfs/objects { - client_max_body_size 0; - # 'Error' 418 is a hack to re-use the @gitlab-workhorse block - error_page 418 = @gitlab-workhorse; - return 418; - } - - location ~ ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$ { - client_max_body_size 0; - # 'Error' 418 is a hack to re-use the @gitlab-workhorse block - error_page 418 = @gitlab-workhorse; - return 418; - } - - location ~ ^/[\w\.-]+/[\w\.-]+/repository/archive { - client_max_body_size 0; - # 'Error' 418 is a hack to re-use the @gitlab-workhorse block - error_page 418 = @gitlab-workhorse; - return 418; - } - - location ~ ^/api/v3/projects/.*/repository/archive { - client_max_body_size 0; - # 'Error' 418 is a hack to re-use the @gitlab-workhorse block - error_page 418 = @gitlab-workhorse; - return 418; - } - - # Build artifacts should be submitted to this location - location ~ ^/[\w\.-]+/[\w\.-]+/builds/download { - client_max_body_size 0; - # 'Error' 418 is a hack to re-use the @gitlab-workhorse block - error_page 418 = @gitlab-workhorse; - return 418; - } - - # Build artifacts should be submitted to this location - location ~ /ci/api/v1/builds/[0-9]+/artifacts { - client_max_body_size 0; - # 'Error' 418 is a hack to re-use the @gitlab-workhorse block - error_page 418 = @gitlab-workhorse; - return 418; - } - - # access to raw blobs -> @gitlab-workhorse - location ~ ^/[\w\.-]+/[\w\.-]+/raw/ { - client_max_body_size 0; - error_page 418 = @gitlab-workhorse; - return 418; - } - - location @gitlab-workhorse { - client_max_body_size 0; - ## If you use HTTPS make sure you disable gzip compression - ## to be safe against BREACH attack. - {{ 'gzip off;' if cfg_https else ''}} - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout {{ cfg('nginx_proxy_read_timeout') }}; - proxy_connect_timeout {{ cfg('nginx_proxy_connect_timeout') }}; - proxy_redirect off; + proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; @@ -236,21 +128,6 @@ server { proxy_pass http://gitlab-workhorse; } - ## Enable gzip compression as per rails guide: - ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression - ## WARNING: If you are using relative urls remove the block below - ## See config/application.rb under "Relative url support" for the list of - ## other files that need to be changed for relative url support - location ~ ^/(assets)/ { - root {{ gitlab_work.location }}/public; - gzip_static on; # to serve pre-gzipped version - expires max; - add_header Cache-Control public; - } - - - error_page 502 /502.html; - {# we don't support custom nginx configs <%= @custom_gitlab_server_config %> #} diff --git a/software/gitlab/template/nginx.conf.in b/software/gitlab/template/nginx.conf.in index 47e6aa36b6885e25799cc8c0fab841944a392b13..b4ea60da36d54914b49370fb24b36de47b329154 100644 --- a/software/gitlab/template/nginx.conf.in +++ b/software/gitlab/template/nginx.conf.in @@ -2,7 +2,7 @@ # see: # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab-ssl # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx.conf.erb -# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) +# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742) {% from 'macrolib.cfg.in' import cfg with context %} @@ -43,8 +43,9 @@ http { include {{ nginx_gitlab_http_conf }}; - {# we don't need: ci, mattermost + {# we don't need: ci, pages, mattermost include <%= @gitlab_ci_http_config %> + include <%= @gitlab_pages_http_config %>; include <%= @gitlab_mattermost_http_config %> #} } diff --git a/software/gitlab/template/rack_attack.rb.in b/software/gitlab/template/rack_attack.rb.in index 072ec7c4bc7ca94b310a32228224944829b311c1..c23ff095fb812cc4268a5789795eb3aa8e118800 100644 --- a/software/gitlab/template/rack_attack.rb.in +++ b/software/gitlab/template/rack_attack.rb.in @@ -2,7 +2,7 @@ # see: # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/initializers/rack_attack.rb.example # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb -# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) +# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742) {% from 'macrolib.cfg.in' import cfg with context %} diff --git a/software/gitlab/template/resque.yml.in b/software/gitlab/template/resque.yml.in index c6daf844a478e71933fb7b7a1c22d73e51828526..676a130c54133c9bcb7021ba13ed3b5962ee6d8e 100644 --- a/software/gitlab/template/resque.yml.in +++ b/software/gitlab/template/resque.yml.in @@ -2,6 +2,6 @@ # see: # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/resque.yml.example # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/resque.yml.erb -# (last udpdated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) +# (last udpdated for omnibus-gitlab 8.4.4+ce.0-0-g1680742) production: unix://{{ redis.unixsocket }} diff --git a/software/gitlab/template/smtp_settings.rb.in b/software/gitlab/template/smtp_settings.rb.in index 7ddc82a9e219036edf0784d1b35e74523b036b27..b8c3dea5c78f4faed5d31b980e8ec9af46c90c7a 100644 --- a/software/gitlab/template/smtp_settings.rb.in +++ b/software/gitlab/template/smtp_settings.rb.in @@ -2,7 +2,7 @@ # see: # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/initializers/smtp_settings.rb.sample # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/smtp_settings.rb.erb -# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) +# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742) {% from 'macrolib.cfg.in' import cfg, cfg_bool with context %} diff --git a/software/gitlab/template/unicorn.rb.in b/software/gitlab/template/unicorn.rb.in index ed4715e9756f46bc8b83e427219aab08753643f1..40acd0c8948714ee76c497d81149742b12160f2f 100644 --- a/software/gitlab/template/unicorn.rb.in +++ b/software/gitlab/template/unicorn.rb.in @@ -3,7 +3,7 @@ # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/unicorn.rb.example # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/unicorn.rb.example.development # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/unicorn.rb.erb -# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) +# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742) {% from 'macrolib.cfg.in' import cfg with context %}