Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kirill Smelkov
slapos
Commits
828be986
Commit
828be986
authored
Oct 20, 2015
by
Kirill Smelkov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
X Draft nginx config
parent
883c0a9f
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
257 additions
and
2 deletions
+257
-2
software/gitlab/instance-gitlab.cfg.in
software/gitlab/instance-gitlab.cfg.in
+29
-0
software/gitlab/template/nginx-gitlab-http.conf.in
software/gitlab/template/nginx-gitlab-http.conf.in
+188
-0
software/gitlab/template/nginx.conf.in
software/gitlab/template/nginx.conf.in
+40
-2
No files found.
software/gitlab/instance-gitlab.cfg.in
View file @
828be986
...
@@ -33,6 +33,11 @@ key = ${slap-connection:key-file}
...
@@ -33,6 +33,11 @@ key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}
cert = ${slap-connection:cert-file}
# gitlab instance parameters
# gitlab instance parameters
# ( parameter names and advanced default taken from omnibus-gitlab
# files/gitlab-config-template/gitlab.rb.template.
#
# last updated for omnibus-gitlab 8.1.0+rc1.ce.0-24-g3021ed9
# TODO recheck )
configuration.email_enabled = true
configuration.email_enabled = true
configuration.email_from = lab@example.com
configuration.email_from = lab@example.com
configuration.email_display_name = GitLab
configuration.email_display_name = GitLab
...
@@ -74,6 +79,23 @@ configuration.backup_keep_time = 0
...
@@ -74,6 +79,23 @@ configuration.backup_keep_time = 0
configuration.git_max_size =
configuration.git_max_size =
configuration.git_timeout =
configuration.git_timeout =
# nginx
configuration.nginx_proxy_read_timeout = 300
configuration.nginx_proxy_connect_timeout = 300
# nginx advanced
configuration.nginx_worker_processes = 4
configuration.nginx_worker_connections = 10240
configuration.nginx_sendfile = on
configuration.nginx_tcp_nopush = on
configuration.nginx_tcp_nodelay = on
configuration.nginx_gzip = on
configuration.nginx_gzip_http_version = 1.0
configuration.nginx_gzip_comp_level = 2
configuration.nginx_gzip_proxied = any
configuration.nginx_gzip_types = text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json
configuration.nginx_keepalive_timeout = 65
# for convenience
# for convenience
...
@@ -291,3 +313,10 @@ command =
...
@@ -291,3 +313,10 @@ command =
# service/
# service/
# unicorn
# unicorn
# sidekiq
# sidekiq
# nginx: etc/ log/ ...
[nginx]
recipe = slapos.cookbook:mkdirectory
log = ${directory:log}/nginx
# TODO more?
software/gitlab/template/nginx-gitlab-http.conf.in
0 → 100644
View file @
828be986
# @autogenerated XXX
# see:
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb
# (last updated for omnibus-gitlab 8.1.0+rc1.ce.0-24-g3021ed9)
# TODO unix socket of unicorn
upstream gitlab {
server unix:<%= @socket %> fail_timeout=0;
}
# TODO unix socket of gitlab-git-http-server
upstream gitlab-git-http-server {
server unix:<%= node['gitlab']['gitlab-git-http-server']['listen_addr'] %>;
}
# TODO do always
<% if @https && @redirect_http_to_https %>
## Redirects all HTTP traffic to the HTTPS host
server {
<% @listen_addresses.each do |listen_address| %>
listen <%= listen_address %>:<%= @redirect_http_to_https_port %>;
<% end %>
server_name <%= @fqdn %>;
server_tokens off; ## Don't show the nginx version number, a security best practice
return 301 https://<%= @fqdn %>:<%= @port %>$request_uri;
access_log <%= @log_directory %>/gitlab_access.log gitlab_access;
error_log <%= @log_directory %>/gitlab_error.log;
}
<% end %>
server {
listen ${gitlab-backend:host}:${gitlab-backend:port}<% if @https %> ssl spdy<% end %>;
# we don't use: kerbeeros
# <% if @kerberos_enabled && @kerberos_use_dedicated_port %>
# listen <%= listen_address %>:<%= @kerberos_port %><% if @kerberos_https %> ssl<% end %>;
# <% end %>
# XXX fqdn
server_name <%= @fqdn %>;
server_tokens off; ## Don't show the nginx version number, a security best practice
root ${gitlab-root-shadow:location}/public;
# XXX max body size
## Increase this if you want to upload large attachments
## Or if you want to accept large git objects over http
client_max_body_size <%= @client_max_body_size %>;
# TODO ssl
# <% if @https %>
# ## Strong SSL Security
# ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
# ssl on;
# ssl_certificate <%= @ssl_certificate %>;
# ssl_certificate_key <%= @ssl_certificate_key %>;
# <% if @ssl_client_certificate %>
# ssl_client_certificate <%= @ssl_client_certificate%>;
# <% end %>
#
# # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
# ssl_ciphers '<%= @ssl_ciphers %>';
# ssl_protocols <%= @ssl_protocols %>;
# ssl_prefer_server_ciphers <%= @ssl_prefer_server_ciphers %>;
# ssl_session_cache <%= @ssl_session_cache %>;
# ssl_session_timeout <%= @ssl_session_timeout %>;
#
# <% if @ssl_dhparam %>
# ssl_dhparam <%= @ssl_dhparam %>;
# <% end %>
# <% end %>
## Individual nginx logs for this GitLab vhost
access_log ${nginx:log}/gitlab_access.log gitlab_access;
error_log ${nginx:log}/gitlab_error.log;
location / {
## Serve static files from defined root folder.
## @gitlab is a named location for the upstream fallback, see below.
try_files $uri $uri/index.html $uri.html @gitlab;
}
location /uploads/ {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
#<%= 'gzip off;' if @https %> # TODO
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout ${instance-parameter:nginx_proxy_read_timeout};
proxy_connect_timeout ${instance-parameter:nginx_proxy_connect_timeout};
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
# TODO https
#<% if @https %>
#proxy_set_header X-Forwarded-Ssl on;
#<% end %>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http; # TODO <%= @https ? "https" : "http" %>;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab;
}
## If a file, which is not found in the root folder is requested,
## then the proxy passes the request to the upsteam (gitlab unicorn).
location @gitlab {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
# <%= 'gzip off;' if @https %> # TODO
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout ${instance-parameter:nginx_proxy_read_timeout};
proxy_connect_timeout ${instance-parameter:nginx_proxy_connect_timeout};
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
# TODO https
#<% if @https %>
#proxy_set_header X-Forwarded-Ssl on;
#<% end %>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http; # TODO <%= @https ? "https" : "http" %>;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab;
}
location ~ ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$ {
# 'Error' 418 is a hack to re-use the @gitlab-git-http-server block
error_page 418 = @gitlab-git-http-server;
return 418;
}
location ~ ^/[\w\.-]+/[\w\.-]+/repository/archive {
# 'Error' 418 is a hack to re-use the @gitlab-git-http-server block
error_page 418 = @gitlab-git-http-server;
return 418;
}
location ~ ^/api/v3/projects/.*/repository/archive {
# 'Error' 418 is a hack to re-use the @gitlab-git-http-server block
error_page 418 = @gitlab-git-http-server;
return 418;
}
location @gitlab-git-http-server {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
# TODO
# <%= 'gzip off;' if @https %>
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout ${instance-parameter:nginx_proxy_read_timeout};
proxy_connect_timeout ${instance-parameter:nginx_proxy_connect_timeout};
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
# TODO
# <% if @https %>
# proxy_set_header X-Forwarded-Ssl on;
# <% end %>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http; # TODO <%= @https ? "https" : "http" %>;
proxy_pass http://gitlab-git-http-server;
}
## Enable gzip compression as per rails guide:
## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
## WARNING: If you are using relative urls remove the block below
## See config/application.rb under "Relative url support" for the list of
## other files that need to be changed for relative url support
location ~ ^/(assets)/ {
root ${gitlab-root-shadow:location}/public;
gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
}
error_page 502 /502.html;
}
software/gitlab/template/nginx.conf.in
View file @
828be986
# @autogenerated XXX
# @autogenerated XXX
# see:
# see:
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab-ssl
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab-ssl
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx.conf.erb
# (last updated for TODO)
# (last updated for omnibus-gitlab 8.1.0+rc1.ce.0-24-g3021ed9)
user ${gitlab-backend:user};
worker_processes ${instance-parameter:configuration.nginx_worker_processes}
error_log stderr;
pid nginx.pid;
daemon off;
events {
worker_connections ${instance-parameter:configuration.nginx_worker_connections};
}
http {
# XXX do we need to tune this?
# log_format gitlab_access '<%= @gitlab_access_log_format %>';
# log_format gitlab_ci_access '<%= @gitlab_ci_access_log_format %>';
# log_format gitlab_mattermost_access '<%= @gitlab_mattermost_access_log_format %>';
sendfile ${instance-parameter:configuration.nginx_sendfile};
tcp_nopush ${instance-parameter:configuration.nginx_tcp_nopush};
tcp_nodelay ${instance-parameter:configuration.nginx_tcp_nodelay};
keepalive_timeout ${instance-parameter:configuration.nginx_keepalive_timeout};
gzip ${instance-parameter:configuration.nginx_gzip};
gzip_http_version ${instance-parameter:configuration.nginx_http_version};
gzip_comp_level ${instance-parameter:configuration.nginx_gzip_comp_level};
gzip_proxied ${instance-parameter:configuration.nginx_gzip_proxied};
gzip_types ${instance-parameter:configuration.nginx_gzip_types};
include ${nginx-output:mime}
include <gitlab_http_config>
# we don't need: ci, mattermost
# include <%= @gitlab_ci_http_config %>
# include <%= @gitlab_mattermost_http_config %>
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment