Commit 716b93e4 authored by Kirill Smelkov's avatar Kirill Smelkov

gitlab: Merge in upstream config updates

This does only pure merge. We will slaposify / adjust config and
corresponding md5sum in the following patches.

/cc @kazuhiko, @jerome
parents d87fa020 02d0063b
...@@ -28,7 +28,7 @@ production: &base ...@@ -28,7 +28,7 @@ production: &base
# WARNING: See config/application.rb under "Relative url support" for the list of # WARNING: See config/application.rb under "Relative url support" for the list of
# other files that need to be changed for relative url support # other files that need to be changed for relative url support
# relative_url_root: /gitlab relative_url_root: <%= @gitlab_relative_url %>
# Uncomment and customize if you can't use the default user to run GitLab (default: 'git') # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
user: {{ backend_info.user }} user: {{ backend_info.user }}
...@@ -141,6 +141,8 @@ production: &base ...@@ -141,6 +141,8 @@ production: &base
host: <%= @pages_host %> host: <%= @pages_host %>
port: <%= @pages_port %> port: <%= @pages_port %>
https: <%= @pages_https %> https: <%= @pages_https %>
external_http: <%= @pages_external_http %>
external_https: <%= @pages_external_https %>
#} #}
{# we do not support Elasticsearch {# we do not support Elasticsearch
...@@ -282,15 +284,22 @@ production: &base ...@@ -282,15 +284,22 @@ production: &base
auto_sign_in_with_provider: <%= @omniauth_auto_sign_in_with_provider %> auto_sign_in_with_provider: <%= @omniauth_auto_sign_in_with_provider %>
# CAUTION! # CAUTION!
# This allows users to login without having a user account first (default: false). # This allows users to login without having a user account first. Define the allowed
# providers using an array, e.g. ["saml", "twitter"]
# User accounts will be created automatically when authentication was successful. # User accounts will be created automatically when authentication was successful.
allow_single_sign_on: <%= @omniauth_allow_single_sign_on %> allow_single_sign_on: <%= @omniauth_allow_single_sign_on.to_json %>
# Locks down those users until they have been cleared by the admin (default: true). # Locks down those users until they have been cleared by the admin (default: true).
block_auto_created_users: <%= @omniauth_block_auto_created_users %> block_auto_created_users: <%= @omniauth_block_auto_created_users %>
# Look up new users in LDAP servers. If a match is found (same uid), automatically # Look up new users in LDAP servers. If a match is found (same uid), automatically
# link the omniauth identity with the LDAP account. (default: false) # link the omniauth identity with the LDAP account. (default: false)
auto_link_ldap_user: <%= @omniauth_auto_link_ldap_user %> auto_link_ldap_user: <%= @omniauth_auto_link_ldap_user %>
# Allow users with existing accounts to login and auto link their account via SAML
# login, without having to do a manual login first and manually add SAML
# (default: false)
auto_link_saml_user: <%= @omniauth_auto_link_saml_user.to_json %>
## Auth providers ## Auth providers
# Uncomment the following lines and fill in the data of the auth provider you want to use # Uncomment the following lines and fill in the data of the auth provider you want to use
......
...@@ -56,7 +56,7 @@ server { ...@@ -56,7 +56,7 @@ server {
#} #}
server { server {
listen [{{ backend_info.host }}]:{{ backend_info.port }}{% if cfg_https %} ssl spdy{% endif %}; listen [{{ backend_info.host }}]:{{ backend_info.port }}{% if cfg_https %} ssl http2{% endif %};
{# we don't use: kerbeeros {# we don't use: kerbeeros
<% if @kerberos_enabled && @kerberos_use_dedicated_port %> <% if @kerberos_enabled && @kerberos_use_dedicated_port %>
...@@ -104,7 +104,8 @@ server { ...@@ -104,7 +104,8 @@ server {
access_log {{ nginx.log }}/gitlab_access.log gitlab_access; access_log {{ nginx.log }}/gitlab_access.log gitlab_access;
error_log {{ nginx.log }}/gitlab_error.log; error_log {{ nginx.log }}/gitlab_error.log;
location / { <% path = @relative_url ? @relative_url : "/" %>
location <%= path %> {
## If you use HTTPS make sure you disable gzip compression ## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack. ## to be safe against BREACH attack.
{{ 'gzip off;' if cfg_https else ''}} {{ 'gzip off;' if cfg_https else ''}}
...@@ -117,13 +118,10 @@ server { ...@@ -117,13 +118,10 @@ server {
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Host $http_host; <% @proxy_set_headers.each do |header| %>
proxy_set_header X-Real-IP $remote_addr; <% next if header[1].nil? %>
{% if cfg_https %} proxy_set_header <%= header[0] %> <%= header[1] %>;
proxy_set_header X-Forwarded-Ssl on; <% end %>
{% endif %}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto {{ "https" if cfg_https else "http" }};
proxy_pass http://gitlab-workhorse; proxy_pass http://gitlab-workhorse;
} }
......
...@@ -71,3 +71,9 @@ stderr_path '{{ unicorn.log }}/unicorn_stderr.log' ...@@ -71,3 +71,9 @@ stderr_path '{{ unicorn.log }}/unicorn_stderr.log'
# Where stdout gets logged # Where stdout gets logged
stdout_path '{{ unicorn.log }}/unicorn_stdout.log' stdout_path '{{ unicorn.log }}/unicorn_stdout.log'
<%- if @relative_url %>
# Relative url from where GitLab is served
ENV['RAILS_RELATIVE_URL_ROOT'] = "<%= @relative_url %>"
<%- end %>
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment