diff options
Diffstat (limited to 'lib/support')
| -rwxr-xr-x | lib/support/deploy/deploy.sh | 45 | ||||
| -rwxr-xr-x | lib/support/init.d/gitlab | 301 | ||||
| -rwxr-xr-x | lib/support/init.d/gitlab.default.example | 31 | ||||
| -rw-r--r-- | lib/support/logrotate/gitlab | 20 | ||||
| -rw-r--r-- | lib/support/nginx/gitlab | 115 | ||||
| -rw-r--r-- | lib/support/nginx/gitlab-ssl | 162 |
6 files changed, 0 insertions, 674 deletions
diff --git a/lib/support/deploy/deploy.sh b/lib/support/deploy/deploy.sh deleted file mode 100755 index adea4c7a747..00000000000 --- a/lib/support/deploy/deploy.sh +++ /dev/null @@ -1,45 +0,0 @@ -# This is deploy script we use to update staging server -# You can always modify it for your needs :) - -# If any command return non-zero status - stop deploy -set -e - -echo 'Deploy: Stopping sidekiq..' -cd /home/git/gitlab/ && sudo -u git -H bundle exec rake sidekiq:stop RAILS_ENV=production - -echo 'Deploy: Show deploy index page' -sudo -u git -H cp /home/git/gitlab/public/deploy.html /home/git/gitlab/public/index.html - -echo 'Deploy: Starting backup...' -cd /home/git/gitlab/ && sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production - -echo 'Deploy: Stop GitLab server' -sudo service gitlab stop - -echo 'Deploy: Get latest code' -cd /home/git/gitlab/ - -# clean working directory -sudo -u git -H git stash - -# change branch to -sudo -u git -H git pull origin master - -echo 'Deploy: Bundle and migrate' - -# change it to your needs -sudo -u git -H bundle --without aws development test mysql --deployment - -sudo -u git -H bundle exec rake db:migrate RAILS_ENV=production -sudo -u git -H bundle exec rake assets:clean RAILS_ENV=production -sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production -sudo -u git -H bundle exec rake cache:clear RAILS_ENV=production - -# return stashed changes (if necessary) -# sudo -u git -H git stash pop - -echo 'Deploy: Starting GitLab server...' -sudo service gitlab start - -sudo -u git -H rm /home/git/gitlab/public/index.html -echo 'Deploy: Done' diff --git a/lib/support/init.d/gitlab b/lib/support/init.d/gitlab deleted file mode 100755 index b066a1a6935..00000000000 --- a/lib/support/init.d/gitlab +++ /dev/null @@ -1,301 +0,0 @@ -#! /bin/sh - -# GITLAB -# Maintainer: @randx -# Authors: rovanion.luckey@gmail.com, @randx - -### BEGIN INIT INFO -# Provides: gitlab -# Required-Start: $local_fs $remote_fs $network $syslog redis-server -# Required-Stop: $local_fs $remote_fs $network $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: GitLab git repository management -# Description: GitLab git repository management -# chkconfig: - 85 14 -### END INIT INFO - - -### -# DO NOT EDIT THIS FILE! -# This file will be overwritten on update. -# Instead add/change your variables in /etc/default/gitlab -# An example defaults file can be found in lib/support/init.d/gitlab.default.example -### - - -### Environment variables -RAILS_ENV="production" - -# Script variable names should be lower-case not to conflict with -# internal /bin/sh variables such as PATH, EDITOR or SHELL. -app_user="git" -app_root="/home/$app_user/gitlab" -pid_path="$app_root/tmp/pids" -socket_path="$app_root/tmp/sockets" -web_server_pid_path="$pid_path/unicorn.pid" -sidekiq_pid_path="$pid_path/sidekiq.pid" - -# Read configuration variable file if it is present -test -f /etc/default/gitlab && . /etc/default/gitlab - -# Switch to the app_user if it is not he/she who is running the script. -if [ "$USER" != "$app_user" ]; then - eval su - "$app_user" -c $(echo \")$0 "$@"$(echo \"); exit; -fi - -# Switch to the gitlab path, exit on failure. -if ! cd "$app_root" ; then - echo "Failed to cd into $app_root, exiting!"; exit 1 -fi - - -### Init Script functions - -## Gets the pids from the files -check_pids(){ - if ! mkdir -p "$pid_path"; then - echo "Could not create the path $pid_path needed to store the pids." - exit 1 - fi - # If there exists a file which should hold the value of the Unicorn pid: read it. - if [ -f "$web_server_pid_path" ]; then - wpid=$(cat "$web_server_pid_path") - else - wpid=0 - fi - if [ -f "$sidekiq_pid_path" ]; then - spid=$(cat "$sidekiq_pid_path") - else - spid=0 - fi -} - -## Called when we have started the two processes and are waiting for their pid files. -wait_for_pids(){ - # We are sleeping a bit here mostly because sidekiq is slow at writing it's pid - i=0; - while [ ! -f $web_server_pid_path -o ! -f $sidekiq_pid_path ]; do - sleep 0.1; - i=$((i+1)) - if [ $((i%10)) = 0 ]; then - echo -n "." - elif [ $((i)) = 301 ]; then - echo "Waited 30s for the processes to write their pids, something probably went wrong." - exit 1; - fi - done - echo -} - -# We use the pids in so many parts of the script it makes sense to always check them. -# Only after start() is run should the pids change. Sidekiq sets it's own pid. -check_pids - - -## Checks whether the different parts of the service are already running or not. -check_status(){ - check_pids - # If the web server is running kill -0 $wpid returns true, or rather 0. - # Checks of *_status should only check for == 0 or != 0, never anything else. - if [ $wpid -ne 0 ]; then - kill -0 "$wpid" 2>/dev/null - web_status="$?" - else - web_status="-1" - fi - if [ $spid -ne 0 ]; then - kill -0 "$spid" 2>/dev/null - sidekiq_status="$?" - else - sidekiq_status="-1" - fi - if [ $web_status = 0 -a $sidekiq_status = 0 ]; then - gitlab_status=0 - else - # http://refspecs.linuxbase.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html - # code 3 means 'program is not running' - gitlab_status=3 - fi -} - -## Check for stale pids and remove them if necessary. -check_stale_pids(){ - check_status - # If there is a pid it is something else than 0, the service is running if - # *_status is == 0. - if [ "$wpid" != "0" -a "$web_status" != "0" ]; then - echo "Removing stale Unicorn web server pid. This is most likely caused by the web server crashing the last time it ran." - if ! rm "$web_server_pid_path"; then - echo "Unable to remove stale pid, exiting." - exit 1 - fi - fi - if [ "$spid" != "0" -a "$sidekiq_status" != "0" ]; then - echo "Removing stale Sidekiq job dispatcher pid. This is most likely caused by Sidekiq crashing the last time it ran." - if ! rm "$sidekiq_pid_path"; then - echo "Unable to remove stale pid, exiting" - exit 1 - fi - fi -} - -## If no parts of the service is running, bail out. -exit_if_not_running(){ - check_stale_pids - if [ "$web_status" != "0" -a "$sidekiq_status" != "0" ]; then - echo "GitLab is not running." - exit - fi -} - -## Starts Unicorn and Sidekiq if they're not running. -start_gitlab() { - check_stale_pids - - if [ "$web_status" != "0" -a "$sidekiq_status" != "0" ]; then - echo -n "Starting both the GitLab Unicorn and Sidekiq" - elif [ "$web_status" != "0" ]; then - echo -n "Starting GitLab Unicorn" - elif [ "$sidekiq_status" != "0" ]; then - echo -n "Starting GitLab Sidekiq" - fi - - # Then check if the service is running. If it is: don't start again. - if [ "$web_status" = "0" ]; then - echo "The Unicorn web server already running with pid $wpid, not restarting." - else - # Remove old socket if it exists - rm -f "$socket_path"/gitlab.socket 2>/dev/null - # Start the web server - RAILS_ENV=$RAILS_ENV bin/web start - fi - - # If sidekiq is already running, don't start it again. - if [ "$sidekiq_status" = "0" ]; then - echo "The Sidekiq job dispatcher is already running with pid $spid, not restarting" - else - RAILS_ENV=$RAILS_ENV bin/background_jobs start & - fi - - # Wait for the pids to be planted - wait_for_pids - # Finally check the status to tell wether or not GitLab is running - print_status -} - -## Asks the Unicorn and the Sidekiq if they would be so kind as to stop, if not kills them. -stop_gitlab() { - exit_if_not_running - - if [ "$web_status" = "0" -a "$sidekiq_status" = "0" ]; then - echo -n "Shutting down both Unicorn and Sidekiq" - elif [ "$web_status" = "0" ]; then - echo -n "Shutting down Unicorn" - elif [ "$sidekiq_status" = "0" ]; then - echo -n "Shutting down Sidekiq" - fi - - # If the Unicorn web server is running, tell it to stop; - if [ "$web_status" = "0" ]; then - RAILS_ENV=$RAILS_ENV bin/web stop - fi - # And do the same thing for the Sidekiq. - if [ "$sidekiq_status" = "0" ]; then - RAILS_ENV=$RAILS_ENV bin/background_jobs stop - fi - - # If something needs to be stopped, lets wait for it to stop. Never use SIGKILL in a script. - while [ "$web_status" = "0" -o "$sidekiq_status" = "0" ]; do - sleep 1 - check_status - printf "." - if [ "$web_status" != "0" -a "$sidekiq_status" != "0" ]; then - printf "\n" - break - fi - done - - sleep 1 - # Cleaning up unused pids - rm "$web_server_pid_path" 2>/dev/null - # rm "$sidekiq_pid_path" # Sidekiq seems to be cleaning up it's own pid. - - print_status -} - -## Prints the status of GitLab and it's components. -print_status() { - check_status - if [ "$web_status" != "0" -a "$sidekiq_status" != "0" ]; then - echo "GitLab is not running." - return - fi - if [ "$web_status" = "0" ]; then - echo "The GitLab Unicorn web server with pid $wpid is running." - else - printf "The GitLab Unicorn web server is \033[31mnot running\033[0m.\n" - fi - if [ "$sidekiq_status" = "0" ]; then - echo "The GitLab Sidekiq job dispatcher with pid $spid is running." - else - printf "The GitLab Sidekiq job dispatcher is \033[31mnot running\033[0m.\n" - fi - if [ "$web_status" = "0" -a "$sidekiq_status" = "0" ]; then - printf "GitLab and all its components are \033[32mup and running\033[0m.\n" - fi -} - -## Tells unicorn to reload it's config and Sidekiq to restart -reload_gitlab(){ - exit_if_not_running - if [ "$wpid" = "0" ];then - echo "The GitLab Unicorn Web server is not running thus its configuration can't be reloaded." - exit 1 - fi - printf "Reloading GitLab Unicorn configuration... " - RAILS_ENV=$RAILS_ENV bin/web reload - echo "Done." - echo "Restarting GitLab Sidekiq since it isn't capable of reloading its config..." - RAILS_ENV=$RAILS_ENV bin/background_jobs restart - - wait_for_pids - print_status -} - -## Restarts Sidekiq and Unicorn. -restart_gitlab(){ - check_status - if [ "$web_status" = "0" -o "$sidekiq_status" = "0" ]; then - stop_gitlab - fi - start_gitlab -} - - -### Finally the input handling. - -case "$1" in - start) - start_gitlab - ;; - stop) - stop_gitlab - ;; - restart) - restart_gitlab - ;; - reload|force-reload) - reload_gitlab - ;; - status) - print_status - exit $gitlab_status - ;; - *) - echo "Usage: service gitlab {start|stop|restart|reload|status}" - exit 1 - ;; -esac - -exit diff --git a/lib/support/init.d/gitlab.default.example b/lib/support/init.d/gitlab.default.example deleted file mode 100755 index 9951bacedf5..00000000000 --- a/lib/support/init.d/gitlab.default.example +++ /dev/null @@ -1,31 +0,0 @@ -# Copy this lib/support/init.d/gitlab.default.example file to -# /etc/default/gitlab in order for it to apply to your system. - -# RAILS_ENV defines the type of installation that is running. -# Normal values are "production", "test" and "development". -RAILS_ENV="production" - -# app_user defines the user that GitLab is run as. -# The default is "git". -app_user="git" - -# app_root defines the folder in which gitlab and it's components are installed. -# The default is "/home/$app_user/gitlab" -app_root="/home/$app_user/gitlab" - -# pid_path defines a folder in which the gitlab and it's components place their pids. -# This variable is also used below to define the relevant pids for the gitlab components. -# The default is "$app_root/tmp/pids" -pid_path="$app_root/tmp/pids" - -# socket_path defines the folder in which gitlab places the sockets -#The default is "$app_root/tmp/sockets" -socket_path="$app_root/tmp/sockets" - -# web_server_pid_path defines the path in which to create the pid file fo the web_server -# The default is "$pid_path/unicorn.pid" -web_server_pid_path="$pid_path/unicorn.pid" - -# sidekiq_pid_path defines the path in which to create the pid file for sidekiq -# The default is "$pid_path/sidekiq.pid" -sidekiq_pid_path="$pid_path/sidekiq.pid" diff --git a/lib/support/logrotate/gitlab b/lib/support/logrotate/gitlab deleted file mode 100644 index d9b07b61ec3..00000000000 --- a/lib/support/logrotate/gitlab +++ /dev/null @@ -1,20 +0,0 @@ -# GitLab logrotate settings -# based on: http://stackoverflow.com/a/4883967 - -/home/git/gitlab/log/*.log { - daily - missingok - rotate 90 - compress - notifempty - copytruncate -} - -/home/git/gitlab-shell/gitlab-shell.log { - daily - missingok - rotate 90 - compress - notifempty - copytruncate -} diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab deleted file mode 100644 index 62a4276536c..00000000000 --- a/lib/support/nginx/gitlab +++ /dev/null @@ -1,115 +0,0 @@ -## GitLab -## Contributors: randx, yin8086, sashkab, orkoden, axilleas, bbodenmiller, DouweM -## -## Lines starting with two hashes (##) are comments with information. -## Lines starting with one hash (#) are configuration parameters that can be uncommented. -## -################################## -## CHUNKED TRANSFER ## -################################## -## -## It is a known issue that Git-over-HTTP requires chunked transfer encoding [0] -## which is not supported by Nginx < 1.3.9 [1]. As a result, pushing a large object -## with Git (i.e. a single large file) can lead to a 411 error. In theory you can get -## around this by tweaking this configuration file and either: -## - installing an old version of Nginx with the chunkin module [2] compiled in, or -## - using a newer version of Nginx. -## -## At the time of writing we do not know if either of these theoretical solutions works. -## As a workaround users can use Git over SSH to push large files. -## -## [0] https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99 -## [1] https://github.com/agentzh/chunkin-nginx-module#status -## [2] https://github.com/agentzh/chunkin-nginx-module -## -################################### -## configuration ## -################################### -## -## See installation.md#using-https for additional HTTPS configuration details. - -upstream gitlab { - server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0; -} - -## Normal HTTP host -server { - listen 0.0.0.0:80 default_server; - listen [::]:80 default_server; - server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com - server_tokens off; ## Don't show the nginx version number, a security best practice - root /home/git/gitlab/public; - - ## Increase this if you want to upload large attachments - ## Or if you want to accept large git objects over http - client_max_body_size 20m; - - ## See app/controllers/application_controller.rb for headers set - - ## Individual nginx logs for this GitLab vhost - access_log /var/log/nginx/gitlab_access.log; - error_log /var/log/nginx/gitlab_error.log; - - location / { - ## Serve static files from defined root folder. - ## @gitlab is a named location for the upstream fallback, see below. - try_files $uri $uri/index.html $uri.html @gitlab; - } - - ## We route uploads through GitLab to prevent XSS and enforce access control. - location /uploads/ { - ## If you use HTTPS make sure you disable gzip compression - ## to be safe against BREACH attack. - # gzip off; - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; - - proxy_pass http://gitlab; - } - - ## If a file, which is not found in the root folder is requested, - ## then the proxy passes the request to the upsteam (gitlab unicorn). - location @gitlab { - ## If you use HTTPS make sure you disable gzip compression - ## to be safe against BREACH attack. - # gzip off; - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; - - proxy_pass http://gitlab; - } - - ## Enable gzip compression as per rails guide: - ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression - ## WARNING: If you are using relative urls remove the block below - ## See config/application.rb under "Relative url support" for the list of - ## other files that need to be changed for relative url support - location ~ ^/(assets)/ { - root /home/git/gitlab/public; - gzip_static on; # to serve pre-gzipped version - expires max; - add_header Cache-Control public; - } - - error_page 502 /502.html; -} diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl deleted file mode 100644 index 2aefc944698..00000000000 --- a/lib/support/nginx/gitlab-ssl +++ /dev/null @@ -1,162 +0,0 @@ -## GitLab -## Contributors: randx, yin8086, sashkab, orkoden, axilleas, bbodenmiller, DouweM -## -## Modified from nginx http version -## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/ -## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html -## -## Lines starting with two hashes (##) are comments with information. -## Lines starting with one hash (#) are configuration parameters that can be uncommented. -## -################################## -## CHUNKED TRANSFER ## -################################## -## -## It is a known issue that Git-over-HTTP requires chunked transfer encoding [0] -## which is not supported by Nginx < 1.3.9 [1]. As a result, pushing a large object -## with Git (i.e. a single large file) can lead to a 411 error. In theory you can get -## around this by tweaking this configuration file and either: -## - installing an old version of Nginx with the chunkin module [2] compiled in, or -## - using a newer version of Nginx. -## -## At the time of writing we do not know if either of these theoretical solutions works. -## As a workaround users can use Git over SSH to push large files. -## -## [0] https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99 -## [1] https://github.com/agentzh/chunkin-nginx-module#status -## [2] https://github.com/agentzh/chunkin-nginx-module -## -################################### -## configuration ## -################################### -## -## See installation.md#using-https for additional HTTPS configuration details. - -upstream gitlab { - server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0; -} - -## Redirects all HTTP traffic to the HTTPS host -server { - listen 0.0.0.0:80; - listen [::]:80 ipv6only=on default_server; - server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com - server_tokens off; ## Don't show the nginx version number, a security best practice - return 301 https://$server_name$request_uri; - access_log /var/log/nginx/gitlab_access.log; - error_log /var/log/nginx/gitlab_error.log; -} - - -## HTTPS host -server { - listen 0.0.0.0:443 ssl; - listen [::]:443 ipv6only=on ssl default_server; - server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com - server_tokens off; ## Don't show the nginx version number, a security best practice - root /home/git/gitlab/public; - - ## Increase this if you want to upload large attachments - ## Or if you want to accept large git objects over http - client_max_body_size 20m; - - ## Strong SSL Security - ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ - ssl on; - ssl_certificate /etc/nginx/ssl/gitlab.crt; - ssl_certificate_key /etc/nginx/ssl/gitlab.key; - - # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs - ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 5m; - - ## See app/controllers/application_controller.rb for headers set - - ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. - ## Replace with your ssl_trusted_certificate. For more info see: - ## - https://medium.com/devops-programming/4445f4862461 - ## - https://www.ruby-forum.com/topic/4419319 - ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx - # ssl_stapling on; - # ssl_stapling_verify on; - # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt; - # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired - # resolver_timeout 5s; - - ## [Optional] Generate a stronger DHE parameter: - ## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096 - ## - # ssl_dhparam /etc/ssl/certs/dhparam.pem; - - ## Individual nginx logs for this GitLab vhost - access_log /var/log/nginx/gitlab_access.log; - error_log /var/log/nginx/gitlab_error.log; - - location / { - ## Serve static files from defined root folder. - ## @gitlab is a named location for the upstream fallback, see below. - try_files $uri $uri/index.html $uri.html @gitlab; - } - - ## We route uploads through GitLab to prevent XSS and enforce access control. - location /uploads/ { - ## If you use HTTPS make sure you disable gzip compression - ## to be safe against BREACH attack. - gzip off; - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Ssl on; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; - - proxy_pass http://gitlab; - } - - ## If a file, which is not found in the root folder is requested, - ## then the proxy passes the request to the upsteam (gitlab unicorn). - location @gitlab { - ## If you use HTTPS make sure you disable gzip compression - ## to be safe against BREACH attack. - gzip off; - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Ssl on; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; - - proxy_pass http://gitlab; - } - - ## Enable gzip compression as per rails guide: - ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression - ## WARNING: If you are using relative urls remove the block below - ## See config/application.rb under "Relative url support" for the list of - ## other files that need to be changed for relative url support - location ~ ^/(assets)/ { - root /home/git/gitlab/public; - gzip_static on; # to serve pre-gzipped version - expires max; - add_header Cache-Control public; - } - - error_page 502 /502.html; -} |