From 2b2b050618c67073ba2a345536d05874f1558f99 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Wed, 4 Nov 2015 15:57:48 +0100
Subject: Put nginx config

---
 lib/support/nginx/gitlab     | 21 +++++++++++++++++++++
 lib/support/nginx/gitlab-ssl | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)

diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab
index f86ffc53e22..dfe6ace3286 100644
--- a/lib/support/nginx/gitlab
+++ b/lib/support/nginx/gitlab
@@ -206,3 +206,24 @@ server {
 
   error_page 502 /502.html;
 }
+
+## Pages serving host
+server {
+  listen 0.0.0.0:80;
+  listen [::]:80 ipv6only=on;
+  server_name ~^(?<subdomain>.*)\.example\.gitlab\.com$;
+  root /home/git/gitlab/shared/pages/${subdomain};
+
+  ## Individual nginx logs for this GitLab vhost
+  access_log  /var/log/nginx/gitlab_pages_access.log;
+  error_log   /var/log/nginx/gitlab_pages_error.log;
+
+  location / {
+    ## Serve static files from defined root folder.
+    ## @gitlab is a named location for the upstream fallback, see below.
+    try_files $uri $uri/index.html $uri.html;
+  }
+
+  error_page 404 /404.html;
+  error_page 502 /502.html;
+}
diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl
index ce097425c6c..3afa038a687 100644
--- a/lib/support/nginx/gitlab-ssl
+++ b/lib/support/nginx/gitlab-ssl
@@ -238,3 +238,37 @@ server {
 
   error_page 502 /502.html;
 }
+
+## Pages serving host
+server {
+  listen 0.0.0.0:443 ssl;
+  listen [::]:443 ipv6only=on ssl default_server;
+  server_name ~^(?<subdomain>.*)\.gitlab\.com$;
+  root /home/git/gitlab/shared/pages/${subdomain};
+
+  ## Strong SSL Security
+  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/gitlab_wildcard.crt;
+  ssl_certificate_key /etc/nginx/ssl/gitlab_wildcard.key;
+
+  # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
+  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_prefer_server_ciphers on;
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_timeout 5m;
+
+  ## Individual nginx logs for this GitLab vhost
+  access_log  /var/log/nginx/gitlab_pages_access.log;
+  error_log   /var/log/nginx/gitlab_pages_error.log;
+
+  location / {
+    ## Serve static files from defined root folder.
+    ## @gitlab is a named location for the upstream fallback, see below.
+    try_files $uri $uri/index.html $uri.html;
+  }
+
+  error_page 404 /404.html;
+  error_page 502 /502.html;
+}
-- 
cgit v1.2.3