diff options
author | vtak <vtak@gitlab.com> | 2022-03-16 09:54:04 +0300 |
---|---|---|
committer | vtak <vtak@gitlab.com> | 2022-03-16 09:54:21 +0300 |
commit | f0e37afc2fb092323fae6c46ffef0c1651fa7809 (patch) | |
tree | 2905d09592c83c6a95a4901a899403573b46bf14 | |
parent | 348b0e1b8e929cc68f1b07bb0af88a75396ef9db (diff) | |
parent | 8d0041e051d16bb44208a5992e88ff7cd33a14e8 (diff) |
Merge branch 'master' of gitlab.com:gitlab-org/gitlab-pages into update-go-proxyproto
-rw-r--r-- | .gitlab-ci.yml | 2 | ||||
-rw-r--r-- | .gitlab/ci/test.yml | 2 | ||||
-rw-r--r-- | CHANGELOG.md | 8 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | internal/config/config.go | 3 | ||||
-rw-r--r-- | internal/config/flags.go | 29 | ||||
-rw-r--r-- | internal/vfs/zip/vfs.go | 4 |
7 files changed, 30 insertions, 20 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3ffbfba8..e446cf2e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -19,7 +19,7 @@ include: - local: .gitlab/ci/test.yml default: - image: golang:1.17 + image: golang:1.18 tags: - gitlab-org diff --git a/.gitlab/ci/test.yml b/.gitlab/ci/test.yml index e9bca5d6..0be07471 100644 --- a/.gitlab/ci/test.yml +++ b/.gitlab/ci/test.yml @@ -11,7 +11,7 @@ image: golang:${GO_VERSION} parallel: matrix: - - GO_VERSION: ["1.16", "1.17"] + - GO_VERSION: ["1.16", "1.17", "1.18"] tests: extends: .tests-matrix diff --git a/CHANGELOG.md b/CHANGELOG.md index f65bf9b6..c2dcfcab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +## 1.56.0 (2022-03-15) + +### Added (3 changes) + +- [feat: allow auth http.Client timeout to be configurable](gitlab-org/gitlab-pages@0a2122d4960ebdca71a21cdb6038696f1746c3f1) by @Osmanilge ([merge request](gitlab-org/gitlab-pages!687)) +- [feat: make server shutdown timeout configurable](gitlab-org/gitlab-pages@f78d8d18b960f66a2a4f4e2044e2159647d375af) by @HuseyinEmreAksoy ([merge request](gitlab-org/gitlab-pages!688)) +- [Add security-harness script](gitlab-org/gitlab-pages@de0b946ff919a2df3e172c569383dec8a4fd3b41) ([merge request](gitlab-org/gitlab-pages!697)) + ## 1.55.0 (2022-02-22) ### Added (1 change) @@ -1 +1 @@ -1.55.0 +1.56.0 diff --git a/internal/config/config.go b/internal/config/config.go index 7644e5ad..48bab76e 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -135,6 +135,7 @@ type ZipServing struct { RefreshInterval time.Duration OpenTimeout time.Duration AllowedPaths []string + HTTPClientTimeout time.Duration } func internalGitlabServerFromFlags() string { @@ -240,6 +241,7 @@ func loadConfig() (*Config, error) { RefreshInterval: *zipCacheRefresh, OpenTimeout: *zipOpenTimeout, AllowedPaths: []string{*pagesRoot}, + HTTPClientTimeout: *zipHTTPClientTimeout, }, // Actual listener pointers will be populated in appMain. We populate the @@ -315,6 +317,7 @@ func LogConfig(config *Config) { "zip-cache-cleanup": config.Zip.CleanupInterval, "zip-cache-refresh": config.Zip.RefreshInterval, "zip-open-timeout": config.Zip.OpenTimeout, + "zip-http-client-timeout": config.Zip.HTTPClientTimeout, "rate-limit-source-ip": config.RateLimit.SourceIPLimitPerSecond, "rate-limit-source-ip-burst": config.RateLimit.SourceIPBurst, "rate-limit-domain": config.RateLimit.DomainLimitPerSecond, diff --git a/internal/config/flags.go b/internal/config/flags.go index 091e07e3..cd44692a 100644 --- a/internal/config/flags.go +++ b/internal/config/flags.go @@ -66,20 +66,21 @@ var ( _ = flag.String("domain-config-source", "gitlab", "DEPRECATED and has not affect, see https://gitlab.com/gitlab-org/gitlab-pages/-/merge_requests/541") enableDisk = flag.Bool("enable-disk", true, "Enable disk access, shall be disabled in environments where shared disk storage isn't available") - clientID = flag.String("auth-client-id", "", "GitLab application Client ID") - clientSecret = flag.String("auth-client-secret", "", "GitLab application Client Secret") - redirectURI = flag.String("auth-redirect-uri", "", "GitLab application redirect URI") - authScope = flag.String("auth-scope", "api", "Scope to be used for authentication (must match GitLab Pages OAuth application settings)") - authTimeout = flag.Duration("auth-timeout", 5*time.Second, "GitLab application client timeout for authentication") - maxConns = flag.Int("max-conns", 0, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners, 0 for no limit") - maxURILength = flag.Int("max-uri-length", 1024, "Limit the length of URI, 0 for unlimited.") - insecureCiphers = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4") - tlsMinVersion = flag.String("tls-min-version", "tls1.2", tlsVersionFlagUsage("min")) - tlsMaxVersion = flag.String("tls-max-version", "", tlsVersionFlagUsage("max")) - zipCacheExpiration = flag.Duration("zip-cache-expiration", 60*time.Second, "Zip serving archive cache expiration interval") - zipCacheCleanup = flag.Duration("zip-cache-cleanup", 30*time.Second, "Zip serving archive cache cleanup interval") - zipCacheRefresh = flag.Duration("zip-cache-refresh", 30*time.Second, "Zip serving archive cache refresh interval") - zipOpenTimeout = flag.Duration("zip-open-timeout", 30*time.Second, "Zip archive open timeout") + clientID = flag.String("auth-client-id", "", "GitLab application Client ID") + clientSecret = flag.String("auth-client-secret", "", "GitLab application Client Secret") + redirectURI = flag.String("auth-redirect-uri", "", "GitLab application redirect URI") + authScope = flag.String("auth-scope", "api", "Scope to be used for authentication (must match GitLab Pages OAuth application settings)") + authTimeout = flag.Duration("auth-timeout", 5*time.Second, "GitLab application client timeout for authentication") + maxConns = flag.Int("max-conns", 0, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners, 0 for no limit") + maxURILength = flag.Int("max-uri-length", 1024, "Limit the length of URI, 0 for unlimited.") + insecureCiphers = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4") + tlsMinVersion = flag.String("tls-min-version", "tls1.2", tlsVersionFlagUsage("min")) + tlsMaxVersion = flag.String("tls-max-version", "", tlsVersionFlagUsage("max")) + zipCacheExpiration = flag.Duration("zip-cache-expiration", 60*time.Second, "Zip serving archive cache expiration interval") + zipCacheCleanup = flag.Duration("zip-cache-cleanup", 30*time.Second, "Zip serving archive cache cleanup interval") + zipCacheRefresh = flag.Duration("zip-cache-refresh", 30*time.Second, "Zip serving archive cache refresh interval") + zipOpenTimeout = flag.Duration("zip-open-timeout", 30*time.Second, "Zip archive open timeout") + zipHTTPClientTimeout = flag.Duration("zip-http-client-timeout", 30*time.Minute, "Zip HTTP client timeout") disableCrossOriginRequests = flag.Bool("disable-cross-origin-requests", false, "Disable cross-origin requests") diff --git a/internal/vfs/zip/vfs.go b/internal/vfs/zip/vfs.go index d0608c81..3fcef556 100644 --- a/internal/vfs/zip/vfs.go +++ b/internal/vfs/zip/vfs.go @@ -67,9 +67,7 @@ func New(cfg *config.ZipServing) vfs.VFS { cacheCleanupInterval: cfg.CleanupInterval, openTimeout: cfg.OpenTimeout, httpClient: &http.Client{ - // TODO: make this timeout configurable - // https://gitlab.com/gitlab-org/gitlab-pages/-/issues/457 - Timeout: 30 * time.Minute, + Timeout: cfg.HTTPClientTimeout, Transport: httptransport.NewMeteredRoundTripper( httptransport.NewTransport(), "zip_vfs", |