diff options
author | Shinya Maeda <shinya@gitlab.com> | 2019-04-11 10:52:48 +0300 |
---|---|---|
committer | Shinya Maeda <shinya@gitlab.com> | 2019-04-11 15:26:51 +0300 |
commit | f9ac0ba0331308751ab9a1ae8820e9e315f812d8 (patch) | |
tree | 53b049b4092d8b65fb1549fcca238909d7f9252d | |
parent | ef5195ebe155f69dbf719e151779b01e7bf4007d (diff) |
Update README for inplace chroot limitationupdate-readme-for-inplace-chroot-limitation
-rw-r--r-- | README.md | 15 |
1 files changed, 12 insertions, 3 deletions
@@ -120,9 +120,15 @@ user if available. A less-functional (but just as secure) operation mode is provided via the `-daemon-inplace-chroot` command-line option. If passed, Pages will daemonize as usual, but chroot directly to the `-pages-root` directory instead of building -a complete jail in the system temporary directory. This mode will break the -artifact server proxy and (on some systems) TLS operation, but was the default -mode prior to GitLab Pages v0.8.0 +a complete jail in the system temporary directory. There are some known issues +with this mode, such as: + +- Artifact server proxy will not work +- TLS operation (on some systems) will not work +- [GitLab access control](#gitlab-access-control) might not work, because pages service cannot resolve the +domain name of the auth server due to missing `/etc/resolv.conf` at the chroot +directory. As a workaround, you can manually copy the file to the pages root directory, however, +it might cause a conflict with an existing pages data. The default secure mode will also fail for certain Linux-based configurations. Known cases include: @@ -170,6 +176,9 @@ $ make $ ./gitlab-pages -listen-http "10.0.0.1:8080" -listen-https "[fd00::1]:8080" -pages-root path/to/gitlab/shared/pages -pages-domain example.com -auth-client-id <id> -auth-client-secret <secret> -auth-redirect-uri https://projects.example.com/auth -auth-secret something-very-secret -auth-server https://gitlab.com ``` +NOTE: **Note:** +GitLab access control might not work with `-daemon-inplace-chroot` option. Please take a look at [the caveat section](#caveats) above. + #### How it works 1. GitLab pages looks for `access_control` and `id` fields in `config.json` files |