diff options
author | Nick Thomas <nick@gitlab.com> | 2017-03-08 18:24:06 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2017-03-08 18:44:51 +0300 |
commit | 114d0f4075bdba7600f59e38771a75b82c9ae7c0 (patch) | |
tree | f3e17195648979013dc49b032a5cc53b9f5fcc07 /README.md | |
parent | 934a76c536c7de5b3dba17e6b110f60d002cfbc6 (diff) |
Document some caveats around the daemon mode
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 13 |
1 files changed, 8 insertions, 5 deletions
@@ -39,15 +39,18 @@ If load balancer is run in SSL-offloading mode the custom TLS certificate will n Example: ``` -go build +CGO_ENABLED=0 GO15VENDOREXPERIMENT=1 go build ./gitlab-pages -listen-https "" -listen-http ":8090" -pages-root path/to/gitlab/shared/pages -pages-domain example.com ``` ### Run daemon **in secure mode** -The daemon can be run in chroot with dropped privileges. +When compiled with `CGO_ENABLED=0` (which is the default), `gitlab-pages` is a +static binary and so can be run in chroot with dropped privileges. -Run daemon as root user and pass the `-daemon-uid` and `-daemon-gid`. +To enter this mode, run `gitlab-pages` as the root user and pass it the +`-daemon-uid` and `-daemon-gid` arguments to specify the user you want it to run +as. The daemon start listening on ports as root, reads certificates as root and re-executes itself as specified user. When re-executing it copies it's own binary to `pages-root` and changes root to that directory. @@ -74,8 +77,8 @@ This is most useful in dual-stack environments (IPv4+IPv6) where both Gitlab Pag ### Enable Prometheus Metrics -For monitoring purposes, one could pass the `-metrics-address` flag when -starting. This will expose general metrics about the Go runtime and pages +For monitoring purposes, one could pass the `-metrics-address` flag when +starting. This will expose general metrics about the Go runtime and pages application for [Prometheus](https://prometheus.io/) to scrape. Example: |