Age | Commit message (Collapse) | Author |
|
|
|
|
|
Changelog: changed
|
|
Changelog: added
|
|
Changelog: changed
|
|
|
|
Remove gitlab-pages daemon
Closes #114 and #133
See merge request gitlab-org/gitlab-pages!542
|
|
from documentation
|
|
We have now disabled chroot by default since %14.1, and
recently removed support for disk-based configuration
coming in %14.3. And we've also removed the chroot
completely from Pages.
Since nginx can do TCP proxying and there's no need to use
privileged ports, Pages has been confirmed to run as non-root
in k8s environment without any issues.
This MR removes support for the gitlab-pages daemon completely.
Changelog: removed
|
|
|
|
|
|
when there are missing parameters such as `--listen-http`
by splitting configuration loading and validation.
Related to omnibus-gitlab#6321.
Changelog: other
|
|
- Disable chroot mechanism by default.
- Adds the daemon-enable-jail flag which will allow users
to enable the legacy chroot mechanism if anything goes wrong.
This flag won't be available via Omnibus, instead users will
need to define the environment variable and pass to Pages.
- Simplify chroot logic from http_fs
- Update jail documentation
- Enable chroot when domain-config-source=disk
Changelog: changed
|
|
|
|
|
|
|
|
Signed-off-by: Balasankar "Balu" C <balasankarc@autistici.org>
|
|
Changelog: changed
Signed-off-by: Balasankar "Balu" C <balasankarc@autistici.org>
|
|
As discussed within https://gitlab.com/gitlab-org/gitlab-pages/-/issues/510 this
MR adds the usage of labkit's correlationID middleware.
It uses a similar approach to the implemantion in gitlab-workhorse.
Fixes https://gitlab.com/gitlab-org/gitlab-pages/-/issues/510
:tools: with :heart: at Siemens
Changelog: fixed
|
|
This MR makes required authentication permission scope for
Pages configurable.
By default, Pages will use `api` scope to authenticate with
Pages Application registered on GitLab.
With this MR, the scope is configurable and can be set to `read_api`
by providing the `auth-scope` variable in the arguments or in
the `gitlab-pages.conf`
/label ~security
Changelog: added
|
|
Allow registering a file protocol in the zip VFS
See merge request gitlab-org/gitlab-pages!429
|
|
|
|
Moves the http.Client initialization inside the `httprange` package to
the zip VFS. This makes the type `Resource` depend on an http.Client
that needs to be passed on initialization.
It also makes the zip VFS initialize the client. It's possible to
reconfigure it to register a file protocol by calling vfs.Reconfigure
explicitly.
|
|
|
|
Allows initializing each MultiStringFlag using its own separator and
defaults to `,` when not specified.
This change makes the `-header` flag use a `;;` separator so that it can
be defined inside a config file.
Fixes https://gitlab.com/gitlab-org/gitlab-pages/-/issues/531.
|
|
|
|
Change variables of error type to strings constants when these variables
are solely used for the message contained in the errors.
|
|
|
|
Add zip serving configuration flags
See merge request gitlab-org/gitlab-pages!392
|
|
|
|
|
|
Add zip config to appConfig
|
|
|
|
|
|
Use DefaultConfig as global
|
|
Adds a config package with specific zip configuration structure that can
be shared between packages.
|
|
Conform to the official CodeReviewComments guide,
which says:
Error strings should not be capitalized (unless beginning with proper nouns or acronyms)
or end with punctuation,
since they are usually printed following other context.
That is, use fmt.Errorf("something bad") not fmt.Errorf("Something bad")
Source:
https://github.com/golang/go/wiki/CodeReviewComments#error-strings
|
|
|
|
This reverts commit 7f8e9bd39def730616a4c7d1d5f00ee6ca9ea76a.
|
|
This adds a per-process rate limiting
of the incoming requests and connections.
This assume two:
- Requests generate a pressure on Object Storage
- New TLS connections generate a pressure on CPU
due to TLS handshake (generating and exchanging
asymmetric keys)
|
|
This reverts commit 185e0a0e5c621f350335495291c535e5c05df89b, reversing
changes made to a3365a7b1b41b3dee206cbcf27e915ee45d556a5.
|
|
This reverts merge request !305
|
|
|
|
|
|
As part of https://gitlab.com/gitlab-org/gitlab-pages/-/issues/385
we have introduced the use of a custom `.golangci.yml` file with some
custom rules for linting.
This replaces the need of downloading and using `golint`, `gofmt`
`go vet` and `gocyclo` manually. We take advantage of the custom
`golangci-lint` docker image as stated in the [Automatic lintinb]
(https://docs.gitlab.com/ee/development/go_guide/#automatic-linting)
section of the Go standards and style guidelines.
This iteration enables a subset of linters, with the remaining
of them enabled on a separate MR as described in the issue above.
The main changes introduced by this linter include:
- gosec: potential hardcoded credentials
- goconst: DRY by declaring and using constants
- gosimple: reduce statements complexity and improve return statements
|
|
|
|
This is an incremental step for adding `-domain-source`
as described in https://gitlab.com/gitlab-org/gitlab/-/issues/217912.
We are only adding the flag here but it's not doing anything at the
moment.
Add TODO for implementation
|
|
Passing secrets via command line is not allowed anymore.
A config file should be used instead. The default filename is
`gitlab-pages-config`. The following command line options will
throw an error and prevent pages from running if set explicitly:
- `-auth-client-id`
- `-auth-client-secret`
- `-auth-secret`
|
|
Fixes check for deprecated arguments to cater
for key=value arugments. It also logs the warning
if a deprecated flag is used.
|
|
|