Date: Monday, August 7, 2017 @ 15:57:11 Author: svenstaro Revision: 249469
archrelease: copy trunk to community-x86_64 Added: gitlab/repos/community-x86_64/PKGBUILD (from rev 249468, gitlab/trunk/PKGBUILD) gitlab/repos/community-x86_64/apache-ssl.conf.example (from rev 249468, gitlab/trunk/apache-ssl.conf.example) gitlab/repos/community-x86_64/apache.conf.example (from rev 249468, gitlab/trunk/apache.conf.example) gitlab/repos/community-x86_64/apache2.2-ssl.conf.example (from rev 249468, gitlab/trunk/apache2.2-ssl.conf.example) gitlab/repos/community-x86_64/apache2.2.conf.example (from rev 249468, gitlab/trunk/apache2.2.conf.example) gitlab/repos/community-x86_64/gitlab-backup.service (from rev 249468, gitlab/trunk/gitlab-backup.service) gitlab/repos/community-x86_64/gitlab-backup.timer (from rev 249468, gitlab/trunk/gitlab-backup.timer) gitlab/repos/community-x86_64/gitlab-mailroom.service (from rev 249468, gitlab/trunk/gitlab-mailroom.service) gitlab/repos/community-x86_64/gitlab-sidekiq.service (from rev 249468, gitlab/trunk/gitlab-sidekiq.service) gitlab/repos/community-x86_64/gitlab-unicorn.service (from rev 249468, gitlab/trunk/gitlab-unicorn.service) gitlab/repos/community-x86_64/gitlab.install (from rev 249468, gitlab/trunk/gitlab.install) gitlab/repos/community-x86_64/gitlab.logrotate (from rev 249468, gitlab/trunk/gitlab.logrotate) gitlab/repos/community-x86_64/gitlab.target (from rev 249468, gitlab/trunk/gitlab.target) gitlab/repos/community-x86_64/gitlab.tmpfiles.d (from rev 249468, gitlab/trunk/gitlab.tmpfiles.d) gitlab/repos/community-x86_64/lighttpd.conf.example (from rev 249468, gitlab/trunk/lighttpd.conf.example) gitlab/repos/community-x86_64/nginx-ssl.conf.example (from rev 249468, gitlab/trunk/nginx-ssl.conf.example) gitlab/repos/community-x86_64/nginx.conf.example (from rev 249468, gitlab/trunk/nginx.conf.example) Deleted: gitlab/repos/community-x86_64/PKGBUILD gitlab/repos/community-x86_64/apache-ssl.conf.example gitlab/repos/community-x86_64/apache.conf.example gitlab/repos/community-x86_64/apache2.2-ssl.conf.example gitlab/repos/community-x86_64/apache2.2.conf.example gitlab/repos/community-x86_64/gitlab-backup.service gitlab/repos/community-x86_64/gitlab-backup.timer gitlab/repos/community-x86_64/gitlab-mailroom.service gitlab/repos/community-x86_64/gitlab-sidekiq.service gitlab/repos/community-x86_64/gitlab-unicorn.service gitlab/repos/community-x86_64/gitlab.install gitlab/repos/community-x86_64/gitlab.logrotate gitlab/repos/community-x86_64/gitlab.target gitlab/repos/community-x86_64/gitlab.tmpfiles.d gitlab/repos/community-x86_64/lighttpd.conf.example gitlab/repos/community-x86_64/nginx-ssl.conf.example gitlab/repos/community-x86_64/nginx.conf.example ----------------------------+ PKGBUILD | 433 +++++++++++++++++++++---------------------- apache-ssl.conf.example | 188 +++++++++--------- apache.conf.example | 128 ++++++------ apache2.2-ssl.conf.example | 186 +++++++++--------- apache2.2.conf.example | 126 ++++++------ gitlab-backup.service | 38 +-- gitlab-backup.timer | 20 - gitlab-mailroom.service | 40 +-- gitlab-sidekiq.service | 58 ++--- gitlab-unicorn.service | 58 ++--- gitlab.install | 40 +-- gitlab.logrotate | 22 +- gitlab.target | 28 +- gitlab.tmpfiles.d | 2 lighttpd.conf.example | 70 +++--- nginx-ssl.conf.example | 224 +++++++++++----------- nginx.conf.example | 138 ++++++------- 17 files changed, 904 insertions(+), 895 deletions(-) Deleted: PKGBUILD =================================================================== --- PKGBUILD 2017-08-07 15:57:02 UTC (rev 249468) +++ PKGBUILD 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,212 +0,0 @@ -# Maintainer: Sven-Hendrik Haase <s...@lutzhaase.com> -# Contributor: Pavol (Lopo) Hluchy <lopo AT losys DOT eu> -# Contributor: Jonas Heinrich <o...@project-insanity.org> -# Contributor: Massimiliano Torromeo <massimiliano.torro...@gmail.com> -# Contributor: Tobias Hunger <tobias DOT hunger AT gmail DOT com> -# Contributor: Stefan Tatschner <ste...@sevenbyte.org> -# Contributor: Caleb Maclennan <ca...@alerque.com> - -pkgname=gitlab -pkgver=9.4.3 -pkgrel=1 -pkgdesc="Project management and code hosting application" -arch=('x86_64') -url="https://gitlab.com/gitlab-org/gitlab-ce/tree/master#README" -license=('MIT') -options=(!buildflags) -depends=('ruby2.3' 'git' 'ruby2.3-bundler' 'gitlab-workhorse' 'gitlab-gitaly' 'openssh' 'redis' 'libxslt' 'icu' 'nodejs' 're2') -makedepends=('cmake' 'postgresql' 'mariadb' 'yarn' 'go') -optdepends=('postgresql: database backend' - 'mysql: database backend' - 'python2-docutils: reStructuredText markup language support' - 'smtp-server: mail server in order to receive mail notifications') -backup=("etc/webapps/${pkgname}/application.rb" - "etc/webapps/${pkgname}/gitlab.yml" - "etc/webapps/${pkgname}/resque.yml" - "etc/webapps/${pkgname}/unicorn.rb" - "etc/logrotate.d/${pkgname}") -source=("$pkgname-$pkgver.tar.gz::https://gitlab.com/gitlab-org/gitlab-ce/repository/archive.tar.bz2?ref=v${pkgver}" - gitlab-unicorn.service - gitlab-sidekiq.service - gitlab-backup.service - gitlab-mailroom.service - gitlab-backup.timer - gitlab.target - gitlab.tmpfiles.d - gitlab.logrotate - apache.conf.example - apache-ssl.conf.example - apache2.2.conf.example - apache2.2-ssl.conf.example - nginx.conf.example - nginx-ssl.conf.example - lighttpd.conf.example) -install='gitlab.install' -sha512sums=('1caac46183ce7a7926401a831459bb8e5fc006420e3208c637bb7cf8e13f94c7da69adf968cd911b97f82b3842e7afc3f122eeb708d68e8f8c1a750c348e5978' - '56cce150645ef74fa42a6100c8bc7689c4012579e1f3ba237c06c367b121246b39e968044615fa21c4757bc8e9d06f37f8ac8d39aa8b808c758e716857553f66' - '8678b2f0632a830e42a8a62b59ffe66b629b7d96034ff167e2a93fdbb3c7617db0c7529990b73c7a12a78a900ec833e48c691ebbac6cd8257e53de060da16a37' - '79cfb8ee740ab30f970c3113659b8349128abeae5e32cc81bb905f89a6db9941b7778040a094b884262daf020f66a1aee49a12d34fbb94efce6ade946bb4625b' - 'c097a26d1c24f120967ae457f9008df06af0cd2662306410d8e3f6cc4b5772416125fcd3c895bc35872251060083e8c95b37455b8d20154518d8c467625291eb' - 'c11d2c59da8325551a465227096e8d39b0e4bcd5b1db21565cf3439e431838c04bc00aa6f07f4d493f3f47fd6b4e25aeb0fe0fc1a05756064706bf5708c960ec' - 'c519a51d31300074ea12594fbcc8e9610d991ef04b1dac94d93a2b201df3465999cc7c6ac7f3896e02b117c2366d61dea1ef2f6b9cd7b18998385a7f26e5700f' - 'abacbff0d7be918337a17b56481c84e6bf3eddd9551efe78ba9fb74337179e95c9b60f41c49f275e05074a4074a616be36fa208a48fc12d5b940f0554fbd89c3' - '20b93eab504e82cc4401685b59e6311b4d2c0285bc594d47ce4106d3f418a3e2ba92c4f49732748c0ba913aa3e3299126166e37d2a2d5b4d327d66bae4b8abda' - '441585489fb992d5e893f14bf0770df04ada95ffdbfcc80bb98a44eda7db520d12c985f600d003d80a196562654d2231598f8481ff9bf664bb5889f564e897e7' - '99f31439d348e21f764875b6207db8663b47f3224ad6a9f35b89c8a2ed29a9e831a974aa6b9429a3882fb74c1c9d42ed5c38b2d16ae122b5d55d5873a0c57cd3' - '624eb1f13e0265522290faa8c22b4150e6081ca2580391c9dfd871f1ee1b9c1c745c95d3d8f7fdbf85038990060141b844c3d8097c577ab68e5506bfa2d2dddb' - '248d47b44fa5ed65e2a940f2b60d0482c481b3a438357ca510848221370367ffbc0d83ce046d688bebbbc75d4e321b140f6a5ce1a9d7ec0b034fafcf92dee107' - '53a9d6d6f87874b29e48a8fb2e207094ebc1a80af478562ec4b591926d59e135a3166c20966704aa948ca7063ba63c1ec4ac290a343832fa18025ec3d85081ba' - '6d3006da591acefcc534c6e3f1da8e812d0b3b21fc416bfaa8678b8e2d922be6b17d1c92b0d7164de3b8ad864139253707107ca082f78e823d23f3b65fcb5914' - 'c78b6f46abcf603d8db6e38cf50868e14145928422ddfe17c88e2f006b5b910dddf456ec5d6d724b250994530643963809688a98f7e12ebd5b5dabf7f96f0e06') - -_datadir="/usr/share/webapps/${pkgname}" -_etcdir="/etc/webapps/${pkgname}" -_homedir="/var/lib/${pkgname}" -_logdir="/var/log/${pkgname}" -_srcdir="gitlab-ce-v${pkgver}" - -prepare() { - cd "${srcdir}/${_srcdir}"* - - export SKIP_STORAGE_VALIDATION='true' - - # Patching config files: - msg2 "Patching paths in and username gitlab.yml..." - sed -e "s|# user: git|user: gitlab|" \ - -e "s|/home/git/repositories|${_homedir}/repositories|" \ - -e "s|/home/git/gitlab-satellites|${_homedir}/satellites|" \ - -e "s|# path: /mnt/gitlab|path: ${_homedir}/shared|" \ - -e "s|/home/git/gitlab-shell|/usr/share/webapps/gitlab-shell|" \ - -e "s|tmp/backups|${_homedir}/backups|" \ - -e "s|/home/git/gitlab/tmp/sockets/private/gitaly.socket|${_homedir}/sockets/gitlab-gitaly.socket|" \ - config/gitlab.yml.example > config/gitlab.yml - - msg2 "Patching paths and timeout in unicorn.rb..." - sed -e "s|/home/git/gitlab/tmp/.*/|/run/gitlab/|g" \ - -e "s|/var/run/|/run/|g" \ - -e "s|/home/git/gitlab|${_datadir}|g" \ - -e "s|timeout 30|timeout 300|" \ - -e "s|${_datadir}/log/|${_logdir}/|g" \ - config/unicorn.rb.example > config/unicorn.rb - - # We need this one untouched because otherwise assets will fail - cp config/database.yml.postgresql config/database.yml.postgresql.orig - - msg2 "Patching username in database.yml.{mysql,postgresql}..." - sed -i -e "s|username: git|username: gitlab|" config/database.yml.mysql - sed -i -e "s|username: git|username: gitlab|" config/database.yml.postgresql - - msg2 "Patching redis connection in resque.yml" - sed -e "s|production: unix:/var/run/redis/redis.sock|production: redis://localhost:6379|" \ - config/resque.yml.example > config/resque.yml.patched - - msg2 "Setting up systemd service files ..." - for service_file in gitlab-sidekiq.service gitlab-unicorn.service gitlab.logrotate gitlab-backup.service gitlab-mailroom.service; do - sed -i "s|<HOMEDIR>|${_homedir}|g" "${srcdir}/${service_file}" - sed -i "s|<DATADIR>|${_datadir}|g" "${srcdir}/${service_file}" - sed -i "s|<LOGDIR>|${_logdir}|g" "${srcdir}/${service_file}" - done -} - -build() { - cd "${srcdir}/${_srcdir}"* - - msg "Fetching bundled gems..." - # Gems will be installed into vendor/bundle - - bundle-2.3 config build.nokogiri --use-system-libraries - bundle-2.3 install --no-cache --deployment --without development test aws kerberos - - # We'll temporarily stick this in here so we can build the assets - cp config/database.yml.postgresql.orig config/database.yml - cp config/resque.yml.example config/resque.yml - sed -i 's/url.*/nope.sock/g' config/resque.yml - - yarn install --production --pure-lockfile - bundle-2.3 exec rake gitlab:assets:compile RAILS_ENV=production NODE_ENV=production - bundle-2.3 exec rake gettext:compile RAILS_ENV=production - # After building assets, clean this up again - rm config/database.yml config/database.yml.postgresql.orig - mv config/resque.yml.patched config/resque.yml -} - -package() { - cd "${srcdir}/${_srcdir}"* - depends+=('gitlab-shell') - - install -d "${pkgdir}/usr/share/webapps" - - cp -r "${srcdir}/${_srcdir}"* "${pkgdir}${_datadir}" - chown -R root:root "${pkgdir}${_datadir}" - chmod 755 "${pkgdir}${_datadir}" - - install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}" - install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/satellites" - install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/shared/"{,artifacts,lfs-objects} - install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/builds" - install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/uploads" - install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/backups" - install -dm750 -o 105 -g 105 "${pkgdir}${_etcdir}" - install -dm755 "${pkgdir}/usr/share/doc/${pkgname}" - - ln -fs /run/gitlab "${pkgdir}${_homedir}/pids" - ln -fs /run/gitlab "${pkgdir}${_homedir}/sockets" - ln -fs ${_datadir}/log "${pkgdir}${_homedir}/log" - - rm -rf "${pkgdir}${_datadir}/public/uploads" && ln -fs "${_homedir}/uploads" "${pkgdir}${_datadir}/public/uploads" - rm -rf "${pkgdir}${_datadir}/builds" && ln -fs "${_homedir}/builds" "${pkgdir}${_datadir}/builds" - rm -rf "${pkgdir}${_datadir}/tmp" && ln -fs /var/tmp "${pkgdir}${_datadir}/tmp" - rm -rf "${pkgdir}${_datadir}/log" && ln -fs "${_logdir}" "${pkgdir}${_datadir}/log" - - mv "${pkgdir}${_datadir}/.gitlab_workhorse_secret" "${pkgdir}${_etcdir}/gitlab_workhorse_secret" - chmod 660 "${pkgdir}${_etcdir}/gitlab_workhorse_secret" - chown root:105 "${pkgdir}${_etcdir}/gitlab_workhorse_secret" - ln -fs "${_etcdir}/gitlab_workhorse_secret" "${pkgdir}${_datadir}/.gitlab_workhorse_secret" - - ln -fs /etc/webapps/gitlab-shell/secret "${pkgdir}${_datadir}/.gitlab_shell_secret" - - sed -i "s|require_relative '../lib|require '${_datadir}/lib|" config/application.rb - - # Fix for ruby-2.3 and bundle-2.3 - sed -i "s|bundle|bundle-2.3|g" "${pkgdir}${_datadir}/lib/tasks/gitlab/check.rake" - grep -rl "bin/env ruby" "${pkgdir}${_datadir}" | xargs sed -i "s|bin/env ruby$|bin/env ruby-2.3|g" - - # Install config files - for config_file in application.rb gitlab.yml unicorn.rb resque.yml; do - mv "config/${config_file}" "${pkgdir}${_etcdir}/" - [[ -f "${pkgdir}${_datadir}/config/${config_file}" ]] && rm "${pkgdir}${_datadir}/config/${config_file}" - ln -fs "${_etcdir}/${config_file}" "${pkgdir}${_datadir}/config/" - done - - # Install database symlink - ln -fs "${_etcdir}/database.yml" "${pkgdir}${_datadir}/config/database.yml" - - # Install secrets symlink - ln -fs "${_etcdir}/secrets.yml" "${pkgdir}${_datadir}/config/secrets.yml" - - # Install license and help files - mv README.md MAINTENANCE.md CONTRIBUTING.md CHANGELOG.md PROCESS.md VERSION config/*.{example,mysql,postgresql} "${pkgdir}/usr/share/doc/${pkgname}" - install -Dm644 "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" - - # https://gitlab.com/gitlab-org/gitlab-ce/issues/765 - cp -r "${pkgdir}${_datadir}/doc" "${pkgdir}${_datadir}/public/help" - find "${pkgdir}${_datadir}/public/help" -name "*.md" -exec rm {} \; - find "${pkgdir}${_datadir}/public/help/" -depth -type d -empty -exec rmdir {} \; - - chown 105:105 "${pkgdir}${_datadir}/db/schema.rb" - - # Install systemd service files - for service_file in gitlab-unicorn.service gitlab-sidekiq.service gitlab-backup.service gitlab-backup.timer gitlab.target gitlab-mailroom.service; do - install -Dm644 "${srcdir}/${service_file}" "${pkgdir}/usr/lib/systemd/system/${service_file}" - done - - install -Dm644 "${srcdir}/gitlab.tmpfiles.d" "${pkgdir}/usr/lib/tmpfiles.d/gitlab.conf" - install -Dm644 "${srcdir}/gitlab.logrotate" "${pkgdir}/etc/logrotate.d/gitlab" - - # Install webserver config templates - for config_file in apache apache-ssl apache2.2 apache2.2-ssl nginx nginx-ssl lighttpd; do - install -m644 "${srcdir}/${config_file}.conf.example" "${pkgdir}/usr/share/doc/${pkgname}" - done -} - -# vim:set ts=2 sw=2 et: Copied: gitlab/repos/community-x86_64/PKGBUILD (from rev 249468, gitlab/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,221 @@ +# Maintainer: Sven-Hendrik Haase <s...@lutzhaase.com> +# Contributor: Pavol (Lopo) Hluchy <lopo AT losys DOT eu> +# Contributor: Jonas Heinrich <o...@project-insanity.org> +# Contributor: Massimiliano Torromeo <massimiliano.torro...@gmail.com> +# Contributor: Tobias Hunger <tobias DOT hunger AT gmail DOT com> +# Contributor: Stefan Tatschner <ste...@sevenbyte.org> +# Contributor: Caleb Maclennan <ca...@alerque.com> + +pkgname=gitlab +pkgver=9.4.3 +pkgrel=2 +pkgdesc="Project management and code hosting application" +arch=('x86_64') +url="https://gitlab.com/gitlab-org/gitlab-ce/tree/master#README" +license=('MIT') +options=(!buildflags) +depends=('ruby2.3' 'git' 'ruby2.3-bundler' 'gitlab-workhorse' 'gitlab-gitaly' 'openssh' 'redis' 'libxslt' 'icu' 'nodejs' 're2') +makedepends=('cmake' 'postgresql' 'mariadb' 'yarn' 'go') +optdepends=('postgresql: database backend' + 'mysql: database backend' + 'python2-docutils: reStructuredText markup language support' + 'smtp-server: mail server in order to receive mail notifications') +backup=("etc/webapps/${pkgname}/application.rb" + "etc/webapps/${pkgname}/gitlab.yml" + "etc/webapps/${pkgname}/resque.yml" + "etc/webapps/${pkgname}/unicorn.rb" + "etc/logrotate.d/${pkgname}") +source=("$pkgname-$pkgver.tar.gz::https://gitlab.com/gitlab-org/gitlab-ce/repository/archive.tar.bz2?ref=v${pkgver}" + gitlab-unicorn.service + gitlab-sidekiq.service + gitlab-backup.service + gitlab-mailroom.service + gitlab-backup.timer + gitlab.target + gitlab.tmpfiles.d + gitlab.logrotate + apache.conf.example + apache-ssl.conf.example + apache2.2.conf.example + apache2.2-ssl.conf.example + nginx.conf.example + nginx-ssl.conf.example + lighttpd.conf.example) +install='gitlab.install' +sha512sums=('1caac46183ce7a7926401a831459bb8e5fc006420e3208c637bb7cf8e13f94c7da69adf968cd911b97f82b3842e7afc3f122eeb708d68e8f8c1a750c348e5978' + '56cce150645ef74fa42a6100c8bc7689c4012579e1f3ba237c06c367b121246b39e968044615fa21c4757bc8e9d06f37f8ac8d39aa8b808c758e716857553f66' + '8678b2f0632a830e42a8a62b59ffe66b629b7d96034ff167e2a93fdbb3c7617db0c7529990b73c7a12a78a900ec833e48c691ebbac6cd8257e53de060da16a37' + '79cfb8ee740ab30f970c3113659b8349128abeae5e32cc81bb905f89a6db9941b7778040a094b884262daf020f66a1aee49a12d34fbb94efce6ade946bb4625b' + 'c097a26d1c24f120967ae457f9008df06af0cd2662306410d8e3f6cc4b5772416125fcd3c895bc35872251060083e8c95b37455b8d20154518d8c467625291eb' + 'c11d2c59da8325551a465227096e8d39b0e4bcd5b1db21565cf3439e431838c04bc00aa6f07f4d493f3f47fd6b4e25aeb0fe0fc1a05756064706bf5708c960ec' + 'c519a51d31300074ea12594fbcc8e9610d991ef04b1dac94d93a2b201df3465999cc7c6ac7f3896e02b117c2366d61dea1ef2f6b9cd7b18998385a7f26e5700f' + 'abacbff0d7be918337a17b56481c84e6bf3eddd9551efe78ba9fb74337179e95c9b60f41c49f275e05074a4074a616be36fa208a48fc12d5b940f0554fbd89c3' + '20b93eab504e82cc4401685b59e6311b4d2c0285bc594d47ce4106d3f418a3e2ba92c4f49732748c0ba913aa3e3299126166e37d2a2d5b4d327d66bae4b8abda' + '441585489fb992d5e893f14bf0770df04ada95ffdbfcc80bb98a44eda7db520d12c985f600d003d80a196562654d2231598f8481ff9bf664bb5889f564e897e7' + '99f31439d348e21f764875b6207db8663b47f3224ad6a9f35b89c8a2ed29a9e831a974aa6b9429a3882fb74c1c9d42ed5c38b2d16ae122b5d55d5873a0c57cd3' + '624eb1f13e0265522290faa8c22b4150e6081ca2580391c9dfd871f1ee1b9c1c745c95d3d8f7fdbf85038990060141b844c3d8097c577ab68e5506bfa2d2dddb' + '248d47b44fa5ed65e2a940f2b60d0482c481b3a438357ca510848221370367ffbc0d83ce046d688bebbbc75d4e321b140f6a5ce1a9d7ec0b034fafcf92dee107' + '53a9d6d6f87874b29e48a8fb2e207094ebc1a80af478562ec4b591926d59e135a3166c20966704aa948ca7063ba63c1ec4ac290a343832fa18025ec3d85081ba' + '6d3006da591acefcc534c6e3f1da8e812d0b3b21fc416bfaa8678b8e2d922be6b17d1c92b0d7164de3b8ad864139253707107ca082f78e823d23f3b65fcb5914' + 'c78b6f46abcf603d8db6e38cf50868e14145928422ddfe17c88e2f006b5b910dddf456ec5d6d724b250994530643963809688a98f7e12ebd5b5dabf7f96f0e06') + +_datadir="/usr/share/webapps/${pkgname}" +_etcdir="/etc/webapps/${pkgname}" +_homedir="/var/lib/${pkgname}" +_logdir="/var/log/${pkgname}" +_srcdir="gitlab-ce-v${pkgver}" + +prepare() { + cd "${srcdir}" + + # Get first 7 characters from sha1 which has 40 characters in total + local revision=$(ls -d ${_srcdir}* | rev | cut -c 34-40 | rev) + + cd "${_srcdir}"* + + msg2 "Patching git revision in config/initializers/2_app.rb..." + sed -i -e "s|REVISION = Gitlab::Popen.popen(%W(#{config.git.bin_path} log --pretty=format:%h -n 1)).first.chomp.freeze|REVISION = \"${revision}\"|" \ + config/initializers/2_app.rb + + export SKIP_STORAGE_VALIDATION='true' + + # Patching config files: + msg2 "Patching paths in and username gitlab.yml..." + sed -e "s|# user: git|user: gitlab|" \ + -e "s|/home/git/repositories|${_homedir}/repositories|" \ + -e "s|/home/git/gitlab-satellites|${_homedir}/satellites|" \ + -e "s|# path: /mnt/gitlab|path: ${_homedir}/shared|" \ + -e "s|/home/git/gitlab-shell|/usr/share/webapps/gitlab-shell|" \ + -e "s|tmp/backups|${_homedir}/backups|" \ + -e "s|/home/git/gitlab/tmp/sockets/private/gitaly.socket|${_homedir}/sockets/gitlab-gitaly.socket|" \ + config/gitlab.yml.example > config/gitlab.yml + + msg2 "Patching paths and timeout in unicorn.rb..." + sed -e "s|/home/git/gitlab/tmp/.*/|/run/gitlab/|g" \ + -e "s|/var/run/|/run/|g" \ + -e "s|/home/git/gitlab|${_datadir}|g" \ + -e "s|timeout 30|timeout 300|" \ + -e "s|${_datadir}/log/|${_logdir}/|g" \ + config/unicorn.rb.example > config/unicorn.rb + + # We need this one untouched because otherwise assets will fail + cp config/database.yml.postgresql config/database.yml.postgresql.orig + + msg2 "Patching username in database.yml.{mysql,postgresql}..." + sed -i -e "s|username: git|username: gitlab|" config/database.yml.mysql + sed -i -e "s|username: git|username: gitlab|" config/database.yml.postgresql + + msg2 "Patching redis connection in resque.yml" + sed -e "s|production: unix:/var/run/redis/redis.sock|production: redis://localhost:6379|" \ + config/resque.yml.example > config/resque.yml.patched + + msg2 "Setting up systemd service files ..." + for service_file in gitlab-sidekiq.service gitlab-unicorn.service gitlab.logrotate gitlab-backup.service gitlab-mailroom.service; do + sed -i "s|<HOMEDIR>|${_homedir}|g" "${srcdir}/${service_file}" + sed -i "s|<DATADIR>|${_datadir}|g" "${srcdir}/${service_file}" + sed -i "s|<LOGDIR>|${_logdir}|g" "${srcdir}/${service_file}" + done +} + +build() { + cd "${srcdir}/${_srcdir}"* + + msg "Fetching bundled gems..." + # Gems will be installed into vendor/bundle + + bundle-2.3 config build.nokogiri --use-system-libraries + bundle-2.3 install --no-cache --deployment --without development test aws kerberos + + # We'll temporarily stick this in here so we can build the assets + cp config/database.yml.postgresql.orig config/database.yml + cp config/resque.yml.example config/resque.yml + sed -i 's/url.*/nope.sock/g' config/resque.yml + + yarn install --production --pure-lockfile + bundle-2.3 exec rake gitlab:assets:compile RAILS_ENV=production NODE_ENV=production + bundle-2.3 exec rake gettext:compile RAILS_ENV=production + # After building assets, clean this up again + rm config/database.yml config/database.yml.postgresql.orig + mv config/resque.yml.patched config/resque.yml +} + +package() { + cd "${srcdir}/${_srcdir}"* + depends+=('gitlab-shell') + + install -d "${pkgdir}/usr/share/webapps" + + cp -r "${srcdir}/${_srcdir}"* "${pkgdir}${_datadir}" + chown -R root:root "${pkgdir}${_datadir}" + chmod 755 "${pkgdir}${_datadir}" + + install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}" + install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/satellites" + install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/shared/"{,artifacts,lfs-objects} + install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/builds" + install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/uploads" + install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/backups" + install -dm750 -o 105 -g 105 "${pkgdir}${_etcdir}" + install -dm755 "${pkgdir}/usr/share/doc/${pkgname}" + + ln -fs /run/gitlab "${pkgdir}${_homedir}/pids" + ln -fs /run/gitlab "${pkgdir}${_homedir}/sockets" + ln -fs ${_datadir}/log "${pkgdir}${_homedir}/log" + + rm -rf "${pkgdir}${_datadir}/public/uploads" && ln -fs "${_homedir}/uploads" "${pkgdir}${_datadir}/public/uploads" + rm -rf "${pkgdir}${_datadir}/builds" && ln -fs "${_homedir}/builds" "${pkgdir}${_datadir}/builds" + rm -rf "${pkgdir}${_datadir}/tmp" && ln -fs /var/tmp "${pkgdir}${_datadir}/tmp" + rm -rf "${pkgdir}${_datadir}/log" && ln -fs "${_logdir}" "${pkgdir}${_datadir}/log" + + mv "${pkgdir}${_datadir}/.gitlab_workhorse_secret" "${pkgdir}${_etcdir}/gitlab_workhorse_secret" + chmod 660 "${pkgdir}${_etcdir}/gitlab_workhorse_secret" + chown root:105 "${pkgdir}${_etcdir}/gitlab_workhorse_secret" + ln -fs "${_etcdir}/gitlab_workhorse_secret" "${pkgdir}${_datadir}/.gitlab_workhorse_secret" + + ln -fs /etc/webapps/gitlab-shell/secret "${pkgdir}${_datadir}/.gitlab_shell_secret" + + sed -i "s|require_relative '../lib|require '${_datadir}/lib|" config/application.rb + + # Fix for ruby-2.3 and bundle-2.3 + sed -i "s|bundle|bundle-2.3|g" "${pkgdir}${_datadir}/lib/tasks/gitlab/check.rake" + grep -rl "bin/env ruby" "${pkgdir}${_datadir}" | xargs sed -i "s|bin/env ruby$|bin/env ruby-2.3|g" + + # Install config files + for config_file in application.rb gitlab.yml unicorn.rb resque.yml; do + mv "config/${config_file}" "${pkgdir}${_etcdir}/" + [[ -f "${pkgdir}${_datadir}/config/${config_file}" ]] && rm "${pkgdir}${_datadir}/config/${config_file}" + ln -fs "${_etcdir}/${config_file}" "${pkgdir}${_datadir}/config/" + done + + # Install database symlink + ln -fs "${_etcdir}/database.yml" "${pkgdir}${_datadir}/config/database.yml" + + # Install secrets symlink + ln -fs "${_etcdir}/secrets.yml" "${pkgdir}${_datadir}/config/secrets.yml" + + # Install license and help files + mv README.md MAINTENANCE.md CONTRIBUTING.md CHANGELOG.md PROCESS.md VERSION config/*.{example,mysql,postgresql} "${pkgdir}/usr/share/doc/${pkgname}" + install -Dm644 "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" + + # https://gitlab.com/gitlab-org/gitlab-ce/issues/765 + cp -r "${pkgdir}${_datadir}/doc" "${pkgdir}${_datadir}/public/help" + find "${pkgdir}${_datadir}/public/help" -name "*.md" -exec rm {} \; + find "${pkgdir}${_datadir}/public/help/" -depth -type d -empty -exec rmdir {} \; + + chown 105:105 "${pkgdir}${_datadir}/db/schema.rb" + + # Install systemd service files + for service_file in gitlab-unicorn.service gitlab-sidekiq.service gitlab-backup.service gitlab-backup.timer gitlab.target gitlab-mailroom.service; do + install -Dm644 "${srcdir}/${service_file}" "${pkgdir}/usr/lib/systemd/system/${service_file}" + done + + install -Dm644 "${srcdir}/gitlab.tmpfiles.d" "${pkgdir}/usr/lib/tmpfiles.d/gitlab.conf" + install -Dm644 "${srcdir}/gitlab.logrotate" "${pkgdir}/etc/logrotate.d/gitlab" + + # Install webserver config templates + for config_file in apache apache-ssl apache2.2 apache2.2-ssl nginx nginx-ssl lighttpd; do + install -m644 "${srcdir}/${config_file}.conf.example" "${pkgdir}/usr/share/doc/${pkgname}" + done +} + +# vim:set ts=2 sw=2 et: Deleted: apache-ssl.conf.example =================================================================== --- apache-ssl.conf.example 2017-08-07 15:57:02 UTC (rev 249468) +++ apache-ssl.conf.example 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,94 +0,0 @@ -# This configuration has been tested on GitLab 8.2 -# Note this config assumes unicorn is listening on default port 8080 and -# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to -# listen on port 8181, edit or create /etc/default/gitlab and change or add the following: -# -# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080" -# -#Module dependencies -# mod_rewrite -# mod_ssl -# mod_proxy -# mod_proxy_http -# mod_headers - -# This section is only needed if you want to redirect http traffic to https. -# You can live without it but clients will have to type in https:// to reach gitlab. -<VirtualHost *:80> - ServerName YOUR_SERVER_FQDN - ServerSignature Off - - RewriteEngine on - RewriteCond %{HTTPS} !=on - RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] -</VirtualHost> - -<VirtualHost *:443> - SSLEngine on - #strong encryption ciphers only - #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html - SSLProtocol all -SSLv2 -SSLv3 - SSLHonorCipherOrder on -# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" - SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA" - Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" - SSLCompression Off - SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt - SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key - SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt - - ServerName YOUR_SERVER_FQDN - ServerSignature Off - - ProxyPreserveHost On - - # Ensure that encoded slashes are not decoded but left in their encoded state. - # http://doc.gitlab.com/ce/api/projects.html#get-single-project - AllowEncodedSlashes NoDecode - - <Location /> - # New authorization commands for apache 2.4 and up - # http://httpd.apache.org/docs/2.4/upgrading.html#access - Require all granted - - #Allow forwarding to gitlab-workhorse - ProxyPassReverse http://127.0.0.1:8181 - ProxyPassReverse http://YOUR_SERVER_FQDN/ - </Location> - - # Apache equivalent of nginx try files - # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files - # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab - RewriteEngine on - - #Don't escape encoded characters in api requests - RewriteCond %{REQUEST_URI} ^/api/v3/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE] - - #Forward all requests to gitlab-workhorse except existing files like error documents - RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] - RewriteCond %{REQUEST_URI} ^/uploads/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA] - - RequestHeader set X_FORWARDED_PROTO 'https' - RequestHeader set X-Forwarded-Ssl on - - # needed for downloading attachments - DocumentRoot /usr/share/webapps/gitlab/public - - #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. - ErrorDocument 404 /404.html - ErrorDocument 422 /422.html - ErrorDocument 500 /500.html - ErrorDocument 503 /deploy.html - - # It is assumed that the log directory is in /var/log/httpd. - # For Debian distributions you might want to change this to - # /var/log/apache2. - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded - ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined - -</VirtualHost> Copied: gitlab/repos/community-x86_64/apache-ssl.conf.example (from rev 249468, gitlab/trunk/apache-ssl.conf.example) =================================================================== --- apache-ssl.conf.example (rev 0) +++ apache-ssl.conf.example 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,94 @@ +# This configuration has been tested on GitLab 8.2 +# Note this config assumes unicorn is listening on default port 8080 and +# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to +# listen on port 8181, edit or create /etc/default/gitlab and change or add the following: +# +# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080" +# +#Module dependencies +# mod_rewrite +# mod_ssl +# mod_proxy +# mod_proxy_http +# mod_headers + +# This section is only needed if you want to redirect http traffic to https. +# You can live without it but clients will have to type in https:// to reach gitlab. +<VirtualHost *:80> + ServerName YOUR_SERVER_FQDN + ServerSignature Off + + RewriteEngine on + RewriteCond %{HTTPS} !=on + RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] +</VirtualHost> + +<VirtualHost *:443> + SSLEngine on + #strong encryption ciphers only + #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html + SSLProtocol all -SSLv2 -SSLv3 + SSLHonorCipherOrder on +# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" + SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA" + Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" + SSLCompression Off + SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt + SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key + SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt + + ServerName YOUR_SERVER_FQDN + ServerSignature Off + + ProxyPreserveHost On + + # Ensure that encoded slashes are not decoded but left in their encoded state. + # http://doc.gitlab.com/ce/api/projects.html#get-single-project + AllowEncodedSlashes NoDecode + + <Location /> + # New authorization commands for apache 2.4 and up + # http://httpd.apache.org/docs/2.4/upgrading.html#access + Require all granted + + #Allow forwarding to gitlab-workhorse + ProxyPassReverse http://127.0.0.1:8181 + ProxyPassReverse http://YOUR_SERVER_FQDN/ + </Location> + + # Apache equivalent of nginx try files + # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files + # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab + RewriteEngine on + + #Don't escape encoded characters in api requests + RewriteCond %{REQUEST_URI} ^/api/v3/.* + RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE] + + #Forward all requests to gitlab-workhorse except existing files like error documents + RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] + RewriteCond %{REQUEST_URI} ^/uploads/.* + RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA] + + RequestHeader set X_FORWARDED_PROTO 'https' + RequestHeader set X-Forwarded-Ssl on + + # needed for downloading attachments + DocumentRoot /usr/share/webapps/gitlab/public + + #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. + ErrorDocument 404 /404.html + ErrorDocument 422 /422.html + ErrorDocument 500 /500.html + ErrorDocument 503 /deploy.html + + # It is assumed that the log directory is in /var/log/httpd. + # For Debian distributions you might want to change this to + # /var/log/apache2. + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded + ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log + CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded + CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog + CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined + +</VirtualHost> Deleted: apache.conf.example =================================================================== --- apache.conf.example 2017-08-07 15:57:02 UTC (rev 249468) +++ apache.conf.example 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,64 +0,0 @@ -# This configuration has been tested on GitLab 8.2 -# Note this config assumes unicorn is listening on default port 8080 and -# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to -# listen on port 8181, edit or create /etc/default/gitlab and change or add the following: -# -# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080" -# -#Module dependencies -# mod_rewrite -# mod_proxy -# mod_proxy_http -<VirtualHost *:80> - ServerName YOUR_SERVER_FQDN - ServerSignature Off - - ProxyPreserveHost On - - # Ensure that encoded slashes are not decoded but left in their encoded state. - # http://doc.gitlab.com/ce/api/projects.html#get-single-project - AllowEncodedSlashes NoDecode - - <Location /> - # New authorization commands for apache 2.4 and up - # http://httpd.apache.org/docs/2.4/upgrading.html#access - Require all granted - - #Allow forwarding to gitlab-workhorse - ProxyPassReverse http://127.0.0.1:8181 - ProxyPassReverse http://YOUR_SERVER_FQDN/ - </Location> - - # Apache equivalent of nginx try files - # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files - # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab - RewriteEngine on - - #Don't escape encoded characters in api requests - RewriteCond %{REQUEST_URI} ^/api/v3/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE] - - #Forward all requests to gitlab-workhorse except existing files like error documents - RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] - RewriteCond %{REQUEST_URI} ^/uploads/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA] - - # needed for downloading attachments - DocumentRoot /usr/share/webapps/gitlab/public - - #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. - ErrorDocument 404 /404.html - ErrorDocument 422 /422.html - ErrorDocument 500 /500.html - ErrorDocument 503 /deploy.html - - # It is assumed that the log directory is in /var/log/httpd. - # For Debian distributions you might want to change this to - # /var/log/apache2. - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded - ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined - -</VirtualHost> Copied: gitlab/repos/community-x86_64/apache.conf.example (from rev 249468, gitlab/trunk/apache.conf.example) =================================================================== --- apache.conf.example (rev 0) +++ apache.conf.example 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,64 @@ +# This configuration has been tested on GitLab 8.2 +# Note this config assumes unicorn is listening on default port 8080 and +# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to +# listen on port 8181, edit or create /etc/default/gitlab and change or add the following: +# +# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080" +# +#Module dependencies +# mod_rewrite +# mod_proxy +# mod_proxy_http +<VirtualHost *:80> + ServerName YOUR_SERVER_FQDN + ServerSignature Off + + ProxyPreserveHost On + + # Ensure that encoded slashes are not decoded but left in their encoded state. + # http://doc.gitlab.com/ce/api/projects.html#get-single-project + AllowEncodedSlashes NoDecode + + <Location /> + # New authorization commands for apache 2.4 and up + # http://httpd.apache.org/docs/2.4/upgrading.html#access + Require all granted + + #Allow forwarding to gitlab-workhorse + ProxyPassReverse http://127.0.0.1:8181 + ProxyPassReverse http://YOUR_SERVER_FQDN/ + </Location> + + # Apache equivalent of nginx try files + # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files + # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab + RewriteEngine on + + #Don't escape encoded characters in api requests + RewriteCond %{REQUEST_URI} ^/api/v3/.* + RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE] + + #Forward all requests to gitlab-workhorse except existing files like error documents + RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] + RewriteCond %{REQUEST_URI} ^/uploads/.* + RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA] + + # needed for downloading attachments + DocumentRoot /usr/share/webapps/gitlab/public + + #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. + ErrorDocument 404 /404.html + ErrorDocument 422 /422.html + ErrorDocument 500 /500.html + ErrorDocument 503 /deploy.html + + # It is assumed that the log directory is in /var/log/httpd. + # For Debian distributions you might want to change this to + # /var/log/apache2. + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded + ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log + CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded + CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog + CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined + +</VirtualHost> Deleted: apache2.2-ssl.conf.example =================================================================== --- apache2.2-ssl.conf.example 2017-08-07 15:57:02 UTC (rev 249468) +++ apache2.2-ssl.conf.example 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,93 +0,0 @@ -# This configuration has been tested on GitLab 8.2 -# Note this config assumes unicorn is listening on default port 8080 and -# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to -# listen on port 8181, edit or create /etc/default/gitlab and change or add the following: -# -# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080" -# -#Module dependencies -# mod_rewrite -# mod_ssl -# mod_proxy -# mod_proxy_http -# mod_headers - -# This section is only needed if you want to redirect http traffic to https. -# You can live without it but clients will have to type in https:// to reach gitlab. -<VirtualHost *:80> - ServerName YOUR_SERVER_FQDN - ServerSignature Off - - RewriteEngine on - RewriteCond %{HTTPS} !=on - RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] -</VirtualHost> - -<VirtualHost *:443> - SSLEngine on - #strong encryption ciphers only - #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html - SSLProtocol all -SSLv2 -SSLv3 - SSLHonorCipherOrder on -# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" - SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA" - Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" - SSLCompression Off - SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt - SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key - SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt - - ServerName YOUR_SERVER_FQDN - ServerSignature Off - - ProxyPreserveHost On - - # Ensure that encoded slashes are not decoded but left in their encoded state. - # http://doc.gitlab.com/ce/api/projects.html#get-single-project - AllowEncodedSlashes NoDecode - - <Location /> - Order deny,allow - Allow from all - - #Allow forwarding to gitlab-workhorse - ProxyPassReverse http://127.0.0.1:8181 - ProxyPassReverse http://YOUR_SERVER_FQDN/ - </Location> - - # Apache equivalent of nginx try files - # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files - # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab - RewriteEngine on - - #Don't escape encoded characters in api requests - RewriteCond %{REQUEST_URI} ^/api/v3/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE] - - #Forward all requests to gitlab-workhorse except existing files like error documents - RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] - RewriteCond %{REQUEST_URI} ^/uploads/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA] - - RequestHeader set X_FORWARDED_PROTO 'https' - RequestHeader set X-Forwarded-Ssl on - - # needed for downloading attachments - DocumentRoot /usr/share/webapps/gitlab/public - - #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. - ErrorDocument 404 /404.html - ErrorDocument 422 /422.html - ErrorDocument 500 /500.html - ErrorDocument 503 /deploy.html - - # It is assumed that the log directory is in /var/log/httpd. - # For Debian distributions you might want to change this to - # /var/log/apache2. - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded - ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined - -</VirtualHost> Copied: gitlab/repos/community-x86_64/apache2.2-ssl.conf.example (from rev 249468, gitlab/trunk/apache2.2-ssl.conf.example) =================================================================== --- apache2.2-ssl.conf.example (rev 0) +++ apache2.2-ssl.conf.example 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,93 @@ +# This configuration has been tested on GitLab 8.2 +# Note this config assumes unicorn is listening on default port 8080 and +# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to +# listen on port 8181, edit or create /etc/default/gitlab and change or add the following: +# +# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080" +# +#Module dependencies +# mod_rewrite +# mod_ssl +# mod_proxy +# mod_proxy_http +# mod_headers + +# This section is only needed if you want to redirect http traffic to https. +# You can live without it but clients will have to type in https:// to reach gitlab. +<VirtualHost *:80> + ServerName YOUR_SERVER_FQDN + ServerSignature Off + + RewriteEngine on + RewriteCond %{HTTPS} !=on + RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] +</VirtualHost> + +<VirtualHost *:443> + SSLEngine on + #strong encryption ciphers only + #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html + SSLProtocol all -SSLv2 -SSLv3 + SSLHonorCipherOrder on +# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" + SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA" + Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" + SSLCompression Off + SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt + SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key + SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt + + ServerName YOUR_SERVER_FQDN + ServerSignature Off + + ProxyPreserveHost On + + # Ensure that encoded slashes are not decoded but left in their encoded state. + # http://doc.gitlab.com/ce/api/projects.html#get-single-project + AllowEncodedSlashes NoDecode + + <Location /> + Order deny,allow + Allow from all + + #Allow forwarding to gitlab-workhorse + ProxyPassReverse http://127.0.0.1:8181 + ProxyPassReverse http://YOUR_SERVER_FQDN/ + </Location> + + # Apache equivalent of nginx try files + # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files + # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab + RewriteEngine on + + #Don't escape encoded characters in api requests + RewriteCond %{REQUEST_URI} ^/api/v3/.* + RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE] + + #Forward all requests to gitlab-workhorse except existing files like error documents + RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] + RewriteCond %{REQUEST_URI} ^/uploads/.* + RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA] + + RequestHeader set X_FORWARDED_PROTO 'https' + RequestHeader set X-Forwarded-Ssl on + + # needed for downloading attachments + DocumentRoot /usr/share/webapps/gitlab/public + + #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. + ErrorDocument 404 /404.html + ErrorDocument 422 /422.html + ErrorDocument 500 /500.html + ErrorDocument 503 /deploy.html + + # It is assumed that the log directory is in /var/log/httpd. + # For Debian distributions you might want to change this to + # /var/log/apache2. + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded + ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log + CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded + CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog + CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined + +</VirtualHost> Deleted: apache2.2.conf.example =================================================================== --- apache2.2.conf.example 2017-08-07 15:57:02 UTC (rev 249468) +++ apache2.2.conf.example 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,63 +0,0 @@ -# This configuration has been tested on GitLab 8.2 -# Note this config assumes unicorn is listening on default port 8080 and -# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to -# listen on port 8181, edit or create /etc/default/gitlab and change or add the following: -# -# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080" -# -#Module dependencies -# mod_rewrite -# mod_proxy -# mod_proxy_http -<VirtualHost *:80> - ServerName YOUR_SERVER_FQDN - ServerSignature Off - - ProxyPreserveHost On - - # Ensure that encoded slashes are not decoded but left in their encoded state. - # http://doc.gitlab.com/ce/api/projects.html#get-single-project - AllowEncodedSlashes NoDecode - - <Location /> - Order deny,allow - Allow from all - - #Allow forwarding to gitlab-workhorse - ProxyPassReverse http://127.0.0.1:8181 - ProxyPassReverse http://YOUR_SERVER_FQDN/ - </Location> - - # Apache equivalent of nginx try files - # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files - # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab - RewriteEngine on - - #Don't escape encoded characters in api requests - RewriteCond %{REQUEST_URI} ^/api/v3/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE] - - #Forward all requests to gitlab-workhorse except existing files like error documents - RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] - RewriteCond %{REQUEST_URI} ^/uploads/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA] - - # needed for downloading attachments - DocumentRoot /usr/share/webapps/gitlab/public - - #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. - ErrorDocument 404 /404.html - ErrorDocument 422 /422.html - ErrorDocument 500 /500.html - ErrorDocument 503 /deploy.html - - # It is assumed that the log directory is in /var/log/httpd. - # For Debian distributions you might want to change this to - # /var/log/apache2. - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded - ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined - -</VirtualHost> Copied: gitlab/repos/community-x86_64/apache2.2.conf.example (from rev 249468, gitlab/trunk/apache2.2.conf.example) =================================================================== --- apache2.2.conf.example (rev 0) +++ apache2.2.conf.example 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,63 @@ +# This configuration has been tested on GitLab 8.2 +# Note this config assumes unicorn is listening on default port 8080 and +# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to +# listen on port 8181, edit or create /etc/default/gitlab and change or add the following: +# +# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080" +# +#Module dependencies +# mod_rewrite +# mod_proxy +# mod_proxy_http +<VirtualHost *:80> + ServerName YOUR_SERVER_FQDN + ServerSignature Off + + ProxyPreserveHost On + + # Ensure that encoded slashes are not decoded but left in their encoded state. + # http://doc.gitlab.com/ce/api/projects.html#get-single-project + AllowEncodedSlashes NoDecode + + <Location /> + Order deny,allow + Allow from all + + #Allow forwarding to gitlab-workhorse + ProxyPassReverse http://127.0.0.1:8181 + ProxyPassReverse http://YOUR_SERVER_FQDN/ + </Location> + + # Apache equivalent of nginx try files + # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files + # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab + RewriteEngine on + + #Don't escape encoded characters in api requests + RewriteCond %{REQUEST_URI} ^/api/v3/.* + RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE] + + #Forward all requests to gitlab-workhorse except existing files like error documents + RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] + RewriteCond %{REQUEST_URI} ^/uploads/.* + RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA] + + # needed for downloading attachments + DocumentRoot /usr/share/webapps/gitlab/public + + #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. + ErrorDocument 404 /404.html + ErrorDocument 422 /422.html + ErrorDocument 500 /500.html + ErrorDocument 503 /deploy.html + + # It is assumed that the log directory is in /var/log/httpd. + # For Debian distributions you might want to change this to + # /var/log/apache2. + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded + ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log + CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded + CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog + CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined + +</VirtualHost> Deleted: gitlab-backup.service =================================================================== --- gitlab-backup.service 2017-08-07 15:57:02 UTC (rev 249468) +++ gitlab-backup.service 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,19 +0,0 @@ -[Unit] -Description=GitLab Backup process -Requires= -After=network.target - -[Service] -Type=oneshot -User=gitlab -Group=gitlab -SyslogIdentifier=gitlab-backup -WorkingDirectory=<DATADIR> -Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin -CapabilityBoundingSet= -PrivateTmp=true -PrivateDevices=true -ProtectSystem=full -ProtectHome=true -NoNewPrivileges=true -ExecStart=/usr/bin/bundle-2.3 exec rake gitlab:backup:create Copied: gitlab/repos/community-x86_64/gitlab-backup.service (from rev 249468, gitlab/trunk/gitlab-backup.service) =================================================================== --- gitlab-backup.service (rev 0) +++ gitlab-backup.service 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,19 @@ +[Unit] +Description=GitLab Backup process +Requires= +After=network.target + +[Service] +Type=oneshot +User=gitlab +Group=gitlab +SyslogIdentifier=gitlab-backup +WorkingDirectory=<DATADIR> +Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin +CapabilityBoundingSet= +PrivateTmp=true +PrivateDevices=true +ProtectSystem=full +ProtectHome=true +NoNewPrivileges=true +ExecStart=/usr/bin/bundle-2.3 exec rake gitlab:backup:create Deleted: gitlab-backup.timer =================================================================== --- gitlab-backup.timer 2017-08-07 15:57:02 UTC (rev 249468) +++ gitlab-backup.timer 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,10 +0,0 @@ -[Unit] -Description=Daily gitlab backup - -[Timer] -OnCalendar=daily -AccuracySec=12h -Persistent=true - -[Install] -WantedBy=multi-user.target Copied: gitlab/repos/community-x86_64/gitlab-backup.timer (from rev 249468, gitlab/trunk/gitlab-backup.timer) =================================================================== --- gitlab-backup.timer (rev 0) +++ gitlab-backup.timer 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,10 @@ +[Unit] +Description=Daily gitlab backup + +[Timer] +OnCalendar=daily +AccuracySec=12h +Persistent=true + +[Install] +WantedBy=multi-user.target Deleted: gitlab-mailroom.service =================================================================== --- gitlab-mailroom.service 2017-08-07 15:57:02 UTC (rev 249468) +++ gitlab-mailroom.service 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,20 +0,0 @@ -[Unit] -Description=Gitlab Mailroom Worker -Requires=gitlab-unicorn.service -Wants=gitlab-unicorn.service -After=gitlab-unicorn.service - -[Service] -User=gitlab -Group=gitlab -WorkingDirectory=<DATADIR> -Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin -SyslogIdentifier=gitlab-mailroom -PIDFile=/run/gitlab/mailroom.pid -ExecStart=/usr/bin/bundle-2.3 exec mail_room -q -c <DATADIR>/config/mail_room.yml -ExecStop=/usr/bin/kill -QUIT $MAINPID -Restart=on-failure -RestartSec=1 - -[Install] -WantedBy=multi-user.target Copied: gitlab/repos/community-x86_64/gitlab-mailroom.service (from rev 249468, gitlab/trunk/gitlab-mailroom.service) =================================================================== --- gitlab-mailroom.service (rev 0) +++ gitlab-mailroom.service 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,20 @@ +[Unit] +Description=Gitlab Mailroom Worker +Requires=gitlab-unicorn.service +Wants=gitlab-unicorn.service +After=gitlab-unicorn.service + +[Service] +User=gitlab +Group=gitlab +WorkingDirectory=<DATADIR> +Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin +SyslogIdentifier=gitlab-mailroom +PIDFile=/run/gitlab/mailroom.pid +ExecStart=/usr/bin/bundle-2.3 exec mail_room -q -c <DATADIR>/config/mail_room.yml +ExecStop=/usr/bin/kill -QUIT $MAINPID +Restart=on-failure +RestartSec=1 + +[Install] +WantedBy=multi-user.target Deleted: gitlab-sidekiq.service =================================================================== --- gitlab-sidekiq.service 2017-08-07 15:57:02 UTC (rev 249468) +++ gitlab-sidekiq.service 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,29 +0,0 @@ -[Unit] -Description=GitLab Sidekiq Worker -Requires=redis.service gitlab-unicorn.service -Wants=mysqld.service postgresql.service -After=redis.service mysqld.service postgresql.service network.target gitlab-unicorn.service -JoinsNamespaceOf=gitlab-unicorn.service - -[Service] -User=gitlab -Group=gitlab -WorkingDirectory=<DATADIR> -Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin -SyslogIdentifier=gitlab-sidekiq -PIDFile=/run/gitlab/sidekiq.pid -CapabilityBoundingSet= -PrivateTmp=true -ProtectSystem=full -ProtectHome=true -# NoNewPrivileges breaks gitlabs' email delivery if you -# use postfix' sendmail wrapper. If you use an SMTP server -# instead you can safely enable this security feature. -#NoNewPrivileges=true -ExecStart=/usr/bin/bundle-2.3 exec sidekiq -C <DATADIR>/config/sidekiq_queues.yml -e production -ExecStop=/usr/bin/bundle-2.3 exec sidekiqctl stop /run/gitlab/sidekiq.pid -Restart=on-failure -RestartSec=1 - -[Install] -WantedBy=multi-user.target Copied: gitlab/repos/community-x86_64/gitlab-sidekiq.service (from rev 249468, gitlab/trunk/gitlab-sidekiq.service) =================================================================== --- gitlab-sidekiq.service (rev 0) +++ gitlab-sidekiq.service 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,29 @@ +[Unit] +Description=GitLab Sidekiq Worker +Requires=redis.service gitlab-unicorn.service +Wants=mysqld.service postgresql.service +After=redis.service mysqld.service postgresql.service network.target gitlab-unicorn.service +JoinsNamespaceOf=gitlab-unicorn.service + +[Service] +User=gitlab +Group=gitlab +WorkingDirectory=<DATADIR> +Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin +SyslogIdentifier=gitlab-sidekiq +PIDFile=/run/gitlab/sidekiq.pid +CapabilityBoundingSet= +PrivateTmp=true +ProtectSystem=full +ProtectHome=true +# NoNewPrivileges breaks gitlabs' email delivery if you +# use postfix' sendmail wrapper. If you use an SMTP server +# instead you can safely enable this security feature. +#NoNewPrivileges=true +ExecStart=/usr/bin/bundle-2.3 exec sidekiq -C <DATADIR>/config/sidekiq_queues.yml -e production +ExecStop=/usr/bin/bundle-2.3 exec sidekiqctl stop /run/gitlab/sidekiq.pid +Restart=on-failure +RestartSec=1 + +[Install] +WantedBy=multi-user.target Deleted: gitlab-unicorn.service =================================================================== --- gitlab-unicorn.service 2017-08-07 15:57:02 UTC (rev 249468) +++ gitlab-unicorn.service 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,29 +0,0 @@ -[Unit] -Description=GitLab Unicorn Server -Requires=redis.service -Wants=mysqld.service postgresql.service -After=redis.service mysqld.service postgresql.service network.target - -[Service] -User=gitlab -Group=gitlab -WorkingDirectory=<DATADIR> -Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin -SyslogIdentifier=gitlab-unicorn -PIDFile=/run/gitlab/unicorn.pid -RuntimeDirectory=gitlab -RuntimeDirectoryMode=775 -CapabilityBoundingSet= -PrivateTmp=true -PrivateDevices=true -ProtectSystem=full -ProtectHome=true -NoNewPrivileges=true -ExecStart=/usr/bin/bundle-2.3 exec unicorn_rails -c <DATADIR>/config/unicorn.rb -E production -ExecStop=/usr/bin/kill -QUIT $MAINPID -ExecReload=/usr/bin/kill -USR2 $MAINPID -Restart=on-failure -RestartSec=1 - -[Install] -WantedBy=multi-user.target Copied: gitlab/repos/community-x86_64/gitlab-unicorn.service (from rev 249468, gitlab/trunk/gitlab-unicorn.service) =================================================================== --- gitlab-unicorn.service (rev 0) +++ gitlab-unicorn.service 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,29 @@ +[Unit] +Description=GitLab Unicorn Server +Requires=redis.service +Wants=mysqld.service postgresql.service +After=redis.service mysqld.service postgresql.service network.target + +[Service] +User=gitlab +Group=gitlab +WorkingDirectory=<DATADIR> +Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin +SyslogIdentifier=gitlab-unicorn +PIDFile=/run/gitlab/unicorn.pid +RuntimeDirectory=gitlab +RuntimeDirectoryMode=775 +CapabilityBoundingSet= +PrivateTmp=true +PrivateDevices=true +ProtectSystem=full +ProtectHome=true +NoNewPrivileges=true +ExecStart=/usr/bin/bundle-2.3 exec unicorn_rails -c <DATADIR>/config/unicorn.rb -E production +ExecStop=/usr/bin/kill -QUIT $MAINPID +ExecReload=/usr/bin/kill -USR2 $MAINPID +Restart=on-failure +RestartSec=1 + +[Install] +WantedBy=multi-user.target Deleted: gitlab.install =================================================================== --- gitlab.install 2017-08-07 15:57:02 UTC (rev 249468) +++ gitlab.install 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,20 +0,0 @@ -post_install() { - echo "Configure your /etc/webapps/gitlab/gitlab.yml" - echo "Set up your redis to run on /var/run/redis/redis.sock or configure gitlab to use redis TCP" - echo "Put a secret bytestring to /etc/webapps/gitlab/secret" - echo "Copy /usr/share/doc/gitlab/secrets.yml.example to /etc/webapps/gitlab/secrets.yml and configure it" - echo "Copy a database example config from /usr/share/doc/gitlab/ to /etc/webapps/gitlab/database.yml and configure it" - echo "Setup the database:" - echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.3 exec rake gitlab:setup RAILS_ENV=production\"" - echo "Finally run the following commands to check your installation:" - echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.3 exec rake gitlab:env:info RAILS_ENV=production\"" - echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.3 exec rake gitlab:check RAILS_ENV=production\"" -} - -post_upgrade() { - echo "You should upgrade your database:" - echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.3 exec rake db:migrate RAILS_ENV=production\"" - echo "Afterwards, restart gitlab-related services:" - echo "# systemctl daemon-reload" - echo "# systemctl restart gitlab-sidekiq gitlab-unicorn gitlab-workhorse gitlab-gitaly" -} Copied: gitlab/repos/community-x86_64/gitlab.install (from rev 249468, gitlab/trunk/gitlab.install) =================================================================== --- gitlab.install (rev 0) +++ gitlab.install 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,20 @@ +post_install() { + echo "Configure your /etc/webapps/gitlab/gitlab.yml" + echo "Set up your redis to run on /var/run/redis/redis.sock or configure gitlab to use redis TCP" + echo "Put a secret bytestring to /etc/webapps/gitlab/secret" + echo "Copy /usr/share/doc/gitlab/secrets.yml.example to /etc/webapps/gitlab/secrets.yml and configure it" + echo "Copy a database example config from /usr/share/doc/gitlab/ to /etc/webapps/gitlab/database.yml and configure it" + echo "Setup the database:" + echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.3 exec rake gitlab:setup RAILS_ENV=production\"" + echo "Finally run the following commands to check your installation:" + echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.3 exec rake gitlab:env:info RAILS_ENV=production\"" + echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.3 exec rake gitlab:check RAILS_ENV=production\"" +} + +post_upgrade() { + echo "You should upgrade your database:" + echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.3 exec rake db:migrate RAILS_ENV=production\"" + echo "Afterwards, restart gitlab-related services:" + echo "# systemctl daemon-reload" + echo "# systemctl restart gitlab-sidekiq gitlab-unicorn gitlab-workhorse gitlab-gitaly" +} Deleted: gitlab.logrotate =================================================================== --- gitlab.logrotate 2017-08-07 15:57:02 UTC (rev 249468) +++ gitlab.logrotate 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,11 +0,0 @@ -# GitLab logrotate settings -# based on: http://stackoverflow.com/a/4883967 - -<LOGDIR>/*.log { - daily - missingok - rotate 90 - compress - notifempty - copytruncate -} Copied: gitlab/repos/community-x86_64/gitlab.logrotate (from rev 249468, gitlab/trunk/gitlab.logrotate) =================================================================== --- gitlab.logrotate (rev 0) +++ gitlab.logrotate 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,11 @@ +# GitLab logrotate settings +# based on: http://stackoverflow.com/a/4883967 + +<LOGDIR>/*.log { + daily + missingok + rotate 90 + compress + notifempty + copytruncate +} Deleted: gitlab.target =================================================================== --- gitlab.target 2017-08-07 15:57:02 UTC (rev 249468) +++ gitlab.target 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,14 +0,0 @@ -########################################################################################### -# -# GitLab version : 5.x - 7.x -# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91 -# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd -# -########################################################################################### - -[Unit] -Description=GitLab - Self Hosted Git Management -Wants=gitlab-unicorn.service gitlab-sidekiq.service gitlab-backup.timer - -[Install] -WantedBy=multi-user.target Copied: gitlab/repos/community-x86_64/gitlab.target (from rev 249468, gitlab/trunk/gitlab.target) =================================================================== --- gitlab.target (rev 0) +++ gitlab.target 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,14 @@ +########################################################################################### +# +# GitLab version : 5.x - 7.x +# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91 +# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd +# +########################################################################################### + +[Unit] +Description=GitLab - Self Hosted Git Management +Wants=gitlab-unicorn.service gitlab-sidekiq.service gitlab-backup.timer + +[Install] +WantedBy=multi-user.target Deleted: gitlab.tmpfiles.d =================================================================== --- gitlab.tmpfiles.d 2017-08-07 15:57:02 UTC (rev 249468) +++ gitlab.tmpfiles.d 2017-08-07 15:57:11 UTC (rev 249469) @@ -1 +0,0 @@ -d /run/gitlab 0775 gitlab gitlab - - Copied: gitlab/repos/community-x86_64/gitlab.tmpfiles.d (from rev 249468, gitlab/trunk/gitlab.tmpfiles.d) =================================================================== --- gitlab.tmpfiles.d (rev 0) +++ gitlab.tmpfiles.d 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1 @@ +d /run/gitlab 0775 gitlab gitlab - - Deleted: lighttpd.conf.example =================================================================== --- lighttpd.conf.example 2017-08-07 15:57:02 UTC (rev 249468) +++ lighttpd.conf.example 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,35 +0,0 @@ -# GITLAB -# Maintainer: @tvn87 -# App Version: 2.8 - -server.modules += ( - "mod_simple_vhost", - "mod_proxy" -) - -## The document root of a virtual host is document-root = -## simple-vhost.server-root + $HTTP["host"] + simple-vhost.document-root -simple-vhost.server-root = "/var/www" -simple-vhost.document-root = "htdocs" - -## the default host if no host is sent -simple-vhost.default-host = "YOUR_SERVER_FQDN" - -## uploads must be served as static files -$HTTP["url"] == "^/upload" { - var.vhost.name = "YOUR_SERVER_FQDN" - var.vhost.path = "/usr/share/webapps/gitlab/public" -} -## otherwise everything is proxied -else $HTTP["host"] == "YOUR_SERVER_FQDN" { - var.vhost_name = "YOUR_SERVER_FQDN" - var.vhost_path = "/var/www/YOUR_SERVER_FQDN" # This directory should be empty - - proxy.server = ( "" => ( ( - "host" => "127.0.0.1", - "port" => "8080" - ), - ) - ) - ssl.pemfile = "/etc/lighttpd/certs/YOUR_SERVER_FQDN.pem" # If ssl is enabled -} Copied: gitlab/repos/community-x86_64/lighttpd.conf.example (from rev 249468, gitlab/trunk/lighttpd.conf.example) =================================================================== --- lighttpd.conf.example (rev 0) +++ lighttpd.conf.example 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,35 @@ +# GITLAB +# Maintainer: @tvn87 +# App Version: 2.8 + +server.modules += ( + "mod_simple_vhost", + "mod_proxy" +) + +## The document root of a virtual host is document-root = +## simple-vhost.server-root + $HTTP["host"] + simple-vhost.document-root +simple-vhost.server-root = "/var/www" +simple-vhost.document-root = "htdocs" + +## the default host if no host is sent +simple-vhost.default-host = "YOUR_SERVER_FQDN" + +## uploads must be served as static files +$HTTP["url"] == "^/upload" { + var.vhost.name = "YOUR_SERVER_FQDN" + var.vhost.path = "/usr/share/webapps/gitlab/public" +} +## otherwise everything is proxied +else $HTTP["host"] == "YOUR_SERVER_FQDN" { + var.vhost_name = "YOUR_SERVER_FQDN" + var.vhost_path = "/var/www/YOUR_SERVER_FQDN" # This directory should be empty + + proxy.server = ( "" => ( ( + "host" => "127.0.0.1", + "port" => "8080" + ), + ) + ) + ssl.pemfile = "/etc/lighttpd/certs/YOUR_SERVER_FQDN.pem" # If ssl is enabled +} Deleted: nginx-ssl.conf.example =================================================================== --- nginx-ssl.conf.example 2017-08-07 15:57:02 UTC (rev 249468) +++ nginx-ssl.conf.example 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,112 +0,0 @@ -## GitLab -## -## Modified from nginx http version -## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/ -## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html -## -## Lines starting with two hashes (##) are comments with information. -## Lines starting with one hash (#) are configuration parameters that can be uncommented. -## -################################## -## CONTRIBUTING ## -################################## -## -## If you change this file in a Merge Request, please also create -## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests -## -################################### -## configuration ## -################################### -## -## See installation.md#using-https for additional HTTPS configuration details. - -upstream gitlab-workhorse { - server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0; -} - -## Redirects all HTTP traffic to the HTTPS host -server { - ## Either remove "default_server" from the listen line below, - ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab - ## to be served if you visit any address that your server responds to, eg. - ## the ip address of the server (http://x.x.x.x/) - listen 0.0.0.0:80; - listen [::]:80 ipv6only=on default_server; - server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com - server_tokens off; ## Don't show the nginx version number, a security best practice - return 301 https://$http_host$request_uri; - access_log /var/log/nginx/gitlab_access.log; - error_log /var/log/nginx/gitlab_error.log; -} - -## HTTPS host -server { - listen 0.0.0.0:443 ssl; - listen [::]:443 ipv6only=on ssl default_server; - server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com - server_tokens off; ## Don't show the nginx version number, a security best practice - - ## Strong SSL Security - ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ - ssl on; - ssl_certificate /etc/nginx/ssl/gitlab.crt; - ssl_certificate_key /etc/nginx/ssl/gitlab.key; - - # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs - ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 5m; - - ## See app/controllers/application_controller.rb for headers set - - ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. - ## Replace with your ssl_trusted_certificate. For more info see: - ## - https://medium.com/devops-programming/4445f4862461 - ## - https://www.ruby-forum.com/topic/4419319 - ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx - # ssl_stapling on; - # ssl_stapling_verify on; - # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt; - # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired - # resolver_timeout 5s; - - ## [Optional] Generate a stronger DHE parameter: - ## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096 - ## - # ssl_dhparam /etc/ssl/certs/dhparam.pem; - - ## Individual nginx logs for this GitLab vhost - access_log /var/log/nginx/gitlab_access.log; - error_log /var/log/nginx/gitlab_error.log; - - location / { - client_max_body_size 0; - gzip off; - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - - proxy_http_version 1.1; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Ssl on; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://gitlab-workhorse; - } - - error_page 404 /404.html; - error_page 422 /422.html; - error_page 500 /500.html; - error_page 502 /502.html; - location ~ ^/(404|422|500|502)\.html$ { - root /usr/share/webapps/gitlab/public; - internal; - } -} Copied: gitlab/repos/community-x86_64/nginx-ssl.conf.example (from rev 249468, gitlab/trunk/nginx-ssl.conf.example) =================================================================== --- nginx-ssl.conf.example (rev 0) +++ nginx-ssl.conf.example 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,112 @@ +## GitLab +## +## Modified from nginx http version +## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/ +## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html +## +## Lines starting with two hashes (##) are comments with information. +## Lines starting with one hash (#) are configuration parameters that can be uncommented. +## +################################## +## CONTRIBUTING ## +################################## +## +## If you change this file in a Merge Request, please also create +## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests +## +################################### +## configuration ## +################################### +## +## See installation.md#using-https for additional HTTPS configuration details. + +upstream gitlab-workhorse { + server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0; +} + +## Redirects all HTTP traffic to the HTTPS host +server { + ## Either remove "default_server" from the listen line below, + ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab + ## to be served if you visit any address that your server responds to, eg. + ## the ip address of the server (http://x.x.x.x/) + listen 0.0.0.0:80; + listen [::]:80 ipv6only=on default_server; + server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com + server_tokens off; ## Don't show the nginx version number, a security best practice + return 301 https://$http_host$request_uri; + access_log /var/log/nginx/gitlab_access.log; + error_log /var/log/nginx/gitlab_error.log; +} + +## HTTPS host +server { + listen 0.0.0.0:443 ssl; + listen [::]:443 ipv6only=on ssl default_server; + server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com + server_tokens off; ## Don't show the nginx version number, a security best practice + + ## Strong SSL Security + ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ + ssl on; + ssl_certificate /etc/nginx/ssl/gitlab.crt; + ssl_certificate_key /etc/nginx/ssl/gitlab.key; + + # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 5m; + + ## See app/controllers/application_controller.rb for headers set + + ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. + ## Replace with your ssl_trusted_certificate. For more info see: + ## - https://medium.com/devops-programming/4445f4862461 + ## - https://www.ruby-forum.com/topic/4419319 + ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx + # ssl_stapling on; + # ssl_stapling_verify on; + # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt; + # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired + # resolver_timeout 5s; + + ## [Optional] Generate a stronger DHE parameter: + ## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096 + ## + # ssl_dhparam /etc/ssl/certs/dhparam.pem; + + ## Individual nginx logs for this GitLab vhost + access_log /var/log/nginx/gitlab_access.log; + error_log /var/log/nginx/gitlab_error.log; + + location / { + client_max_body_size 0; + gzip off; + + ## https://github.com/gitlabhq/gitlabhq/issues/694 + ## Some requests take more than 30 seconds. + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_redirect off; + + proxy_http_version 1.1; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Ssl on; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://gitlab-workhorse; + } + + error_page 404 /404.html; + error_page 422 /422.html; + error_page 500 /500.html; + error_page 502 /502.html; + location ~ ^/(404|422|500|502)\.html$ { + root /usr/share/webapps/gitlab/public; + internal; + } +} Deleted: nginx.conf.example =================================================================== --- nginx.conf.example 2017-08-07 15:57:02 UTC (rev 249468) +++ nginx.conf.example 2017-08-07 15:57:11 UTC (rev 249469) @@ -1,69 +0,0 @@ -## GitLab -## -## Lines starting with two hashes (##) are comments with information. -## Lines starting with one hash (#) are configuration parameters that can be uncommented. -## -################################## -## CONTRIBUTING ## -################################## -## -## If you change this file in a Merge Request, please also create -## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests -## -################################### -## configuration ## -################################### -## -## See installation.md#using-https for additional HTTPS configuration details. - -upstream gitlab-workhorse { - server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0; -} - -## Normal HTTP host -server { - ## Either remove "default_server" from the listen line below, - ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab - ## to be served if you visit any address that your server responds to, eg. - ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server; - listen 0.0.0.0:80 default_server; - listen [::]:80 default_server; - server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com - server_tokens off; ## Don't show the nginx version number, a security best practice - - ## See app/controllers/application_controller.rb for headers set - - ## Individual nginx logs for this GitLab vhost - access_log /var/log/nginx/gitlab_access.log; - error_log /var/log/nginx/gitlab_error.log; - - location / { - client_max_body_size 0; - gzip off; - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - - proxy_http_version 1.1; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_pass http://gitlab-workhorse; - } - - error_page 404 /404.html; - error_page 422 /422.html; - error_page 500 /500.html; - error_page 502 /502.html; - location ~ ^/(404|422|500|502)\.html$ { - root /usr/share/webapps/gitlab/public; - internal; - } - -} Copied: gitlab/repos/community-x86_64/nginx.conf.example (from rev 249468, gitlab/trunk/nginx.conf.example) =================================================================== --- nginx.conf.example (rev 0) +++ nginx.conf.example 2017-08-07 15:57:11 UTC (rev 249469) @@ -0,0 +1,69 @@ +## GitLab +## +## Lines starting with two hashes (##) are comments with information. +## Lines starting with one hash (#) are configuration parameters that can be uncommented. +## +################################## +## CONTRIBUTING ## +################################## +## +## If you change this file in a Merge Request, please also create +## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests +## +################################### +## configuration ## +################################### +## +## See installation.md#using-https for additional HTTPS configuration details. + +upstream gitlab-workhorse { + server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0; +} + +## Normal HTTP host +server { + ## Either remove "default_server" from the listen line below, + ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab + ## to be served if you visit any address that your server responds to, eg. + ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server; + listen 0.0.0.0:80 default_server; + listen [::]:80 default_server; + server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com + server_tokens off; ## Don't show the nginx version number, a security best practice + + ## See app/controllers/application_controller.rb for headers set + + ## Individual nginx logs for this GitLab vhost + access_log /var/log/nginx/gitlab_access.log; + error_log /var/log/nginx/gitlab_error.log; + + location / { + client_max_body_size 0; + gzip off; + + ## https://github.com/gitlabhq/gitlabhq/issues/694 + ## Some requests take more than 30 seconds. + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_redirect off; + + proxy_http_version 1.1; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://gitlab-workhorse; + } + + error_page 404 /404.html; + error_page 422 /422.html; + error_page 500 /500.html; + error_page 502 /502.html; + location ~ ^/(404|422|500|502)\.html$ { + root /usr/share/webapps/gitlab/public; + internal; + } + +}