Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-workhorse
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-workhorse
Commits
f5c70f92
Commit
f5c70f92
authored
Jul 27, 2015
by
Jacob Vosmaer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add example GitLab patches
parent
ba15ee49
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
104 additions
and
0 deletions
+104
-0
0001-Use-grack-for-authn-authz-only.patch
0001-Use-grack-for-authn-authz-only.patch
+51
-0
0002-NGINX-config-for-gitlab-git-http-server.patch
0002-NGINX-config-for-gitlab-git-http-server.patch
+53
-0
No files found.
0001-Use-grack-for-authn-authz-only.patch
0 → 100644
View file @
f5c70f92
From c5e9a50802e2b95f657dfaa2eaba98378b0a845d Mon Sep 17 00:00:00 2001
From: GitLab <example@example.com>
Date: Sun, 26 Jul 2015 01:12:12 +0200
Subject: [PATCH 1/2] Use grack for authn/authz only
Actual Git content will be served by gitlab-git-http-server.
---
lib/gitlab/backend/grack_auth.rb | 3 ++-
lib/gitlab/backend/shell_env.rb | 6 +++++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb
index 03cef30..92e967d 100644
--- a/lib/gitlab/backend/grack_auth.rb
+++ b/lib/gitlab/backend/grack_auth.rb
@@ -26,7 +26,8 @@
module Grack
auth!
if project && authorized_request?
- @app.call(env)
+ # Tell gitlab-git-http-server the request is OK, and what the GL_ID is
+ return [200, { "Content-Type" => "text/plain" }, [Gitlab::ShellEnv.gl_id(@user)]]
elsif @user.nil? && !@gitlab_ci
unauthorized
else
diff --git a/lib/gitlab/backend/shell_env.rb b/lib/gitlab/backend/shell_env.rb
index 17ec029..009a3ec 100644
--- a/lib/gitlab/backend/shell_env.rb
+++ b/lib/gitlab/backend/shell_env.rb
@@ -7,7 +7,7 @@
module Gitlab
def set_env(user)
# Set GL_ID env variable
if user
- ENV['GL_ID'] = "user-#{user.id}"
+ ENV['GL_ID'] = gl_id(user)
end
end
@@ -15,5 +15,9 @@
module Gitlab
# Reset GL_ID env variable
ENV['GL_ID'] = nil
end
+
+ def gl_id(user)
+ "user-#{user.id}"
+ end
end
end
--
1.7.9.5
0002-NGINX-config-for-gitlab-git-http-server.patch
0 → 100644
View file @
f5c70f92
From d1526f7adf0664eed0ccb97da620869b74f5290b Mon Sep 17 00:00:00 2001
From: GitLab <example@example.com>
Date: Sun, 26 Jul 2015 01:46:32 +0200
Subject: [PATCH 2/2] NGINX config for gitlab-git-http-server
---
lib/support/nginx/gitlab-ssl | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl
index 766559b..ff68f03 100644
--- a/lib/support/nginx/gitlab-ssl
+++ b/lib/support/nginx/gitlab-ssl
@@ -42,6 +42,10 @@
upstream gitlab {
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0;
}
+upstream gitlab-git-http-server {
+ server localhost:8181;
+}
+
## Redirects all HTTP traffic to the HTTPS host
server {
## Either remove "default_server" from the listen line below,
@@ -156,6 +160,25 @@
server {
proxy_pass http://gitlab;
}
+ location ~ [-\/\w\.]+\.git\/ {
+ ## If you use HTTPS make sure you disable gzip compression
+ ## to be safe against BREACH attack.
+ gzip off;
+
+ ## https://github.com/gitlabhq/gitlabhq/issues/694
+ ## Some requests take more than 30 seconds.
+ proxy_read_timeout 300;
+ proxy_connect_timeout 300;
+ proxy_redirect off;
+
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-Ssl on;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass http://gitlab-git-http-server;
+ }
+
## Enable gzip compression as per rails guide:
## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
## WARNING: If you are using relative urls remove the block below
--
1.7.9.5
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment