gitlab: Sync upstream configs from omnibus-gitlab

Like 8c62b063, d17f1f5f and e8461571 - pristine copy from omnibus-gitlab 8.5.1+ce.0-1-ge732b39 . Changes are in - gitlab.yml.erb, unicorn.rb.erb * Something related to relative URL root (we do not use) * Something related to SAML (we do not use) * Misc - nginx-gitlab-http.conf.erb * SPDY -> HTTP/2 * Relative URL root * Configurable proxy_set_header passing The following files stay the same: - database.yml.erb - gitconfig.erb - gitlab-rails-config.ru.erb - gitlab-shell-config.yml.erb - nginx.conf.erb - rack_attack.rb.erb - resque.yml.erb - smtp_settings.rb.erb

gitlab: Sync upstream configs from omnibus-gitlab
Like 8c62b063, d17f1f5f and e8461571 - pristine copy from omnibus-gitlab 8.5.1+ce.0-1-ge732b39 . Changes are in - gitlab.yml.erb, unicorn.rb.erb * Something related to relative URL root (we do not use) * Something related to SAML (we do not use) * Misc - nginx-gitlab-http.conf.erb * SPDY -> HTTP/2 * Relative URL root * Configurable proxy_set_header passing The following files stay the same: - database.yml.erb - gitconfig.erb - gitlab-rails-config.ru.erb - gitlab-shell-config.yml.erb - nginx.conf.erb - rack_attack.rb.erb - resque.yml.erb - smtp_settings.rb.erb
02d0063b · Kirill Smelkov · 97dcf455 · 02d0063b · 02d0063b · 02d0063b
Commit 02d0063b authored Feb 28, 2016 by Kirill Smelkov
3 changed files
--- a/software/gitlab/template/gitlab.yml.erb
+++ b/software/gitlab/template/gitlab.yml.erb
@@ -21,7 +21,7 @@ production: &base

    # WARNING: See config/application.rb under "Relative url support" for the list of
    # other files that need to be changed for relative url support
-    # relative_url_root: /gitlab
+    relative_url_root: <%= @gitlab_relative_url %>

    # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
    user: <%= node['gitlab']['user']['username'] %>
@@ -123,6 +123,8 @@ production: &base
    host: <%= @pages_host %>
    port: <%= @pages_port %>
    https: <%= @pages_https %>
+    external_http: <%= @pages_external_http %>
+    external_https: <%= @pages_external_https %>

  ## Elasticsearch (EE only)
  # Enable it if you are going to use elasticsearch instead of
@@ -246,15 +248,22 @@ production: &base
    auto_sign_in_with_provider: <%= @omniauth_auto_sign_in_with_provider %>

    # CAUTION!
-    # This allows users to login without having a user account first (default: false).
+    # This allows users to login without having a user account first. Define the allowed
+    # providers using an array, e.g. ["saml", "twitter"]
    # User accounts will be created automatically when authentication was successful.
-    allow_single_sign_on: <%= @omniauth_allow_single_sign_on %>
+    allow_single_sign_on: <%= @omniauth_allow_single_sign_on.to_json %>
+
    # Locks down those users until they have been cleared by the admin (default: true).
    block_auto_created_users: <%= @omniauth_block_auto_created_users %>
    # Look up new users in LDAP servers. If a match is found (same uid), automatically
    # link the omniauth identity with the LDAP account. (default: false)
    auto_link_ldap_user: <%= @omniauth_auto_link_ldap_user %>

+    # Allow users with existing accounts to login and auto link their account via SAML
+    # login, without having to do a manual login first and manually add SAML
+    # (default: false)
+    auto_link_saml_user: <%= @omniauth_auto_link_saml_user.to_json %>
+

    ## Auth providers
    # Uncomment the following lines and fill in the data of the auth provider you want to use

--- a/software/gitlab/template/nginx-gitlab-http.conf.erb
+++ b/software/gitlab/template/nginx-gitlab-http.conf.erb
@@ -50,7 +50,7 @@ server {

 server {
 <% @listen_addresses.each do |listen_address| %>
-  listen <%= listen_address %>:<%= @listen_port %><% if @https %> ssl spdy<% end %>;
+  listen <%= listen_address %>:<%= @listen_port %><% if @https %> ssl http2<% end %>;

  <% if @kerberos_enabled && @kerberos_use_dedicated_port %>
  listen <%= listen_address %>:<%= @kerberos_port %><% if @kerberos_https %> ssl<% end %>;
@@ -91,7 +91,8 @@ server {
  access_log  <%= @log_directory %>/gitlab_access.log gitlab_access;
  error_log   <%= @log_directory %>/gitlab_error.log;

-  location / {
+  <% path = @relative_url ? @relative_url : "/" %>
+  location <%= path %> {
    ## If you use HTTPS make sure you disable gzip compression
    ## to be safe against BREACH attack.
    <%= 'gzip off;' if @https %>
@@ -104,13 +105,10 @@ server {

    proxy_http_version 1.1;

-    proxy_set_header    Host                $http_host;
-    proxy_set_header    X-Real-IP           $remote_addr;
-    <% if @https %>
-    proxy_set_header    X-Forwarded-Ssl     on;
+    <% @proxy_set_headers.each do |header| %>
+    <% next if header[1].nil? %>
+    proxy_set_header <%= header[0] %> <%= header[1] %>;
    <% end %>
-    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-    proxy_set_header    X-Forwarded-Proto   <%= @https ? "https" : "http" %>;

    proxy_pass http://gitlab-workhorse;
  }

--- a/software/gitlab/template/unicorn.rb.erb
+++ b/software/gitlab/template/unicorn.rb.erb
@@ -50,3 +50,8 @@ stderr_path '<%= @stderr_path %>'
 stdout_path '<%= @stdout_path %>'

 <%- end %>
+<%- if @relative_url %>
+# Relative url from where GitLab is served
+ENV['RAILS_RELATIVE_URL_ROOT'] = "<%= @relative_url %>"
+
+<%- end %>