gitlab: Upagrade to 8.4 + Unicorn startup fix

This brings slapos gitlab port up to date with current stable gitlab
version 8.4, and teaches Unicorn startup script to wait a bit for
PostgreSQL to start and be ready, before unicorn startup proceeds.

/cc @kazuhiko
/somewhat-reviewed-by @jerome
/reviewed-on nexedi/slapos!44

software/gitlab/gitlab-parameters.cfg

@@ -6,7 +6,7 @@
 #
 # TODO better autogenerate from ^^^ (?)
 #
-# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093)
+# (last updated for omnibus-gitlab 8.4.2+ce.0-3-g68d5ee8)
 
 [gitlab-parameters]
 configuration.external_url              = http://lab.example.com
@@ -45,8 +45,6 @@ configuration.default_projects_features.issues          = true
 configuration.default_projects_features.merge_requests  = true
 configuration.default_projects_features.wiki            = true
 configuration.default_projects_features.snippets        = true
-# NOTE can be public|private|internal
-configuration.default_projects_features.visibility_level= public
 #configuration.default_projects_features.builds          = false
 
 configuration.webhook_timeout           = 10
@@ -72,12 +70,12 @@ configuration.unicorn_worker_processes  = 2
 # unicorn advanced
 configuration.unicorn_backlog_socket    = 1024
 
-configuration.unicorn_worker_memory_limit_min   = 200*(1024**2)
-configuration.unicorn_worker_memory_limit_max   = 250*(1024**2)
+configuration.unicorn_worker_memory_limit_min   = 300*(1024**2)
+configuration.unicorn_worker_memory_limit_max   = 350*(1024**2)
 
 
 # nginx
-configuration.nginx_client_max_body_size    = 250m
+configuration.nginx_client_max_body_size    = 0
 
 # NOTE: we don't really need old ciphers - usually we talk directly to frontend only
 configuration.nginx_ssl_ciphers             = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4

software/gitlab/gitlab-unicorn-startup.in

@@ -15,11 +15,21 @@ die() {
 #   https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/recipes/postgresql.rb
 
 # initial db setup
-pgtables="$({{ psql_bin }}   \
-    -h {{ pgsql['pgdata-directory'] }}  \
-    -U {{ pgsql.superuser }}            \
-    -d {{ pgsql.dbname }}               \
-    -c '\d')" || die "pg query problem"
+# ( first quering PG several times waiting a bit till postgresql is started and ready )
+tpgwait=5
+while true; do
+    pgtables="$({{ psql_bin }}   \
+        -h {{ pgsql['pgdata-directory'] }}  \
+        -U {{ pgsql.superuser }}            \
+        -d {{ pgsql.dbname }}               \
+        -c '\d')" && break
+
+    tpgwait=$(( $tpgwait - 1 ))
+    test $tpgwait = 0 && die "pg query problem"
+    echo "I: PostgreSQL is not ready (yet ?); will retry $tpgwait times..." 1>&2
+    sleep 1
+done
+echo "I: PostgreSQL ready." 1>&2
 
 if echo "$pgtables" | grep -q '^No relations found' ; then
     $RAKE db:schema:load db:seed_fu  || die "initial db setup failed"

software/gitlab/instance-gitlab.cfg.in

@@ -118,6 +118,10 @@ var     = ${directory:var}/gitlab
 tmp     = ${:var}/tmp
 uploads = ${:var}/uploads
 assets  = ${:var}/assets
+shared  = ${:var}/shared
+artifacts = ${:shared}/artifacts
+lfs-objects = ${:shared}/lfs-objects
+builds  = ${:var}/builds
 backup  = ${directory:var}/backup
 
 [gitlab-repo-dir]
@@ -139,6 +143,10 @@ var     = ${gitlab-dir:var}
 tmp     = ${gitlab-dir:tmp}
 uploads = ${gitlab-dir:uploads}
 assets  = ${gitlab-dir:assets}
+shared  = ${gitlab-dir:shared}
+artifacts = ${gitlab-dir:artifacts}
+lfs-objects = ${gitlab-dir:lfs-objects}
+builds  = ${gitlab-dir:builds}
 backup  = ${gitlab-dir:backup}
 repositories = ${gitlab-repo-xdir:repositories}
 
@@ -241,7 +249,6 @@ context-extra =
     section nginx                   nginx
     section gitlab_work             gitlab-work
     section gitlab_workhorse        gitlab-workhorse
-    section unicorn                 unicorn
 
 [rack_attack.rb]
 <= gitlab-etc-template
@@ -358,14 +365,16 @@ update-command =
 <= work-base
 software = {{ gitlab_repository_location }}
 tune-command =
-# secret* config.ru tmp/ log/
+# secret* config.ru tmp/ log/ shared/ builds/
     rm -f .secret  &&
     rm -f config.ru  &&
-    rm -rf log tmp  &&
+    rm -rf log tmp shared builds  &&
     ln -sf ${secrets:secrets}/gitlab_rails_secret .secret  &&
     ln -sf ${config.ru:rendered} config.ru  &&
     ln -sf ${gitlab:log} log  &&
     ln -sf ${gitlab:tmp} tmp  &&
+    ln -sf ${gitlab:shared} shared  &&
+    ln -sf ${gitlab:builds} builds  &&
 # config/
     cd config  &&
     ln -sf ${unicorn.rb:rendered} unicorn.rb  &&
@@ -515,6 +524,7 @@ command-line    = {{ gitlab_workhorse }}
     -listenNetwork unix
     -listenAddr ${gitlab-workhorse:socket}
     -authSocket ${unicorn:socket}
+    -documentRoot ${gitlab-work:location}/public
 # NOTE for profiling
 #   -pprofListenAddr ...
 
@@ -532,10 +542,7 @@ depend  =
 
 [promise-gitlab-workhorse]
 <= promise-byurl
-# gitlab-workhorse works on repositories. Here we only check it accepts an
-# serves requests, so request is non-existent URL and expected code is 403
-url     = --unix-socket ${gitlab-workhorse:socket}  http:/non-existent
-http_code   = 403
+url     = --unix-socket ${gitlab-workhorse:socket}  http:/static.css
 
 
 # gitlab-workhorse logs to stdout/stderr - logs are handled by slapos not us
@@ -625,7 +632,7 @@ log     = ${sidekiq-dir:log}
 # NOTE see queue list here:
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/Procfile
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/sv-sidekiq-run.erb
-# (last updated for ominbus-gitlab 8.2.3+ce.0-0-g8eda093)
+# (last updated for omnibus-gitlab 8.4.2+ce.0-3-g68d5ee8)
 [service-sidekiq]
 recipe  = slapos.cookbook:wrapper
 wrapper-path    = ${directory:service}/sidekiq
@@ -638,6 +645,7 @@ command-line    =
 
     ${gitlab-sidekiq:wrapper-path}
 # XXX -q runner ?  (present in gitlab-ce/Procfile  but not in omnibus)
+# XXX -q pages -q elasticsearch ?  (present in omnibus but not in gitlab-ce -- those features are gitlab-ee only)
 # XXX -P ?  (pidfile)
     -e production
     -r ${gitlab-work:location}
@@ -729,6 +737,8 @@ depend  =
 
 [promise-nginx]
 <= promise-byurl
+# XXX this depends on gitlab-workhorse being up
+#     (nginx is configured to proxy all requests to gitlab-workhorse)
 url     = ${backend-info:url}/static.css
 
 [logrotate-entry-nginx]

software/gitlab/software.cfg

@@ -109,25 +109,25 @@ git-executable = ${git:location}/bin/git
 <= git-repository
 #repository = https://gitlab.com/gitlab-org/gitlab-ce.git
 repository = https://lab.nexedi.com/kirr/gitlab-ce.git
-# 8.2.X + NXD patches:
-revision = v8.2.3-9-g79c127e6e068a619c53a8c22f1db8c1e28ec87d2
+# 8.4.X + NXD patches:
+revision = v8.4.4-17-ga5965b5475ebb7ee4bc0d30995590fa82baaf875
 location = ${buildout:parts-directory}/gitlab
 
 [gitlab-shell-repository]
 <= git-repository
 repository = https://gitlab.com/gitlab-org/gitlab-shell.git
-# gitlab 8.2 wants gitlab-shell 2.6.8
-# 2.6.8 + NXD patches
-revision = v2.6.8-2-g216d7e15fe06917198891a895f762ba84fdcc4d4
+# gitlab 8.4 wants gitlab-shell 2.6.10
+# 2.6.10
+revision = v2.6.10-0-g82b3a4e8f70692ec679d880628fdb0f5844d42b9
 location = ${buildout:parts-directory}/gitlab-shell
 
 [gitlab-workhorse-repository]
 <= git-repository
 #repository = https://gitlab.com/gitlab-org/gitlab-workhorse.git
 repository = https://lab.nexedi.com/kirr/gitlab-workhorse.git
-# 0.4.X + NXD patches for blob download speedup
+# 0.6.X + NXD patches for blob download speedup
 # (https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17)
-revision = 0.4.1-23-g2beb8c9539433f072e3db540f91f75894ca6b1b0
+revision = 0.6.1-2-ga23a5e18486b0de6e3435711dc555c8bfe08fde2
 location = ${buildout:parts-directory}/gitlab-workhorse
 
 
@@ -219,35 +219,35 @@ url     = ${:_profile_base_location_}/template/${:_buildout_section_name_}
 
 [config.ru.in]
 <= download-template
-md5sum  = bb12852c28079f40a0751f7f3559e2a6
+md5sum  = 3ed3c439ac1b93f75121dabcea126078
 
 [database.yml.in]
 <= download-template
-md5sum  = ee656cfd96e1c82df167f68bb5773291
+md5sum  = b33f4f2f49a5a3e3e6542357c555a3a3
 
 [gitconfig.in]
 <= download-template
-md5sum  = f4cb11e8bca379e016b062d0db859b74
+md5sum  = 75f620ea0751fc8d2dc717cf929d29f3
 
 [gitlab-parameters.cfg]
 <= download-file
-md5sum  = bc98ec10209bc53f6a49888b1a2b9382
+md5sum  = 2cfd3bbf9da10627044ca3a9a149fdbb
 
 [gitlab-shell-config.yml.in]
 <= download-template
-md5sum  = ea351e16b47f0008f61211eb2d7685e2
+md5sum  = f061d529b71241d58affbf7aec5c8af1
 
 [gitlab-unicorn-startup.in]
 <= download-file
-md5sum  = 2716afaa9445c0c429c6b211356ebe8f
+md5sum  = 14c5632182d830c03f7788c85d6f4da1
 
 [gitlab.yml.in]
 <= download-template
-md5sum  = cc32f5053dd2a2461aa5952a5b925310
+md5sum  = cd7aaeeb1917fdedb7656943065c0a9c
 
 [instance-gitlab.cfg.in]
 <= download-file
-md5sum  = dfd2b14f846eda999fe9d12108d513b4
+md5sum  = 33309e35eb67ea27f7c7a4a5abd459cc
 
 [macrolib.cfg.in]
 <= download-file
@@ -255,27 +255,27 @@ md5sum  = a56a44e96f65f5ed20211bb6a54279f4
 
 [nginx-gitlab-http.conf.in]
 <= download-template
-md5sum  = 590da2b00cd198c7bc261c3d893bc199
+md5sum  = 3b494fe8425a12e4a7fd3a9bb17f88f8
 
 [nginx.conf.in]
 <= download-template
-md5sum  = f1a6e2bce3f28a2243fed49d1e1601df
+md5sum  = dc16257d49d1fc1ae6e7d10865898201
 
 [rack_attack.rb.in]
 <= download-template
-md5sum  = 16503c029159ea6db7d0fb5ab67093a3
+md5sum  = fbea569a1ac9ee46e37d0b98b5441169
 
 [resque.yml.in]
 <= download-template
-md5sum  = 7d9cba658f9315cd058dfc74db943a66
+md5sum  = 2cd97d9f5906d06e00774dd2e4e6af0e
 
 [smtp_settings.rb.in]
 <= download-template
-md5sum  = c7c09c241b5fa8163e4995260be52604
+md5sum  = 75b9e0325737ca5ecbf938443a5d3321
 
 [unicorn.rb.in]
 <= download-template
-md5sum  = 9bdca16362fe19c727bca38383e57068
+md5sum  = 1b55105a3de1ef13260ac3faa30d6e85
 
 
 [versions]

software/gitlab/template/config.ru.in

@@ -2,7 +2,7 @@
 # see:
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config.ru
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab-rails-config.ru.erb
-# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093)
+# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
 
 # This file is used by Rack-based servers to start the application.
 

software/gitlab/template/database.yml.in

@@ -2,7 +2,7 @@
 # see:
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/database.yml.postgresql
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/database.yml.erb
-# (last updated for 8.2.3+ce.0-0-g8eda093)
+# (last updated for 8.4.4+ce.0-0-g1680742)
 
 {% from 'macrolib.cfg.in' import cfg  with context %}
 

software/gitlab/template/gitconfig.in

@@ -3,7 +3,7 @@
 # see:
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/attributes/default.rb
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitconfig.erb
-# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093)
+# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
 #
 {% from 'macrolib.cfg.in' import cfg  with context %}
 

software/gitlab/template/gitlab-shell-config.yml.in

@@ -2,7 +2,7 @@
 # see:
 # https://gitlab.com/gitlab-org/gitlab-shell/blob/master/config.yml.example
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab-shell-config.yml.erb
-# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093)
+# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
 
 # GitLab user. git by default
 user: {{ backend_info.user }}

software/gitlab/template/gitlab.yml.in

@@ -2,7 +2,7 @@
 # see:
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb
-# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093)
+# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
 
 {% from 'macrolib.cfg.in' import cfg, cfg_https, external_url  with context %}
 
@@ -50,19 +50,14 @@ production: &base
     default_can_create_group: {{ cfg('default_can_create_group') }}  # default: true
     username_changing_enabled: {{ cfg('username_changing_enabled') }} # default: true - User can change her username/namespace
     ## Default theme
-    ##   BASIC  = 1
-    ##   MARS   = 2
-    ##   MODERN = 3
-    ##   GRAY   = 4
-    ##   COLOR  = 5
+    ##   1 - Graphite
+    ##   2 - Charcoal
+    ##   3 - Green
+    ##   4 - Gray
+    ##   5 - Violet
+    ##   6 - Blue
     default_theme: {{ cfg('default_theme') }} # default: 2
 
-    {# we do not need to restrict visibility levels
-    # Restrict setting visibility levels for non-admin users.
-    # The default is to allow all levels.
-    restricted_visibility_levels: <%= @gitlab_restricted_visibility_levels unless @gitlab_restricted_visibility_levels.nil? %>
-    #}
-
     {# for now we are ok with default issue-closing pattern
     ## Automatic issue closing
     # If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
@@ -78,7 +73,6 @@ production: &base
       merge_requests:   {{ cfg('default_projects_features.merge_requests') }}
       wiki:             {{ cfg('default_projects_features.wiki') }}
       snippets:         {{ cfg('default_projects_features.snippets') }}
-      visibility_level: '{{ cfg("default_projects_features.visibility_level") }}'  # can be "private" | "internal" | "public"
       builds: false {# builds not supported yet <%= @gitlab_default_projects_features_builds %> #}
 
     ## Webhook settings
@@ -139,6 +133,26 @@ production: &base
     storage_path: <%= @lfs_storage_path %>
   #}
 
+  {# we do not support Pages
+  ## GitLab Pages (EE only)
+  pages:
+    enabled: <%= @pages_enabled %>
+    path: <%= @pages_path %>
+    host: <%= @pages_host %>
+    port: <%= @pages_port %>
+    https: <%= @pages_https %>
+  #}
+
+  {# we do not support Elasticsearch
+  ## Elasticsearch (EE only)
+  # Enable it if you are going to use elasticsearch instead of
+  # regular database search
+  elasticsearch:
+    enabled: <%= @elasticsearch_enabled %>
+    host: <%= @elasticsearch_host %>
+    port: <%= @elasticsearch_port %>
+  #}
+
   ## Gravatar
   ## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html
   gravatar:
@@ -149,6 +163,33 @@ production: &base
     #}
 
 
+  {# XXX cron jobs are disabled for now - we do not support CI and EE features
+  ## Auxiliary jobs
+  # Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc.
+  # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
+  cron_jobs:
+    # Flag stuck CI builds as failed
+    stuck_ci_builds_worker:
+      cron: <%= @stuck_ci_builds_worker_cron %>
+
+    ##
+    # GitLab EE only jobs:
+
+    # Snapshot active users statistics
+    historical_data_worker:
+      cron: <%= @historical_data_worker_cron %>
+
+    # Update mirrored repositories
+    update_all_mirrors_worker:
+      cron: <%= @update_all_mirrors_worker_cron %>
+
+    # In addition to refreshing users when they log in,
+    # periodically refresh LDAP users membership.
+    # NOTE: This will only take effect if LDAP is enabled
+    ldap_sync_worker:
+      cron: <%= @ldap_sync_worker_cron %>
+  #}
+
   #
   # 2. GitLab CI settings
   # ==========================
@@ -272,7 +313,7 @@ production: &base
 <% end %>
     #}
 
-  {# default ($RAILS_ROOT/shared/) is just ok
+  {# default ($RAILS_ROOT/shared/) is ok - we symlinked it to proper place
   # Shared file storage settings
   shared:
     path: <%= @shared_path %>
@@ -330,6 +371,10 @@ production: &base
     ssh_port: <%= @gitlab_shell_ssh_port %>
     #}
 
+    # git-annex support (EE only)
+    # If this setting is set to true, the same setting in config.yml of
+    # gitlab-shell needs to be set to true
+    git_annex_enabled: <%= @git_annex_enabled %>
 
   ## Git settings
   # CAUTION!

software/gitlab/template/nginx-gitlab-http.conf.in

 {{ autogenerated }}
 # see:
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb
-# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093)
+# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
 
 {% from 'macrolib.cfg.in' import cfg, cfg_bool, cfg_https, fqdn  with context %}
 
@@ -33,10 +33,6 @@
 ##         configuration         ##
 ###################################
 
-upstream gitlab {
-  server unix:{{ unicorn.socket }} fail_timeout=0;
-}
-
 upstream gitlab-workhorse {
   server unix:{{ gitlab_workhorse.socket }};
 }
@@ -109,12 +105,6 @@ server {
   error_log   {{ nginx.log }}/gitlab_error.log;
 
   location / {
-    ## Serve static files from defined root folder.
-    ## @gitlab is a named location for the upstream fallback, see below.
-    try_files $uri /index.html $uri.html @gitlab;
-  }
-
-  location /uploads/ {
     ## If you use HTTPS make sure you disable gzip compression
     ## to be safe against BREACH attack.
     {{ 'gzip off;' if cfg_https else ''}}
@@ -125,105 +115,7 @@ server {
     proxy_connect_timeout   {{ cfg('nginx_proxy_connect_timeout') }};
     proxy_redirect          off;
 
-    proxy_set_header    Host                $http_host;
-    proxy_set_header    X-Real-IP           $remote_addr;
-    {% if cfg_https %}
-    proxy_set_header    X-Forwarded-Ssl     on;
-    {% endif %}
-    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-    proxy_set_header    X-Forwarded-Proto   {{ "https" if cfg_https else "http" }};
-    proxy_set_header    X-Frame-Options     SAMEORIGIN;
-
-    proxy_pass http://gitlab;
-  }
-
-  ## If a file, which is not found in the root folder is requested,
-  ## then the proxy passes the request to the upsteam (gitlab unicorn).
-  location @gitlab {
-    ## If you use HTTPS make sure you disable gzip compression
-    ## to be safe against BREACH attack.
-    {{ 'gzip off;' if cfg_https else ''}}
-
-    ## https://github.com/gitlabhq/gitlabhq/issues/694
-    ## Some requests take more than 30 seconds.
-    proxy_read_timeout      {{ cfg('nginx_proxy_read_timeout') }};
-    proxy_connect_timeout   {{ cfg('nginx_proxy_connect_timeout') }};
-    proxy_redirect          off;
-
-    proxy_set_header    Host                $http_host;
-    proxy_set_header    X-Real-IP           $remote_addr;
-    {% if cfg_https %}
-    proxy_set_header    X-Forwarded-Ssl     on;
-    {% endif %}
-    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-    proxy_set_header    X-Forwarded-Proto   {{ "https" if cfg_https else "http" }};
-    proxy_set_header    X-Frame-Options     SAMEORIGIN;
-
-    proxy_pass http://gitlab;
-  }
-
-  location ~ ^/[\w\.-]+/[\w\.-]+/gitlab-lfs/objects {
-    client_max_body_size 0;
-    # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
-    error_page 418 = @gitlab-workhorse;
-    return 418;
-  }
-
-  location ~ ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$ {
-    client_max_body_size 0;
-    # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
-    error_page 418 = @gitlab-workhorse;
-    return 418;
-  }
-
-  location ~ ^/[\w\.-]+/[\w\.-]+/repository/archive {
-    client_max_body_size 0;
-    # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
-    error_page 418 = @gitlab-workhorse;
-    return 418;
-  }
-
-  location ~ ^/api/v3/projects/.*/repository/archive {
-    client_max_body_size 0;
-    # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
-    error_page 418 = @gitlab-workhorse;
-    return 418;
-  }
-
-  # Build artifacts should be submitted to this location
-  location ~ ^/[\w\.-]+/[\w\.-]+/builds/download {
-    client_max_body_size 0;
-    # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
-    error_page 418 = @gitlab-workhorse;
-    return 418;
-  }
-
-  # Build artifacts should be submitted to this location
-  location ~ /ci/api/v1/builds/[0-9]+/artifacts {
-    client_max_body_size 0;
-    # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
-    error_page 418 = @gitlab-workhorse;
-    return 418;
-  }
-
-  # access to raw blobs -> @gitlab-workhorse
-  location ~ ^/[\w\.-]+/[\w\.-]+/raw/ {
-    client_max_body_size 0;
-    error_page 418 = @gitlab-workhorse;
-    return 418;
-  }
-
-  location @gitlab-workhorse {
-    client_max_body_size 0;
-    ## If you use HTTPS make sure you disable gzip compression
-    ## to be safe against BREACH attack.
-    {{ 'gzip off;' if cfg_https else ''}}
-
-    ## https://github.com/gitlabhq/gitlabhq/issues/694
-    ## Some requests take more than 30 seconds.
-    proxy_read_timeout      {{ cfg('nginx_proxy_read_timeout') }};
-    proxy_connect_timeout   {{ cfg('nginx_proxy_connect_timeout') }};
-    proxy_redirect          off;
+    proxy_http_version 1.1;
 
     proxy_set_header    Host                $http_host;
     proxy_set_header    X-Real-IP           $remote_addr;
@@ -236,21 +128,6 @@ server {
     proxy_pass http://gitlab-workhorse;
   }
 
-  ## Enable gzip compression as per rails guide:
-  ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
-  ## WARNING: If you are using relative urls remove the block below
-  ## See config/application.rb under "Relative url support" for the list of
-  ## other files that need to be changed for relative url support
-  location ~ ^/(assets)/ {
-    root {{ gitlab_work.location }}/public;
-    gzip_static on; # to serve pre-gzipped version
-    expires max;
-    add_header Cache-Control public;
-  }
-
-
-  error_page 502 /502.html;
-
   {# we don't support custom nginx configs
   <%= @custom_gitlab_server_config %>
   #}

software/gitlab/template/nginx.conf.in

@@ -2,7 +2,7 @@
 # see:
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab-ssl
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx.conf.erb
-# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093)
+# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
 
 {% from 'macrolib.cfg.in' import cfg  with context %}
 
@@ -43,8 +43,9 @@ http {
 
   include {{ nginx_gitlab_http_conf }};
 
-  {# we don't need: ci, mattermost
+  {# we don't need: ci, pages, mattermost
   include <%= @gitlab_ci_http_config %>
+  include <%= @gitlab_pages_http_config %>;
   include <%= @gitlab_mattermost_http_config %>
   #}
 }

software/gitlab/template/rack_attack.rb.in

@@ -2,7 +2,7 @@
 # see:
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/initializers/rack_attack.rb.example
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb
-# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093)
+# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
 
 {% from 'macrolib.cfg.in' import cfg  with context %}
 

software/gitlab/template/resque.yml.in

@@ -2,6 +2,6 @@
 # see:
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/resque.yml.example
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/resque.yml.erb
-# (last udpdated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093)
+# (last udpdated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
 
 production: unix://{{ redis.unixsocket }}

software/gitlab/template/smtp_settings.rb.in

@@ -2,7 +2,7 @@
 # see:
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/initializers/smtp_settings.rb.sample
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/smtp_settings.rb.erb
-# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093)
+# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
 
 {% from 'macrolib.cfg.in' import cfg, cfg_bool  with context %}
 

software/gitlab/template/unicorn.rb.in

@@ -3,7 +3,7 @@
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/unicorn.rb.example
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/unicorn.rb.example.development
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/unicorn.rb.erb
-# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093)
+# (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
 
 {% from 'macrolib.cfg.in' import cfg  with context %}