Commit f6f97d72 by Kirill Smelkov

gitlab: Sync upstream configs from omnibus-gitlab

Like 02d0063b - pristine copy from omnibus-gitlab 8.6.5+ce.0-0-g342f8be

Changes are in:

    - gitlab.yml.erb

      * + ldap.sync_time    (we do not use LDAP)
      * artifacts.storage_path -> artifacts.path

    - nginx.conf.erb

      * proxy cache can be configured (gitlab defaults to up to 1GB
        on-disk cache)

            https://gitlab.com/gitlab-org/omnibus-gitlab/commit/8b91c071

        This cache was introduced by upstream instead of accepting
        https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17

        For raw blobs downloading the cache is activated essentially for
        public projects only (only for them cache-control is public)

            https://gitlab.com/gitlab-org/gitlab-ce/commit/fc90d9e5#a587159e3f053514fa2a9a4fa9a9cb56e6928df0_155_157

        The cache is not very effective, and under load can do more harm
        than good:

            https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17#note_4082683

        Since we have fast raw blobs serving by our gitlab-workhorse
        patches, and caches on frontends, for this cache, offhand we are
        not very interested.

    - nginx-gitlab-http.conf.erb

      * nginx can connect to gitlab-workhorse not via unix://  (we
        always use unix://)

      * HTTP/2 support can be disabled (we are going to always support HTTP/2)

      * All static content (except 404,422,500,502) is now served by
        gitlab-workhorse (under nginx), not nginx directly

        https://gitlab.com/gitlab-org/omnibus-gitlab/commit/48dce4ec

The following files stay the same:

    - database.yml.erb
    - gitconfig.erb
    - gitlab-rails-config.ru.erb
    - gitlab-shell-config.yml.erb
    - rack_attack.rb.erb
    - resque.yml.erb
    - smtp_settings.rb.erb
    - unicorn.rb.erb
1 parent 02d0063b
......@@ -108,7 +108,7 @@ production: &base
artifacts:
enabled: <%= @artifacts_enabled %>
# The location where Build Artifacts are stored (default: shared/artifacts).
storage_path: <%= @artifacts_path %>
path: <%= @artifacts_path %>
## Git LFS
lfs:
......@@ -191,6 +191,7 @@ production: &base
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
ldap:
enabled: <%= @ldap_enabled %>
sync_time: <%= @ldap_sync_time %>
<% if @ldap_servers.any? %>
servers:
<% @ldap_servers.each do |provider_id, settings| %>
......
......@@ -31,7 +31,7 @@
###################################
upstream gitlab-workhorse {
server unix:<%= node['gitlab']['gitlab-workhorse']['listen_addr'] %>;
server <%= "unix:" if node['gitlab']['gitlab-workhorse']['listen_network'] == "unix" %><%= node['gitlab']['gitlab-workhorse']['listen_addr'] %>;
}
<% if @https && @redirect_http_to_https %>
......@@ -50,7 +50,7 @@ server {
server {
<% @listen_addresses.each do |listen_address| %>
listen <%= listen_address %>:<%= @listen_port %><% if @https %> ssl http2<% end %>;
listen <%= listen_address %>:<%= @listen_port %><% if @https %> ssl<% if @http2_enabled %> http2<% end %><% end %>;
<% if @kerberos_enabled && @kerberos_use_dedicated_port %>
listen <%= listen_address %>:<%= @kerberos_port %><% if @kerberos_https %> ssl<% end %>;
......@@ -59,7 +59,6 @@ server {
<% end %>
server_name <%= @fqdn %>;
server_tokens off; ## Don't show the nginx version number, a security best practice
root /opt/gitlab/embedded/service/gitlab-rails/public;
## Increase this if you want to upload large attachments
## Or if you want to accept large git objects over http
......@@ -113,5 +112,14 @@ server {
proxy_pass http://gitlab-workhorse;
}
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;
location ~ ^/(404|422|500|502)\.html$ {
root /opt/gitlab/embedded/service/gitlab-rails/public;
internal;
}
<%= @custom_gitlab_server_config %>
}
......@@ -32,6 +32,9 @@ http {
include /opt/gitlab/embedded/conf/mime.types;
proxy_cache_path <%= @proxy_cache_path %>;
proxy_cache <%= @proxy_cache %>;
<% if @gitlab_http_config %>
include <%= @gitlab_http_config %>;
<% end %>
......
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!