gitlab: Sync upstream configs from omnibus-gitlab

Like 02d0063b - pristine copy from omnibus-gitlab 8.6.5+ce.0-0-g342f8be Changes are in: - gitlab.yml.erb * + ldap.sync_time (we do not use LDAP) * artifacts.storage_path -> artifacts.path - nginx.conf.erb * proxy cache can be configured (gitlab defaults to up to 1GB on-disk cache) https://gitlab.com/gitlab-org/omnibus-gitlab/commit/8b91c071 This cache was introduced by upstream instead of accepting https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17 For raw blobs downloading the cache is activated essentially for public projects only (only for them cache-control is public) https://gitlab.com/gitlab-org/gitlab-ce/commit/fc90d9e5#a587159e3f053514fa2a9a4fa9a9cb56e6928df0_155_157 The cache is not very effective, and under load can do more harm than good: https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17#note_4082683 Since we have fast raw blobs serving by our gitlab-workhorse patches, and caches on frontends, for this cache, offhand we are not very interested. - nginx-gitlab-http.conf.erb * nginx can connect to gitlab-workhorse not via unix:// (we always use unix://) * HTTP/2 support can be disabled (we are going to always support HTTP/2) * All static content (except 404,422,500,502) is now served by gitlab-workhorse (under nginx), not nginx directly https://gitlab.com/gitlab-org/omnibus-gitlab/commit/48dce4ec The following files stay the same: - database.yml.erb - gitconfig.erb - gitlab-rails-config.ru.erb - gitlab-shell-config.yml.erb - rack_attack.rb.erb - resque.yml.erb - smtp_settings.rb.erb - unicorn.rb.erb

gitlab: Sync upstream configs from omnibus-gitlab
Like 02d0063b - pristine copy from omnibus-gitlab 8.6.5+ce.0-0-g342f8be Changes are in: - gitlab.yml.erb * + ldap.sync_time (we do not use LDAP) * artifacts.storage_path -> artifacts.path - nginx.conf.erb * proxy cache can be configured (gitlab defaults to up to 1GB on-disk cache) https://gitlab.com/gitlab-org/omnibus-gitlab/commit/8b91c071 This cache was introduced by upstream instead of accepting https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17 For raw blobs downloading the cache is activated essentially for public projects only (only for them cache-control is public) https://gitlab.com/gitlab-org/gitlab-ce/commit/fc90d9e5#a587159e3f053514fa2a9a4fa9a9cb56e6928df0_155_157 The cache is not very effective, and under load can do more harm than good: https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17#note_4082683 Since we have fast raw blobs serving by our gitlab-workhorse patches, and caches on frontends, for this cache, offhand we are not very interested. - nginx-gitlab-http.conf.erb * nginx can connect to gitlab-workhorse not via unix:// (we always use unix://) * HTTP/2 support can be disabled (we are going to always support HTTP/2) * All static content (except 404,422,500,502) is now served by gitlab-workhorse (under nginx), not nginx directly https://gitlab.com/gitlab-org/omnibus-gitlab/commit/48dce4ec The following files stay the same: - database.yml.erb - gitconfig.erb - gitlab-rails-config.ru.erb - gitlab-shell-config.yml.erb - rack_attack.rb.erb - resque.yml.erb - smtp_settings.rb.erb - unicorn.rb.erb
f6f97d72 · Kirill Smelkov · 02d0063b · f6f97d72 · f6f97d72 · f6f97d72
Commit f6f97d72 authored Apr 11, 2016 by Kirill Smelkov
3 changed files
--- a/software/gitlab/template/gitlab.yml.erb
+++ b/software/gitlab/template/gitlab.yml.erb
@@ -108,7 +108,7 @@ production: &base
  artifacts:
    enabled: <%= @artifacts_enabled %>
    # The location where Build Artifacts are stored (default: shared/artifacts).
-    storage_path: <%= @artifacts_path %>
+    path: <%= @artifacts_path %>
  ## Git LFS
  lfs:
@@ -191,6 +191,7 @@ production: &base
  #   bundle exec rake gitlab:ldap:check RAILS_ENV=production
  ldap:
    enabled: <%= @ldap_enabled %>
+    sync_time: <%= @ldap_sync_time %>
  <% if @ldap_servers.any? %>
    servers:
    <% @ldap_servers.each do |provider_id, settings| %>

--- a/software/gitlab/template/nginx-gitlab-http.conf.erb
+++ b/software/gitlab/template/nginx-gitlab-http.conf.erb
@@ -31,7 +31,7 @@
 ###################################
 upstream gitlab-workhorse {
-  server unix:<%= node['gitlab']['gitlab-workhorse']['listen_addr'] %>;
+  server <%= "unix:" if node['gitlab']['gitlab-workhorse']['listen_network'] == "unix" %><%= node['gitlab']['gitlab-workhorse']['listen_addr'] %>;
 }
 <% if @https && @redirect_http_to_https %>
@@ -50,7 +50,7 @@ server {
 server {
 <% @listen_addresses.each do |listen_address| %>
-  listen <%= listen_address %>:<%= @listen_port %><% if @https %> ssl http2<% end %>;
+  listen <%= listen_address %>:<%= @listen_port %><% if @https %> ssl<% if @http2_enabled %> http2<% end %><% end %>;
  <% if @kerberos_enabled && @kerberos_use_dedicated_port %>
  listen <%= listen_address %>:<%= @kerberos_port %><% if @kerberos_https %> ssl<% end %>;
@@ -59,7 +59,6 @@ server {
 <% end %>
  server_name <%= @fqdn %>;
  server_tokens off; ## Don't show the nginx version number, a security best practice
-  root /opt/gitlab/embedded/service/gitlab-rails/public;
  ## Increase this if you want to upload large attachments
  ## Or if you want to accept large git objects over http
@@ -113,5 +112,14 @@ server {
    proxy_pass http://gitlab-workhorse;
  }
+  error_page 404 /404.html;
+  error_page 422 /422.html;
+  error_page 500 /500.html;
+  error_page 502 /502.html;
+  location ~ ^/(404|422|500|502)\.html$ {
+    root /opt/gitlab/embedded/service/gitlab-rails/public;
+    internal;
+  }
  <%= @custom_gitlab_server_config %>
 }
--- a/software/gitlab/template/nginx.conf.erb
+++ b/software/gitlab/template/nginx.conf.erb
@@ -32,6 +32,9 @@ http {
  include /opt/gitlab/embedded/conf/mime.types;
+  proxy_cache_path <%= @proxy_cache_path %>;
+  proxy_cache <%= @proxy_cache %>;
  <% if @gitlab_http_config %>
  include <%= @gitlab_http_config %>;
  <% end %>