Merge branch 'enable_nginx_status' into 'master'
Enable nginx status endpoint This MR adds the configuration to enable the nginx_status endpoint. closes https://gitlab.com/gitlab-org/omnibus-gitlab/issues/839 cc @marin See merge request !997
This commit is contained in:
commit
3cd7b36399
|
@ -9,6 +9,7 @@ omnibus-gitlab repository.
|
|||
- Add support for configuring workhorse's api limiting
|
||||
- Support specifying a post reconfigure script to run in the docker container
|
||||
- Updated cacerts.pem to 2016-09-14 version
|
||||
- Add support for nginx status
|
||||
|
||||
8.12.4
|
||||
|
||||
|
|
|
@ -16,6 +16,7 @@ by default:
|
|||
| Redis | Yes | Socket | Port (6379) | X |
|
||||
| Unicorn | Yes | Socket | Port (8080) | X |
|
||||
| GitLab Workhorse | Yes | Socket | Port (8181) | X |
|
||||
| Nginx status | Yes | Port | X | 8060 |
|
||||
| Incoming email | No | Port | X | 143 |
|
||||
| Elastic search | No | Port | X | 9200 |
|
||||
| GitLab Pages | No | Port | X | 80 or 443 |
|
||||
|
|
|
@ -486,3 +486,7 @@ See [doc/settings/nginx.md](nginx.md).
|
|||
## Inserting custom settings into the NGINX config
|
||||
|
||||
See [doc/settings/nginx.md](nginx.md).
|
||||
|
||||
## Enable nginx_status
|
||||
|
||||
See [doc/settings/nginx.md](nginx.md).
|
||||
|
|
|
@ -515,6 +515,53 @@ server {
|
|||
}
|
||||
```
|
||||
|
||||
### Enabling/Disabling nginx_status
|
||||
|
||||
By default you will have an nginx health-check endpoint configured at 127.0.0.1:8060/nginx_status to monitor your Nginx server status.
|
||||
|
||||
#### The following information will be displayed:
|
||||
|
||||
```
|
||||
Active connections: 1
|
||||
server accepts handled requests
|
||||
18 18 36
|
||||
Reading: 0 Writing: 1 Waiting: 0
|
||||
```
|
||||
* Active connections – Open connections in total.
|
||||
* 3 figures are shown.
|
||||
* All accepted connections.
|
||||
* All handled connections.
|
||||
* Total number of handled requests.
|
||||
* Reading: Nginx reads request headers
|
||||
* Writing: Nginx reads request bodies, processes requests, or writes responses to a client
|
||||
* Waiting: Keep-alive connections. This number depends on the keepalive-timeout.
|
||||
|
||||
## Configuration
|
||||
|
||||
`/etc/gitlab/gitlab.rb`
|
||||
|
||||
```Ruby
|
||||
nginx['status']['listen_addresses'] = ['*']
|
||||
nginx['status']['fqdn'] = node['fqdn']
|
||||
nginx['status']['port'] = 8060
|
||||
nginx['status']['options'] = { # nginx_status location block options
|
||||
"stub_status" => "on", # Turn on stats
|
||||
"access_log" => "off", # Disable logs for stats
|
||||
"allow" => "127.0.0.1", # Only allow access from localhost
|
||||
"deny" => "all", # Deny access to anyone else
|
||||
}
|
||||
```
|
||||
|
||||
If you don't find this service useful for your current infrastructure you can disable it with:
|
||||
|
||||
```ruby
|
||||
nginx['status']['enable'] = false
|
||||
```
|
||||
|
||||
Make sure you run sudo gitlab-ctl reconfigure for the changes to take effect.
|
||||
|
||||
|
||||
|
||||
#### Warning
|
||||
|
||||
To ensure that user uploads are accessible your Nginx user (usually `www-data`)
|
||||
|
|
|
@ -637,7 +637,17 @@ external_url 'GENERATED_EXTERNAL_URL'
|
|||
# nginx['cache_max_size'] = '5000m'
|
||||
# nginx['server_names_hash_bucket_size'] = 64
|
||||
|
||||
|
||||
## Nginx status
|
||||
# nginx['status']['enable'] = true
|
||||
# nginx['status']['listen_addresses'] = ['*']
|
||||
# nginx['status']['fqdn'] = node['fqdn']
|
||||
# nginx['status']['port'] = 8060
|
||||
# nginx['status']['options'] = { # nginx_status location block options
|
||||
# "stub_status" => "on", # Turn on stats
|
||||
# "access_log" => "off", # Disable logs for stats
|
||||
# "allow" => "127.0.0.1", # Only allow access from localhost
|
||||
# "deny" => "all", # Deny access to anyone else
|
||||
# }
|
||||
|
||||
##################
|
||||
# GitLab Logging #
|
||||
|
|
|
@ -561,6 +561,19 @@ default['gitlab']['nginx']['real_ip_header'] = nil
|
|||
default['gitlab']['nginx']['real_ip_recursive'] = nil
|
||||
default['gitlab']['nginx']['server_names_hash_bucket_size'] = 64
|
||||
|
||||
###
|
||||
# Nginx status
|
||||
###
|
||||
default['gitlab']['nginx']['status']['enable'] = true
|
||||
default['gitlab']['nginx']['status']['listen_addresses'] = ['*']
|
||||
default['gitlab']['nginx']['status']['fqdn'] = node['fqdn']
|
||||
default['gitlab']['nginx']['status']['port'] = 8060
|
||||
default['gitlab']['nginx']['status']['options'] = {
|
||||
"stub_status" => "on",
|
||||
"access_log" => "off",
|
||||
"allow" => "127.0.0.1",
|
||||
"deny" => "all",
|
||||
}
|
||||
|
||||
###
|
||||
# Logging
|
||||
|
|
|
@ -45,6 +45,7 @@ gitlab_rails_http_conf = File.join(nginx_conf_dir, "gitlab-http.conf")
|
|||
gitlab_pages_http_conf = File.join(nginx_conf_dir, "gitlab-pages.conf")
|
||||
gitlab_registry_http_conf = File.join(nginx_conf_dir, "gitlab-registry.conf")
|
||||
gitlab_mattermost_http_conf = File.join(nginx_conf_dir, "gitlab-mattermost-http.conf")
|
||||
nginx_status_conf = File.join(nginx_conf_dir, "nginx-status.conf")
|
||||
|
||||
# If the service is enabled, check if we are using internal nginx
|
||||
gitlab_rails_enabled = if node['gitlab']['gitlab-rails']['enable']
|
||||
|
@ -71,6 +72,8 @@ gitlab_registry_enabled = if node['gitlab']['registry']['enable']
|
|||
false
|
||||
end
|
||||
|
||||
nginx_status_enabled = node['gitlab']['nginx']['status']['enable']
|
||||
|
||||
# Include the config file for gitlab-rails in nginx.conf later
|
||||
nginx_vars = node['gitlab']['nginx'].to_hash.merge({
|
||||
:gitlab_http_config => gitlab_rails_enabled ? gitlab_rails_http_conf : nil
|
||||
|
@ -90,6 +93,12 @@ nginx_vars = nginx_vars.to_hash.merge!({
|
|||
:gitlab_registry_http_config => gitlab_registry_enabled ? gitlab_registry_http_conf : nil
|
||||
})
|
||||
|
||||
nginx_vars = nginx_vars.to_hash.merge!({
|
||||
:nginx_status_config => nginx_status_enabled ? nginx_status_conf : nil
|
||||
})
|
||||
|
||||
|
||||
|
||||
if nginx_vars['listen_https'].nil?
|
||||
nginx_vars['https'] = node['gitlab']['gitlab-rails']['gitlab_https']
|
||||
else
|
||||
|
@ -187,6 +196,21 @@ template gitlab_mattermost_http_conf do
|
|||
action gitlab_mattermost_enabled ? :create : :delete
|
||||
end
|
||||
|
||||
template nginx_status_conf do
|
||||
source "nginx-status.conf.erb"
|
||||
owner "root"
|
||||
group "root"
|
||||
mode "0644"
|
||||
variables ({
|
||||
:listen_addresses => nginx_vars['status']['listen_addresses'],
|
||||
:fqdn => nginx_vars['status']['fqdn'],
|
||||
:port => nginx_vars['status']['port'],
|
||||
:options => nginx_vars['status']['options']
|
||||
})
|
||||
notifies :restart, 'service[nginx]' if OmnibusHelper.should_notify?("nginx")
|
||||
action nginx_status_enabled ? :create : :delete
|
||||
end
|
||||
|
||||
nginx_vars['gitlab_access_log_format'] = node['gitlab']['nginx']['log_format']
|
||||
nginx_vars['gitlab_ci_access_log_format'] = node['gitlab']['ci-nginx']['log_format']
|
||||
nginx_vars['gitlab_mattermost_access_log_format'] = node['gitlab']['mattermost-nginx']['log_format']
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
server {
|
||||
<% @listen_addresses.each do |listen_address| %>
|
||||
listen <%= listen_address %>:<%= @port %>;
|
||||
<% end %>
|
||||
server_name <%= @fqdn %>;
|
||||
location /nginx_status {
|
||||
<% @options.each do |key, value| %>
|
||||
<%= key %> <%= value %>;
|
||||
<% end %>
|
||||
}
|
||||
}
|
|
@ -57,5 +57,9 @@ http {
|
|||
include <%= @gitlab_registry_http_config %>;
|
||||
<% end %>
|
||||
|
||||
<% if @nginx_status_config %>
|
||||
include <%= @nginx_status_config %>;
|
||||
<% end %>
|
||||
|
||||
<%= @custom_nginx_config %>
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@ require 'chef_helper'
|
|||
|
||||
describe 'nginx' do
|
||||
let(:chef_run) { ChefSpec::SoloRunner.converge('gitlab::default') }
|
||||
let(:nginx_status_config) { /include \/var\/opt\/gitlab\/nginx\/conf\/nginx-status\.conf;/ }
|
||||
|
||||
let(:basic_nginx_headers) do
|
||||
{
|
||||
|
@ -90,6 +91,59 @@ describe 'nginx' do
|
|||
end
|
||||
end
|
||||
|
||||
context 'when is enabled' do
|
||||
it 'enables nginx status by default' do
|
||||
expect(chef_run.node['gitlab']['nginx']['status']).to eql({
|
||||
"enable" => true,
|
||||
"listen_addresses" => ["*"],
|
||||
"fqdn" => chef_run.node["fqdn"],
|
||||
"port" => 8060,
|
||||
"options" => {
|
||||
"stub_status" => "on",
|
||||
"access_log" => "off",
|
||||
"allow" => "127.0.0.1",
|
||||
"deny" => "all"
|
||||
}
|
||||
})
|
||||
expect(chef_run).to render_file('/var/opt/gitlab/nginx/conf/nginx.conf').with_content(nginx_status_config)
|
||||
end
|
||||
|
||||
it "supports overrading nginx status default configuration" do
|
||||
custom_nginx_status_config = {
|
||||
"enable" => true,
|
||||
"listen_addresses" => ["127.0.0.1"],
|
||||
"fqdn" => "dev.example.com",
|
||||
"port" => 9999,
|
||||
"options" => {
|
||||
"stub_status" => "on",
|
||||
"access_log" => "on",
|
||||
"allow" => "127.0.0.1",
|
||||
"deny" => "all"
|
||||
}
|
||||
}
|
||||
|
||||
stub_gitlab_rb("nginx" => {
|
||||
"status" => custom_nginx_status_config
|
||||
})
|
||||
|
||||
chef_run.converge('gitlab::default')
|
||||
|
||||
expect(chef_run.node['gitlab']['nginx']['status']).to eql(custom_nginx_status_config)
|
||||
end
|
||||
|
||||
it "will not load the nginx status config if nginx status is disabled" do
|
||||
stub_gitlab_rb("nginx" => { "status" => { "enable" => false } })
|
||||
expect(chef_run).to_not render_file('/var/opt/gitlab/nginx/conf/nginx.conf').with_content(nginx_status_config)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when is disabled' do
|
||||
it 'should not add the nginx status config' do
|
||||
stub_gitlab_rb("nginx" => { "enable" => false })
|
||||
expect(chef_run).to_not render_file('/var/opt/gitlab/nginx/conf/nginx.conf').with_content(nginx_status_config)
|
||||
end
|
||||
end
|
||||
|
||||
def nginx_headers(additional_headers)
|
||||
basic_nginx_headers.merge(additional_headers)
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue