Merge branch 'enable_nginx_status' into 'master'

Enable nginx status endpoint

This MR adds the configuration to enable the nginx_status endpoint.  

closes https://gitlab.com/gitlab-org/omnibus-gitlab/issues/839  

cc @marin

See merge request !997

CHANGELOG.md

@@ -9,6 +9,7 @@ omnibus-gitlab repository.
 - Add support for configuring workhorse's api limiting
 - Support specifying a post reconfigure script to run in the docker container
 - Updated cacerts.pem to 2016-09-14 version
+- Add support for nginx status
 
 8.12.4
 

doc/package-information/defaults.md

@@ -16,6 +16,7 @@ by default:
 | Redis            | Yes           | Socket           | Port (6379) | X                                      |
 | Unicorn          | Yes           | Socket           | Port (8080) | X                                      |
 | GitLab Workhorse | Yes           | Socket           | Port (8181) | X                                      |
+| Nginx status     | Yes           | Port             | X           | 8060                                   |
 | Incoming email   | No            | Port             | X           | 143                                    |
 | Elastic search   | No            | Port             | X           | 9200                                   |
 | GitLab Pages     | No            | Port             | X           | 80 or 443                              |

doc/settings/configuration.md

@@ -486,3 +486,7 @@ See [doc/settings/nginx.md](nginx.md).
 ## Inserting custom settings into the NGINX config
 
 See [doc/settings/nginx.md](nginx.md).
+
+## Enable nginx_status
+
+See [doc/settings/nginx.md](nginx.md).

doc/settings/nginx.md

@@ -515,6 +515,53 @@ server {
 }
 ```
 
+### Enabling/Disabling nginx_status
+
+By default you will have an nginx health-check endpoint configured at 127.0.0.1:8060/nginx_status to monitor your Nginx server status.
+
+#### The following information will be displayed:
+
+```
+Active connections: 1
+server accepts handled requests
+ 18 18 36
+Reading: 0 Writing: 1 Waiting: 0
+```
+* Active connections – Open connections in total.
+* 3 figures are shown.
+ * All accepted connections.
+ * All handled connections.
+ * Total number of handled requests.
+* Reading: Nginx reads request headers
+* Writing: Nginx reads request bodies, processes requests, or writes responses to a client
+* Waiting: Keep-alive connections. This number depends on the keepalive-timeout.
+
+## Configuration
+
+`/etc/gitlab/gitlab.rb`
+
+```Ruby
+nginx['status']['listen_addresses'] = ['*']
+nginx['status']['fqdn'] = node['fqdn']
+nginx['status']['port'] = 8060
+nginx['status']['options'] = { # nginx_status location block options
+    "stub_status" => "on", # Turn on stats
+    "access_log" => "off", # Disable logs for stats
+    "allow" => "127.0.0.1", # Only allow access from localhost
+    "deny" => "all", # Deny access to anyone else
+}
+```
+
+If you don't find this service useful for your current infrastructure you can disable it with:
+
+```ruby
+nginx['status']['enable'] = false
+```
+
+Make sure you run sudo gitlab-ctl reconfigure for the changes to take effect.
+
+
+
 #### Warning
 
 To ensure that user uploads are accessible your Nginx user (usually `www-data`)

files/gitlab-config-template/gitlab.rb.template

@@ -637,7 +637,17 @@ external_url 'GENERATED_EXTERNAL_URL'
 # nginx['cache_max_size'] = '5000m'
 # nginx['server_names_hash_bucket_size'] = 64
 
-
+## Nginx status
+# nginx['status']['enable'] = true
+# nginx['status']['listen_addresses'] = ['*']
+# nginx['status']['fqdn'] = node['fqdn']
+# nginx['status']['port'] = 8060
+# nginx['status']['options'] = { # nginx_status location block options
+#   "stub_status" => "on", # Turn on stats
+#   "access_log" => "off", # Disable logs for stats
+#   "allow" => "127.0.0.1", # Only allow access from localhost
+#   "deny" => "all", # Deny access to anyone else
+# }
 
 ##################
 # GitLab Logging #

files/gitlab-cookbooks/gitlab/attributes/default.rb

@@ -561,6 +561,19 @@ default['gitlab']['nginx']['real_ip_header'] = nil
 default['gitlab']['nginx']['real_ip_recursive'] = nil
 default['gitlab']['nginx']['server_names_hash_bucket_size'] = 64
 
+###
+# Nginx status
+###
+default['gitlab']['nginx']['status']['enable'] = true
+default['gitlab']['nginx']['status']['listen_addresses'] = ['*']
+default['gitlab']['nginx']['status']['fqdn'] = node['fqdn']
+default['gitlab']['nginx']['status']['port'] = 8060
+default['gitlab']['nginx']['status']['options'] = {
+  "stub_status" => "on",
+  "access_log" => "off",
+  "allow" => "127.0.0.1",
+  "deny" => "all",
+}
 
 ###
 # Logging

files/gitlab-cookbooks/gitlab/recipes/nginx.rb

@@ -45,6 +45,7 @@ gitlab_rails_http_conf = File.join(nginx_conf_dir, "gitlab-http.conf")
 gitlab_pages_http_conf = File.join(nginx_conf_dir, "gitlab-pages.conf")
 gitlab_registry_http_conf = File.join(nginx_conf_dir, "gitlab-registry.conf")
 gitlab_mattermost_http_conf = File.join(nginx_conf_dir, "gitlab-mattermost-http.conf")
+nginx_status_conf = File.join(nginx_conf_dir, "nginx-status.conf")
 
 # If the service is enabled, check if we are using internal nginx
 gitlab_rails_enabled = if node['gitlab']['gitlab-rails']['enable']
@@ -71,6 +72,8 @@ gitlab_registry_enabled = if node['gitlab']['registry']['enable']
                          false
                        end
 
+nginx_status_enabled = node['gitlab']['nginx']['status']['enable']
+
 # Include the config file for gitlab-rails in nginx.conf later
 nginx_vars = node['gitlab']['nginx'].to_hash.merge({
                :gitlab_http_config => gitlab_rails_enabled ? gitlab_rails_http_conf : nil
@@ -90,6 +93,12 @@ nginx_vars = nginx_vars.to_hash.merge!({
                                          :gitlab_registry_http_config => gitlab_registry_enabled ? gitlab_registry_http_conf : nil
                                        })
 
+nginx_vars = nginx_vars.to_hash.merge!({
+                                         :nginx_status_config => nginx_status_enabled ? nginx_status_conf : nil
+                                       })
+
+
+
 if nginx_vars['listen_https'].nil?
   nginx_vars['https'] = node['gitlab']['gitlab-rails']['gitlab_https']
 else
@@ -187,6 +196,21 @@ template gitlab_mattermost_http_conf do
   action gitlab_mattermost_enabled ? :create : :delete
 end
 
+template nginx_status_conf do
+  source "nginx-status.conf.erb"
+  owner "root"
+  group "root"
+  mode "0644"
+  variables ({
+    :listen_addresses => nginx_vars['status']['listen_addresses'],
+    :fqdn => nginx_vars['status']['fqdn'],
+    :port => nginx_vars['status']['port'],
+    :options => nginx_vars['status']['options']
+  })
+  notifies :restart, 'service[nginx]' if OmnibusHelper.should_notify?("nginx")
+  action nginx_status_enabled ? :create : :delete
+end
+
 nginx_vars['gitlab_access_log_format'] = node['gitlab']['nginx']['log_format']
 nginx_vars['gitlab_ci_access_log_format'] = node['gitlab']['ci-nginx']['log_format']
 nginx_vars['gitlab_mattermost_access_log_format'] = node['gitlab']['mattermost-nginx']['log_format']

files/gitlab-cookbooks/gitlab/templates/default/nginx-status.conf.erb

@@ -0,0 +1,11 @@
+server  {
+    <% @listen_addresses.each do |listen_address| %>
+    listen <%= listen_address %>:<%= @port %>;
+    <% end %>
+    server_name <%= @fqdn %>;
+    location /nginx_status {
+    <% @options.each do |key, value| %>
+      <%= key %> <%= value %>;
+    <% end %>
+    }
+}

files/gitlab-cookbooks/gitlab/templates/default/nginx.conf.erb

@@ -57,5 +57,9 @@ http {
   include <%= @gitlab_registry_http_config %>;
   <% end %>
 
+  <% if @nginx_status_config %>
+  include <%= @nginx_status_config %>;
+  <% end %>
+
   <%= @custom_nginx_config %>
 }

spec/chef/nginx_spec.rb

@@ -2,6 +2,7 @@ require 'chef_helper'
 
 describe 'nginx' do
   let(:chef_run) { ChefSpec::SoloRunner.converge('gitlab::default') }
+  let(:nginx_status_config) { /include \/var\/opt\/gitlab\/nginx\/conf\/nginx-status\.conf;/ }
 
   let(:basic_nginx_headers) do
     {
@@ -90,6 +91,59 @@ describe 'nginx' do
     end
   end
 
+  context 'when is enabled' do
+    it 'enables nginx status by default' do
+      expect(chef_run.node['gitlab']['nginx']['status']).to eql({
+        "enable" => true,
+        "listen_addresses" => ["*"],
+        "fqdn" => chef_run.node["fqdn"],
+        "port" => 8060,
+        "options" => {
+          "stub_status" => "on",
+          "access_log" => "off",
+          "allow" => "127.0.0.1",
+          "deny" => "all"
+        }
+      })
+      expect(chef_run).to render_file('/var/opt/gitlab/nginx/conf/nginx.conf').with_content(nginx_status_config)
+    end
+
+    it "supports overrading nginx status default configuration" do
+      custom_nginx_status_config = {
+        "enable" => true,
+        "listen_addresses" => ["127.0.0.1"],
+        "fqdn" => "dev.example.com",
+        "port" => 9999,
+        "options" => {
+          "stub_status" => "on",
+          "access_log" => "on",
+          "allow" => "127.0.0.1",
+          "deny" => "all"
+        }
+      }
+
+      stub_gitlab_rb("nginx" => {
+        "status" => custom_nginx_status_config
+      })
+
+      chef_run.converge('gitlab::default')
+
+      expect(chef_run.node['gitlab']['nginx']['status']).to eql(custom_nginx_status_config)
+    end
+
+    it "will not load the nginx status config if nginx status is disabled" do
+      stub_gitlab_rb("nginx" => { "status" => { "enable" => false } })
+      expect(chef_run).to_not render_file('/var/opt/gitlab/nginx/conf/nginx.conf').with_content(nginx_status_config)
+    end
+  end
+
+  context 'when is disabled' do
+    it 'should not add the nginx status config' do
+      stub_gitlab_rb("nginx" => { "enable" => false })
+      expect(chef_run).to_not render_file('/var/opt/gitlab/nginx/conf/nginx.conf').with_content(nginx_status_config)
+    end
+  end
+
   def nginx_headers(additional_headers)
     basic_nginx_headers.merge(additional_headers)
   end