Merge branch 'stanhu/omnibus-gitlab-nginx-support-reverse-proxy'
Conflicts: CHANGELOG.md
This commit is contained in:
commit
8c438a68fb
|
@ -8,6 +8,7 @@ omnibus-gitlab repository.
|
|||
- Respect gitlab_email_enabled property (Daniel Serodio) e2982692d49772c4f896a775e476a62b4831b8a1
|
||||
- Use correct cert for CI (Flávio J. Saraiva) 484227e2dfe33f59e3683a5757be6842d7ce79d2
|
||||
- Add ca_path and ca_file params for smtp email configuration (Thireus) fa9c1464bc1eb173660edfded1a2f7add7ac24b3
|
||||
- Add custom listen_port to nginx config for reverse proxies (Stan Hu) 671d6d45a8094997774da61eca4dd9edae
|
||||
|
||||
7.8.0
|
||||
|
||||
|
|
|
@ -134,6 +134,17 @@ nginx['listen_addresses'] = ["0.0.0.0", "[::]"] # listen on all IPv4 and IPv6 ad
|
|||
|
||||
For GitLab CI, use the `ci_nginx['listen_addresses']` setting.
|
||||
|
||||
## Setting the NGINX listen port
|
||||
|
||||
By default NGINX will listen on the port specified in `external_url` or
|
||||
implicitly use the right port (80 for HTTP, 443 for HTTPS). If you are running
|
||||
GitLab behind a reverse proxy, you may want to override the listen port to
|
||||
something else. For example, to use port 8080:
|
||||
|
||||
```ruby
|
||||
nginx['listen_port'] = 8080
|
||||
```
|
||||
|
||||
## Inserting custom NGINX settings into the GitLab server block
|
||||
|
||||
If you need to add custom settings into the NGINX `server` block for GitLab for
|
||||
|
|
|
@ -334,6 +334,7 @@ external_url 'GENERATED_EXTERNAL_URL'
|
|||
# nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html
|
||||
# nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html
|
||||
# nginx['listen_addresses'] = ['*']
|
||||
# nginx['listen_port'] = nil # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port
|
||||
# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
|
||||
# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
|
||||
|
||||
|
|
|
@ -310,6 +310,7 @@ default['gitlab']['nginx']['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" # recommen
|
|||
default['gitlab']['nginx']['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html
|
||||
default['gitlab']['nginx']['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html
|
||||
default['gitlab']['nginx']['listen_addresses'] = ['*']
|
||||
default['gitlab']['nginx']['listen_port'] = nil # override only if you have a reverse proxy
|
||||
default['gitlab']['nginx']['custom_gitlab_server_config'] = nil
|
||||
default['gitlab']['nginx']['custom_nginx_config'] = nil
|
||||
|
||||
|
|
|
@ -43,6 +43,14 @@ nginx_vars = node['gitlab']['nginx'].to_hash.merge({
|
|||
:gitlab_http_config => File.join(nginx_conf_dir, "gitlab-http.conf")
|
||||
})
|
||||
|
||||
gitlab_port = node['gitlab']['gitlab-rails']['gitlab_port']
|
||||
|
||||
# To support reverse proxies: only override the listen_port if
|
||||
# none has been specified
|
||||
if nginx_vars['listen_port'].nil?
|
||||
nginx_vars['listen_port'] = gitlab_port
|
||||
end
|
||||
|
||||
template nginx_vars[:gitlab_http_config] do
|
||||
source "nginx-gitlab-http.conf.erb"
|
||||
owner "root"
|
||||
|
@ -53,7 +61,7 @@ template nginx_vars[:gitlab_http_config] do
|
|||
:fqdn => node['gitlab']['gitlab-rails']['gitlab_host'],
|
||||
:https => node['gitlab']['gitlab-rails']['gitlab_https'],
|
||||
:socket => node['gitlab']['unicorn']['socket'],
|
||||
:port => node['gitlab']['gitlab-rails']['gitlab_port'],
|
||||
:port => gitlab_port
|
||||
}
|
||||
))
|
||||
notifies :restart, 'service[nginx]' if OmnibusHelper.should_notify?("nginx")
|
||||
|
|
|
@ -52,7 +52,7 @@ server {
|
|||
|
||||
server {
|
||||
<% @listen_addresses.each do |listen_address| %>
|
||||
listen <%= listen_address %>:<%= @port %><% if @https %> ssl<% end %>;
|
||||
listen <%= listen_address %>:<%= @listen_port %><% if @https %> ssl<% end %>;
|
||||
<% end %>
|
||||
server_name <%= @fqdn %>;
|
||||
server_tokens off; ## Don't show the nginx version number, a security best practice
|
||||
|
|
Loading…
Reference in New Issue