2015-03-10 09:47:51 -07:00 · 2015-03-10 09:47:51 -07:00 · 8c438a68fb
parent 88dc11230e b5ec235ab1
commit 8c438a68fb
6 changed files with 24 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -8,6 +8,7 @@ omnibus-gitlab repository.
 - Respect gitlab_email_enabled property (Daniel Serodio) e2982692d49772c4f896a775e476a62b4831b8a1
 - Use correct cert for CI (Flávio J. Saraiva) 484227e2dfe33f59e3683a5757be6842d7ce79d2
 - Add ca_path and ca_file params for smtp email configuration (Thireus) fa9c1464bc1eb173660edfded1a2f7add7ac24b3
+- Add custom listen_port to nginx config for reverse proxies (Stan Hu) 671d6d45a8094997774da61eca4dd9edae

 7.8.0

--- a/doc/settings/nginx.md
+++ b/doc/settings/nginx.md
@ -134,6 +134,17 @@ nginx['listen_addresses'] = ["0.0.0.0", "[::]"] # listen on all IPv4 and IPv6 ad

 For GitLab CI, use the `ci_nginx['listen_addresses']` setting.

+## Setting the NGINX listen port
+
+By default NGINX will listen on the port specified in `external_url` or
+implicitly use the right port (80 for HTTP, 443 for HTTPS). If you are running
+GitLab behind a reverse proxy, you may want to override the listen port to
+something else.  For example, to use port 8080:
+
+```ruby
+nginx['listen_port'] = 8080
+```
+
 ## Inserting custom NGINX settings into the GitLab server block

 If you need to add custom settings into the NGINX `server` block for GitLab for
--- a/files/gitlab-config-template/gitlab.rb.template
+++ b/files/gitlab-config-template/gitlab.rb.template
@ -334,6 +334,7 @@ external_url 'GENERATED_EXTERNAL_URL'
 # nginx['ssl_session_cache'] = "builtin:1000  shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html
 # nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html
 # nginx['listen_addresses'] = ['*']
+# nginx['listen_port'] = nil # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port
 # nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
 # nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"

--- a/files/gitlab-cookbooks/gitlab/attributes/default.rb
+++ b/files/gitlab-cookbooks/gitlab/attributes/default.rb
@ -310,6 +310,7 @@ default['gitlab']['nginx']['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" # recommen
 default['gitlab']['nginx']['ssl_session_cache'] = "builtin:1000  shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html
 default['gitlab']['nginx']['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html
 default['gitlab']['nginx']['listen_addresses'] = ['*']
+default['gitlab']['nginx']['listen_port'] = nil # override only if you have a reverse proxy
 default['gitlab']['nginx']['custom_gitlab_server_config'] = nil
 default['gitlab']['nginx']['custom_nginx_config'] = nil

--- a/files/gitlab-cookbooks/gitlab/recipes/nginx.rb
+++ b/files/gitlab-cookbooks/gitlab/recipes/nginx.rb
@ -43,6 +43,14 @@ nginx_vars = node['gitlab']['nginx'].to_hash.merge({
  :gitlab_http_config => File.join(nginx_conf_dir, "gitlab-http.conf")
 })

+gitlab_port = node['gitlab']['gitlab-rails']['gitlab_port']
+
+# To support reverse proxies: only override the listen_port if
+# none has been specified
+if nginx_vars['listen_port'].nil?
+  nginx_vars['listen_port'] = gitlab_port
+end
+
 template nginx_vars[:gitlab_http_config] do
  source "nginx-gitlab-http.conf.erb"
  owner "root"
@ -53,7 +61,7 @@ template nginx_vars[:gitlab_http_config] do
      :fqdn => node['gitlab']['gitlab-rails']['gitlab_host'],
      :https => node['gitlab']['gitlab-rails']['gitlab_https'],
      :socket => node['gitlab']['unicorn']['socket'],
-      :port => node['gitlab']['gitlab-rails']['gitlab_port'],
+      :port => gitlab_port
    }
  ))
  notifies :restart, 'service[nginx]' if OmnibusHelper.should_notify?("nginx")
--- a/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb
+++ b/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb
@ -52,7 +52,7 @@ server {

 server {
 <% @listen_addresses.each do |listen_address| %>
-  listen <%= listen_address %>:<%= @port %><% if @https %> ssl<% end %>;
+  listen <%= listen_address %>:<%= @listen_port %><% if @https %> ssl<% end %>;
 <% end %>
  server_name <%= @fqdn %>;
  server_tokens off; ## Don't show the nginx version number, a security best practice