From 5c59e16edb53976330dbcacfd5e22b265b780b2c Mon Sep 17 00:00:00 2001 From: Gert-Jan Timmer Date: Sat, 10 Nov 2018 23:37:48 +0100 Subject: [PATCH] Fix: Gitlab Pages Custom Domain Setup --- README.md | 1 + assets/runtime/env-defaults | 1 + assets/runtime/functions | 87 ++++++++++++++++++++++--------------- 3 files changed, 54 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index 6014ff8e..d95a9dc7 100644 --- a/README.md +++ b/README.md @@ -917,6 +917,7 @@ Below is the complete list of available options that can be used to customize yo | `GITLAB_PAGES_EXTERNAL_HTTP` | Sets GitLab Pages external http to receive request on an independen port. Disabled by default | | `GITLAB_PAGES_EXTERNAL_HTTPS` | Sets GitLab Pages external https to receive request on an independen port. Disabled by default | | `GITLAB_PAGES_ACCESS_CONTROL` | Set to `true` to enable access control for pages. Allows access to a Pages site to be controlled based on a user’s membership to that project. Disabled by default. | +| `GITLAB_PAGES_NGINX_PROXY` | Disable the nginx proxy for gitlab pages, defaults to `true`. When set to `false` this will turn off the nginx proxy to the gitlab pages daemon, used when the user provides their own http load balancer in combination with a gitlab pages custom domain setup. | | `GITLAB_HTTPS` | Set to `true` to enable https support, disabled by default. | | `GITALY_CLIENT_PATH` | Set default path for gitaly. defaults to `/home/git/gitaly` | | `GITALY_TOKEN` | Set a gitaly token, blank by default. | diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults index 96a537f9..f593d053 100644 --- a/assets/runtime/env-defaults +++ b/assets/runtime/env-defaults @@ -414,6 +414,7 @@ GITLAB_PAGES_HTTPS=${GITLAB_PAGES_HTTPS:-false} GITLAB_PAGES_EXTERNAL_HTTP=${GITLAB_PAGES_EXTERNAL_HTTP:-} GITLAB_PAGES_EXTERNAL_HTTPS=${GITLAB_PAGES_EXTERNAL_HTTPS:-} GITLAB_PAGES_ACCESS_CONTROL=${GITLAB_PAGES_ACCESS_CONTROL:-false} +GITLAB_PAGES_NGINX_PROXY=${GITLAB_PAGES_NGINX_PROXY:-true} ## Gitaly GITALY_CLIENT_PATH=${GITALY_CLIENT_PATH:-$GITLAB_GITALY_INSTALL_DIR} diff --git a/assets/runtime/functions b/assets/runtime/functions index ce851b98..0ebe8152 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -1121,22 +1121,24 @@ nginx_configure_gitlab_hsts() { fi } - nginx_configure_gitlab_ipv6() { - if [[ ! -f /proc/net/if_inet6 ]]; then - # disable ipv6 support in nginx for gitlab - sed -i \ - -e "/listen \[::\]:80/d" \ - -e "/listen \[::\]:443/d" \ - ${GITLAB_NGINX_CONFIG} - # disable ipv6 support in nginx for pages - if [[ ${GITLAB_PAGES_ENABLED} == true ]]; then - sed -i \ - -e "/listen \[::\]:80/d" \ - -e "/listen \[::\]:443/d" \ - ${GITLAB_PAGES_NGINX_CONFIG} - fi - fi - } +nginx_configure_gitlab_ipv6() { + if [[ ! -f /proc/net/if_inet6 ]]; then + # disable ipv6 support in nginx for gitlab + sed -i \ + -e "/listen \[::\]:80/d" \ + -e "/listen \[::\]:443/d" \ + ${GITLAB_NGINX_CONFIG} + # disable ipv6 support in nginx for pages + if [[ ${GITLAB_PAGES_ENABLED} == true ]]; then + if [[ ${GITLAB_PAGES_NGINX_PROXY} == true ]]; then + sed -i \ + -e "/listen \[::\]:80/d" \ + -e "/listen \[::\]:443/d" \ + ${GITLAB_PAGES_NGINX_CONFIG} + fi + fi + fi +} nginx_configure_gitlab_real_ip() { if [[ ${NGINX_REAL_IP_RECURSIVE} == on && \ @@ -1199,21 +1201,26 @@ nginx_configure_pages(){ local GITLAB_PAGES_DOMAIN=$(echo $GITLAB_PAGES_DOMAIN | sed 's/\./\\\\./g') if [[ ${GITLAB_PAGES_ENABLED} == true ]]; then echo "Configuring nginx::gitlab-pages..." - if [[ ${GITLAB_PAGES_HTTPS} == true ]]; then - update_template ${GITLAB_PAGES_NGINX_CONFIG} \ - GITLAB_PORT \ - GITLAB_PAGES_DOMAIN \ - GITLAB_PAGES_PORT \ - GITLAB_LOG_DIR \ - GITLAB_PAGES_DOMAIN \ - SSL_PAGES_CERT_PATH \ - SSL_PAGES_KEY_PATH \ - SSL_DHPARAM_PATH \ - GITLAB_LOG_DIR - else - update_template ${GITLAB_PAGES_NGINX_CONFIG} \ - GITLAB_PAGES_DOMAIN \ - GITLAB_LOG_DIR + if [[ ${GITLAB_PAGES_NGINX_PROXY} == true ]]; then + if [[ ${GITLAB_PAGES_HTTPS} == true ]]; then + update_template ${GITLAB_PAGES_NGINX_CONFIG} \ + GITLAB_PORT \ + GITLAB_PAGES_DOMAIN \ + GITLAB_PAGES_PORT \ + GITLAB_LOG_DIR \ + GITLAB_PAGES_DOMAIN \ + SSL_PAGES_CERT_PATH \ + SSL_PAGES_KEY_PATH \ + SSL_DHPARAM_PATH \ + GITLAB_LOG_DIR + else + update_template ${GITLAB_PAGES_NGINX_CONFIG} \ + GITLAB_PAGES_DOMAIN \ + GITLAB_LOG_DIR + fi + else + echo "Gitlab pages nginx proxy disabled" + echo "Assuming custom domain setup with own HTTP(S) load balancer'" fi fi } @@ -1479,11 +1486,21 @@ install_configuration_templates() { ## ${GITLAB_PAGES_NGINX_CONFIG} if [[ ${GITLAB_PAGES_ENABLED} == true ]]; then if [[ ${GITLAB_PAGES_HTTPS} == true && -f ${SSL_PAGES_CERT_PATH} && -f ${SSL_PAGES_KEY_PATH} ]]; then - install_template root: nginx/gitlab-pages-ssl ${GITLAB_PAGES_NGINX_CONFIG} + if [[ ${GITLAB_PAGES_NGINX_PROXY} == true ]]; then + install_template root: nginx/gitlab-pages-ssl ${GITLAB_PAGES_NGINX_CONFIG} + else + echo "Gitlab pages nginx proxy disabled" + echo "Assuming custom domain setup with own HTTP(S) load balancer'" + fi else - echo "SSL Key, SSL Certificate were not found." - echo "Assuming that the container is running behind a HTTPS enabled load balancer." - install_template root: nginx/gitlab-pages ${GITLAB_PAGES_NGINX_CONFIG} + if [[ ${GITLAB_PAGES_NGINX_PROXY} == true ]]; then + echo "SSL Key, SSL Certificate were not found." + echo "Assuming that the container is running behind a HTTPS enabled load balancer." + install_template root: nginx/gitlab-pages ${GITLAB_PAGES_NGINX_CONFIG} + else + echo "Gitlab pages nginx proxy disabled" + echo "Assuming custom domain setup with own HTTP(S) load balancer'" + fi fi fi