archive-gh-me/docker-gitlab
1
0
Fork 0
mirror of https://github.com/sameersbn/docker-gitlab.git synced 2026-01-18 13:58:25 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'gitlab-next'

Browse Source
This commit is contained in:
Sameer Naik 2014-08-30 13:15:32 +05:30
commit 77e627e287
8 changed files with 45 additions and 284 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Changelog.md
View File

@ -1,5 +1,10 @@
# Changelog
**latest**
- removed the GITLAB_HTTPS_ONLY configuration option
- added NGINX_X_FORWARDED_PROTO configuration option
- optimization: talk directly to the unicorn worker from gitlab-shell
**7.2.1**
- upgrade to gitlab-ce 7.2.1
- added new SMTP_ENABLED configuration option.

11
README.md
View File

@ -587,23 +587,20 @@ In this configuration, any requests made over the plain http protocol will autom
#### Using HTTPS with a load balancer
Load balancers like nginx/haproxy/hipache talk to backend applications over plain http and as such the installation of ssl keys and certificates in the container are not required. The SSL configuration has to instead be done at the load balancer.
Load balancers like nginx/haproxy/hipache talk to backend applications over plain http and as such the installation of ssl keys and certificates are not required and should **NOT** be installed in the container. The SSL configuration has to instead be done at the load balancer.
Hoewever, when using a load balancer you **MUST** set `GITLAB_HTTPS` to `true` and the `GITLAB_HTTPS_ONLY` option to `false`. Additionally you will need to set the `SSL_SELF_SIGNED` option to `true` if self signed SSL certificates are in use.
Hoewever, when using a load balancer you **MUST** set `GITLAB_HTTPS` to `true`. Additionally you will need to set the `SSL_SELF_SIGNED` option to `true` if self signed SSL certificates are in use.
With this in place, you should configure the load balancer to support handling of https requests. But that is out of the scope of this document. Please refer to [Using SSL/HTTPS with HAProxy](http://seanmcgary.com/posts/using-sslhttps-with-haproxy) for information on the subject.
When using a load balancer, you probably want to make sure the load balancer performs the automatic http to https redirection. Information on this can also be found in the link above.
Unfortunately hipache does not come with an option to perform http to https redirection, so the only choice you really have is to switch to using haproxy or nginx for load balancing.
In summation, when using a load balancer, the docker command would look for the most part something like this:
```bash
docker run --name=gitlab -d -p 10022:22 -p 10080:80 \
-e 'GITLAB_SSH_PORT=10022' -e 'GITLAB_PORT=443' \
-e 'GITLAB_HTTPS=true' -e 'GITLAB_HTTPS_ONLY=false' \
-e 'SSL_SELF_SIGNED=true' \
-e 'GITLAB_HTTPS=true' -e 'SSL_SELF_SIGNED=true' \
-v /opt/gitlab/data:/home/git/data \
sameersbn/gitlab:7.2.1
```
@ -746,13 +743,13 @@ Below is the complete list of available options that can be used to customize yo
- **GITLAB_SSH_PORT**: The ssh port number. Defaults to `22`.
- **GITLAB_RELATIVE_URL_ROOT**: The sub URI of the GitLab server, e.g. `/gitlab`. No default.
- **GITLAB_HTTPS**: Set to `true` to enable https support, disabled by default.
- **GITLAB_HTTPS_ONLY**: Configure access over plain http when `GITLAB_HTTPS` is enabled. Should be set to `false` when using a load balancer. Defaults to `true`.
- **SSL_SELF_SIGNED**: Set to `true` when using self signed ssl certificates. `false` by default.
- **SSL_CERTIFICATE_PATH**: Location of the ssl certificate. Defaults to `/home/git/data/certs/gitlab.crt`
- **SSL_KEY_PATH**: Location of the ssl private key. Defaults to `/home/git/data/certs/gitlab.key`
- **SSL_DHPARAM_PATH**: Location of the dhparam file. Defaults to `/home/git/data/certs/dhparam.pem`
- **CA_CERTIFICATES_PATH**: List of SSL certificates to trust. Defaults to `/home/git/data/certs/ca.crt`.
- **NGINX_MAX_UPLOAD_SIZE**: Maximum acceptable upload size. Defaults to `20m`.
- **NGINX_X_FORWARDED_PROTO**: Advanced configuration option for the `proxy_set_header X-Forwarded-Proto` setting in the gitlab nginx vHost configuration. Defaults to `https` when `GITLAB_HTTPS` is `true`, else defaults to `$scheme`.
- **REDIS_HOST**: The hostname of the redis server. Defaults to `localhost`
- **REDIS_PORT**: The connection port of the redis server. Defaults to `6379`.
- **UNICORN_WORKERS**: The number of unicorn workers to start. Defaults to `2`.

2
assets/config/gitlab-shell/config.yml
View File

@ -2,7 +2,7 @@
user: git
# Url to gitlab instance. Used for api calls. Should end with a slash.
gitlab_url: "{{GITLAB_URL}}"
gitlab_url: "http://localhost:8080{{GITLAB_RELATIVE_URL_ROOT}}/"
http_settings:
# user: someone

2
assets/config/nginx/gitlab
View File

@ -51,7 +51,7 @@ server {
proxy_connect_timeout 300; # Some requests take more than 30 seconds.
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto {{NGINX_X_FORWARDED_PROTO}};
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

2
assets/config/nginx/gitlab.https.strict → assets/config/nginx/gitlab-ssl
View File

@ -143,7 +143,7 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto {{NGINX_X_FORWARDED_PROTO}};
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab;

205
assets/config/nginx/gitlab.https.permissive
View File

@ -1,205 +0,0 @@
## GitLab
## Contributors: randx, yin8086, sashkab, orkoden, axilleas
##
## Modified from nginx http version
## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
##
## Lines starting with two hashes (##) are comments containing information
## for configuration. One hash (#) comments are actual configuration parameters
## which you can comment/uncomment to your liking.
##
###################################
## SSL configuration ##
###################################
##
## Optimal configuration is taken from:
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
## Make sure to read it and understand what each option does.
##
## [Optional] Generate a self-signed ssl certificate:
## mkdir /etc/nginx/ssl/
## cd /etc/nginx/ssl/
## sudo openssl req -newkey rsa:2048 -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key
## sudo chmod o-r gitlab.key
##
## Edit `gitlab-shell/config.yml`:
## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com`
## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt`
## 3) Set "self_signed_cert" to `true`
## Edit `gitlab/config/gitlab.yml`:
## 1) Define port for http "port: 443"
## 2) Enable https "https: true"
## 3) Update ssl for gravatar "ssl_url: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm"
##
##################################
## CHUNKED TRANSFER ##
##################################
##
## It is a known issue that Git-over-HTTP requires chunked transfer encoding [0]
## which is not supported by Nginx < 1.3.9 [1]. As a result, pushing a large object
## with Git (i.e. a single large file) can lead to a 411 error. In theory you can get
## around this by tweaking this configuration file and either:
## - installing an old version of Nginx with the chunkin module [2] compiled in, or
## - using a newer version of Nginx.
##
## At the time of writing we do not know if either of these theoretical solutions works. As a workaround
## users can use Git over SSH to push large files.
##
## [0] https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99
## [1] https://github.com/agentzh/chunkin-nginx-module#status
## [2] https://github.com/agentzh/chunkin-nginx-module
upstream gitlab {
## Uncomment if you have set up unicorn to listen on a unix socket (recommended).
server unix:{{GITLAB_INSTALL_DIR}}/tmp/sockets/gitlab.socket;
## Uncomment if unicorn is configured to listen on a tcp port.
## Check the port number in {{GITLAB_INSTALL_DIR}}/config/unicorn.rb
# server 127.0.0.1:8080;
}
server {
listen *:80 default_server; # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea
server_name {{YOUR_SERVER_FQDN}}; # e.g., server_name source.example.com;
server_tokens off; # don't show the version number, a security best practice
root {{GITLAB_INSTALL_DIR}}/public;
# Increase this if you want to upload large attachments
# Or if you want to accept large git objects over http
client_max_body_size {{NGINX_MAX_UPLOAD_SIZE}};
# individual nginx logs for this gitlab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location {{GITLAB_RELATIVE_URL_ROOT}} {
# alias {{GITLAB_INSTALL_DIR}}/public;
# serve static files from defined root folder;.
# @gitlab is a named location for the upstream fallback, see below
try_files $uri $uri/index.html $uri.html @gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location @gitlab {
# If you use https make sure you disable gzip compression
# to be safe against BREACH attack
# gzip off;
proxy_read_timeout 300; # Some requests take more than 30 seconds.
proxy_connect_timeout 300; # Some requests take more than 30 seconds.
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab;
}
# Enable gzip compression as per rails guide: http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
location ~ ^{{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}}assets/(.*) {
alias {{GITLAB_INSTALL_DIR}}/public/assets/$1;
gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
}
error_page 502 /502.html;
}
server {
listen 443 ssl spdy;
## Replace git.example.com with your FQDN.
server_name {{YOUR_SERVER_FQDN}};
server_tokens off;
root {{GITLAB_INSTALL_DIR}}/public;
## Increase this if you want to upload large attachments
## Or if you want to accept large git objects over http
client_max_body_size {{NGINX_MAX_UPLOAD_SIZE}};
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl on;
ssl_certificate {{SSL_CERTIFICATE_PATH}};
ssl_certificate_key {{SSL_KEY_PATH}};
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
## Enable OCSP stapling to reduce the overhead and latency of running SSL.
## Replace with your ssl_trusted_certificate. For more info see:
## - https://medium.com/devops-programming/4445f4862461
## - https://www.ruby-forum.com/topic/4419319
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
# resolver 208.67.222.222 208.67.222.220 valid=300s;
# resolver_timeout 10s;
ssl_prefer_server_ciphers on;
## [Optional] Generate a stronger DHE parameter (recommended):
## cd /etc/ssl/certs
## openssl dhparam -out dhparam.pem 2048
##
ssl_dhparam {{SSL_DHPARAM_PATH}};
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
## Individual nginx logs for this GitLab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location {{GITLAB_RELATIVE_URL_ROOT}} {
# alias {{GITLAB_INSTALL_DIR}}/public;
## Serve static files from defined root folder.
## @gitlab is a named location for the upstream fallback, see below.
try_files $uri $uri/index.html $uri.html @gitlab;
}
## If a file, which is not found in the root folder is requested,
## then the proxy pass the request to the upsteam (gitlab unicorn).
location @gitlab {
## If you use https make sure you disable gzip compression
## to be safe against BREACH attack.
gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab;
}
## Enable gzip compression as per rails guide:
## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
## WARNING: If you are using relative urls do remove the block below
## See config/application.rb under "Relative url support" for the list of
## other files that need to be changed for relative url support
location ~ ^{{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}}assets/(.*) {
alias {{GITLAB_INSTALL_DIR}}/public/assets/$1;
gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
}
error_page 502 /502.html;
}

99
assets/init
View File

@ -14,7 +14,6 @@ GITLAB_PORT=${GITLAB_PORT:-}
GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-$GITLAB_SHELL_SSH_PORT} # for backwards compatibility
GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-22}
GITLAB_HTTPS=${GITLAB_HTTPS:-false}
GITLAB_HTTPS_ONLY=${GITLAB_HTTPS_ONLY:-true}
GITLAB_EMAIL=${GITLAB_EMAIL:-example@example.com}
GITLAB_SIGNUP=${GITLAB_SIGNUP:-false}
GITLAB_SIGNIN=${GITLAB_SIGNIN:-true}
@ -131,12 +130,12 @@ esac
case "${GITLAB_HTTPS}" in
true)
GITLAB_URL="https://${GITLAB_HOST}${GITLAB_PORT:+:$GITLAB_PORT}${GITLAB_RELATIVE_URL_ROOT}/"
GITLAB_PORT=${GITLAB_PORT:-443}
NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-https}
;;
*)
GITLAB_URL="http://${GITLAB_HOST}${GITLAB_PORT:+:$GITLAB_PORT}${GITLAB_RELATIVE_URL_ROOT}/"
GITLAB_PORT=${GITLAB_PORT:-80}
NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-\$scheme}
;;
esac
@ -172,17 +171,14 @@ cd ${GITLAB_INSTALL_DIR}
case "${GITLAB_HTTPS}" in
true)
if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" -a -f "${SSL_DHPARAM_PATH}" ]; then
case "${GITLAB_HTTPS_ONLY}" in
true) cp ${SYSCONF_TEMPLATES_DIR}/nginx/gitlab.https.strict /etc/nginx/sites-available/gitlab ;;
*) cp ${SYSCONF_TEMPLATES_DIR}/nginx/gitlab.https.permissive /etc/nginx/sites-available/gitlab ;;
esac
cp ${SYSCONF_TEMPLATES_DIR}/nginx/gitlab-ssl /etc/nginx/sites-enabled/gitlab
else
echo "SSL keys and certificates were not found."
echo "Assuming that the container is running behind a HTTPS enabled load balancer."
cp ${SYSCONF_TEMPLATES_DIR}/nginx/gitlab /etc/nginx/sites-available/gitlab
cp ${SYSCONF_TEMPLATES_DIR}/nginx/gitlab /etc/nginx/sites-enabled/gitlab
fi
;;
*) cp ${SYSCONF_TEMPLATES_DIR}/nginx/gitlab /etc/nginx/sites-available/gitlab ;;
*) cp ${SYSCONF_TEMPLATES_DIR}/nginx/gitlab /etc/nginx/sites-enabled/gitlab ;;
esac
sudo -u git -H cp ${SYSCONF_TEMPLATES_DIR}/gitlab-shell/config.yml ${GITLAB_SHELL_INSTALL_DIR}/config.yml
@ -198,13 +194,15 @@ sudo -u git -H cp ${SYSCONF_TEMPLATES_DIR}/gitlabhq/smtp_settings.rb config/ini
# override default configuration templates with user templates
case "${GITLAB_HTTPS}" in
true)
case "${GITLAB_HTTPS_ONLY}" in
true) [ -f ${USERCONF_TEMPLATES_DIR}/nginx/gitlab.https.strict ] && cp ${USERCONF_TEMPLATES_DIR}/nginx/gitlab.https.strict /etc/nginx/sites-available/gitlab ;;
*) [ -f ${USERCONF_TEMPLATES_DIR}/nginx/gitlab.https.permissive ] && cp ${USERCONF_TEMPLATES_DIR}/nginx/gitlab.https.permissive /etc/nginx/sites-available/gitlab ;;
esac
if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" -a -f "${SSL_DHPARAM_PATH}" ]; then
[ -f ${USERCONF_TEMPLATES_DIR}/nginx/gitlab-ssl ] && cp ${USERCONF_TEMPLATES_DIR}/nginx/gitlab-ssl /etc/nginx/sites-enabled/gitlab
else
[ -f ${USERCONF_TEMPLATES_DIR}/nginx/gitlab ] && cp ${USERCONF_TEMPLATES_DIR}/nginx/gitlab /etc/nginx/sites-enabled/gitlab
fi
;;
*) [ -f ${USERCONF_TEMPLATES_DIR}/nginx/gitlab ] && cp ${USERCONF_TEMPLATES_DIR}/nginx/gitlab /etc/nginx/sites-available/gitlab ;;
*) [ -f ${USERCONF_TEMPLATES_DIR}/nginx/gitlab ] && cp ${USERCONF_TEMPLATES_DIR}/nginx/gitlab /etc/nginx/sites-enabled/gitlab ;;
esac
[ -f ${USERCONF_TEMPLATES_DIR}/gitlab-shell/config.yml ] && sudo -u git -H cp ${USERCONF_TEMPLATES_DIR}/gitlab-shell/config.yml ${GITLAB_SHELL_INSTALL_DIR}/config.yml
[ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/gitlab.yml ] && sudo -u git -H cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/gitlab.yml config/gitlab.yml
[ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/resque.yml ] && sudo -u git -H cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/resque.yml config/resque.yml
@ -270,24 +268,20 @@ sudo -u git -H git config --global user.name "GitLab"
sudo -u git -H git config --global user.email "${GITLAB_EMAIL}"
sudo -u git -H git config --global core.autocrlf input
# configure server url
# configure application paths
sudo -u git -H sed 's,{{GITLAB_DATA_DIR}},'"${GITLAB_DATA_DIR}"',g' -i config/gitlab.yml
sudo -u git -H sed 's,{{GITLAB_SHELL_INSTALL_DIR}},'"${GITLAB_SHELL_INSTALL_DIR}"',g' -i config/gitlab.yml
# configure gitlab
sudo -u git -H sed 's/{{GITLAB_HOST}}/'"${GITLAB_HOST}"'/' -i config/gitlab.yml
sudo -u git -H sed 's/{{GITLAB_PORT}}/'"${GITLAB_PORT}"'/' -i config/gitlab.yml
sudo -u git -H sed 's/{{GITLAB_HTTPS}}/'"${GITLAB_HTTPS}"'/' -i config/gitlab.yml
sudo -u git -H sed 's/{{GITLAB_EMAIL}}/'"${GITLAB_EMAIL}"'/' -i config/gitlab.yml
sudo -u git -H sed 's/{{GITLAB_BACKUP_EXPIRY}}/'"${GITLAB_BACKUP_EXPIRY}"'/' -i config/gitlab.yml
sudo -u git -H sed 's/{{GITLAB_MAX_SIZE}}/'"${GITLAB_MAX_SIZE}"'/' -i config/gitlab.yml
sudo -u git -H sed 's/{{GITLAB_SSH_PORT}}/'"${GITLAB_SSH_PORT}"'/' -i config/gitlab.yml
if [ "${GITLAB_HTTPS}" == "true" -a "${GITLAB_HTTPS_ONLY}" == "false" ]; then
# hack: allow login over plain http when ssl is enabled. required to work with load balancers.
sudo -u git -H sed 's/secure: Gitlab.config.gitlab.https/secure: false/' -i config/initializers/session_store.rb
fi
# configure gitlab signup configuration
sudo -u git -H sed 's,{{GITLAB_DATA_DIR}},'"${GITLAB_DATA_DIR}"',g' -i config/gitlab.yml
sudo -u git -H sed 's,{{GITLAB_SHELL_INSTALL_DIR}},'"${GITLAB_SHELL_INSTALL_DIR}"',g' -i config/gitlab.yml
sudo -u git -H sed 's/{{GITLAB_SIGNUP}}/'"${GITLAB_SIGNUP}"'/' -i config/gitlab.yml
sudo -u git -H sed 's/{{GITLAB_SIGNIN}}/'"${GITLAB_SIGNIN}"'/' -i config/gitlab.yml
@ -313,6 +307,7 @@ else
echo "Invalid database type: '$DB_TYPE'. Supported choices: [mysql, postgres]."
fi
# configure database connection
sudo -u git -H sed 's/{{DB_HOST}}/'"${DB_HOST}"'/' -i config/database.yml
sudo -u git -H sed 's/{{DB_PORT}}/'"${DB_PORT}"'/' -i config/database.yml
sudo -u git -H sed 's/{{DB_NAME}}/'"${DB_NAME}"'/' -i config/database.yml
@ -328,43 +323,12 @@ sudo -u git -H sed 's/{{REDIS_HOST}}/'"${REDIS_HOST}"'/g' -i config/resque.yml
sudo -u git -H sed 's/{{REDIS_PORT}}/'"${REDIS_PORT}"'/g' -i config/resque.yml
# configure gitlab-shell
sudo -u git -H sed 's,{{GITLAB_URL}},'"${GITLAB_URL}"',' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml
sed 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml
sudo -u git -H sed 's,{{GITLAB_DATA_DIR}},'"${GITLAB_DATA_DIR}"',g' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml
sudo -u git -H sed 's/{{SSL_SELF_SIGNED}}/'"${SSL_SELF_SIGNED}"'/' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml
sudo -u git -H sed 's/{{REDIS_HOST}}/'"${REDIS_HOST}"'/' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml
sudo -u git -H sed 's/{{REDIS_PORT}}/'"${REDIS_PORT}"'/' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml
# hack: make git over ssh work when the default http/https ports are not used.
case "${GITLAB_HTTPS}" in
true)
case "${GITLAB_HTTPS_ONLY}" in
true)
case "${SSL_SELF_SIGNED}" in
true)
# we are using self signed certificates, talk to gitlab over https on localhost
# this will make sure the api access works when the default https port is not used.
sudo -u git -H sed 's,#{config.gitlab_url}/api/v3/internal,https://localhost'${GITLAB_RELATIVE_URL_ROOT}'/api/v3/internal,' -i ${GITLAB_SHELL_INSTALL_DIR}/lib/gitlab_net.rb
;;
*)
# signed https certificates are in use, talk to gitlab using the default gitlab_url.
# hence we are not editing anything here, just using the default.
# ps. when using signed ssl certificates, you **MUST** use the default https port.
;;
esac
;;
*)
# we are not using https only mode, talk to gitlab over plain http on localhost
# using http when available will keep things fast.
sudo -u git -H sed 's,#{config.gitlab_url}/api/v3/internal,http://localhost'${GITLAB_RELATIVE_URL_ROOT}'/api/v3/internal,' -i ${GITLAB_SHELL_INSTALL_DIR}/lib/gitlab_net.rb
;;
esac
;;
*)
# ssl is not being used, talk to gitlab over plain http
sudo -u git -H sed 's,#{config.gitlab_url}/api/v3/internal,http://localhost'${GITLAB_RELATIVE_URL_ROOT}'/api/v3/internal,' -i ${GITLAB_SHELL_INSTALL_DIR}/lib/gitlab_net.rb
;;
esac
# configure unicorn workers
sudo -u git -H sed 's,{{GITLAB_INSTALL_DIR}},'"${GITLAB_INSTALL_DIR}"',g' -i config/unicorn.rb
sudo -u git -H sed 's/{{UNICORN_WORKERS}}/'"${UNICORN_WORKERS}"'/' -i config/unicorn.rb
@ -476,26 +440,27 @@ sudo -u git -H sed 's/{{OAUTH_ALLOW_SSO}}/'"${OAUTH_ALLOW_SSO}"'/' -i config/git
sudo -u git -H sed 's/{{OAUTH_BLOCK_AUTO_CREATED_USERS}}/'"${OAUTH_BLOCK_AUTO_CREATED_USERS}"'/' -i config/gitlab.yml
# configure nginx vhost
sed 's,{{GITLAB_INSTALL_DIR}},'"${GITLAB_INSTALL_DIR}"',g' -i /etc/nginx/sites-available/gitlab
sed 's/{{YOUR_SERVER_FQDN}}/'"${GITLAB_HOST}"'/g' -i /etc/nginx/sites-available/gitlab
sed 's/{{GITLAB_PORT}}/'"${GITLAB_PORT}"'/' -i /etc/nginx/sites-available/gitlab
sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i /etc/nginx/sites-available/gitlab
sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i /etc/nginx/sites-available/gitlab
sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i /etc/nginx/sites-available/gitlab
sed 's/{{NGINX_MAX_UPLOAD_SIZE}}/'"${NGINX_MAX_UPLOAD_SIZE}"'/g' -i /etc/nginx/sites-available/gitlab
sed 's,{{GITLAB_INSTALL_DIR}},'"${GITLAB_INSTALL_DIR}"',g' -i /etc/nginx/sites-enabled/gitlab
sed 's/{{YOUR_SERVER_FQDN}}/'"${GITLAB_HOST}"'/' -i /etc/nginx/sites-enabled/gitlab
sed 's/{{GITLAB_PORT}}/'"${GITLAB_PORT}"'/' -i /etc/nginx/sites-enabled/gitlab
sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i /etc/nginx/sites-enabled/gitlab
sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i /etc/nginx/sites-enabled/gitlab
sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i /etc/nginx/sites-enabled/gitlab
sed 's/{{NGINX_MAX_UPLOAD_SIZE}}/'"${NGINX_MAX_UPLOAD_SIZE}"'/' -i /etc/nginx/sites-enabled/gitlab
sed 's/{{NGINX_X_FORWARDED_PROTO}}/'"${NGINX_X_FORWARDED_PROTO}"'/' -i /etc/nginx/sites-enabled/gitlab
# configure relative_url_root
if [ -n "${GITLAB_RELATIVE_URL_ROOT}" ]; then
sed 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',g' -i /etc/nginx/sites-available/gitlab
sed 's,{{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}},'"${GITLAB_RELATIVE_URL_ROOT}/"',g' -i /etc/nginx/sites-available/gitlab
sed 's,# alias '"${GITLAB_INSTALL_DIR}"'/public,alias '"${GITLAB_INSTALL_DIR}"'/public,g' -i /etc/nginx/sites-available/gitlab
sed 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',' -i /etc/nginx/sites-enabled/gitlab
sed 's,{{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}},'"${GITLAB_RELATIVE_URL_ROOT}/"',' -i /etc/nginx/sites-enabled/gitlab
sed 's,# alias '"${GITLAB_INSTALL_DIR}"'/public,alias '"${GITLAB_INSTALL_DIR}"'/public,' -i /etc/nginx/sites-enabled/gitlab
sudo -u git -H sed 's,# config.relative_url_root = "/gitlab",config.relative_url_root = "'${GITLAB_RELATIVE_URL_ROOT}'",' -i config/application.rb
sudo -u git -H sed 's,# relative_url_root: {{GITLAB_RELATIVE_URL_ROOT}},relative_url_root: '${GITLAB_RELATIVE_URL_ROOT}',' -i config/gitlab.yml
sudo -u git -H sed 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',' -i config/unicorn.rb
else
sed 's,{{GITLAB_RELATIVE_URL_ROOT}},/,g' -i /etc/nginx/sites-available/gitlab
sed 's,{{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}},/,g' -i /etc/nginx/sites-available/gitlab
sed 's,{{GITLAB_RELATIVE_URL_ROOT}},/,' -i /etc/nginx/sites-enabled/gitlab
sed 's,{{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}},/,' -i /etc/nginx/sites-enabled/gitlab
sudo -u git -H sed '/{{GITLAB_RELATIVE_URL_ROOT}}/d' -i config/unicorn.rb
fi

3
assets/setup/install
View File

@ -41,7 +41,7 @@ sudo -u git -H git clone -b v${GITLAB_VERSION} --depth 1 \
cd ${GITLAB_INSTALL_DIR}
# copy default configurations
cp lib/support/nginx/gitlab /etc/nginx/sites-available/gitlab
cp lib/support/nginx/gitlab /etc/nginx/sites-enabled/gitlab
sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
sudo -u git -H cp config/resque.yml.example config/resque.yml
sudo -u git -H cp config/database.yml.mysql config/database.yml
@ -87,7 +87,6 @@ cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
# disable default nginx configuration and enable gitlab's nginx configuration
rm -f /etc/nginx/sites-enabled/default
ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab
# silence setlocale message (#93)
cat > /etc/default/locale <<EOF