archive-gh-me/docker-gitlab
1
0
Fork 0
mirror of https://github.com/sameersbn/docker-gitlab.git synced 2026-01-18 13:58:25 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'hsts-config'

Browse Source 
Closes #138
This commit is contained in:
Sameer Naik 2014-09-19 15:55:53 +05:30
commit 9458cb6dae
4 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Changelog.md
View File

@ -1,6 +1,8 @@
# Changelog
**latest**
- added HSTS_ENABLED configuration option (advanced config)
- added HSTS_MAX_AGE configuration option (advanced config)
- upgrade to gitlab-shell 1.9.8
- purge development packages after install. shaves off ~300MB from the image.
- rebase image on sameersbn/debian:jessie.20140918 base image

2
README.md
View File

@ -758,6 +758,8 @@ Below is the complete list of available options that can be used to customize yo
- **CA_CERTIFICATES_PATH**: List of SSL certificates to trust. Defaults to `/home/git/data/certs/ca.crt`.
- **NGINX_MAX_UPLOAD_SIZE**: Maximum acceptable upload size. Defaults to `20m`.
- **NGINX_X_FORWARDED_PROTO**: Advanced configuration option for the `proxy_set_header X-Forwarded-Proto` setting in the gitlab nginx vHost configuration. Defaults to `https` when `GITLAB_HTTPS` is `true`, else defaults to `$scheme`.
- **HSTS_ENABLED**: Advanced configuration option for turning off the HSTS configuration. Applicable only when SSL is in use. Defaults to `true`. See #138 for use case scenario.
- **HSTS_MAX_AGE**: Advanced configuration option for setting the HSTS max-age in the gitlab nginx vHost configuration. Applicable only when SSL is in use. Defaults to `31536000`.
- **REDIS_HOST**: The hostname of the redis server. Defaults to `localhost`
- **REDIS_PORT**: The connection port of the redis server. Defaults to `6379`.
- **UNICORN_WORKERS**: The number of unicorn workers to start. Defaults to `2`.

2
assets/config/nginx/gitlab-ssl
View File

@ -110,7 +110,7 @@ server {
##
ssl_dhparam {{SSL_DHPARAM_PATH}};
add_header Strict-Transport-Security max-age=63072000;
add_header Strict-Transport-Security max-age={{HSTS_MAX_AGE}};
# add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

9
assets/init
View File

@ -82,6 +82,9 @@ LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-}
LDAP_BASE=${LDAP_BASE:-}
LDAP_USER_FILTER=${LDAP_USER_FILTER:-}
HSTS_ENABLED=${HSTS_ENABLED:-true}
HSTS_MAX_AGE=${HSTS_MAXAGE:-31536000}
REDMINE_URL=${REDMINE_URL:-}
JIRA_URL=${JIRA_URL:-}
@ -457,6 +460,12 @@ sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i /etc/nginx/sites-enable
sed 's/{{NGINX_MAX_UPLOAD_SIZE}}/'"${NGINX_MAX_UPLOAD_SIZE}"'/' -i /etc/nginx/sites-enabled/gitlab
sed 's/{{NGINX_X_FORWARDED_PROTO}}/'"${NGINX_X_FORWARDED_PROTO}"'/' -i /etc/nginx/sites-enabled/gitlab
if [ "${HSTS_ENABLED}" == "true" ]; then
sed 's/{{HSTS_MAX_AGE}}/'"${HSTS_MAX_AGE}"'/' -i /etc/nginx/sites-enabled/gitlab
else
sed '/{{HSTS_MAX_AGE}}/d' -i /etc/nginx/sites-enabled/gitlab
fi
# configure relative_url_root
if [ -n "${GITLAB_RELATIVE_URL_ROOT}" ]; then
sed 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',' -i /etc/nginx/sites-enabled/gitlab