archive-gh-me/docker-gitlab
1
0
Fork 0
mirror of https://github.com/sameersbn/docker-gitlab.git synced 2026-01-25 14:08:09 +00:00
Code Issues Projects Releases Wiki Activity

renamed config GITLAB_HTTPS_HSTS_MAXAGE to NGINX_HSTS_MAXAGE

Browse Source
This commit is contained in:
Sameer Naik 2015-12-13 12:19:51 +05:30
parent f926494b6d
commit ac6aa3e84f
5 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Changelog.md
View File

@ -6,6 +6,7 @@ This file only reflects the changes that are made in this image. Please refer to
- `envsubst` is now used for updating the configurations
- renamed config `CA_CERTIFICATES_PATH` to `SSL_CA_CERTIFICATES_PATH`
- renamed config `GITLAB_HTTPS_HSTS_ENABLED` to `NGINX_HSTS_ENABLED`
- renamed config `GITLAB_HTTPS_HSTS_MAXAGE` to `NGINX_HSTS_MAXAGE`
**8.2.3**
- fixed static asset routing when `GITLAB_RELATIVE_URL_ROOT` is used.

6
README.md
View File

@ -547,12 +547,12 @@ In this configuration, any requests made over the plain http protocol will autom
HSTS if supported by the browsers makes sure that your users will only reach your sever via HTTPS. When the user comes for the first time it sees a header from the server which states for how long from now this site should only be reachable via HTTPS - that's the HSTS max-age value.
With `GITLAB_HTTPS_HSTS_MAXAGE` you can configure that value. The default value is `31536000` seconds. If you want to disable a already sent HSTS MAXAGE value, set it to `0`.
With `NGINX_HSTS_MAXAGE` you can configure that value. The default value is `31536000` seconds. If you want to disable a already sent HSTS MAXAGE value, set it to `0`.
```bash
docker run --name gitlab -d \
--env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \
--env 'GITLAB_HTTPS_HSTS_MAXAGE=2592000' \
--env 'NGINX_HSTS_MAXAGE=2592000' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:8.2.3
```
@ -787,7 +787,6 @@ Below is the complete list of available options that can be used to customize yo
- **GITLAB_SSH_PORT**: The ssh port number. Defaults to `22`.
- **GITLAB_RELATIVE_URL_ROOT**: The relative url of the GitLab server, e.g. `/git`. No default.
- **GITLAB_HTTPS**: Set to `true` to enable https support, disabled by default.
- **GITLAB_HTTPS_HSTS_MAXAGE**: Advanced configuration option for setting the HSTS max-age in the gitlab nginx vHost configuration. Applicable only when SSL is in use. Defaults to `31536000`.
- **SSL_SELF_SIGNED**: Set to `true` when using self signed ssl certificates. `false` by default.
- **SSL_CERTIFICATE_PATH**: Location of the ssl certificate. Defaults to `/home/git/data/certs/gitlab.crt`
- **SSL_KEY_PATH**: Location of the ssl private key. Defaults to `/home/git/data/certs/gitlab.key`
@ -796,6 +795,7 @@ Below is the complete list of available options that can be used to customize yo
- **SSL_CA_CERTIFICATES_PATH**: List of SSL certificates to trust. Defaults to `/home/git/data/certs/ca.crt`.
- **NGINX_WORKERS**: The number of nginx workers to start. Defaults to `1`.
- **NGINX_HSTS_ENABLED**: Advanced configuration option for turning off the HSTS configuration. Applicable only when SSL is in use. Defaults to `true`. See [#138](https://github.com/sameersbn/docker-gitlab/issues/138) for use case scenario.
- **NGINX_HSTS_MAXAGE**: Advanced configuration option for setting the HSTS max-age in the gitlab nginx vHost configuration. Applicable only when SSL is in use. Defaults to `31536000`.
- **NGINX_PROXY_BUFFERING**: Enable `proxy_buffering`. Defaults to `off`.
- **NGINX_ACCEL_BUFFERING**: Enable `X-Accel-Buffering` header. Default to `no`
- **NGINX_MAX_UPLOAD_SIZE**: Maximum acceptable upload size. Defaults to `20m`.

2
assets/runtime/config/nginx/gitlab-ssl
View File

@ -90,7 +90,7 @@ server {
ssl_session_timeout 5m;
## See app/controllers/application_controller.rb for headers set
add_header Strict-Transport-Security max-age={{GITLAB_HTTPS_HSTS_MAXAGE}};
add_header Strict-Transport-Security max-age={{NGINX_HSTS_MAXAGE}};
## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
## Replace with your ssl_trusted_certificate. For more info see:

3
assets/runtime/env-defaults
View File

@ -27,7 +27,8 @@ GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-22}
NGINX_HSTS_ENABLED=${NGINX_HSTS_ENABLED:-$GITLAB_HTTPS_HSTS_ENABLED} # backward compatibility
NGINX_HSTS_ENABLED=${NGINX_HSTS_ENABLED:-true}
GITLAB_HTTPS_HSTS_MAXAGE=${GITLAB_HTTPS_HSTS_MAXAGE:-31536000}
NGINX_HSTS_MAXAGE=${NGINX_HSTS_MAXAGE:-$GITLAB_HTTPS_HSTS_MAXAGE} # backward compatibility
NGINX_HSTS_MAXAGE=${NGINX_HSTS_MAXAGE:-31536000}
## DATABASE
DB_ADAPTER=${DB_ADAPTER:-}

4
assets/runtime/functions
View File

@ -698,7 +698,7 @@ nginx_configure_gitlab_ssl() {
fi
if [[ ${NGINX_HSTS_ENABLED} != true ]]; then
sed -i "/{{GITLAB_HTTPS_HSTS_MAXAGE}}/d" ${GITLAB_NGINX_CONFIG}
sed -i "/{{NGINX_HSTS_MAXAGE}}/d" ${GITLAB_NGINX_CONFIG}
fi
update_template ${GITLAB_NGINX_CONFIG} \
@ -707,7 +707,7 @@ nginx_configure_gitlab_ssl() {
SSL_DHPARAM_PATH \
SSL_VERIFY_CLIENT \
SSL_CA_CERTIFICATES_PATH \
GITLAB_HTTPS_HSTS_MAXAGE
NGINX_HSTS_MAXAGE
fi
}