Merge branch 'code-restructure' into 'master'

Restructured repo and code for better readability and maintenance



See merge request !1

Dockerfile

@@ -7,13 +7,15 @@ ENV GITLAB_VERSION=8.1.4 \
     GITLAB_USER="git" \
     GITLAB_HOME="/home/git" \
     GITLAB_LOG_DIR="/var/log/gitlab" \
-    SETUP_DIR="/var/cache/gitlab" \
+    GITLAB_CACHE_DIR="/etc/docker-gitlab" \
     RAILS_ENV=production
 
 ENV GITLAB_INSTALL_DIR="${GITLAB_HOME}/gitlab" \
     GITLAB_SHELL_INSTALL_DIR="${GITLAB_HOME}/gitlab-shell" \
     GITLAB_GIT_HTTP_SERVER_INSTALL_DIR="${GITLAB_HOME}/gitlab-git-http-server" \
-    GITLAB_DATA_DIR="${GITLAB_HOME}/data"
+    GITLAB_DATA_DIR="${GITLAB_HOME}/data" \
+    GITLAB_BUILD_DIR="${GITLAB_CACHE_DIR}/build" \
+    GITLAB_RUNTIME_DIR="${GITLAB_CACHE_DIR}/runtime"
 
 RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv E1DD270288B4E6030699E45FA1715D88E1DF1F24 \
  && echo "deb http://ppa.launchpad.net/git-core/ppa/ubuntu trusty main" >> /etc/apt/sources.list \
@@ -36,10 +38,10 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv E1DD270288B4E60
  && gem install --no-document bundler \
  && rm -rf /var/lib/apt/lists/*
 
-COPY assets/setup/ ${SETUP_DIR}/
-RUN bash ${SETUP_DIR}/install.sh
+COPY assets/build/ ${GITLAB_BUILD_DIR}/
+RUN bash ${GITLAB_BUILD_DIR}/install.sh
 
-COPY assets/config/ ${SETUP_DIR}/config/
+COPY assets/runtime/ ${GITLAB_RUNTIME_DIR}/
 COPY entrypoint.sh /sbin/entrypoint.sh
 RUN chmod 755 /sbin/entrypoint.sh
 

README.md

@@ -91,7 +91,7 @@ wget -qO- https://get.docker.com/ | sh
 
 Fedora and RHEL/CentOS users should try disabling selinux with `setenforce 0` and check if resolves the issue. If it does than there is not much that I can help you with. You can either stick with selinux disabled (not recommended by redhat) or switch to using ubuntu.
 
-You may also set `DEBUG_ENTRYPOINT=true` to enable debugging of the entrypoint script, which could help you pin point any configuration issues.
+You may also set `DEBUG=true` to enable debugging of the entrypoint script, which could help you pin point any configuration issues.
 
 If using the latest docker version and/or disabling selinux does not fix the issue then please file a issue request on the [issues](https://github.com/sameersbn/docker-gitlab/issues) page.
 
@@ -749,7 +749,7 @@ These options should contain something like:
 
 Below is the complete list of available options that can be used to customize your gitlab installation.
 
-- **DEBUG_ENTRYPOINT**: Set this to `true` to enable entrypoint debugging.
+- **DEBUG**: Set this to `true` to enable entrypoint debugging.
 - **GITLAB_HOST**: The hostname of the GitLab server. Defaults to `localhost`
 - **GITLAB_CI_HOST**: If you are migrating from GitLab CI use this parameter to configure the redirection to the GitLab service so that your existing runners continue to work without any changes. No defaults.
 - **GITLAB_PORT**: The port of the GitLab server. This value indicates the public port on which the GitLab application will be accessible on the network and appropriately configures GitLab to generate the correct urls. It does not affect the port on which the internal nginx server will be listening on. Defaults to `443` if `GITLAB_HTTPS=true`, else defaults to `80`.

assets/build/install.sh

@@ -1,21 +1,26 @@
 #!/bin/bash
 set -e
 
-GEM_CACHE_DIR="${SETUP_DIR}/cache.${GITLAB_VERSION}"
+GEM_CACHE_DIR="${GITLAB_BUILD_DIR}/cache.${GITLAB_VERSION%.*}"
 
-# add golang1.5 ppa
-apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv B0B8B106A0CA2F79FBB616DBA65E2E5D742A38EE
-echo "deb http://ppa.launchpad.net/evarlast/golang1.5/ubuntu trusty main" >> /etc/apt/sources.list
-
-# rebuild apt cache
-apt-get update
-
-# install build dependencies for gem installation
-DEBIAN_FRONTEND=noninteractive apt-get install -y gcc g++ make patch pkg-config cmake paxctl \
+BUILD_DEPENDENCIES="gcc g++ make patch pkg-config cmake paxctl \
   libc6-dev ruby2.1-dev golang-go \
   libmysqlclient-dev libpq-dev zlib1g-dev libyaml-dev libssl-dev \
   libgdbm-dev libreadline-dev libncurses5-dev libffi-dev \
-  libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev
+  libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev"
+
+## Execute a command as GITLAB_USER
+exec_as_git() {
+  sudo -HEu ${GITLAB_USER} "$@"
+}
+
+# ppa for golang1.5
+apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv B0B8B106A0CA2F79FBB616DBA65E2E5D742A38EE
+echo "deb http://ppa.launchpad.net/evarlast/golang1.5/ubuntu trusty main" >> /etc/apt/sources.list
+
+# install build dependencies for gem installation
+apt-get update
+DEBIAN_FRONTEND=noninteractive apt-get install -y ${BUILD_DEPENDENCIES}
 
 # https://en.wikibooks.org/wiki/Grsecurity/Application-specific_Settings#Node.js
 paxctl -Cm `which nodejs`
@@ -32,107 +37,95 @@ cat >> ${GITLAB_HOME}/.profile <<EOF
 PATH=/usr/local/sbin:/usr/local/bin:\$PATH
 EOF
 
-rm -rf ${GITLAB_HOME}/.ssh
-sudo -HEu ${GITLAB_USER} mkdir -p ${GITLAB_DATA_DIR}/.ssh
-sudo -HEu ${GITLAB_USER} ln -s ${GITLAB_DATA_DIR}/.ssh ${GITLAB_HOME}/.ssh
-
-# create the data store
-sudo -HEu ${GITLAB_USER} mkdir -p ${GITLAB_DATA_DIR}
-
-# configure git for the 'git' user
-sudo -HEu ${GITLAB_USER} git config --global core.autocrlf input
+# configure git for ${GITLAB_USER}
+exec_as_git git config --global core.autocrlf input
 
 # install gitlab-shell
 echo "Cloning gitlab-shell v.${GITLAB_SHELL_VERSION}..."
-sudo -u git -H git clone -q -b v${GITLAB_SHELL_VERSION} --depth 1 \
+exec_as_git git clone -q -b v${GITLAB_SHELL_VERSION} --depth 1 \
   https://github.com/gitlabhq/gitlab-shell.git ${GITLAB_SHELL_INSTALL_DIR}
 
 cd ${GITLAB_SHELL_INSTALL_DIR}
-sudo -u git -H cp -a config.yml.example config.yml
-sudo -u git -H ./bin/install
+exec_as_git cp -a ${GITLAB_SHELL_INSTALL_DIR}/config.yml.example ${GITLAB_SHELL_INSTALL_DIR}/config.yml
+exec_as_git ./bin/install
 
 echo "Cloning gitlab-git-http-server v.${GITLAB_GIT_HTTP_SERVER_VERSION}..."
-sudo -u git -H git clone -q -b ${GITLAB_GIT_HTTP_SERVER_VERSION} --depth 1 \
+exec_as_git git clone -q -b ${GITLAB_GIT_HTTP_SERVER_VERSION} --depth 1 \
   https://gitlab.com/gitlab-org/gitlab-git-http-server.git ${GITLAB_GIT_HTTP_SERVER_INSTALL_DIR}
+
 cd ${GITLAB_GIT_HTTP_SERVER_INSTALL_DIR}
-sudo -u git -H make
+exec_as_git make
 
 # shallow clone gitlab-ce
 echo "Cloning gitlab-ce v.${GITLAB_VERSION}..."
-sudo -HEu ${GITLAB_USER} git clone -q -b v${GITLAB_VERSION} --depth 1 \
+exec_as_git git clone -q -b v${GITLAB_VERSION} --depth 1 \
   https://github.com/gitlabhq/gitlabhq.git ${GITLAB_INSTALL_DIR}
 
+# remove HSTS config from the default headers, we configure it in nginx
+exec_as_git sed -i "/headers\['Strict-Transport-Security'\]/d" ${GITLAB_INSTALL_DIR}/app/controllers/application_controller.rb
+
 cd ${GITLAB_INSTALL_DIR}
 
-# remove HSTS config from the default headers, we configure it in nginx
-sed "/headers\['Strict-Transport-Security'\]/d" -i app/controllers/application_controller.rb
-
-# copy default configurations
-cp lib/support/nginx/gitlab /etc/nginx/sites-enabled/gitlab
-sudo -HEu ${GITLAB_USER} cp config/gitlab.yml.example config/gitlab.yml
-sudo -HEu ${GITLAB_USER} cp config/resque.yml.example config/resque.yml
-sudo -HEu ${GITLAB_USER} cp config/database.yml.mysql config/database.yml
-sudo -HEu ${GITLAB_USER} cp config/unicorn.rb.example config/unicorn.rb
-sudo -HEu ${GITLAB_USER} cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb
-sudo -HEu ${GITLAB_USER} cp config/initializers/smtp_settings.rb.sample config/initializers/smtp_settings.rb
-
-# install gems required by gitlab, use local cache if available
+# install gems, use local cache if available
 if [[ -d ${GEM_CACHE_DIR} ]]; then
-  mv ${GEM_CACHE_DIR} vendor/cache
-  chown -R ${GITLAB_USER}:${GITLAB_USER} vendor/cache
+  mv ${GEM_CACHE_DIR} ${GITLAB_INSTALL_DIR}/vendor/cache
+  chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_INSTALL_DIR}/vendor/cache
 fi
-sudo -HEu ${GITLAB_USER} bundle install -j$(nproc) --deployment --without development test aws
+exec_as_git bundle install -j$(nproc) --deployment --without development test aws
 
-# make sure everything in ${GITLAB_HOME} is owned by the git user
+# make sure everything in ${GITLAB_HOME} is owned by ${GITLAB_USER} user
 chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_HOME}/
 
-# compile assets
+# gitlab.yml and database.yml are required for `assets:precompile`
+exec_as_git cp ${GITLAB_INSTALL_DIR}/config/gitlab.yml.example ${GITLAB_INSTALL_DIR}/config/gitlab.yml
+exec_as_git cp ${GITLAB_INSTALL_DIR}/config/database.yml.mysql ${GITLAB_INSTALL_DIR}/config/database.yml
+
 echo "Compiling assets. Please be patient, this could take a while..."
-sudo -HEu ${GITLAB_USER} bundle exec rake assets:clean assets:precompile >/dev/null 2>&1
+exec_as_git bundle exec rake assets:clean assets:precompile >/dev/null 2>&1
 
-# symlink log -> ${GITLAB_LOG_DIR}/gitlab
-rm -rf log
-ln -sf ${GITLAB_LOG_DIR}/gitlab log
+# remove auto generated ${GITLAB_DATA_DIR}/config/secrets.yml
+rm -rf ${GITLAB_DATA_DIR}/config/secrets.yml
 
-# create required tmp directories
-sudo -HEu ${GITLAB_USER} mkdir -p tmp/pids/ tmp/sockets/
-chmod -R u+rwX tmp
+exec_as_git mkdir -p ${GITLAB_INSTALL_DIR}/tmp/pids/ ${GITLAB_INSTALL_DIR}/tmp/sockets/
+chmod -R u+rwX ${GITLAB_INSTALL_DIR}/tmp
 
-# create symlink to uploads directory
-rm -rf public/uploads
-sudo -HEu ${GITLAB_USER} ln -s ${GITLAB_DATA_DIR}/uploads public/uploads
+# symlink ${GITLAB_HOME}/.ssh -> ${GITLAB_LOG_DIR}/gitlab
+rm -rf ${GITLAB_HOME}/.ssh
+exec_as_git ln -sf ${GITLAB_DATA_DIR}/.ssh ${GITLAB_HOME}/.ssh
 
-# create symlink to .secret in GITLAB_DATA_DIR
-rm -rf .secret
-sudo -HEu ${GITLAB_USER} ln -sf ${GITLAB_DATA_DIR}/.secret
+# symlink ${GITLAB_INSTALL_DIR}/log -> ${GITLAB_LOG_DIR}/gitlab
+rm -rf ${GITLAB_INSTALL_DIR}/log
+ln -sf ${GITLAB_LOG_DIR}/gitlab ${GITLAB_INSTALL_DIR}/log
 
-# remove auto generated config/secrets.yml
-rm -rf config/secrets.yml
+# symlink ${GITLAB_INSTALL_DIR}/public/uploads -> ${GITLAB_DATA_DIR}/uploads
+rm -rf ${GITLAB_INSTALL_DIR}/public/uploads
+exec_as_git ln -sf ${GITLAB_DATA_DIR}/uploads ${GITLAB_INSTALL_DIR}/public/uploads
 
-# install gitlab bootscript
-cp lib/support/init.d/gitlab /etc/init.d/gitlab
+# symlink ${GITLAB_INSTALL_DIR}/.secret -> ${GITLAB_DATA_DIR}/.secret
+rm -rf ${GITLAB_INSTALL_DIR}/.secret
+exec_as_git ln -sf ${GITLAB_DATA_DIR}/.secret ${GITLAB_INSTALL_DIR}/.secret
+
+
+# install gitlab bootscript, to silence gitlab:check warnings
+cp ${GITLAB_INSTALL_DIR}/lib/support/init.d/gitlab /etc/init.d/gitlab
 chmod +x /etc/init.d/gitlab
 
 # disable default nginx configuration and enable gitlab's nginx configuration
-rm -f /etc/nginx/sites-enabled/default
+rm -rf /etc/nginx/sites-enabled/default
 
-# disable pam authentication for sshd
-sed 's/UsePAM yes/UsePAM no/' -i /etc/ssh/sshd_config
-sed 's/UsePrivilegeSeparation yes/UsePrivilegeSeparation no/' -i /etc/ssh/sshd_config
+# configure sshd
+sed -i 's/^[#]*UsePAM yes/UsePAM no/' /etc/ssh/sshd_config
+sed -i 's/^[#]*UsePrivilegeSeparation yes/UsePrivilegeSeparation no/' /etc/ssh/sshd_config
+sed -i 's/^[#]*PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
+sed -i 's/^[#]*LogLevel INFO/LogLevel VERBOSE/' /etc/ssh/sshd_config
 echo "UseDNS no" >> /etc/ssh/sshd_config
 
-# permit password login
-sed 's/#PasswordAuthentication yes/PasswordAuthentication no/' -i /etc/ssh/sshd_config
-
-# configure verbose logging for sshd
-sed 's/LogLevel INFO/LogLevel VERBOSE/' -i /etc/ssh/sshd_config
-
 # move supervisord.log file to ${GITLAB_LOG_DIR}/supervisor/
-sed 's|^logfile=.*|logfile='"${GITLAB_LOG_DIR}"'/supervisor/supervisord.log ;|' -i /etc/supervisor/supervisord.conf
+sed -i 's|^[#]*logfile=.*|logfile='"${GITLAB_LOG_DIR}"'/supervisor/supervisord.log ;|' /etc/supervisor/supervisord.conf
 
 # move nginx logs to ${GITLAB_LOG_DIR}/nginx
-sed 's|access_log /var/log/nginx/access.log;|access_log '"${GITLAB_LOG_DIR}"'/nginx/access.log;|' -i /etc/nginx/nginx.conf
-sed 's|error_log /var/log/nginx/error.log;|error_log '"${GITLAB_LOG_DIR}"'/nginx/error.log;|' -i /etc/nginx/nginx.conf
+sed -i 's|access_log /var/log/nginx/access.log;|access_log '"${GITLAB_LOG_DIR}"'/nginx/access.log;|' /etc/nginx/nginx.conf
+sed -i 's|error_log /var/log/nginx/error.log;|error_log '"${GITLAB_LOG_DIR}"'/nginx/error.log;|' /etc/nginx/nginx.conf
 
 # configure supervisord log rotation
 cat > /etc/logrotate.d/supervisord <<EOF
@@ -301,12 +294,6 @@ stdout_logfile=${GITLAB_LOG_DIR}/supervisor/%(program_name)s.log
 stderr_logfile=${GITLAB_LOG_DIR}/supervisor/%(program_name)s.log
 EOF
 
-# purge build dependencies
-apt-get purge -y --auto-remove gcc g++ make patch pkg-config cmake paxctl \
-  libc6-dev ruby2.1-dev golang-go \
-  libmysqlclient-dev libpq-dev zlib1g-dev libyaml-dev libssl-dev \
-  libgdbm-dev libreadline-dev libncurses5-dev libffi-dev \
-  libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev
-
-# cleanup
+# purge build dependencies and cleanup apt
+apt-get purge -y --auto-remove ${BUILD_DEPENDENCIES}
 rm -rf /var/lib/apt/lists/*

assets/runtime/env-defaults

@@ -0,0 +1,235 @@
+#!/bin/bash
+
+DEBUG=${DEBUG:-$DEBUG_ENTRYPOINT}
+
+## GITLAB CORE
+GITLAB_BACKUP_DIR="${GITLAB_BACKUP_DIR:-$GITLAB_DATA_DIR/backups}"
+GITLAB_REPOS_DIR="${GITLAB_REPOS_DIR:-$GITLAB_DATA_DIR/repositories}"
+GITLAB_BUILDS_DIR="${GITLAB_BUILDS_DIR:-$GITLAB_DATA_DIR/builds}"
+
+GITLAB_HTTPS=${GITLAB_HTTPS:-false}
+GITLAB_HOST=${GITLAB_HOST:-localhost}
+GITLAB_CI_HOST=${GITLAB_CI_HOST:-}
+GITLAB_PORT=${GITLAB_PORT:-}
+if [[ $GITLAB_HTTPS == true ]]; then
+  GITLAB_PORT=${GITLAB_PORT:-443}
+else
+  GITLAB_PORT=${GITLAB_PORT:-80}
+fi
+
+## SSH
+GITLAB_SSH_HOST=${GITLAB_SSH_HOST:-$GITLAB_HOST}
+GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-$GITLAB_SHELL_SSH_PORT} # for backwards compatibility
+GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-22}
+
+GITLAB_HTTPS_HSTS_ENABLED=${GITLAB_HTTPS_HSTS_ENABLED:-true}
+GITLAB_HTTPS_HSTS_MAXAGE=${GITLAB_HTTPS_HSTS_MAXAGE:-31536000}
+
+## DATABASE
+DB_TYPE=${DB_TYPE:-}
+DB_HOST=${DB_HOST:-}
+DB_PORT=${DB_PORT:-}
+DB_NAME=${DB_NAME:-}
+DB_USER=${DB_USER:-}
+DB_PASS=${DB_PASS:-}
+DB_POOL=${DB_POOL:-10}
+
+## REDIS
+REDIS_HOST=${REDIS_HOST:-}
+REDIS_PORT=${REDIS_PORT:-}
+
+## SIDEKIQ
+SIDEKIQ_SHUTDOWN_TIMEOUT=${SIDEKIQ_SHUTDOWN_TIMEOUT:-4}
+SIDEKIQ_CONCURRENCY=${SIDEKIQ_CONCURRENCY:-25}
+SIDEKIQ_MEMORY_KILLER_MAX_RSS=${SIDEKIQ_MEMORY_KILLER_MAX_RSS:-1000000}
+
+## UNICORN
+UNICORN_WORKERS=${UNICORN_WORKERS:-3}
+UNICORN_TIMEOUT=${UNICORN_TIMEOUT:-60}
+
+##
+GITLAB_TIMEZONE=${GITLAB_TIMEZONE:-UTC}
+GITLAB_USERNAME_CHANGE=${GITLAB_USERNAME_CHANGE:-true}
+GITLAB_CREATE_GROUP=${GITLAB_CREATE_GROUP:-true}
+GITLAB_PROJECTS_ISSUES=${GITLAB_PROJECTS_ISSUES:-true}
+GITLAB_PROJECTS_MERGE_REQUESTS=${GITLAB_PROJECTS_MERGE_REQUESTS:-true}
+GITLAB_PROJECTS_WIKI=${GITLAB_PROJECTS_WIKI:-true}
+GITLAB_PROJECTS_SNIPPETS=${GITLAB_PROJECTS_SNIPPETS:-false}
+GITLAB_RELATIVE_URL_ROOT=${GITLAB_RELATIVE_URL_ROOT:-}
+GITLAB_WEBHOOK_TIMEOUT=${GITLAB_WEBHOOK_TIMEOUT:-10}
+GITLAB_TIMEOUT=${GITLAB_TIMEOUT:-10}
+
+GITLAB_SECRETS_DB_KEY_BASE=${GITLAB_SECRETS_DB_KEY_BASE:-}
+GITLAB_NOTIFY_ON_BROKEN_BUILDS=${GITLAB_NOTIFY_ON_BROKEN_BUILDS:-true}
+GITLAB_NOTIFY_PUSHER=${GITLAB_NOTIFY_PUSHER:-false}
+
+GITLAB_ROBOTS_PATH=${GITLAB_ROBOTS_PATH:-${USERCONF_TEMPLATES_DIR}/gitlabhq/robots.txt}
+
+## SSL
+SSL_SELF_SIGNED=${SSL_SELF_SIGNED:-false}
+SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-$GITLAB_DATA_DIR/certs/gitlab.crt}
+SSL_KEY_PATH=${SSL_KEY_PATH:-$GITLAB_DATA_DIR/certs/gitlab.key}
+SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-$GITLAB_DATA_DIR/certs/dhparam.pem}
+SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
+
+CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-$GITLAB_DATA_DIR/certs/ca.crt}
+
+## BACKUPS
+GITLAB_BACKUPS=${GITLAB_BACKUPS:-disable}
+GITLAB_BACKUP_TIME=${GITLAB_BACKUP_TIME:-04:00}
+GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-}
+GITLAB_BACKUP_ARCHIVE_PERMISSIONS=${GITLAB_BACKUP_ARCHIVE_PERMISSIONS:-0600}
+case ${GITLAB_BACKUPS} in
+  daily|weekly|monthly) GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-604800} ;;
+  disable|*) GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-0} ;;
+esac
+
+### AWS BACKUPS
+AWS_BACKUPS=${AWS_BACKUPS:-false}
+AWS_BACKUP_REGION=${AWS_BACKUP_REGION}
+AWS_BACKUP_ACCESS_KEY_ID=${AWS_BACKUP_ACCESS_KEY_ID}
+AWS_BACKUP_SECRET_ACCESS_KEY=${AWS_BACKUP_SECRET_ACCESS_KEY}
+AWS_BACKUP_BUCKET=${AWS_BACKUP_BUCKET}
+
+## NGINX
+NGINX_WORKERS=${NGINX_WORKERS:-1}
+NGINX_ACCEL_BUFFERING=${NGINX_ACCEL_BUFFERING:-no}
+NGINX_PROXY_BUFFERING=${NGINX_PROXY_BUFFERING:-off}
+NGINX_MAX_UPLOAD_SIZE=${NGINX_MAX_UPLOAD_SIZE:-20m}
+GITLAB_MAX_SIZE=$(echo $NGINX_MAX_UPLOAD_SIZE |sed -e "s/^ *\([0-9]*\)[mMkKgG] *$/\1/g" )
+case "$NGINX_MAX_UPLOAD_SIZE" in
+  *[kK] ) GITLAB_MAX_SIZE=$(($GITLAB_MAX_SIZE * 1024));;
+  *[mM] ) GITLAB_MAX_SIZE=$(($GITLAB_MAX_SIZE * 1048576));;
+  *[gG] ) GITLAB_MAX_SIZE=$(($GITLAB_MAX_SIZE * 1073741824));;
+esac
+case ${GITLAB_HTTPS} in
+  true) NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-https} ;;
+  *)    NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-\$scheme} ;;
+esac
+
+## MAIL DELIVERY
+SMTP_DOMAIN=${SMTP_DOMAIN:-www.gmail.com}
+SMTP_HOST=${SMTP_HOST:-smtp.gmail.com}
+SMTP_PORT=${SMTP_PORT:-587}
+SMTP_USER=${SMTP_USER:-}
+SMTP_PASS=${SMTP_PASS:-}
+SMTP_OPENSSL_VERIFY_MODE=${SMTP_OPENSSL_VERIFY_MODE:-none}
+SMTP_STARTTLS=${SMTP_STARTTLS:-true}
+SMTP_TLS=${SMTP_TLS:-false}
+SMTP_CA_ENABLED=${SMTP_CA_ENABLED:-false}
+SMTP_CA_PATH=${SMTP_CA_PATH:-$GITLAB_DATA_DIR/certs}
+SMTP_CA_FILE=${SMTP_CA_FILE:-$GITLAB_DATA_DIR/certs/ca.crt}
+if [[ -n ${SMTP_USER} ]]; then
+  SMTP_ENABLED=${SMTP_ENABLED:-true}
+  SMTP_AUTHENTICATION=${SMTP_AUTHENTICATION:-login}
+fi
+SMTP_ENABLED=${SMTP_ENABLED:-false}
+GITLAB_EMAIL_ENABLED=${GITLAB_EMAIL_ENABLED:-${SMTP_ENABLED}}
+GITLAB_EMAIL=${GITLAB_EMAIL:-${SMTP_USER}}
+GITLAB_EMAIL_REPLY_TO=${GITLAB_EMAIL_REPLY_TO:-${GITLAB_EMAIL}}
+GITLAB_EMAIL=${GITLAB_EMAIL:-example@example.com}
+GITLAB_EMAIL_REPLY_TO=${GITLAB_EMAIL_REPLY_TO:-noreply@example.com}
+GITLAB_EMAIL_DISPLAY_NAME=${GITLAB_EMAIL_DISPLAY_NAME:-GitLab}
+
+## INCOMING MAIL
+IMAP_HOST=${IMAP_HOST:-imap.gmail.com}
+IMAP_PORT=${IMAP_PORT:-993}
+IMAP_USER=${IMAP_USER:-}
+IMAP_PASS=${IMAP_PASS:-}
+IMAP_SSL=${IMAP_SSL:-true}
+IMAP_STARTTLS=${IMAP_STARTTLS:-false}
+IMAP_MAILBOX=${IMAP_MAILBOX:-inbox}
+if [[ -n ${IMAP_USER} ]]; then
+  IMAP_ENABLED=${IMAP_ENABLED:-true}
+fi
+IMAP_ENABLED=${IMAP_ENABLED:-false}
+GITLAB_INCOMING_EMAIL_ENABLED=${GITLAB_INCOMING_EMAIL_ENABLED:-${IMAP_ENABLED}}
+GITLAB_INCOMING_EMAIL_ADDRESS=${GITLAB_INCOMING_EMAIL_ADDRESS:-${IMAP_USER}}
+GITLAB_INCOMING_EMAIL_ADDRESS=${GITLAB_INCOMING_EMAIL_ADDRESS:-reply@example.com}
+if ! grep -q '+%{key}@' <<< $GITLAB_INCOMING_EMAIL_ADDRESS; then
+  GITLAB_INCOMING_EMAIL_ADDRESS=$(sed 's/@/+%{key}@/' <<< $GITLAB_INCOMING_EMAIL_ADDRESS)
+fi
+
+## LDAP
+LDAP_ENABLED=${LDAP_ENABLED:-false}
+LDAP_HOST=${LDAP_HOST:-}
+LDAP_PORT=${LDAP_PORT:-389}
+LDAP_UID=${LDAP_UID:-sAMAccountName}
+LDAP_METHOD=${LDAP_METHOD:-plain}
+LDAP_BIND_DN=${LDAP_BIND_DN:-}
+LDAP_PASS=${LDAP_PASS:-}
+LDAP_ACTIVE_DIRECTORY=${LDAP_ACTIVE_DIRECTORY:-true}
+LDAP_BLOCK_AUTO_CREATED_USERS=${LDAP_BLOCK_AUTO_CREATED_USERS:-false}
+LDAP_BASE=${LDAP_BASE:-}
+LDAP_USER_FILTER=${LDAP_USER_FILTER:-}
+LDAP_LABEL=${LDAP_LABEL:-LDAP}
+LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-}
+case ${LDAP_UID} in
+  userPrincipalName) LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-false} ;;
+  *) LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-true}
+esac
+
+## GRAVATAR
+GITLAB_GRAVATAR_ENABLED=${GITLAB_GRAVATAR_ENABLED:-true}
+GITLAB_GRAVATAR_HTTP_URL=${GITLAB_GRAVATAR_HTTP_URL:-}
+GITLAB_GRAVATAR_HTTPS_URL=${GITLAB_GRAVATAR_HTTPS_URL:-}
+
+## OAUTH
+OAUTH_ENABLED=${OAUTH_ENABLED:-}
+OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=${OAUTH_AUTO_SIGN_IN_WITH_PROVIDER:-}
+OAUTH_ALLOW_SSO=${OAUTH_ALLOW_SSO:-false}
+OAUTH_BLOCK_AUTO_CREATED_USERS=${OAUTH_BLOCK_AUTO_CREATED_USERS:-true}
+OAUTH_AUTO_LINK_LDAP_USER=${OAUTH_AUTO_LINK_LDAP_USER:-false}
+
+### GOOGLE
+OAUTH_GOOGLE_API_KEY=${OAUTH_GOOGLE_API_KEY:-}
+OAUTH_GOOGLE_APP_SECRET=${OAUTH_GOOGLE_APP_SECRET:-}
+
+### FACEBOOK
+OAUTH_FACEBOOK_API_KEY=${OAUTH_FACEBOOK_API_KEY:-}
+OAUTH_FACEBOOK_APP_SECRET=${OAUTH_FACEBOOK_APP_SECRET:-}
+
+### TWITTER
+OAUTH_TWITTER_API_KEY=${OAUTH_TWITTER_API_KEY:-}
+OAUTH_TWITTER_APP_SECRET=${OAUTH_TWITTER_APP_SECRET:-}
+
+### GITHUB
+OAUTH_GITHUB_API_KEY=${OAUTH_GITHUB_API_KEY:-}
+OAUTH_GITHUB_APP_SECRET=${OAUTH_GITHUB_APP_SECRET:-}
+
+### GITLAB
+OAUTH_GITLAB_API_KEY=${OAUTH_GITLAB_API_KEY:-}
+OAUTH_GITLAB_APP_SECRET=${OAUTH_GITLAB_APP_SECRET:-}
+
+### BITBUCKET
+OAUTH_BITBUCKET_API_KEY=${OAUTH_BITBUCKET_API_KEY:-}
+OAUTH_BITBUCKET_APP_SECRET=${OAUTH_BITBUCKET_APP_SECRET:-}
+
+### CROWD
+OAUTH_CROWD_SERVER_URL=${OAUTH_CROWD_SERVER_URL:-}
+OAUTH_CROWD_APP_NAME=${OAUTH_CROWD_APP_NAME:-}
+OAUTH_CROWD_APP_PASSWORD=${OAUTH_CROWD_APP_PASSWORD:-}
+
+### SAML
+case $GITLAB_HTTPS in
+  true)
+    OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=${OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL:-https://${GITLAB_HOST}/users/auth/saml/callback}
+    OAUTH_SAML_ISSUER=${OAUTH_SAML_ISSUER:-https://${GITLAB_HOST}}
+    ;;
+  false)
+    OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=${OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL:-http://${GITLAB_HOST}/users/auth/saml/callback}
+    OAUTH_SAML_ISSUER=${OAUTH_SAML_ISSUER:-http://${GITLAB_HOST}}
+    ;;
+esac
+OAUTH_SAML_IDP_CERT_FINGERPRINT=${OAUTH_SAML_IDP_CERT_FINGERPRINT:-}
+OAUTH_SAML_IDP_SSO_TARGET_URL=${OAUTH_SAML_IDP_SSO_TARGET_URL:-}
+OAUTH_SAML_NAME_IDENTIFIER_FORMAT=${OAUTH_SAML_NAME_IDENTIFIER_FORMAT:-urn:oasis:names:tc:SAML:2.0:nameid-format:transient}
+
+## ANALYTICS
+
+### GOOGLE
+GOOGLE_ANALYTICS_ID=${GOOGLE_ANALYTICS_ID:-}
+
+### PIWIK
+PIWIK_URL=${PIWIK_URL:-}
+PIWIK_SITE_ID=${PIWIK_SITE_ID:-}