Merge pull request #931 from sameersbn/upstream-conf-sync

sync with upstream configurations

assets/runtime/config/gitlab-shell/config.yml

@@ -38,7 +38,7 @@ redis:
   port: {{REDIS_PORT}}
   # pass: redispass # Allows you to specify the password for Redis
   database: {{REDIS_DB_NUMBER}}
-  # socket: /tmp/redis.socket # Only define this if you want to use sockets
+  # socket: /var/run/redis/redis.sock # Comment out this line if you want to use TCP or Sentinel
   namespace: resque:gitlab
   # sentinels:
   #   -

assets/runtime/config/gitlabhq/gitlab.yml

@@ -186,7 +186,7 @@ production: &base
     enabled: {{GITLAB_REGISTRY_ENABLED}}
     host: {{GITLAB_REGISTRY_HOST}}
     port: {{GITLAB_REGISTRY_PORT}}
-    api_url: {{GITLAB_REGISTRY_API_URL}}    # internal address to the registry, will be used by GitLab to directly communicate with API
+    api_url: {{GITLAB_REGISTRY_API_URL}} # internal address to the registry, will be used by GitLab to directly communicate with API
     key: {{GITLAB_REGISTRY_KEY_PATH}}
     path: {{GITLAB_REGISTRY_DIR}}
     issuer: {{GITLAB_REGISTRY_ISSUER}}
@@ -474,7 +474,6 @@ production: &base
   ## GitLab Shell settings
   gitlab_shell:
     path: {{GITLAB_SHELL_INSTALL_DIR}}/
-
     hooks_path: {{GITLAB_SHELL_INSTALL_DIR}}/hooks/
 
     # File that contains the secret key for verifying access for gitlab-shell.

assets/runtime/config/gitlabhq/rack_attack.rb

@@ -12,6 +12,7 @@ paths_to_be_protected = [
   "#{Rails.application.config.relative_url_root}/users/confirmation",
   "#{Rails.application.config.relative_url_root}/unsubscribes/",
   "#{Rails.application.config.relative_url_root}/import/github/personal_access_token"
+
 ]
 
 # Create one big regular expression that matches strings starting with any of

assets/runtime/config/gitlabhq/secrets.yml

@@ -1,7 +1,7 @@
 production:
   # db_key_base is used to encrypt for Variables. Ensure that you don't lose it.
   # If you change or lose this key you will be unable to access variables stored in database.
-  # Make sure the secret is at least 32 characters and all random,
+  # Make sure the secret is at least 30 characters and all random,
   # no regular words or you'll be exposed to dictionary attacks.
   db_key_base: {{GITLAB_SECRETS_DB_KEY_BASE}}
   secret_key_base: {{GITLAB_SECRETS_SECRET_KEY_BASE}}

assets/runtime/config/gitlabhq/smtp_settings.rb

@@ -19,7 +19,7 @@ if Rails.env.production?
     domain: "{{SMTP_DOMAIN}}",
     authentication: "{{SMTP_AUTHENTICATION}}",
     enable_starttls_auto: {{SMTP_STARTTLS}},
-    openssl_verify_mode: "{{SMTP_OPENSSL_VERIFY_MODE}}",
+    openssl_verify_mode: '{{SMTP_OPENSSL_VERIFY_MODE}}',
     ca_path: "{{SMTP_CA_PATH}}",
     ca_file: "{{SMTP_CA_FILE}}",
     tls: {{SMTP_TLS}}

assets/runtime/config/nginx/gitlab-registry

@@ -19,7 +19,7 @@ server {
   # If a different port is specified in https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182,
   # it should be declared here as well
   listen *:{{GITLAB_REGISTRY_PORT}} ssl http2;
-  server_name {{GITLAB_REGISTRY_HOST}};
+  server_name  {{GITLAB_REGISTRY_HOST}};
   server_tokens off; ## Don't show the nginx version number, a security best practice
 
   client_max_body_size 0;
@@ -47,7 +47,7 @@ server {
     proxy_set_header  X-Forwarded-Proto $scheme;
     proxy_read_timeout                  900;
 
-    proxy_pass {{GITLAB_REGISTRY_API_URL}};
+    proxy_pass          {{GITLAB_REGISTRY_API_URL}};
   }
 
 }

assets/runtime/config/nginx/gitlab-ssl

@@ -31,10 +31,10 @@ server {
   ## to be served if you visit any address that your server responds to, eg.
   ## the ip address of the server (http://x.x.x.x/)
   listen 0.0.0.0:80;
-  listen [::]:80 default_server;
+  listen [::]:80 ipv6only=off default_server;
   server_name _; ## Replace this with something like gitlab.example.com
   server_tokens off; ## Don't show the nginx version number, a security best practice
-  return 301 https://$host:{{GITLAB_PORT}}$request_uri;
+  return 301 https://$http_host:{{GITLAB_PORT}}$request_uri;
   access_log  {{GITLAB_LOG_DIR}}/nginx/gitlab_access.log;
   error_log   {{GITLAB_LOG_DIR}}/nginx/gitlab_error.log;
 }
@@ -42,7 +42,7 @@ server {
 ## HTTPS host
 server {
   listen 0.0.0.0:443 ssl http2;
-  listen [::]:443 ssl http2 default_server;
+  listen [::]:443 ipv6only=off ssl http2 default_server;
   server_name {{GITLAB_HOST}}; ## Replace this with something like gitlab.example.com
   server_tokens off; ## Don't show the nginx version number, a security best practice