diff --git a/assets/runtime/config/gitlab-shell/config.yml b/assets/runtime/config/gitlab-shell/config.yml index bcaaefaf..2649a13a 100644 --- a/assets/runtime/config/gitlab-shell/config.yml +++ b/assets/runtime/config/gitlab-shell/config.yml @@ -38,7 +38,7 @@ redis: port: {{REDIS_PORT}} # pass: redispass # Allows you to specify the password for Redis database: {{REDIS_DB_NUMBER}} - # socket: /tmp/redis.socket # Only define this if you want to use sockets + # socket: /var/run/redis/redis.sock # Comment out this line if you want to use TCP or Sentinel namespace: resque:gitlab # sentinels: # - diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 7efbb2c0..9b896dde 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -186,7 +186,7 @@ production: &base enabled: {{GITLAB_REGISTRY_ENABLED}} host: {{GITLAB_REGISTRY_HOST}} port: {{GITLAB_REGISTRY_PORT}} - api_url: {{GITLAB_REGISTRY_API_URL}} # internal address to the registry, will be used by GitLab to directly communicate with API + api_url: {{GITLAB_REGISTRY_API_URL}} # internal address to the registry, will be used by GitLab to directly communicate with API key: {{GITLAB_REGISTRY_KEY_PATH}} path: {{GITLAB_REGISTRY_DIR}} issuer: {{GITLAB_REGISTRY_ISSUER}} @@ -474,7 +474,6 @@ production: &base ## GitLab Shell settings gitlab_shell: path: {{GITLAB_SHELL_INSTALL_DIR}}/ - hooks_path: {{GITLAB_SHELL_INSTALL_DIR}}/hooks/ # File that contains the secret key for verifying access for gitlab-shell. diff --git a/assets/runtime/config/gitlabhq/rack_attack.rb b/assets/runtime/config/gitlabhq/rack_attack.rb index f650bd92..69052c02 100644 --- a/assets/runtime/config/gitlabhq/rack_attack.rb +++ b/assets/runtime/config/gitlabhq/rack_attack.rb @@ -12,6 +12,7 @@ paths_to_be_protected = [ "#{Rails.application.config.relative_url_root}/users/confirmation", "#{Rails.application.config.relative_url_root}/unsubscribes/", "#{Rails.application.config.relative_url_root}/import/github/personal_access_token" + ] # Create one big regular expression that matches strings starting with any of diff --git a/assets/runtime/config/gitlabhq/secrets.yml b/assets/runtime/config/gitlabhq/secrets.yml index 175cbebd..769d956a 100644 --- a/assets/runtime/config/gitlabhq/secrets.yml +++ b/assets/runtime/config/gitlabhq/secrets.yml @@ -1,7 +1,7 @@ production: # db_key_base is used to encrypt for Variables. Ensure that you don't lose it. # If you change or lose this key you will be unable to access variables stored in database. - # Make sure the secret is at least 32 characters and all random, + # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. db_key_base: {{GITLAB_SECRETS_DB_KEY_BASE}} secret_key_base: {{GITLAB_SECRETS_SECRET_KEY_BASE}} diff --git a/assets/runtime/config/gitlabhq/smtp_settings.rb b/assets/runtime/config/gitlabhq/smtp_settings.rb index 575a9f28..d7dffbde 100644 --- a/assets/runtime/config/gitlabhq/smtp_settings.rb +++ b/assets/runtime/config/gitlabhq/smtp_settings.rb @@ -19,7 +19,7 @@ if Rails.env.production? domain: "{{SMTP_DOMAIN}}", authentication: "{{SMTP_AUTHENTICATION}}", enable_starttls_auto: {{SMTP_STARTTLS}}, - openssl_verify_mode: "{{SMTP_OPENSSL_VERIFY_MODE}}", + openssl_verify_mode: '{{SMTP_OPENSSL_VERIFY_MODE}}', ca_path: "{{SMTP_CA_PATH}}", ca_file: "{{SMTP_CA_FILE}}", tls: {{SMTP_TLS}} diff --git a/assets/runtime/config/nginx/gitlab-registry b/assets/runtime/config/nginx/gitlab-registry index 42ec08d6..0aa1cc30 100644 --- a/assets/runtime/config/nginx/gitlab-registry +++ b/assets/runtime/config/nginx/gitlab-registry @@ -19,7 +19,7 @@ server { # If a different port is specified in https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182, # it should be declared here as well listen *:{{GITLAB_REGISTRY_PORT}} ssl http2; - server_name {{GITLAB_REGISTRY_HOST}}; + server_name {{GITLAB_REGISTRY_HOST}}; server_tokens off; ## Don't show the nginx version number, a security best practice client_max_body_size 0; @@ -47,7 +47,7 @@ server { proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; - proxy_pass {{GITLAB_REGISTRY_API_URL}}; + proxy_pass {{GITLAB_REGISTRY_API_URL}}; } } diff --git a/assets/runtime/config/nginx/gitlab-ssl b/assets/runtime/config/nginx/gitlab-ssl index b0730bff..cbe8ccf7 100644 --- a/assets/runtime/config/nginx/gitlab-ssl +++ b/assets/runtime/config/nginx/gitlab-ssl @@ -31,10 +31,10 @@ server { ## to be served if you visit any address that your server responds to, eg. ## the ip address of the server (http://x.x.x.x/) listen 0.0.0.0:80; - listen [::]:80 default_server; + listen [::]:80 ipv6only=off default_server; server_name _; ## Replace this with something like gitlab.example.com server_tokens off; ## Don't show the nginx version number, a security best practice - return 301 https://$host:{{GITLAB_PORT}}$request_uri; + return 301 https://$http_host:{{GITLAB_PORT}}$request_uri; access_log {{GITLAB_LOG_DIR}}/nginx/gitlab_access.log; error_log {{GITLAB_LOG_DIR}}/nginx/gitlab_error.log; } @@ -42,7 +42,7 @@ server { ## HTTPS host server { listen 0.0.0.0:443 ssl http2; - listen [::]:443 ssl http2 default_server; + listen [::]:443 ipv6only=off ssl http2 default_server; server_name {{GITLAB_HOST}}; ## Replace this with something like gitlab.example.com server_tokens off; ## Don't show the nginx version number, a security best practice