#!/bin/bash set -e trap appStop SIGINT SIGTERM GITLAB_INSTALL_DIR="/home/git/gitlab" GITLAB_DATA_DIR="/home/git/data" GITLAB_BACKUP_DIR="${GITLAB_BACKUP_DIR:-$GITLAB_DATA_DIR/backups}" GITLAB_SHELL_INSTALL_DIR="/home/git/gitlab-shell" SETUP_DIR="/app/setup" SYSCONF_TEMPLATES_DIR="${SETUP_DIR}/config" USERCONF_TEMPLATES_DIR="${GITLAB_DATA_DIR}/config" GITLAB_HOST=${GITLAB_HOST:-localhost} GITLAB_PORT=${GITLAB_PORT:-} GITLAB_SSH_HOST=${GITLAB_SSH_HOST:-$GITLAB_HOST} GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-$GITLAB_SHELL_SSH_PORT} # for backwards compatibility GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-22} GITLAB_HTTPS=${GITLAB_HTTPS:-false} GITLAB_EMAIL=${GITLAB_EMAIL:-example@example.com} GITLAB_SIGNUP=${GITLAB_SIGNUP:-false} GITLAB_SIGNIN=${GITLAB_SIGNIN:-true} GITLAB_PROJECTS_LIMIT=${GITLAB_PROJECTS_LIMIT:-100} GITLAB_USERNAME_CHANGE=${GITLAB_USERNAME_CHANGE:-true} GITLAB_PROJECTS_VISIBILITY=${GITLAB_PROJECTS_VISIBILITY:-private} GITLAB_RELATIVE_URL_ROOT=${GITLAB_RELATIVE_URL_ROOT:-} GITLAB_RESTRICTED_VISIBILITY=${GITLAB_RESTRICTED_VISIBILITY:-} SSL_SELF_SIGNED=${SSL_SELF_SIGNED:-false} SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-$GITLAB_DATA_DIR/certs/gitlab.crt} SSL_KEY_PATH=${SSL_KEY_PATH:-$GITLAB_DATA_DIR/certs/gitlab.key} SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-$GITLAB_DATA_DIR/certs/dhparam.pem} CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-$GITLAB_DATA_DIR/certs/ca.crt} GITLAB_BACKUPS=${GITLAB_BACKUPS:-disable} GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-} NGINX_MAX_UPLOAD_SIZE=${NGINX_MAX_UPLOAD_SIZE:-20m} GITLAB_MAX_SIZE=$(echo $NGINX_MAX_UPLOAD_SIZE |sed -e "s/^ *\([0-9]*\)[mMkKgG] *$/\1/g" ) case "$NGINX_MAX_UPLOAD_SIZE" in *[kK] ) GITLAB_MAX_SIZE=$(($GITLAB_MAX_SIZE * 1024));; *[mM] ) GITLAB_MAX_SIZE=$(($GITLAB_MAX_SIZE * 1048576));; *[gG] ) GITLAB_MAX_SIZE=$(($GITLAB_MAX_SIZE * 1073741824));; esac REDIS_HOST=${REDIS_HOST:-} REDIS_PORT=${REDIS_PORT:-} UNICORN_WORKERS=${UNICORN_WORKERS:-2} UNICORN_TIMEOUT=${UNICORN_TIMEOUT:-60} SIDEKIQ_CONCURRENCY=${SIDEKIQ_CONCURRENCY:-5} DB_TYPE=${DB_TYPE:-} DB_HOST=${DB_HOST:-} DB_PORT=${DB_PORT:-} DB_NAME=${DB_NAME:-gitlabhq_production} DB_USER=${DB_USER:-root} DB_PASS=${DB_PASS:-} DB_INIT=${DB_INIT:-} DB_POOL=${DB_POOL:-10} SMTP_DOMAIN=${SMTP_DOMAIN:-www.gmail.com} SMTP_HOST=${SMTP_HOST:-smtp.gmail.com} SMTP_PORT=${SMTP_PORT:-587} SMTP_USER=${SMTP_USER:-} SMTP_PASS=${SMTP_PASS:-} SMTP_STARTTLS=${SMTP_STARTTLS:-true} if [ -n "${SMTP_USER}" ]; then SMTP_ENABLED=${SMTP_ENABLED:-true} SMTP_AUTHENTICATION=${SMTP_AUTHENTICATION:-login} fi SMTP_ENABLED=${SMTP_ENABLED:-false} LDAP_ENABLED=${LDAP_ENABLED:-false} LDAP_HOST=${LDAP_HOST:-} LDAP_PORT=${LDAP_PORT:-636} LDAP_UID=${LDAP_UID:-sAMAccountName} LDAP_METHOD=${LDAP_METHOD:-ssl} LDAP_BIND_DN=${LDAP_BIND_DN:-} LDAP_PASS=${LDAP_PASS:-} LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-} LDAP_BASE=${LDAP_BASE:-} LDAP_USER_FILTER=${LDAP_USER_FILTER:-} GITLAB_HTTPS_HSTS_ENABLED=${GITLAB_HTTPS_HSTS_ENABLED:-true} GITLAB_HTTPS_HSTS_MAXAGE=${GITLAB_HTTPS_HSTS_MAXAGE:-31536000} REDMINE_URL=${REDMINE_URL:-} JIRA_URL=${JIRA_URL:-} OAUTH_ALLOW_SSO=${OAUTH_ALLOW_SSO:-false} OAUTH_BLOCK_AUTO_CREATED_USERS=${OAUTH_BLOCK_AUTO_CREATED_USERS:-true} OAUTH_GOOGLE_API_KEY=${OAUTH_GOOGLE_API_KEY:-} OAUTH_GOOGLE_APP_SECRET=${OAUTH_GOOGLE_APP_SECRET:-} OAUTH_TWITTER_API_KEY=${OAUTH_TWITTER_API_KEY:-} OAUTH_TWITTER_APP_SECRET=${OAUTH_TWITTER_APP_SECRET:-} OAUTH_GITHUB_API_KEY=${OAUTH_GITHUB_API_KEY:-} OAUTH_GITHUB_APP_SECRET=${OAUTH_GITHUB_APP_SECRET:-} # is a redis container linked? if [ -n "${REDISIO_PORT_6379_TCP_ADDR}" ]; then REDIS_HOST=${REDIS_HOST:-${REDISIO_PORT_6379_TCP_ADDR}} REDIS_PORT=${REDIS_PORT:-${REDISIO_PORT_6379_TCP_PORT}} fi # fallback to default redis port REDIS_PORT=${REDIS_PORT:-6379} # is a mysql or postgresql database linked? # requires that the mysql or postgresql containers have exposed # port 3306 and 5432 respectively. if [ -n "${MYSQL_PORT_3306_TCP_ADDR}" ]; then DB_TYPE=${DB_TYPE:-mysql} DB_HOST=${DB_HOST:-${MYSQL_PORT_3306_TCP_ADDR}} DB_PORT=${DB_PORT:-${MYSQL_PORT_3306_TCP_PORT}} elif [ -n "${POSTGRESQL_PORT_5432_TCP_ADDR}" ]; then DB_TYPE=${DB_TYPE:-postgres} DB_HOST=${DB_HOST:-${POSTGRESQL_PORT_5432_TCP_ADDR}} DB_PORT=${DB_PORT:-${POSTGRESQL_PORT_5432_TCP_PORT}} fi # fallback to using the internal mysql server DB_TYPE=${DB_TYPE:-mysql} DB_HOST=${DB_HOST:-localhost} # use default port number if it is still not set case "${DB_TYPE}" in mysql) DB_PORT=${DB_PORT:-3306} ;; postgres) DB_PORT=${DB_PORT:-5432} ;; *) echo "Unsupported database adapter. Available adapters are mysql and postgres." && exit 1 ;; esac ## ## For the sake of getting the quick start guide to work, ## we attempt to spin up a redis container if possible. ## ## NOTE: this is only meant for getting the quick start guide to work . ## if [ -z "${REDIS_HOST}" -a -n "$(which docker)" -a -S /var/run/docker.sock ]; then echo "Redis connection details not specified." echo "Will try to spin up a new redis image with the name redis-gitlab." echo "Please manually configure the redis connection in production." case "$(docker inspect --format {{.State.Running}} redis-gitlab 2>/dev/null)" in true) echo "Using existing redis container..." ;; false) echo "Starting up existing redis container..." docker start redis-gitlab >/dev/null 2>/dev/null ;; *) echo "Starting up a new redis container..." docker run --name='redis-gitlab' -d sameersbn/redis:latest >/dev/null 2>/dev/null ;; esac REDIS_HOST=$(docker inspect --format {{.NetworkSettings.IPAddress}} redis-gitlab 2>/dev/null) REDIS_PORT=6379 fi if [ -z "${REDIS_HOST}" ]; then echo "ERROR: " echo " Please configure the redis connection." echo " Refer http://git.io/PMnRSw for more information." echo " Cannot continue without a redis connection. Aborting..." exit 1 fi case "${GITLAB_HTTPS}" in true) GITLAB_PORT=${GITLAB_PORT:-443} NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-https} ;; *) GITLAB_PORT=${GITLAB_PORT:-80} NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-\$scheme} ;; esac case "${GITLAB_BACKUPS}" in daily|monthly) GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-604800} ;; disable|*) GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-0} ;; esac case "${LDAP_UID}" in userPrincipalName) LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-false} ;; *) LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-true} esac if [ ! -e ${GITLAB_DATA_DIR}/ssh/ssh_host_rsa_key ]; then # create ssh host keys and move them to the data store. dpkg-reconfigure openssh-server mkdir -p ${GITLAB_DATA_DIR}/ssh/ mv /etc/ssh/ssh_host_*_key /etc/ssh/ssh_host_*_key.pub ${GITLAB_DATA_DIR}/ssh/ fi # configure sshd to pick up the host keys from ${GITLAB_DATA_DIR}/ssh/ sed -i 's,HostKey /etc/ssh/,HostKey '"${GITLAB_DATA_DIR}"'/ssh/,g' -i /etc/ssh/sshd_config # start supervisord /usr/bin/supervisord -c /etc/supervisor/supervisord.conf cd ${GITLAB_INSTALL_DIR} # copy configuration templates case "${GITLAB_HTTPS}" in true) if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" -a -f "${SSL_DHPARAM_PATH}" ]; then cp ${SYSCONF_TEMPLATES_DIR}/nginx/gitlab-ssl /etc/nginx/sites-enabled/gitlab else echo "SSL keys and certificates were not found." echo "Assuming that the container is running behind a HTTPS enabled load balancer." cp ${SYSCONF_TEMPLATES_DIR}/nginx/gitlab /etc/nginx/sites-enabled/gitlab fi ;; *) cp ${SYSCONF_TEMPLATES_DIR}/nginx/gitlab /etc/nginx/sites-enabled/gitlab ;; esac sudo -u git -H cp ${SYSCONF_TEMPLATES_DIR}/gitlab-shell/config.yml ${GITLAB_SHELL_INSTALL_DIR}/config.yml sudo -u git -H cp ${SYSCONF_TEMPLATES_DIR}/gitlabhq/gitlab.yml config/gitlab.yml sudo -u git -H cp ${SYSCONF_TEMPLATES_DIR}/gitlabhq/resque.yml config/resque.yml sudo -u git -H cp ${SYSCONF_TEMPLATES_DIR}/gitlabhq/database.yml config/database.yml sudo -u git -H cp ${SYSCONF_TEMPLATES_DIR}/gitlabhq/sidekiq.yml config/sidekiq.yml sudo -u git -H cp ${SYSCONF_TEMPLATES_DIR}/gitlabhq/unicorn.rb config/unicorn.rb sudo -u git -H cp ${SYSCONF_TEMPLATES_DIR}/gitlabhq/rack_attack.rb config/initializers/rack_attack.rb [ "${SMTP_ENABLED}" == "true" ] && \ sudo -u git -H cp ${SYSCONF_TEMPLATES_DIR}/gitlabhq/smtp_settings.rb config/initializers/smtp_settings.rb # override default configuration templates with user templates case "${GITLAB_HTTPS}" in true) if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" -a -f "${SSL_DHPARAM_PATH}" ]; then [ -f ${USERCONF_TEMPLATES_DIR}/nginx/gitlab-ssl ] && cp ${USERCONF_TEMPLATES_DIR}/nginx/gitlab-ssl /etc/nginx/sites-enabled/gitlab else [ -f ${USERCONF_TEMPLATES_DIR}/nginx/gitlab ] && cp ${USERCONF_TEMPLATES_DIR}/nginx/gitlab /etc/nginx/sites-enabled/gitlab fi ;; *) [ -f ${USERCONF_TEMPLATES_DIR}/nginx/gitlab ] && cp ${USERCONF_TEMPLATES_DIR}/nginx/gitlab /etc/nginx/sites-enabled/gitlab ;; esac [ -f ${USERCONF_TEMPLATES_DIR}/gitlab-shell/config.yml ] && sudo -u git -H cp ${USERCONF_TEMPLATES_DIR}/gitlab-shell/config.yml ${GITLAB_SHELL_INSTALL_DIR}/config.yml [ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/gitlab.yml ] && sudo -u git -H cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/gitlab.yml config/gitlab.yml [ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/resque.yml ] && sudo -u git -H cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/resque.yml config/resque.yml [ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/database.yml ] && sudo -u git -H cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/database.yml config/database.yml [ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/sidekiq.yml ] && sudo -u git -H cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/sidekiq.yml config/sidekiq.yml [ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/unicorn.rb ] && sudo -u git -H cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/unicorn.rb config/unicorn.rb [ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/rack_attack.rb ] && sudo -u git -H cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/rack_attack.rb config/initializers/rack_attack.rb [ "${SMTP_ENABLED}" == "true" ] && \ [ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/smtp_settings.rb ] && sudo -u git -H cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/smtp_settings.rb config/initializers/smtp_settings.rb if [ -f "${SSL_CERTIFICATE_PATH}" -o -f "${CA_CERTIFICATES_PATH}" ]; then echo "Updating CA certificates..." [ -f "${SSL_CERTIFICATE_PATH}" ] && cp "${SSL_CERTIFICATE_PATH}" /usr/local/share/ca-certificates/gitlab.crt [ -f "${CA_CERTIFICATES_PATH}" ] && cp "${CA_CERTIFICATES_PATH}" /usr/local/share/ca-certificates/ca.crt update-ca-certificates --fresh >/dev/null 2>&1 fi # start mysql server if ${DB_HOST} is localhost if [ "${DB_HOST}" == "localhost" ]; then if [ "${DB_TYPE}" == "postgres" ]; then echo "DB_TYPE 'postgres' is not supported internally. Please provide DB_HOST." exit 1 fi # fix permissions and ownership of /var/lib/mysql chown -R mysql:mysql /var/lib/mysql chmod 700 /var/lib/mysql # initialize MySQL data directory if [ ! -d /var/lib/mysql/mysql ]; then mysql_install_db --user=mysql fi echo "Starting mysql server..." supervisorctl start mysqld >/dev/null # wait for mysql server to start (max 120 seconds) timeout=120 while ! mysqladmin -uroot ${DB_PASS:+-p$DB_PASS} status >/dev/null 2>&1 do timeout=$(expr $timeout - 1) if [ $timeout -eq 0 ]; then echo "Failed to start mysql server" exit 1 fi sleep 1 done if ! echo "USE ${DB_NAME}" | mysql -uroot ${DB_PASS:+-p$DB_PASS} >/dev/null 2>&1; then DB_INIT="yes" echo "CREATE DATABASE IF NOT EXISTS \`${DB_NAME}\` DEFAULT CHARACTER SET \`utf8\` COLLATE \`utf8_unicode_ci\`;" | mysql -uroot ${DB_PASS:+-p$DB_PASS} echo "GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON \`${DB_NAME}\`.* TO 'root'@'localhost';" | mysql -uroot ${DB_PASS:+-p$DB_PASS} fi fi # configure git for the 'git' user sudo -u git -H git config --global user.name "GitLab" sudo -u git -H git config --global user.email "${GITLAB_EMAIL}" sudo -u git -H git config --global core.autocrlf input # configure application paths sudo -u git -H sed 's,{{GITLAB_DATA_DIR}},'"${GITLAB_DATA_DIR}"',g' -i config/gitlab.yml sudo -u git -H sed 's,{{GITLAB_BACKUP_DIR}},'"${GITLAB_BACKUP_DIR}"',g' -i config/gitlab.yml sudo -u git -H sed 's,{{GITLAB_SHELL_INSTALL_DIR}},'"${GITLAB_SHELL_INSTALL_DIR}"',g' -i config/gitlab.yml # configure gitlab sudo -u git -H sed 's/{{GITLAB_HOST}}/'"${GITLAB_HOST}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{GITLAB_PORT}}/'"${GITLAB_PORT}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{GITLAB_HTTPS}}/'"${GITLAB_HTTPS}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{GITLAB_EMAIL}}/'"${GITLAB_EMAIL}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{GITLAB_BACKUP_EXPIRY}}/'"${GITLAB_BACKUP_EXPIRY}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{GITLAB_MAX_SIZE}}/'"${GITLAB_MAX_SIZE}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{GITLAB_SSH_HOST}}/'"${GITLAB_SSH_HOST}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{GITLAB_SSH_PORT}}/'"${GITLAB_SSH_PORT}"'/' -i config/gitlab.yml # configure gitlab signup configuration sudo -u git -H sed 's/{{GITLAB_SIGNUP}}/'"${GITLAB_SIGNUP}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{GITLAB_SIGNIN}}/'"${GITLAB_SIGNIN}"'/' -i config/gitlab.yml # configure gitlab default_projects_limit sudo -u git -H sed 's/{{GITLAB_PROJECTS_LIMIT}}/'"${GITLAB_PROJECTS_LIMIT}"'/' -i config/gitlab.yml # configure gitlab username_changing_enabled sudo -u git -H sed 's/{{GITLAB_USERNAME_CHANGE}}/'"${GITLAB_USERNAME_CHANGE}"'/' -i config/gitlab.yml # configure gitlab default visibility_level sudo -u git -H sed 's/{{GITLAB_PROJECTS_VISIBILITY}}/'"${GITLAB_PROJECTS_VISIBILITY}"'/' -i config/gitlab.yml # configure gitlab restricted_visibility_levels sudo -u git -H sed 's/{{GITLAB_RESTRICTED_VISIBILITY}}/'"${GITLAB_RESTRICTED_VISIBILITY}"'/' -i config/gitlab.yml # configure database if [ "${DB_TYPE}" == "postgres" ]; then sudo -u git -H sed 's/{{DB_ADAPTER}}/postgresql/' -i config/database.yml sudo -u git -H sed 's/{{DB_ENCODING}}/unicode/' -i config/database.yml sudo -u git -H sed 's/reconnect: false/#reconnect: false/' -i config/database.yml elif [ "${DB_TYPE}" == "mysql" ]; then sudo -u git -H sed 's/{{DB_ADAPTER}}/mysql2/' -i config/database.yml sudo -u git -H sed 's/{{DB_ENCODING}}/utf8/' -i config/database.yml sudo -u git -H sed 's/#reconnect: false/reconnect: false/' -i config/database.yml else echo "Invalid database type: '$DB_TYPE'. Supported choices: [mysql, postgres]." fi # configure database connection sudo -u git -H sed 's/{{DB_HOST}}/'"${DB_HOST}"'/' -i config/database.yml sudo -u git -H sed 's/{{DB_PORT}}/'"${DB_PORT}"'/' -i config/database.yml sudo -u git -H sed 's/{{DB_NAME}}/'"${DB_NAME}"'/' -i config/database.yml sudo -u git -H sed 's/{{DB_USER}}/'"${DB_USER}"'/' -i config/database.yml sudo -u git -H sed 's/{{DB_PASS}}/'"${DB_PASS}"'/' -i config/database.yml sudo -u git -H sed 's/{{DB_POOL}}/'"${DB_POOL}"'/' -i config/database.yml # configure sidekiq sudo -u git -H sed 's/{{SIDEKIQ_CONCURRENCY}}/'"${SIDEKIQ_CONCURRENCY}"'/' -i config/sidekiq.yml # configure redis sudo -u git -H sed 's/{{REDIS_HOST}}/'"${REDIS_HOST}"'/g' -i config/resque.yml sudo -u git -H sed 's/{{REDIS_PORT}}/'"${REDIS_PORT}"'/g' -i config/resque.yml # configure gitlab-shell sed 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml sudo -u git -H sed 's,{{GITLAB_DATA_DIR}},'"${GITLAB_DATA_DIR}"',g' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml sudo -u git -H sed 's,{{GITLAB_BACKUP_DIR}},'"${GITLAB_BACKUP_DIR}"',g' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml sudo -u git -H sed 's/{{SSL_SELF_SIGNED}}/'"${SSL_SELF_SIGNED}"'/' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml sudo -u git -H sed 's/{{REDIS_HOST}}/'"${REDIS_HOST}"'/' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml sudo -u git -H sed 's/{{REDIS_PORT}}/'"${REDIS_PORT}"'/' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml # configure unicorn workers sudo -u git -H sed 's,{{GITLAB_INSTALL_DIR}},'"${GITLAB_INSTALL_DIR}"',g' -i config/unicorn.rb sudo -u git -H sed 's/{{UNICORN_WORKERS}}/'"${UNICORN_WORKERS}"'/' -i config/unicorn.rb # configure unicorn timeout sudo -u git -H sed 's/{{UNICORN_TIMEOUT}}/'"${UNICORN_TIMEOUT}"'/' -i config/unicorn.rb if [ "${SMTP_ENABLED}" == "true" ]; then # configure mail delivery sudo -u git -H sed 's/{{SMTP_HOST}}/'"${SMTP_HOST}"'/' -i config/initializers/smtp_settings.rb sudo -u git -H sed 's/{{SMTP_PORT}}/'"${SMTP_PORT}"'/' -i config/initializers/smtp_settings.rb case "${SMTP_USER}" in "") sudo -u git -H sed '/{{SMTP_USER}}/d' -i config/initializers/smtp_settings.rb ;; *) sudo -u git -H sed 's/{{SMTP_USER}}/'"${SMTP_USER}"'/' -i config/initializers/smtp_settings.rb ;; esac case "${SMTP_PASS}" in "") sudo -u git -H sed '/{{SMTP_PASS}}/d' -i config/initializers/smtp_settings.rb ;; *) sudo -u git -H sed 's/{{SMTP_PASS}}/'"${SMTP_PASS}"'/' -i config/initializers/smtp_settings.rb ;; esac sudo -u git -H sed 's/{{SMTP_DOMAIN}}/'"${SMTP_DOMAIN}"'/' -i config/initializers/smtp_settings.rb sudo -u git -H sed 's/{{SMTP_STARTTLS}}/'"${SMTP_STARTTLS}"'/' -i config/initializers/smtp_settings.rb case "${SMTP_AUTHENTICATION}" in "") sudo -u git -H sed '/{{SMTP_AUTHENTICATION}}/d' -i config/initializers/smtp_settings.rb ;; *) sudo -u git -H sed 's/{{SMTP_AUTHENTICATION}}/'"${SMTP_AUTHENTICATION}"'/' -i config/initializers/smtp_settings.rb ;; esac fi # apply LDAP configuration sudo -u git -H sed 's/{{LDAP_ENABLED}}/'"${LDAP_ENABLED}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{LDAP_HOST}}/'"${LDAP_HOST}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{LDAP_PORT}}/'"${LDAP_PORT}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{LDAP_UID}}/'"${LDAP_UID}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{LDAP_METHOD}}/'"${LDAP_METHOD}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{LDAP_BIND_DN}}/'"${LDAP_BIND_DN}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{LDAP_PASS}}/'"${LDAP_PASS}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN}}/'"${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{LDAP_BASE}}/'"${LDAP_BASE}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{LDAP_USER_FILTER}}/'"${LDAP_USER_FILTER}"'/' -i config/gitlab.yml # apply redmine configuration if [ -n "${REDMINE_URL}" ]; then sudo -u git -H sed 's,{{REDMINE_URL}},'"${REDMINE_URL}"',g' -i config/gitlab.yml else # remove the redmine configuration block sudo -u git -H sed '/redmine:/d' -i config/gitlab.yml sudo -u git -H sed '/title: "Redmine"/d' -i config/gitlab.yml sudo -u git -H sed '/project_url: "{{REDMINE_URL}}/d' -i config/gitlab.yml sudo -u git -H sed '/issues_url: "{{REDMINE_URL}}/d' -i config/gitlab.yml sudo -u git -H sed '/new_issue_url: "{{REDMINE_URL}}/d' -i config/gitlab.yml fi # apply jira configuration if [ -n "${JIRA_URL}" ]; then sudo -u git -H sed 's,{{JIRA_URL}},'"${JIRA_URL}"',g' -i config/gitlab.yml else # remove the jira configuration block sudo -u git -H sed '/jira:/d' -i config/gitlab.yml sudo -u git -H sed '/title: "Atlassian Jira"/d' -i config/gitlab.yml sudo -u git -H sed '/project_url: "{{JIRA_URL}}/d' -i config/gitlab.yml sudo -u git -H sed '/issues_url: "{{JIRA_URL}}/d' -i config/gitlab.yml sudo -u git -H sed '/new_issue_url: "{{JIRA_URL}}/d' -i config/gitlab.yml fi # apply oauth configuration # google if [ -n "${OAUTH_GOOGLE_API_KEY}" -a -n "${OAUTH_GOOGLE_APP_SECRET}" ]; then OAUTH_ENABLED=true sudo -u git -H sed 's/{{OAUTH_GOOGLE_API_KEY}}/'"${OAUTH_GOOGLE_API_KEY}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{OAUTH_GOOGLE_APP_SECRET}}/'"${OAUTH_GOOGLE_APP_SECRET}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{OAUTH_GOOGLE_RESTRICT_DOMAIN}}/'"${OAUTH_GOOGLE_RESTRICT_DOMAIN}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{OAUTH_GOOGLE_APPROVAL_PROMPT}}//' -i config/gitlab.yml else sudo -u git -H sed '/{{OAUTH_GOOGLE_API_KEY}}/d' -i config/gitlab.yml sudo -u git -H sed '/{{OAUTH_GOOGLE_APP_SECRET}}/d' -i config/gitlab.yml sudo -u git -H sed '/{{OAUTH_GOOGLE_RESTRICT_DOMAIN}}/d' -i config/gitlab.yml sudo -u git -H sed '/{{OAUTH_GOOGLE_APPROVAL_PROMPT}}/d' -i config/gitlab.yml fi # twitter if [ -n "${OAUTH_TWITTER_API_KEY}" -a -n "${OAUTH_TWITTER_APP_SECRET}" ]; then OAUTH_ENABLED=true sudo -u git -H sed 's/{{OAUTH_TWITTER_API_KEY}}/'"${OAUTH_TWITTER_API_KEY}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{OAUTH_TWITTER_APP_SECRET}}/'"${OAUTH_TWITTER_APP_SECRET}"'/' -i config/gitlab.yml else sudo -u git -H sed '/{{OAUTH_TWITTER_API_KEY}}/d' -i config/gitlab.yml sudo -u git -H sed '/{{OAUTH_TWITTER_APP_SECRET}}/d' -i config/gitlab.yml fi # github if [ -n "${OAUTH_GITHUB_API_KEY}" -a -n "${OAUTH_GITHUB_APP_SECRET}" ]; then OAUTH_ENABLED=true sudo -u git -H sed 's/{{OAUTH_GITHUB_API_KEY}}/'"${OAUTH_GITHUB_API_KEY}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{OAUTH_GITHUB_APP_SECRET}}/'"${OAUTH_GITHUB_APP_SECRET}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{OAUTH_GITHUB_SCOPE}}/user:email/' -i config/gitlab.yml else sudo -u git -H sed '/{{OAUTH_GITHUB_API_KEY}}/d' -i config/gitlab.yml sudo -u git -H sed '/{{OAUTH_GITHUB_APP_SECRET}}/d' -i config/gitlab.yml sudo -u git -H sed '/{{OAUTH_GITHUB_SCOPE}}/d' -i config/gitlab.yml fi OAUTH_ENABLED=${OAUTH_ENABLED:-false} sudo -u git -H sed 's/{{OAUTH_ENABLED}}/'"${OAUTH_ENABLED}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{OAUTH_ALLOW_SSO}}/'"${OAUTH_ALLOW_SSO}"'/' -i config/gitlab.yml sudo -u git -H sed 's/{{OAUTH_BLOCK_AUTO_CREATED_USERS}}/'"${OAUTH_BLOCK_AUTO_CREATED_USERS}"'/' -i config/gitlab.yml # configure nginx vhost sed 's,{{GITLAB_INSTALL_DIR}},'"${GITLAB_INSTALL_DIR}"',g' -i /etc/nginx/sites-enabled/gitlab sed 's/{{YOUR_SERVER_FQDN}}/'"${GITLAB_HOST}"'/' -i /etc/nginx/sites-enabled/gitlab sed 's/{{GITLAB_PORT}}/'"${GITLAB_PORT}"'/' -i /etc/nginx/sites-enabled/gitlab sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i /etc/nginx/sites-enabled/gitlab sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i /etc/nginx/sites-enabled/gitlab sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i /etc/nginx/sites-enabled/gitlab sed 's/{{NGINX_MAX_UPLOAD_SIZE}}/'"${NGINX_MAX_UPLOAD_SIZE}"'/' -i /etc/nginx/sites-enabled/gitlab sed 's/{{NGINX_X_FORWARDED_PROTO}}/'"${NGINX_X_FORWARDED_PROTO}"'/' -i /etc/nginx/sites-enabled/gitlab if [ "${GITLAB_HTTPS_HSTS_ENABLED}" == "true" ]; then sed 's/{{GITLAB_HTTPS_HSTS_MAXAGE}}/'"${GITLAB_HTTPS_HSTS_MAXAGE}"'/' -i /etc/nginx/sites-enabled/gitlab else sed '/{{GITLAB_HTTPS_HSTS_MAXAGE}}/d' -i /etc/nginx/sites-enabled/gitlab fi # configure relative_url_root if [ -n "${GITLAB_RELATIVE_URL_ROOT}" ]; then sed 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',' -i /etc/nginx/sites-enabled/gitlab sed 's,{{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}},'"${GITLAB_RELATIVE_URL_ROOT}/"',' -i /etc/nginx/sites-enabled/gitlab sed 's,# alias '"${GITLAB_INSTALL_DIR}"'/public,alias '"${GITLAB_INSTALL_DIR}"'/public,' -i /etc/nginx/sites-enabled/gitlab sudo -u git -H sed 's,# config.relative_url_root = "/gitlab",config.relative_url_root = "'${GITLAB_RELATIVE_URL_ROOT}'",' -i config/application.rb sudo -u git -H sed 's,# relative_url_root: {{GITLAB_RELATIVE_URL_ROOT}},relative_url_root: '${GITLAB_RELATIVE_URL_ROOT}',' -i config/gitlab.yml sudo -u git -H sed 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',' -i config/unicorn.rb else sed 's,{{GITLAB_RELATIVE_URL_ROOT}},/,' -i /etc/nginx/sites-enabled/gitlab sed 's,{{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}},/,' -i /etc/nginx/sites-enabled/gitlab sudo -u git -H sed '/{{GITLAB_RELATIVE_URL_ROOT}}/d' -i config/unicorn.rb fi # fix permission and ownership of ${GITLAB_DATA_DIR} chmod 755 ${GITLAB_DATA_DIR} chown git:git ${GITLAB_DATA_DIR} # set executable flags on ${GITLAB_DATA_DIR} (needed if mounted from a data-only # container using --volumes-from) chmod +x ${GITLAB_DATA_DIR} # create the repositories directory and make sure it has the right permissions sudo -u git -H mkdir -p ${GITLAB_DATA_DIR}/repositories/ chown git:git ${GITLAB_DATA_DIR}/repositories/ chmod ug+rwX,o-rwx ${GITLAB_DATA_DIR}/repositories/ sudo -u git -H chmod g+s ${GITLAB_DATA_DIR}/repositories/ # create the satellites directory and make sure it has the right permissions sudo -u git -H mkdir -p ${GITLAB_DATA_DIR}/gitlab-satellites/ chmod u+rwx,g=rx,o-rwx ${GITLAB_DATA_DIR}/gitlab-satellites chown git:git ${GITLAB_DATA_DIR}/gitlab-satellites # remove old cache directory (remove this line after a few releases) rm -rf ${GITLAB_DATA_DIR}/cache # create the backups directory sudo -u git -H mkdir -p ${GITLAB_BACKUP_DIR} chown git:git ${GITLAB_BACKUP_DIR} # create the uploads directory sudo -u git -H mkdir -p ${GITLAB_DATA_DIR}/uploads/ chmod -R u+rwX ${GITLAB_DATA_DIR}/uploads/ chown git:git ${GITLAB_DATA_DIR}/uploads/ # create the .ssh directory sudo -u git -H mkdir -p ${GITLAB_DATA_DIR}/.ssh/ touch ${GITLAB_DATA_DIR}/.ssh/authorized_keys chmod 700 ${GITLAB_DATA_DIR}/.ssh chmod 600 ${GITLAB_DATA_DIR}/.ssh/authorized_keys chown -R git:git ${GITLAB_DATA_DIR}/.ssh appStart () { echo "Starting cron..." supervisorctl start cron >/dev/null echo "Starting openssh server..." supervisorctl start sshd >/dev/null echo "Starting nginx..." supervisorctl start nginx >/dev/null # reset the database if the --db-init switch was given. if [ "$DB_INIT" == "yes" ]; then echo "Initializing database..." sudo -u git -H force=yes bundle exec rake gitlab:setup RAILS_ENV=production fi # migrate database and compile the assets if the gitlab version has changed. CACHE_VERSION= GITLAB_VERSION=$(cat VERSION) [ -f tmp/cache/VERSION ] && CACHE_VERSION=$(cat tmp/cache/VERSION) if [ "${GITLAB_VERSION}" != "${CACHE_VERSION}" ]; then echo "Migrating database..." sudo -u git -H bundle exec rake db:migrate RAILS_ENV=production 2>/dev/null # recreate the tmp directory rm -rf ${GITLAB_DATA_DIR}/tmp sudo -u git -H mkdir -p ${GITLAB_DATA_DIR}/tmp/ chmod -R u+rwX ${GITLAB_DATA_DIR}/tmp/ # create the tmp/cache and tmp/public/assets directory sudo -u git -H mkdir -p ${GITLAB_DATA_DIR}/tmp/cache/ sudo -u git -H mkdir -p ${GITLAB_DATA_DIR}/tmp/public/assets/ echo "Compiling assets. Please be patient, this could take a while..." sudo -u git -H bundle exec rake assets:clean RAILS_ENV=production sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production 2>/dev/null sudo -u git -H touch tmp/cache/VERSION sudo -u git -H echo "${GITLAB_VERSION}" > tmp/cache/VERSION fi # remove stale unicorn and sidekiq pid's if they exist. rm -rf tmp/pids/unicorn.pid rm -rf tmp/pids/sidekiq.pid # start the gitlab application sudo -u git -H /etc/init.d/gitlab start # create satellite directories sudo -u git -H bundle exec rake gitlab:satellites:create RAILS_ENV=production sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production # setup cron job for automatic backups case "${GITLAB_BACKUPS}" in daily) sudo -u git -H cat > /tmp/cron.git < /tmp/cron.git </dev/null && rm -rf /tmp/cron.git # watch the access logs tail -F /var/log/nginx/gitlab_access.log } appStop() { echo "" /etc/init.d/gitlab stop echo "Stopping crond..." supervisorctl stop cron >/dev/null echo "Stopping sshd..." supervisorctl stop sshd >/dev/null echo "Stopping nginx..." supervisorctl stop nginx >/dev/null echo "Stopping mysqld..." supervisorctl stop mysqld >/dev/null echo "Stopping redis-server..." supervisorctl stop redis-server >/dev/null echo "Stopping supervisord..." kill -15 $(cat /var/run/supervisord.pid) exit } appSanitize () { echo "Checking repository directories permissions..." chmod -R ug+rwX,o-rwx ${GITLAB_DATA_DIR}/repositories/ sudo -u git -H chmod -R ug-s ${GITLAB_DATA_DIR}/repositories/ find ${GITLAB_DATA_DIR}/repositories/ -type d -print0 | xargs -0 sudo -u git -H chmod g+s chown -R git:git ${GITLAB_DATA_DIR}/repositories echo "Checking satellites directories permissions..." sudo -u git -H mkdir -p ${GITLAB_DATA_DIR}/gitlab-satellites/ chmod u+rwx,g=rx,o-rwx ${GITLAB_DATA_DIR}/gitlab-satellites chown -R git:git ${GITLAB_DATA_DIR}/gitlab-satellites echo "Checking uploads directory permissions..." chmod -R u+rwX ${GITLAB_DATA_DIR}/uploads/ chown git:git -R ${GITLAB_DATA_DIR}/uploads/ echo "Checking tmp directory permissions..." chmod -R u+rwX ${GITLAB_DATA_DIR}/tmp/ chown git:git -R ${GITLAB_DATA_DIR}/tmp/ } appRake () { if [ -z ${1} ]; then echo "Please specify the rake task to execute. See https://github.com/gitlabhq/gitlabhq/tree/master/doc/raketasks" return 1 fi echo "Running gitlab rake task..." if [ "$1" == "gitlab:backup:restore" ]; then # user needs to select the backup to restore nBackups=$(ls ${GITLAB_BACKUP_DIR}/*_gitlab_backup.tar | wc -l) if [ $nBackups -eq 0 ]; then echo "No backup present. Cannot continue restore process.". return 1 fi for b in `ls ${GITLAB_BACKUP_DIR} | sort -r` do echo " ├ $b" done read -p "Select a backup to restore: " file if [ ! -f "${GITLAB_BACKUP_DIR}/${file}" ]; then echo "Specified backup does not exist. Aborting..." return 1 fi timestamp=$(echo $file | cut -d'_' -f1) sudo -u git -H bundle exec rake gitlab:backup:restore BACKUP=$timestamp RAILS_ENV=production else [ "$1" == "gitlab:import:repos" ] && appSanitize sudo -u git -H bundle exec rake $@ RAILS_ENV=production fi } appHelp () { echo "Available options:" echo " app:start - Starts the gitlab server (default)" echo " app:sanitize - Fix repository/satellites directory permissions." echo " app:rake - Execute a rake task." echo " app:help - Displays the help" echo " [command] - Execute the specified linux command eg. bash." } case "$1" in app:start) appStart ;; app:sanitize) appSanitize ;; app:rake) shift 1 appRake $@ ;; app:help) appHelp ;; *) if [ -x $1 ]; then $1 else prog=$(which $1) if [ -n "${prog}" ] ; then shift 1 $prog $@ else appHelp fi fi ;; esac exit 0