mirror of
https://github.com/sameersbn/docker-gitlab.git
synced 2025-12-08 17:36:24 +00:00
4c4fc65632
squash following commits: - 32f5332b05a6064169e6cc07d9c4a60b6a3dc7c5 for configgitlab-pages/config - f974a0197c74ca17343e5e3ff99a633347d8ad67 for config/gitlab-shell/config.yml - 1104bacb29ed7f20bdf20015552299bd08ae7313 for config/gitlabhq/cable.yml - 6ce37d8706cb289136385a7c498ad8c42faaab2c for config/gitlabhq/resque.yml - 7336e042728f63da2cc302b6fd6f975eb26566dc for config/nginx/gitlab - 1f39dcaabe7d3daa3b70ef0ae98ea8e30659e1e0 for config/nginx/gitlab-pages - 76aaf571e992c6e5b970a437f8c46158d9867d65 for config/nginx/gitlab-ssl - 549f717ec0810c8e11f30fb40f08997c0b84b5e3 for env-defaults but without KAS-related configs (original: add WEBTOKEN secret, remove GITLAB_KAS_SECRET)
683 lines
37 KiB
Bash
683 lines
37 KiB
Bash
#!/bin/bash
|
|
|
|
# CONTAINER
|
|
DEBUG=${DEBUG:-$DEBUG_ENTRYPOINT}
|
|
TIMEZONE=${TZ:-UTC}
|
|
|
|
## GITLAB CORE
|
|
GITLAB_TEMP_DIR="${GITLAB_DATA_DIR}/tmp"
|
|
GITLAB_BACKUP_DIR="${GITLAB_BACKUP_DIR:-$GITLAB_DATA_DIR/backups}"
|
|
GITLAB_BACKUP_DIR_CHOWN=${GITLAB_BACKUP_DIR_CHOWN:-true}
|
|
GITLAB_BACKUP_DIR_GROUP=${GITLAB_BACKUP_DIR_GROUP:-}
|
|
GITLAB_REPOS_DIR="${GITLAB_REPOS_DIR:-$GITLAB_DATA_DIR/repositories}"
|
|
GITLAB_BUILDS_DIR="${GITLAB_BUILDS_DIR:-$GITLAB_DATA_DIR/builds}"
|
|
GITLAB_DOWNLOADS_DIR="${GITLAB_DOWNLOADS_DIR:-$GITLAB_TEMP_DIR/downloads}"
|
|
GITLAB_SHARED_DIR="${GITLAB_SHARED_DIR:-$GITLAB_DATA_DIR/shared}"
|
|
GITLAB_DEFAULT_THEME=${GITLAB_DEFAULT_THEME:-2}
|
|
GITLAB_HTTPS=${GITLAB_HTTPS:-false}
|
|
GITLAB_HOST=${GITLAB_HOST:-127.0.0.1}
|
|
GITLAB_CI_HOST=${GITLAB_CI_HOST:-}
|
|
GITLAB_PORT=${GITLAB_PORT:-}
|
|
GITLAB_IMPERSONATION_ENABLED=${GITLAB_IMPERSONATION_ENABLED:-true}
|
|
if [[ $GITLAB_HTTPS == true ]]; then
|
|
GITLAB_PORT=${GITLAB_PORT:-443}
|
|
else
|
|
GITLAB_PORT=${GITLAB_PORT:-80}
|
|
fi
|
|
|
|
## SSH
|
|
GITLAB_SSH_HOST=${GITLAB_SSH_HOST:-$GITLAB_HOST}
|
|
GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-$GITLAB_SHELL_SSH_PORT} # for backwards compatibility
|
|
GITLAB_SSH_LISTEN_PORT=${GITLAB_SSH_LISTEN_PORT:-22}
|
|
GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-$GITLAB_SSH_LISTEN_PORT}
|
|
GITLAB_SSH_MAXSTARTUPS=${GITLAB_SSH_MAXSTARTUPS:-10:30:60}
|
|
|
|
NGINX_HSTS_ENABLED=${NGINX_HSTS_ENABLED:-$GITLAB_HTTPS_HSTS_ENABLED} # backward compatibility
|
|
NGINX_HSTS_ENABLED=${NGINX_HSTS_ENABLED:-true}
|
|
|
|
NGINX_HSTS_MAXAGE=${NGINX_HSTS_MAXAGE:-$GITLAB_HTTPS_HSTS_MAXAGE} # backward compatibility
|
|
NGINX_HSTS_MAXAGE=${NGINX_HSTS_MAXAGE:-31536000}
|
|
|
|
## DATABASE
|
|
DB_ADAPTER=${DB_ADAPTER:-postgresql}
|
|
DB_ENCODING=${DB_ENCODING:-}
|
|
DB_HOST=${DB_HOST:-}
|
|
DB_PORT=${DB_PORT:-}
|
|
DB_NAME=${DB_NAME:-}
|
|
DB_USER=${DB_USER:-}
|
|
DB_PASS=${DB_PASS:-}
|
|
DB_POOL=${DB_POOL:-10}
|
|
DB_PREPARED_STATEMENTS=${DB_PREPARED_STATEMENTS:-true}
|
|
|
|
# backward compatibility
|
|
case ${DB_TYPE} in
|
|
postgres) DB_ADAPTER=${DB_ADAPTER:-postgresql} ;;
|
|
esac
|
|
|
|
## REDIS
|
|
REDIS_HOST=${REDIS_HOST:-}
|
|
REDIS_PORT=${REDIS_PORT:-}
|
|
REDIS_DB_NUMBER=${REDIS_DB_NUMBER:-0}
|
|
|
|
## SIDEKIQ
|
|
SIDEKIQ_SHUTDOWN_TIMEOUT=${SIDEKIQ_SHUTDOWN_TIMEOUT:-4}
|
|
SIDEKIQ_CONCURRENCY=${SIDEKIQ_CONCURRENCY:-25}
|
|
SIDEKIQ_MEMORY_KILLER_MAX_RSS=${SIDEKIQ_MEMORY_KILLER_MAX_RSS:-2000000}
|
|
GITLAB_SIDEKIQ_LOG_FORMAT=${GITLAB_SIDEKIQ_LOG_FORMAT:-json}
|
|
|
|
## PUMA
|
|
PUMA_THREADS_MIN=${PUMA_THREADS_MIN:-1}
|
|
PUMA_THREADS_MAX=${PUMA_THREADS_MAX:-16}
|
|
PUMA_WORKERS=${PUMA_WORKERS:-3}
|
|
PUMA_TIMEOUT=${PUMA_TIMEOUT:-60}
|
|
PUMA_PER_WORKER_MAX_MEMORY_MB=${PUMA_PER_WORKER_MAX_MEMORY_MB:-1024}
|
|
PUMA_MASTER_MAX_MEMORY_MB=${PUMA_MASTER_MAX_MEMORY_MB:-800}
|
|
|
|
# Set Default values according to the documentation
|
|
# https://docs.gitlab.com/ee/administration/operations/unicorn.html#unicorn-worker-killer
|
|
GITLAB_UNICORN_MEMORY_MIN=${GITLAB_UNICORN_MEMORY_MIN:-1073741824}
|
|
GITLAB_UNICORN_MEMORY_MAX=${GITLAB_UNICORN_MEMORY_MAX:-1342177280}
|
|
|
|
|
|
##
|
|
GITLAB_TIMEZONE=${GITLAB_TIMEZONE:-UTC}
|
|
GITLAB_SIGNUP_ENABLED=${GITLAB_SIGNUP_ENABLED:-true}
|
|
GITLAB_ISSUE_CLOSING_PATTERN=${GITLAB_ISSUE_CLOSING_PATTERN:-'\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)'}
|
|
GITLAB_PROJECTS_LIMIT=${GITLAB_PROJECTS_LIMIT:-100}
|
|
GITLAB_USERNAME_CHANGE=${GITLAB_USERNAME_CHANGE:-true}
|
|
GITLAB_CREATE_GROUP=${GITLAB_CREATE_GROUP:-true}
|
|
GITLAB_PROJECTS_ISSUES=${GITLAB_PROJECTS_ISSUES:-true}
|
|
GITLAB_PROJECTS_MERGE_REQUESTS=${GITLAB_PROJECTS_MERGE_REQUESTS:-true}
|
|
GITLAB_PROJECTS_WIKI=${GITLAB_PROJECTS_WIKI:-true}
|
|
GITLAB_PROJECTS_SNIPPETS=${GITLAB_PROJECTS_SNIPPETS:-true}
|
|
GITLAB_PROJECTS_BUILDS=${GITLAB_PROJECTS_BUILDS:-true}
|
|
GITLAB_PROJECTS_CONTAINER_REGISTRY=${GITLAB_PROJECTS_CONTAINER_REGISTRY:-true}
|
|
GITLAB_RELATIVE_URL_ROOT=${GITLAB_RELATIVE_URL_ROOT:-}
|
|
GITLAB_TRUSTED_PROXIES=${GITLAB_TRUSTED_PROXIES:-}
|
|
if [[ -z ${GITLAB_RELATIVE_URL_ROOT} || ${GITLAB_RELATIVE_URL_ROOT} == / ]]; then # should not be set to `/`
|
|
GITLAB_RELATIVE_URL_ROOT=
|
|
fi
|
|
|
|
GITLAB_WEBHOOK_TIMEOUT=${GITLAB_WEBHOOK_TIMEOUT:-10}
|
|
|
|
GITLAB_WORKHORSE_TIMEOUT=${GITLAB_WORKHORSE_TIMEOUT:-5m0s}
|
|
|
|
# OBJECTSTORE
|
|
GITLAB_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_OBJECT_STORE_CONNECTION_PROVIDER:-AWS}
|
|
|
|
#-- AWS
|
|
AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-AWS_ACCESS_KEY_ID}
|
|
AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-AWS_SECRET_ACCESS_KEY}
|
|
AWS_REGION=${AWS_REGION:-us-east-1}
|
|
AWS_HOST=${AWS_HOST:-s3.amazonaws.com}
|
|
AWS_ENDPOINT=${AWS_ENDPOINT:-nil}
|
|
AWS_PATH_STYLE=${AWS_PATH_STYLE:-true}
|
|
AWS_SIGNATURE_VERSION=${AWS_SIGNATURE_VERSION:-4}
|
|
|
|
#-- Google
|
|
GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
|
|
GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
|
|
GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-"/gcs/key.json"}
|
|
|
|
## ARTIFACTS
|
|
GITLAB_ARTIFACTS_ENABLED=${GITLAB_ARTIFACTS_ENABLED:-true}
|
|
GITLAB_ARTIFACTS_DIR="${GITLAB_ARTIFACTS_DIR:-$GITLAB_SHARED_DIR/artifacts}"
|
|
|
|
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED=${GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED:-false}
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY:-artifacts}
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD=${GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD:-false}
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD=${GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD:-false}
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD=${GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD:-false}
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER}
|
|
|
|
# ARTIFACTS:AWS
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY_ID}
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_ACCESS_KEY}
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_REGION=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_REGION:-$AWS_REGION}
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST:-$AWS_HOST}
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT:-$AWS_ENDPOINT}
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE:-$AWS_PATH_STYLE}
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION:-$AWS_SIGNATURE_VERSION}
|
|
|
|
# ARTIFACTS:Google
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
|
|
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}
|
|
|
|
## PACKAGES
|
|
GITLAB_PACKAGES_ENABLED=${GITLAB_PACKAGES_ENABLED:-true}
|
|
GITLAB_PACKAGES_DIR="${GITLAB_PACKAGES_DIR:-$GITLAB_SHARED_DIR/packages}"
|
|
|
|
|
|
GITLAB_PACKAGES_OBJECT_STORE_ENABLED=${GITLAB_PACKAGES_OBJECT_STORE_ENABLED:-false}
|
|
GITLAB_PACKAGES_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_PACKAGES_OBJECT_STORE_REMOTE_DIRECTORY:-packages}
|
|
GITLAB_PACKAGES_OBJECT_STORE_DIRECT_UPLOAD=${GITLAB_PACKAGES_OBJECT_STORE_DIRECT_UPLOAD:-false}
|
|
GITLAB_PACKAGES_OBJECT_STORE_BACKGROUND_UPLOAD=${GITLAB_PACKAGES_OBJECT_STORE_BACKGROUND_UPLOAD:-false}
|
|
GITLAB_PACKAGES_OBJECT_STORE_PROXY_DOWNLOAD=${GITLAB_PACKAGES_OBJECT_STORE_PROXY_DOWNLOAD:-false}
|
|
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER}
|
|
|
|
# PACKAGES:AWS
|
|
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY_ID}
|
|
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_ACCESS_KEY}
|
|
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_REGION=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_REGION:-$AWS_REGION}
|
|
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_HOST=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_HOST:-$AWS_HOST}
|
|
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_ENDPOINT=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_ENDPOINT:-$AWS_ENDPOINT}
|
|
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE:-$AWS_PATH_STYLE}
|
|
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION:-$AWS_SIGNATURE_VERSION}
|
|
|
|
# PACKAGES:Google
|
|
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
|
|
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
|
|
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}
|
|
|
|
## TERRAFORM STATE
|
|
GITLAB_TERRAFORM_STATE_ENABLED=${GITLAB_TERRAFORM_STATE_ENABLED:-true}
|
|
GITLAB_TERRAFORM_STATE_STORAGE_PATH="${GITLAB_TERRAFORM_STATE_STORAGE_PATH:-$GITLAB_SHARED_DIR/terraform_state}"
|
|
|
|
GITLAB_TERRAFORM_STATE_OBJECT_STORE_ENABLED=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_ENABLED:-false}
|
|
GITLAB_TERRAFORM_STATE_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_REMOTE_DIRECTORY:-terraform_state}
|
|
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER}
|
|
|
|
# TERRAFORM STATE:AWS
|
|
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY_ID}
|
|
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_ACCESS_KEY}
|
|
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_REGION=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_REGION:-$AWS_REGION}
|
|
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_HOST=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_HOST:-$AWS_HOST}
|
|
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_ENDPOINT=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_ENDPOINT:-$AWS_ENDPOINT}
|
|
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE:-$AWS_PATH_STYLE}
|
|
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION:-$AWS_SIGNATURE_VERSION}
|
|
|
|
# TERRAFORM STATE:Google
|
|
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
|
|
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
|
|
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}
|
|
|
|
## Cron Jobs
|
|
GITLAB_PIPELINE_SCHEDULE_WORKER_CRON=${GITLAB_PIPELINE_SCHEDULE_WORKER_CRON:-"19 * * * *"}
|
|
|
|
## LFS
|
|
GITLAB_LFS_ENABLED=${GITLAB_LFS_ENABLED:-true}
|
|
GITLAB_LFS_OBJECTS_DIR="${GITLAB_LFS_OBJECTS_DIR:-$GITLAB_SHARED_DIR/lfs-objects}"
|
|
|
|
GITLAB_LFS_OBJECT_STORE_ENABLED=${GITLAB_LFS_OBJECT_STORE_ENABLED:-false}
|
|
GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY:-lfs-objects}
|
|
GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD=${GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD:-false}
|
|
GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD=${GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD:-false}
|
|
GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD=${GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD:-false}
|
|
GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER}
|
|
|
|
# LFS:AWS
|
|
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY_ID}
|
|
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_ACCESS_KEY}
|
|
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_REGION=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_REGION:-$AWS_REGION}
|
|
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST:-$AWS_HOST}
|
|
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT:-$AWS_ENDPOINT}
|
|
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE:-$AWS_PATH_STYLE}
|
|
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION:-$AWS_SIGNATURE_VERSION}
|
|
|
|
# LFS:Google
|
|
GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
|
|
GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
|
|
GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}
|
|
|
|
## Uploads
|
|
GITLAB_UPLOADS_STORAGE_PATH="${GITLAB_UPLOADS_STORAGE_PATH:-$GITLAB_INSTALL_DIR/public}"
|
|
GITLAB_UPLOADS_BASE_DIR="${GITLAB_UPLOADS_BASE_DIR:-uploads/-/system}"
|
|
|
|
GITLAB_UPLOADS_OBJECT_STORE_ENABLED=${GITLAB_UPLOADS_OBJECT_STORE_ENABLED:-false}
|
|
GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY:-uploads}
|
|
GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD=${GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD:-false}
|
|
GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD=${GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD:-false}
|
|
GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD=${GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD:-false}
|
|
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER}
|
|
|
|
# Uploads:AWS
|
|
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY_ID}
|
|
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_ACCESS_KEY}
|
|
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_REGION=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_REGION:-$AWS_REGION}
|
|
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST:-$AWS_HOST}
|
|
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT:-$AWS_ENDPOINT}
|
|
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE:-$AWS_PATH_STYLE}
|
|
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION:-$AWS_SIGNATURE_VERSION}
|
|
|
|
# Uploads:Google
|
|
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
|
|
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
|
|
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}
|
|
|
|
|
|
## Mattermost
|
|
GITLAB_MATTERMOST_ENABLED=${GITLAB_MATTERMOST_ENABLED:-false}
|
|
GITLAB_MATTERMOST_URL=${GITLAB_MATTERMOST_URL:-https://mattermost.example.com}
|
|
|
|
# secrets
|
|
GITLAB_SECRETS_DB_KEY_BASE=${GITLAB_SECRETS_DB_KEY_BASE:-}
|
|
GITLAB_SECRETS_SECRET_KEY_BASE=${GITLAB_SECRETS_SECRET_KEY_BASE:-}
|
|
GITLAB_SECRETS_OTP_KEY_BASE=${GITLAB_SECRETS_OTP_KEY_BASE:-}
|
|
GITLAB_SECRETS_ENCRYPTED_SETTINGS_KEY_BASE=${GITLAB_SECRETS_ENCRYPTED_SETTINGS_KEY_BASE:-}
|
|
GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY:-}
|
|
GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY:-}
|
|
GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT:-}
|
|
|
|
GITLAB_NOTIFY_ON_BROKEN_BUILDS=${GITLAB_NOTIFY_ON_BROKEN_BUILDS:-true}
|
|
GITLAB_NOTIFY_PUSHER=${GITLAB_NOTIFY_PUSHER:-false}
|
|
|
|
GITLAB_ROBOTS_PATH=${GITLAB_ROBOTS_PATH:-${USERCONF_TEMPLATES_DIR}/gitlabhq/robots.txt}
|
|
|
|
## REGISTRY
|
|
GITLAB_REGISTRY_ENABLED=${GITLAB_REGISTRY_ENABLED:-false}
|
|
GITLAB_REGISTRY_DIR="${GITLAB_REGISTRY_DIR:-$GITLAB_SHARED_DIR/registry}"
|
|
GITLAB_REGISTRY_HOST=${GITLAB_REGISTRY_HOST:-registry.example.com}
|
|
GITLAB_REGISTRY_PORT=${GITLAB_REGISTRY_PORT:-443}
|
|
GITLAB_REGISTRY_API_URL=${GITLAB_REGISTRY_API_URL:-http://127.0.0.1:5000/}
|
|
GITLAB_REGISTRY_KEY_PATH=${GITLAB_REGISTRY_KEY_PATH:-config/registry.key}
|
|
GITLAB_REGISTRY_ISSUER=${GITLAB_REGISTRY_ISSUER:-gitlab-issuer}
|
|
GITLAB_REGISTRY_GENERATE_INTERNAL_CERTIFICATES=${GITLAB_REGISTRY_GENERATE_INTERNAL_CERTIFICATES:-false}
|
|
|
|
## SSL
|
|
SSL_SELF_SIGNED=${SSL_SELF_SIGNED:-false}
|
|
SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-$GITLAB_DATA_DIR/certs/gitlab.crt}
|
|
SSL_KEY_PATH=${SSL_KEY_PATH:-$GITLAB_DATA_DIR/certs/gitlab.key}
|
|
SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-$GITLAB_DATA_DIR/certs/dhparam.pem}
|
|
SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
|
|
SSL_CIPHERS=${SSL_CIPHERS:-'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'}
|
|
SSL_PROTOCOLS=${SSL_PROTOCOLS:-'TLSv1 TLSv1.1 TLSv1.2 TLSv1.3'}
|
|
|
|
SSL_REGISTRY_KEY_PATH=${SSL_REGISTRY_KEY_PATH:-$GITLAB_REGISTRY_KEY_PATH}
|
|
SSL_REGISTRY_KEY_PATH=${SSL_REGISTRY_KEY_PATH:-$GITLAB_DATA_DIR/certs/registry.key}
|
|
SSL_REGISTRY_CERT_PATH=${SSL_REGISTRY_CERT_PATH:-$GITLAB_REGISTRY_CERT_PATH}
|
|
SSL_REGISTRY_CERT_PATH=${SSL_REGISTRY_CERT_PATH:-$GITLAB_DATA_DIR/certs/registry.crt}
|
|
SSL_REGISTRY_CIPHERS=${SSL_REGISTRY_CIPHERS:-$SSL_CIPHERS}
|
|
SSL_REGISTRY_PROTOCOLS=${SSL_REGISTRY_PROTOCOLS:-$SSL_PROTOCOLS}
|
|
|
|
SSL_PAGES_KEY_PATH=${SSL_PAGES_KEY_PATH:-$GITLAB_DATA_DIR/certs/pages.key}
|
|
SSL_PAGES_CERT_PATH=${SSL_PAGES_CERT_PATH:-$GITLAB_DATA_DIR/certs/pages.crt}
|
|
SSL_PAGES_CIPHERS=${SSL_PAGES_CIPHERS:-$SSL_CIPHERS}
|
|
SSL_PAGES_PROTOCOLS=${SSL_PAGES_PROTOCOLS:-$SSL_PROTOCOLS}
|
|
|
|
SSL_CA_CERTIFICATES_PATH=${SSL_CA_CERTIFICATES_PATH:-$CA_CERTIFICATES_PATH} # backward compatibility
|
|
SSL_CA_CERTIFICATES_PATH=${SSL_CA_CERTIFICATES_PATH:-$GITLAB_DATA_DIR/certs/ca.crt}
|
|
|
|
## BACKUPS
|
|
GITLAB_BACKUP_SCHEDULE=${GITLAB_BACKUP_SCHEDULE:-$GITLAB_BACKUPS} # backward compatibility
|
|
GITLAB_BACKUP_SCHEDULE=${GITLAB_BACKUP_SCHEDULE:-disable}
|
|
GITLAB_BACKUP_TIME=${GITLAB_BACKUP_TIME:-04:00}
|
|
GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-}
|
|
GITLAB_BACKUP_PG_SCHEMA=${GITLAB_BACKUP_PG_SCHEMA:-}
|
|
GITLAB_BACKUP_ARCHIVE_PERMISSIONS=${GITLAB_BACKUP_ARCHIVE_PERMISSIONS:-0600}
|
|
case ${GITLAB_BACKUP_SCHEDULE} in
|
|
daily|weekly|monthly) GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-604800} ;;
|
|
disable|*) GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-0} ;;
|
|
esac
|
|
|
|
### AWS BACKUPS
|
|
AWS_BACKUPS=${AWS_BACKUPS:-false}
|
|
AWS_BACKUP_REGION=${AWS_BACKUP_REGION}
|
|
AWS_BACKUP_ENDPOINT=${AWS_BACKUP_ENDPOINT}
|
|
AWS_BACKUP_PATH_STYLE=${AWS_BACKUP_PATH_STYLE:-false}
|
|
AWS_BACKUP_ACCESS_KEY_ID=${AWS_BACKUP_ACCESS_KEY_ID}
|
|
AWS_BACKUP_SECRET_ACCESS_KEY=${AWS_BACKUP_SECRET_ACCESS_KEY}
|
|
AWS_BACKUP_BUCKET=${AWS_BACKUP_BUCKET}
|
|
AWS_BACKUP_MULTIPART_CHUNK_SIZE=${AWS_BACKUP_MULTIPART_CHUNK_SIZE}
|
|
AWS_BACKUP_ENCRYPTION=${AWS_BACKUP_ENCRYPTION}
|
|
AWS_BACKUP_STORAGE_CLASS=${AWS_BACKUP_STORAGE_CLASS:-STANDARD}
|
|
AWS_BACKUP_SIGNATURE_VERSION=${AWS_BACKUP_SIGNATURE_VERSION:-4}
|
|
|
|
### GCS BACKUPS
|
|
GCS_BACKUPS=${GCS_BACKUPS:-false}
|
|
GCS_BACKUP_ACCESS_KEY_ID=${GCS_BACKUP_ACCESS_KEY_ID}
|
|
GCS_BACKUP_SECRET_ACCESS_KEY=${GCS_BACKUP_SECRET_ACCESS_KEY}
|
|
GCS_BACKUP_BUCKET=${GCS_BACKUP_BUCKET}
|
|
|
|
## NGINX
|
|
NGINX_SERVER_NAMES_HASH_BUCKET_SIZE=${NGINX_SERVER_NAMES_HASH_BUCKET_SIZE:-32};
|
|
NGINX_WORKERS=${NGINX_WORKERS:-1}
|
|
NGINX_ACCEL_BUFFERING=${NGINX_ACCEL_BUFFERING:-no}
|
|
NGINX_PROXY_BUFFERING=${NGINX_PROXY_BUFFERING:-off}
|
|
NGINX_REAL_IP_RECURSIVE=${NGINX_REAL_IP_RECURSIVE:-off}
|
|
NGINX_REAL_IP_TRUSTED_ADDRESSES=${NGINX_REAL_IP_TRUSTED_ADDRESSES:-}
|
|
case ${GITLAB_HTTPS} in
|
|
true) NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-https} ;;
|
|
*) NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-\$scheme} ;;
|
|
esac
|
|
NGINX_CUSTOM_GITLAB_SERVER_CONFIG=${NGINX_CUSTOM_GITLAB_SERVER_CONFIG:-}
|
|
|
|
## MAIL DELIVERY
|
|
SMTP_DOMAIN=${SMTP_DOMAIN:-www.gmail.com}
|
|
SMTP_HOST=${SMTP_HOST:-smtp.gmail.com}
|
|
SMTP_PORT=${SMTP_PORT:-587}
|
|
SMTP_USER=${SMTP_USER:-}
|
|
SMTP_PASS=${SMTP_PASS:-}
|
|
SMTP_OPENSSL_VERIFY_MODE=${SMTP_OPENSSL_VERIFY_MODE:-none}
|
|
SMTP_STARTTLS=${SMTP_STARTTLS:-true}
|
|
SMTP_TLS=${SMTP_TLS:-false}
|
|
SMTP_CA_ENABLED=${SMTP_CA_ENABLED:-false}
|
|
SMTP_CA_PATH=${SMTP_CA_PATH:-$GITLAB_DATA_DIR/certs}
|
|
SMTP_CA_FILE=${SMTP_CA_FILE:-$GITLAB_DATA_DIR/certs/ca.crt}
|
|
if [[ -n ${SMTP_USER} ]]; then
|
|
SMTP_ENABLED=${SMTP_ENABLED:-true}
|
|
SMTP_AUTHENTICATION=${SMTP_AUTHENTICATION:-login}
|
|
fi
|
|
SMTP_ENABLED=${SMTP_ENABLED:-false}
|
|
GITLAB_EMAIL_ENABLED=${GITLAB_EMAIL_ENABLED:-${SMTP_ENABLED}}
|
|
GITLAB_EMAIL=${GITLAB_EMAIL:-${SMTP_USER}}
|
|
GITLAB_EMAIL_REPLY_TO=${GITLAB_EMAIL_REPLY_TO:-${GITLAB_EMAIL}}
|
|
GITLAB_EMAIL_SUBJECT_SUFFIX=${GITLAB_EMAIL_SUBJECT_SUFFIX:-}
|
|
GITLAB_EMAIL=${GITLAB_EMAIL:-example@example.com}
|
|
GITLAB_EMAIL_REPLY_TO=${GITLAB_EMAIL_REPLY_TO:-noreply@example.com}
|
|
GITLAB_EMAIL_DISPLAY_NAME=${GITLAB_EMAIL_DISPLAY_NAME:-GitLab}
|
|
GITLAB_EMAIL_SMIME_ENABLE=${GITLAB_EMAIL_SMIME_ENABLE:-false}
|
|
GITLAB_EMAIL_SMIME_KEY_FILE=${GITLAB_EMAIL_SMIME_KEY_FILE:-}
|
|
GITLAB_EMAIL_SMIME_CERT_FILE=${GITLAB_EMAIL_SMIME_CERT_FILE:-}
|
|
|
|
## INCOMING MAIL
|
|
IMAP_HOST=${IMAP_HOST:-imap.gmail.com}
|
|
IMAP_PORT=${IMAP_PORT:-993}
|
|
IMAP_USER=${IMAP_USER:-}
|
|
IMAP_PASS=${IMAP_PASS:-}
|
|
IMAP_SSL=${IMAP_SSL:-true}
|
|
IMAP_STARTTLS=${IMAP_STARTTLS:-false}
|
|
IMAP_MAILBOX=${IMAP_MAILBOX:-inbox}
|
|
IMAP_TIMEOUT=${IMAP_TIMEOUT:-60}
|
|
|
|
if [[ -n ${IMAP_USER} ]]; then
|
|
IMAP_ENABLED=${IMAP_ENABLED:-true}
|
|
fi
|
|
IMAP_ENABLED=${IMAP_ENABLED:-false}
|
|
GITLAB_INCOMING_EMAIL_ENABLED=${GITLAB_INCOMING_EMAIL_ENABLED:-${IMAP_ENABLED}}
|
|
GITLAB_INCOMING_EMAIL_ADDRESS=${GITLAB_INCOMING_EMAIL_ADDRESS:-${IMAP_USER}}
|
|
GITLAB_INCOMING_EMAIL_ADDRESS=${GITLAB_INCOMING_EMAIL_ADDRESS:-reply@example.com}
|
|
|
|
## LDAP
|
|
LDAP_ENABLED=${LDAP_ENABLED:-false}
|
|
LDAP_HOST=${LDAP_HOST:-}
|
|
LDAP_PORT=${LDAP_PORT:-389}
|
|
LDAP_UID=${LDAP_UID:-sAMAccountName}
|
|
LDAP_METHOD=${LDAP_METHOD:-plain}
|
|
LDAP_VERIFY_SSL=${LDAP_VERIFY_SSL:-true}
|
|
LDAP_CA_FILE=${LDAP_CA_FILE:-}
|
|
LDAP_SSL_VERSION=${LDAP_SSL_VERSION:-}
|
|
LDAP_BIND_DN=${LDAP_BIND_DN:-}
|
|
LDAP_PASS=${LDAP_PASS:-}
|
|
LDAP_TIMEOUT=${LDAP_TIMEOUT:-10}
|
|
LDAP_ACTIVE_DIRECTORY=${LDAP_ACTIVE_DIRECTORY:-true}
|
|
LDAP_BLOCK_AUTO_CREATED_USERS=${LDAP_BLOCK_AUTO_CREATED_USERS:-false}
|
|
LDAP_BASE=${LDAP_BASE:-}
|
|
LDAP_USER_FILTER=${LDAP_USER_FILTER:-}
|
|
LDAP_USER_ATTRIBUTE_USERNAME=${LDAP_USER_ATTRIBUTE_USERNAME:-['uid', 'userid', 'sAMAccountName']}
|
|
LDAP_USER_ATTRIBUTE_MAIL=${LDAP_USER_ATTRIBUTE_MAIL:-['mail', 'email', 'userPrincipalName']}
|
|
LDAP_USER_ATTRIBUTE_NAME=${LDAP_USER_ATTRIBUTE_NAME:-cn}
|
|
LDAP_USER_ATTRIBUTE_FIRSTNAME=${LDAP_USER_ATTRIBUTE_FIRSTNAME:-givenName}
|
|
LDAP_USER_ATTRIBUTE_LASTNAME=${LDAP_USER_ATTRIBUTE_LASTNAME:-sn}
|
|
LDAP_LOWERCASE_USERNAMES="${LDAP_LOWERCASE_USERNAMES:-false}"
|
|
LDAP_LABEL=${LDAP_LABEL:-LDAP}
|
|
LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-}
|
|
LDAP_PREVENT_LDAP_SIGN_IN=${LDAP_PREVENT_LDAP_SIGN_IN:-false}
|
|
case ${LDAP_UID} in
|
|
userPrincipalName) LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-false} ;;
|
|
*) LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-true}
|
|
esac
|
|
|
|
## GRAVATAR
|
|
GITLAB_GRAVATAR_ENABLED=${GITLAB_GRAVATAR_ENABLED:-true}
|
|
GITLAB_GRAVATAR_HTTP_URL=${GITLAB_GRAVATAR_HTTP_URL:-}
|
|
GITLAB_GRAVATAR_HTTPS_URL=${GITLAB_GRAVATAR_HTTPS_URL:-}
|
|
|
|
## OAUTH
|
|
OAUTH_ENABLED=${OAUTH_ENABLED:-}
|
|
OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=${OAUTH_AUTO_SIGN_IN_WITH_PROVIDER:-}
|
|
OAUTH_ALLOW_SSO=${OAUTH_ALLOW_SSO:-}
|
|
OAUTH_BLOCK_AUTO_CREATED_USERS=${OAUTH_BLOCK_AUTO_CREATED_USERS:-true}
|
|
OAUTH_AUTO_LINK_LDAP_USER=${OAUTH_AUTO_LINK_LDAP_USER:-false}
|
|
OAUTH_AUTO_LINK_SAML_USER=${OAUTH_AUTO_LINK_SAML_USER:-false}
|
|
OAUTH_EXTERNAL_PROVIDERS=${OAUTH_EXTERNAL_PROVIDERS:-}
|
|
OAUTH_ALLOW_BYPASS_TWO_FACTOR=${OAUTH_ALLOW_BYPASS_TWO_FACTOR:-false}
|
|
|
|
### GOOGLE
|
|
OAUTH_GOOGLE_API_KEY=${OAUTH_GOOGLE_API_KEY:-}
|
|
OAUTH_GOOGLE_APP_SECRET=${OAUTH_GOOGLE_APP_SECRET:-}
|
|
OAUTH_GOOGLE_APPROVAL_PROMPT=${OAUTH_GOOGLE_APPROVAL_PROMPT:-}
|
|
OAUTH_GOOGLE_RESTRICT_DOMAIN=${OAUTH_GOOGLE_RESTRICT_DOMAIN:-}
|
|
if [[ -n ${OAUTH_GOOGLE_RESTRICT_DOMAIN} ]]; then # backward compatibility
|
|
if [[ ${OAUTH_GOOGLE_RESTRICT_DOMAIN} != "'"* ]]; then
|
|
OAUTH_GOOGLE_RESTRICT_DOMAIN="'${OAUTH_GOOGLE_RESTRICT_DOMAIN}'"
|
|
fi
|
|
fi
|
|
|
|
### FACEBOOK
|
|
OAUTH_FACEBOOK_API_KEY=${OAUTH_FACEBOOK_API_KEY:-}
|
|
OAUTH_FACEBOOK_APP_SECRET=${OAUTH_FACEBOOK_APP_SECRET:-}
|
|
|
|
### TWITTER
|
|
OAUTH_TWITTER_API_KEY=${OAUTH_TWITTER_API_KEY:-}
|
|
OAUTH_TWITTER_APP_SECRET=${OAUTH_TWITTER_APP_SECRET:-}
|
|
|
|
## Authentiq
|
|
OAUTH_AUTHENTIQ_CLIENT_ID=${OAUTH_AUTHENTIQ_CLIENT_ID:-}
|
|
OAUTH_AUTHENTIQ_CLIENT_SECRET=${OAUTH_AUTHENTIQ_CLIENT_SECRET:-}
|
|
OAUTH_AUTHENTIQ_SCOPE=${OAUTH_AUTHENTIQ_SCOPE:-'aq:name email~rs address aq:push'}
|
|
OAUTH_AUTHENTIQ_REDIRECT_URI=${OAUTH_AUTHENTIQ_REDIRECT_URI:-}
|
|
|
|
### GITHUB
|
|
OAUTH_GITHUB_API_KEY=${OAUTH_GITHUB_API_KEY:-}
|
|
OAUTH_GITHUB_APP_SECRET=${OAUTH_GITHUB_APP_SECRET:-}
|
|
OAUTH_GITHUB_URL=${OAUTH_GITHUB_URL:-https://github.com/}
|
|
OAUTH_GITHUB_VERIFY_SSL=${OAUTH_GITHUB_VERIFY_SSL:-true}
|
|
OAUTH_GITHUB_SCOPE=${OAUTH_GITHUB_SCOPE:-user:email}
|
|
|
|
### GITLAB
|
|
OAUTH_GITLAB_API_KEY=${OAUTH_GITLAB_API_KEY:-}
|
|
OAUTH_GITLAB_APP_SECRET=${OAUTH_GITLAB_APP_SECRET:-}
|
|
OAUTH_GITLAB_SCOPE=${OAUTH_GITLAB_SCOPE:-api}
|
|
|
|
### BITBUCKET
|
|
OAUTH_BITBUCKET_API_KEY=${OAUTH_BITBUCKET_API_KEY:-}
|
|
OAUTH_BITBUCKET_APP_SECRET=${OAUTH_BITBUCKET_APP_SECRET:-}
|
|
OAUTH_BITBUCKET_URL=${OAUTH_BITBUCKET_URL:-https://bitbucket.org/}
|
|
|
|
### CROWD
|
|
OAUTH_CROWD_SERVER_URL=${OAUTH_CROWD_SERVER_URL:-}
|
|
OAUTH_CROWD_APP_NAME=${OAUTH_CROWD_APP_NAME:-}
|
|
OAUTH_CROWD_APP_PASSWORD=${OAUTH_CROWD_APP_PASSWORD:-}
|
|
|
|
## AZURE
|
|
OAUTH_AZURE_API_KEY=${OAUTH_AZURE_API_KEY:-}
|
|
OAUTH_AZURE_API_SECRET=${OAUTH_AZURE_API_SECRET:-}
|
|
OAUTH_AZURE_TENANT_ID=${OAUTH_AZURE_TENANT_ID:-}
|
|
|
|
## AZURE Active Directory V2 endpoint
|
|
OAUTH_AZURE_ACTIVEDIRECTORY_V2_LABEL=${OAUTH_AZURE_ACTIVEDIRECTORY_V2_LABEL:-'Azure AD v2'}
|
|
OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_ID=${OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_ID:-}
|
|
OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_SECRET=${OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_SECRET:-}
|
|
OAUTH_AZURE_ACTIVEDIRECTORY_V2_TENANT_ID=${OAUTH_AZURE_ACTIVEDIRECTORY_V2_TENANT_ID:-}
|
|
|
|
### SAML
|
|
case $GITLAB_HTTPS in
|
|
true)
|
|
OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=${OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL:-https://${GITLAB_HOST}/users/auth/saml/callback}
|
|
OAUTH_SAML_ISSUER=${OAUTH_SAML_ISSUER:-https://${GITLAB_HOST}}
|
|
;;
|
|
false)
|
|
OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=${OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL:-http://${GITLAB_HOST}/users/auth/saml/callback}
|
|
OAUTH_SAML_ISSUER=${OAUTH_SAML_ISSUER:-http://${GITLAB_HOST}}
|
|
;;
|
|
esac
|
|
OAUTH_SAML_LABEL=${OAUTH_SAML_LABEL:-'Our SAML Provider'}
|
|
OAUTH_SAML_IDP_CERT_FINGERPRINT=${OAUTH_SAML_IDP_CERT_FINGERPRINT:-}
|
|
OAUTH_SAML_IDP_SSO_TARGET_URL=${OAUTH_SAML_IDP_SSO_TARGET_URL:-}
|
|
OAUTH_SAML_NAME_IDENTIFIER_FORMAT=${OAUTH_SAML_NAME_IDENTIFIER_FORMAT:-urn:oasis:names:tc:SAML:2.0:nameid-format:transient}
|
|
OAUTH_SAML_GROUPS_ATTRIBUTE=${OAUTH_SAML_GROUPS_ATTRIBUTE:-}
|
|
OAUTH_SAML_EXTERNAL_GROUPS=${OAUTH_SAML_EXTERNAL_GROUPS:-}
|
|
OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL:-}
|
|
OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME:-}
|
|
OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME:-}
|
|
OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME:-}
|
|
OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME:-}
|
|
|
|
### CAS3
|
|
OAUTH_CAS3_LABEL=${OAUTH_CAS3_LABEL:-cas3}
|
|
OAUTH_CAS3_SERVER=${OAUTH_CAS3_SERVER:-}
|
|
OAUTH_CAS3_DISABLE_SSL_VERIFICATION=${OAUTH_CAS3_DISABLE_SSL_VERIFICATION:-false}
|
|
OAUTH_CAS3_LOGIN_URL=${OAUTH_CAS3_LOGIN_URL:-/cas/login}
|
|
OAUTH_CAS3_VALIDATE_URL=${OAUTH_CAS3_VALIDATE_URL:-/cas/p3/serviceValidate}
|
|
OAUTH_CAS3_LOGOUT_URL=${OAUTH_CAS3_LOGOUT_URL:-/cas/logout}
|
|
|
|
### AUTH0
|
|
OAUTH_AUTH0_SCOPE=${OAUTH_AUTH0_SCOPE:-openid profile email}
|
|
|
|
## OAUTH2 GENERIC
|
|
OAUTH2_GENERIC_APP_ID=${OAUTH2_GENERIC_APP_ID:-}
|
|
OAUTH2_GENERIC_APP_SECRET=${OAUTH2_GENERIC_APP_SECRET:-}
|
|
OAUTH2_GENERIC_CLIENT_SITE=${OAUTH2_GENERIC_CLIENT_SITE:-}
|
|
OAUTH2_GENERIC_CLIENT_USER_INFO_URL=${OAUTH2_GENERIC_CLIENT_USER_INFO_URL:-}
|
|
OAUTH2_GENERIC_CLIENT_AUTHORIZE_URL=${OAUTH2_GENERIC_CLIENT_AUTHORIZE_URL:-}
|
|
OAUTH2_GENERIC_CLIENT_TOKEN_URL=${OAUTH2_GENERIC_CLIENT_TOKEN_URL:-}
|
|
OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT=${OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT:-}
|
|
OAUTH2_GENERIC_ID_PATH=${OAUTH2_GENERIC_ID_PATH:-}
|
|
OAUTH2_GENERIC_USER_UID=${OAUTH2_GENERIC_USER_UID:-}
|
|
OAUTH2_GENERIC_USER_NAME=${OAUTH2_GENERIC_USER_NAME:-}
|
|
OAUTH2_GENERIC_USER_EMAIL=${OAUTH2_GENERIC_USER_EMAIL:-}
|
|
OAUTH2_GENERIC_AUTHORIZE_PARAMS_SCOPE=${OAUTH2_GENERIC_AUTHORIZE_PARAMS_SCOPE:-}
|
|
OAUTH2_GENERIC_LABEL=${OAUTH2_GENERIC_LABEL:-}
|
|
OAUTH2_GENERIC_NAME=${OAUTH2_GENERIC_NAME:-}
|
|
|
|
### OpenID Connect
|
|
OAUTH_OIDC_LABEL=${OAUTH_OIDC_LABEL:-'OpenID Connect'}
|
|
OAUTH_OIDC_ICON=${OAUTH_OIDC_ICON:-}
|
|
OAUTH_OIDC_SCOPE=${OAUTH_OIDC_SCOPE:-"['openid','profile','email']"}
|
|
OAUTH_OIDC_RESPONSE_TYPE=${OAUTH_OIDC_RESPONSE_TYPE:-'code'}
|
|
OAUTH_OIDC_ISSUER=${OAUTH_OIDC_ISSUER:-}
|
|
OAUTH_OIDC_DISCOVERY=${OAUTH_OIDC_DISCOVERY:-true}
|
|
OAUTH_OIDC_CLIENT_AUTH_METHOD=${OAUTH_OIDC_CLIENT_AUTH_METHOD:-'basic'}
|
|
OAUTH_OIDC_UID_FIELD=${OAUTH_OIDC_UID_FIELD:-sub}
|
|
OAUTH_OIDC_SEND_SCOPE_TO_TOKEN_EP=${OAUTH_OIDC_SEND_SCOPE_TO_TOKEN_EP:-false}
|
|
OAUTH_OIDC_PKCE=${OAUTH_OIDC_PKCE:-true}
|
|
OAUTH_OIDC_CLIENT_ID=${OAUTH_OIDC_CLIENT_ID:-}
|
|
OAUTH_OIDC_CLIENT_SECRET=${OAUTH_OIDC_CLIENT_SECRET:-'secret'}
|
|
case $GITLAB_HTTPS in
|
|
true)
|
|
OAUTH_OIDC_REDIRECT_URI=${OAUTH_OIDC_REDIRECT_URI:-https://${GITLAB_HOST}/users/auth/openid_connect/callback}
|
|
;;
|
|
false)
|
|
OAUTH_OIDC_REDIRECT_URI=${OAUTH_OIDC_REDIRECT_URI:-http://${GITLAB_HOST}/users/auth/openid_connect/callback}
|
|
;;
|
|
esac
|
|
|
|
### JWT
|
|
OAUTH_JWT_LABEL=${OAUTH_JWT_LABEL:-'Jwt'}
|
|
OAUTH_JWT_SECRET=${OAUTH_JWT_SECRET:-}
|
|
OAUTH_JWT_ALGORITHM=${OAUTH_JWT_ALGORITHM:-'HS256'}
|
|
OAUTH_JWT_UID_CLAIM=${OAUTH_JWT_UID_CLAIM:-'email'}
|
|
OAUTH_JWT_REQUIRED_CLAIMS=${OAUTH_JWT_REQUIRED_CLAIMS:-'["name", "email"]'}
|
|
OAUTH_JWT_INFO_MAP_NAME=${OAUTH_JWT_INFO_MAP_NAME:-'name'}
|
|
OAUTH_JWT_INFO_MAP_EMAIL=${OAUTH_JWT_INFO_MAP_EMAIL:-'email'}
|
|
OAUTH_JWT_AUTH_URL=${OAUTH_JWT_AUTH_URL:-}
|
|
OAUTH_JWT_VALID_WITHIN=${OAUTH_JWT_VALID_WITHIN:-3600}
|
|
|
|
## ANALYTICS
|
|
|
|
### GOOGLE
|
|
GOOGLE_ANALYTICS_ID=${GOOGLE_ANALYTICS_ID:-}
|
|
|
|
### PIWIK
|
|
PIWIK_URL=${PIWIK_URL:-}
|
|
PIWIK_SITE_ID=${PIWIK_SITE_ID:-}
|
|
|
|
## RACK ATTACK
|
|
RACK_ATTACK_ENABLED=${RACK_ATTACK_ENABLED:-true}
|
|
RACK_ATTACK_WHITELIST=${RACK_ATTACK_WHITELIST:-'["127.0.0.1"]'}
|
|
RACK_ATTACK_WHITELIST=${RACK_ATTACK_WHITELIST// /}
|
|
# Backward compatibility : See sameersbn/docker-gitlab#2828
|
|
# Pre-check: each host is surrounded by single / double quotation
|
|
# if not, generated string will be [127.0.0.1] for example and ruby raises error
|
|
RACK_ATTACK_WHITELIST_ORIGIN=${RACK_ATTACK_WHITELIST}
|
|
# remove [], then iterate entries
|
|
RACK_ATTACK_WHITELIST=${RACK_ATTACK_WHITELIST#"["}
|
|
RACK_ATTACK_WHITELIST=${RACK_ATTACK_WHITELIST%"]"}
|
|
IFS_ORG=${IFS}
|
|
IFS=,
|
|
for host in ${RACK_ATTACK_WHITELIST}; do
|
|
# Both single / double quotation may be used
|
|
if ! [[ ${host} =~ ^(\"|\').*(\"|\')$ ]]; then
|
|
RACK_ATTACK_WHITELIST=${RACK_ATTACK_WHITELIST/${host}/\"${host//(\'|\")/}\"}
|
|
fi
|
|
done
|
|
IFS=$IFS_ORG
|
|
# surround with []
|
|
RACK_ATTACK_WHITELIST="[${RACK_ATTACK_WHITELIST}]"
|
|
if [[ "${RACK_ATTACK_WHITELIST}" != "${RACK_ATTACK_WHITELIST_ORIGIN}" ]]; then
|
|
printf "[warning] RACK_ATTACK_WHITELIST must be a yaml sequence of hosts.\nFixing from %s to %s\n" \
|
|
"${RACK_ATTACK_WHITELIST_ORIGIN}" \
|
|
"${RACK_ATTACK_WHITELIST}"
|
|
fi
|
|
RACK_ATTACK_MAXRETRY=${RACK_ATTACK_MAXRETRY:-10}
|
|
RACK_ATTACK_FINDTIME=${RACK_ATTACK_FINDTIME:-60}
|
|
RACK_ATTACK_BANTIME=${RACK_ATTACK_BANTIME:-3600}
|
|
|
|
|
|
## GitLab Pages
|
|
GITLAB_PAGES_ENABLED=${GITLAB_PAGES_ENABLED:-false}
|
|
GITLAB_PAGES_DOMAIN=${GITLAB_PAGES_DOMAIN:-"example.com"}
|
|
GITLAB_PAGES_DIR="${GITLAB_PAGES_DIR:-$GITLAB_SHARED_DIR/pages}"
|
|
GITLAB_PAGES_PORT=${GITLAB_PAGES_PORT:-80}
|
|
GITLAB_PAGES_ARTIFACTS_SERVER=${GITLAB_PAGES_ARTIFACTS_SERVER:-true}
|
|
GITLAB_PAGES_ARTIFACTS_SERVER_URL=${GITLAB_PAGES_ARTIFACTS_SERVER_URL:-}
|
|
GITLAB_PAGES_HTTPS=${GITLAB_PAGES_HTTPS:-false}
|
|
GITLAB_PAGES_EXTERNAL_HTTP=${GITLAB_PAGES_EXTERNAL_HTTP:-}
|
|
GITLAB_PAGES_EXTERNAL_HTTPS=${GITLAB_PAGES_EXTERNAL_HTTPS:-}
|
|
GITLAB_PAGES_ACCESS_CONTROL=${GITLAB_PAGES_ACCESS_CONTROL:-false}
|
|
GITLAB_PAGES_ACCESS_CONTROL_SERVER=${GITLAB_PAGES_ACCESS_CONTROL_SERVER:-}
|
|
GITLAB_PAGES_ACCESS_SECRET=${GITLAB_PAGES_ACCESS_SECRET:-}
|
|
GITLAB_PAGES_ACCESS_CLIENT_ID=${GITLAB_PAGES_ACCESS_CLIENT_ID:-}
|
|
GITLAB_PAGES_ACCESS_CLIENT_SECRET=${GITLAB_PAGES_ACCESS_CLIENT_SECRET:-}
|
|
GITLAB_PAGES_ACCESS_REDIRECT_URI=${GITLAB_PAGES_ACCESS_REDIRECT_URI:-}
|
|
GITLAB_PAGES_NGINX_PROXY=${GITLAB_PAGES_NGINX_PROXY:-true}
|
|
|
|
## Gitaly
|
|
GITALY_CLIENT_PATH=${GITALY_CLIENT_PATH:-$GITLAB_GITALY_INSTALL_DIR}
|
|
GITALY_TOKEN=${GITALY_TOKEN:-}
|
|
GITALY_SOCKET_PATH=${GITLAB_INSTALL_DIR}/tmp/sockets/private/gitaly.socket
|
|
GITALY_ADDRESS=${GITALY_ADDRESS:-unix:$GITALY_SOCKET_PATH}
|
|
|
|
## GitLab Shell
|
|
GITLAB_SHELL_CUSTOM_HOOKS_DIR=${GITLAB_SHELL_CUSTOM_HOOKS_DIR:-"$GITLAB_SHELL_INSTALL_DIR/hooks"}
|
|
|
|
## MONITORING
|
|
GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL=${GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL:-10}
|
|
GITLAB_MONITORING_IP_WHITELIST=${GITLAB_MONITORING_IP_WHITELIST:-}
|
|
GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED=${GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED:-true}
|
|
GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS=${GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS:-"0.0.0.0"}
|
|
GITLAB_MONITORING_SIDEKIQ_EXPORTER_PORT=${GITLAB_MONITORING_SIDEKIQ_EXPORTER_PORT:-3807}
|
|
|
|
## Sentry
|
|
SENTRY_ENABLED=${SENTRY_ENABLED:-false}
|
|
SENTRY_DSN=${SENTRY_DSN:-}
|
|
SENTRY_CLIENTSIDE_DSN=${SENTRY_CLIENTSIDE_DSN:-}
|
|
SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT:-production}
|
|
|
|
## Content Security Policy
|
|
# See https://guides.rubyonrails.org/security.html#content-security-policy
|
|
GITLAB_CONTENT_SECURITY_POLICY_ENABLED=${GITLAB_CONTENT_SECURITY_POLICY_ENABLED:-true}
|
|
GITLAB_CONTENT_SECURITY_POLICY_REPORT_ONLY=${GITLAB_CONTENT_SECURITY_POLICY_REPORT_ONLY:-false}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_BASE_URI=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_BASE_URI:-}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_CHILD_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_CHILD_SRC:-}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_CONNECT_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_CONNECT_SRC:-"'self' http://localhost:* ws://localhost:* wss://localhost:*"}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_DEFAULT_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_DEFAULT_SRC:-"'self'"}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FONT_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FONT_SRC:-}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FORM_ACTION=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FORM_ACTION:-}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FRAME_ANCESTORS=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FRAME_ANCESTORS:-"'self'"}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FRAME_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FRAME_SRC:-"'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_IMG_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_IMG_SRC:-"* data: blob:"}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_MANIFEST_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_MANIFEST_SRC:-}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_MEDIA_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_MEDIA_SRC:-}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_OBJECT_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_OBJECT_SRC:-"'none'"}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_SCRIPT_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_SCRIPT_SRC:-"'self' 'unsafe-eval' http://localhost:* https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_STYLE_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_STYLE_SRC:-"'self' 'unsafe-inline'"}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_WORKER_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_WORKER_SRC:-"'self' blob:"}
|
|
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_REPORT_URI=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_REPORT_URI:-}
|
|
|
|
## Feature Flags
|
|
GITLAB_FEATURE_FLAGS_DISABLE_TARGETS=${GITLAB_FEATURE_FLAGS_DISABLE_TARGETS:-}
|
|
GITLAB_FEATURE_FLAGS_ENABLE_TARGETS=${GITLAB_FEATURE_FLAGS_ENABLE_TARGETS:-}
|