archive-gh-me/docker-gitlab
1
0
Fork 0
mirror of https://github.com/sameersbn/docker-gitlab.git synced 2026-01-18 13:58:25 +00:00
Code Issues Projects Releases Wiki Activity
docker-gitlab/assets/runtime/config/gitlabhq/gitlab.yml
Maycon Lopes dos Santos 7f24c384fb Added GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD to the templates 
GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD description

fix number of args
2018-11-06 19:24:04 -02:00

743 lines
32 KiB
YAML
Raw Blame History

# # # # # # # # # # # # # # # # # #
# GitLab application config file #
# # # # # # # # # # # # # # # # # #
#
########################### NOTE #####################################
# This file should not receive new settings. All configuration options #
# * are being moved to ApplicationSetting model! #
# If a setting requires an application restart say so in that screen. #
# If you change this file in a Merge Request, please also create #
# a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests #
########################################################################
#
#
# How to use:
# 1. Copy file as gitlab.yml
# 2. Update gitlab -> host with your fully qualified domain name
# 3. Update gitlab -> email_from
# 4. If you installed Git from source, change git -> bin_path to /usr/local/bin/git
# IMPORTANT: If Git was installed in a different location use that instead.
# You can check with `which git`. If a wrong path of Git is specified, it will
# result in various issues such as failures of GitLab CI builds.
# 5. Review this configuration file for other settings you may want to adjust
production: &base
#
# 1. GitLab app settings
# ==========================
## GitLab settings
gitlab:
## Web server settings (note: host is the FQDN, do not include http://)
host: {{GITLAB_HOST}}
port: {{GITLAB_PORT}} # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
https: {{GITLAB_HTTPS}} # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
# Uncommment this line below if your ssh host is different from HTTP/HTTPS one
# (you'd obviously need to replace ssh.host_example.com with your own host).
# Otherwise, ssh host will be set to the `host:` value above
ssh_host: {{GITLAB_SSH_HOST}}
# Relative URL support
# WARNING: We recommend using an FQDN to host GitLab in a root path instead
# of using a relative URL.
# Documentation: http://doc.gitlab.com/ce/install/relative_url.html
# Uncomment and customize the following line to run in a non-root path
#
relative_url_root: {{GITLAB_RELATIVE_URL_ROOT}}
# Trusted Proxies
# Customize if you have GitLab behind a reverse proxy which is running on a different machine.
# Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address.
trusted_proxies:
- {{GITLAB_TRUSTED_PROXIES}}
# Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
# user: git
## Date & Time settings
# Uncomment and customize if you want to change the default time zone of GitLab application.
# To see all available zones, run `bundle exec rake time:zones:all RAILS_ENV=production`
time_zone: '{{GITLAB_TIMEZONE}}'
## Email settings
# Uncomment and set to false if you need to disable email sending from GitLab (default: true)
email_enabled: {{GITLAB_EMAIL_ENABLED}}
# Email address used in the "From" field in mails sent by GitLab
email_from: {{GITLAB_EMAIL}}
email_display_name: {{GITLAB_EMAIL_DISPLAY_NAME}}
email_reply_to: {{GITLAB_EMAIL_REPLY_TO}}
email_subject_suffix: '{{GITLAB_EMAIL_SUBJECT_SUFFIX}}'
# Email server smtp settings are in config/initializers/smtp_settings.rb.sample
default_projects_limit: {{GITLAB_PROJECTS_LIMIT}}
default_can_create_group: {{GITLAB_CREATE_GROUP}} # default: true
username_changing_enabled: {{GITLAB_USERNAME_CHANGE}} # default: true - User can change her username/namespace
## Default theme ID
## 1 - Indigo
## 2 - Dark
## 3 - Light
## 4 - Blue
## 5 - Green
## 6 - Light Indigo
## 7 - Light Blue
## 8 - Light Green
## 9 - Red
## 10 - Light Red
default_theme: {{GITLAB_DEFAULT_THEME}}
# Enable or disable user signups (first run only)
signup_enabled: {{GITLAB_SIGNUP_ENABLED}}
## Automatic issue closing
# If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
# This happens when the commit is pushed or merged into the default branch of a project.
# When not specified the default issue_closing_pattern as specified below will be used.
# Tip: you can test your closing pattern at http://rubular.com.
# issue_closing_pattern: '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)|[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)'
## Default project features settings
default_projects_features:
issues: {{GITLAB_PROJECTS_ISSUES}}
merge_requests: {{GITLAB_PROJECTS_MERGE_REQUESTS}}
wiki: {{GITLAB_PROJECTS_WIKI}}
snippets: {{GITLAB_PROJECTS_SNIPPETS}}
builds: {{GITLAB_PROJECTS_BUILDS}}
container_registry: {{GITLAB_PROJECTS_CONTAINER_REGISTRY}}
## Webhook settings
# Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
webhook_timeout: {{GITLAB_WEBHOOK_TIMEOUT}}
## Repository downloads directory
# When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
# The default is 'shared/cache/archive/' relative to the root of the Rails app.
repository_downloads_path: {{GITLAB_DOWNLOADS_DIR}}
## Reply by email
# Allow users to comment on issues and merge requests by replying to notification emails.
# For documentation on how to set this up, see http://doc.gitlab.com/ce/administration/reply_by_email.html
incoming_email:
enabled: {{GITLAB_INCOMING_EMAIL_ENABLED}}
# The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
# The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
address: "{{GITLAB_INCOMING_EMAIL_ADDRESS}}"
# Email account username
# With third party providers, this is usually the full email address.
# With self-hosted email servers, this is usually the user part of the email address.
user: "{{IMAP_USER}}"
# Email account password
password: "{{IMAP_PASS}}"
# IMAP server host
host: "{{IMAP_HOST}}"
# IMAP server port
port: {{IMAP_PORT}}
# Whether the IMAP server uses SSL
ssl: {{IMAP_SSL}}
# Whether the IMAP server uses StartTLS
start_tls: {{IMAP_STARTTLS}}
# The mailbox where incoming mail will end up. Usually "inbox".
mailbox: "{{IMAP_MAILBOX}}"
# The IDLE command timeout.
idle_timeout: {{IMAP_TIMEOUT}}
## Build Artifacts
artifacts:
enabled: {{GITLAB_ARTIFACTS_ENABLED}}
# The location where build artifacts are stored (default: shared/artifacts).
path: {{GITLAB_ARTIFACTS_DIR}}
object_store:
enabled: {{GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED}}
remote_directory: {{GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY}} # The bucket name
direct_upload: {{GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD}} # Set to true to enable direct upload of Artifacts without the need of local shared storage.
background_upload: {{GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD}} # Temporary option to limit automatic upload (Default: true)
proxy_download: {{GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD}} # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
connection:
provider: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER}} # Only AWS supported at the moment
aws_access_key_id: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID}}
aws_secret_access_key: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY}}
region: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_REGION}}
host: '{{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST}}' # default: s3.amazonaws.com
endpoint: '{{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT}}' # default: nil
path_style: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE}} # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
## Git LFS
lfs:
enabled: {{GITLAB_LFS_ENABLED}}
# The location where LFS objects are stored (default: shared/lfs-objects).
storage_path: {{GITLAB_LFS_OBJECTS_DIR}}
object_store:
enabled: {{GITLAB_LFS_OBJECT_STORE_ENABLED}}
remote_directory: {{GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY}} # The bucket name
direct_upload: {{GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD}} # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false)
background_upload: {{GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD}} # Temporary option to limit automatic upload (Default: true)
proxy_download: {{GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD}} # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
connection:
provider: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER}} # Only AWS supported at the moment
aws_access_key_id: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID}}
aws_secret_access_key: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY}}
region: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_REGION}}
host: '{{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST}}' # default: s3.amazonaws.com
endpoint: '{{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT}}' # default: nil
path_style: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE}} # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
## Uploads (attachments, avatars, etc...)
uploads:
# The location where uploads objects are stored (default: public/).
storage_path: {{GITLAB_UPLOADS_STORAGE_PATH}}
base_dir: {{GITLAB_UPLOADS_BASE_DIR}}
object_store:
enabled: {{GITLAB_UPLOADS_OBJECT_STORE_ENABLED}}
remote_directory: {{GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY}} # The bucket name
direct_upload: {{GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD}} # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false)
background_upload: {{GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD}} # Temporary option to limit automatic upload (Default: true)
proxy_download: {{GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD}} # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
connection:
provider: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER}} # Only AWS supported at the moment
aws_access_key_id: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID}}
aws_secret_access_key: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY}}
region: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_REGION}}
host: '{{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST}}' # default: s3.amazonaws.com
endpoint: '{{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT}}' # default: nil
path_style: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE}} # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
## GitLab Pages
pages:
enabled: {{GITLAB_PAGES_ENABLED}}
# The location where pages are stored (default: shared/pages).
# path: shared/pages
# The domain under which the pages are served:
# http://group.example.com/project
# or project path can be a group page: group.example.com
host: {{GITLAB_PAGES_DOMAIN}}
port: {{GITLAB_PAGES_PORT}} # Set to 443 if you serve the pages with HTTPS
https: {{GITLAB_PAGES_HTTPS}} # Set to true if you serve the pages with HTTPS
artifacts_server: {{GITLAB_PAGES_ARTIFACTS_SERVER}}
external_http: {{GITLAB_PAGES_EXTERNAL_HTTP}} # If defined, enables custom domain support in GitLab Pages
external_https: {{GITLAB_PAGES_EXTERNAL_HTTPS}} # If defined, enables custom domain and certificate support in GitLab Pages
## Mattermost
## For enabling Add to Mattermost button
mattermost:
enabled: {{GITLAB_MATTERMOST_ENABLED}}
host: '{{GITLAB_MATTERMOST_URL}}'
## Gravatar
## If using gravatar.com, there's nothing to change here. For Libravatar
## you'll need to provide the custom URLs. For more information,
## see: https://docs.gitlab.com/ee/customization/libravatar.html
gravatar:
enabled: {{GITLAB_GRAVATAR_ENABLED}} # Use user avatar image from Gravatar.com (default: true)
# gravatar urls: possible placeholders: %{hash} %{size} %{email} %{username}
plain_url: "{{GITLAB_GRAVATAR_HTTP_URL}}" # default: https://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
ssl_url: "{{GITLAB_GRAVATAR_HTTPS_URL}}" # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
## Sidekiq
sidekiq:
log_format: {{GITLAB_SIDEKIQ_LOG_FORMAT}} # (json is also supported)
## Auxiliary jobs
# Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc.
# Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
cron_jobs:
# Flag stuck CI jobs as failed
stuck_ci_jobs_worker:
cron: "0 * * * *"
# Execute scheduled triggers
pipeline_schedule_worker:
cron: "{{GITLAB_PIPELINE_SCHEDULE_WORKER_CRON}}"
# Remove expired build artifacts
expire_build_artifacts_worker:
cron: "50 * * * *"
# Periodically run 'git fsck' on all repositories. If started more than
# once per hour you will have concurrent 'git fsck' jobs.
repository_check_worker:
cron: "20 * * * *"
# Send admin emails once a week
admin_email_worker:
cron: "0 0 * * 0"
# Remove outdated repository archives
repository_archive_cache_worker:
cron: "0 * * * *"
# Verify custom GitLab Pages domains
pages_domain_verification_cron_worker:
cron: "*/15 * * * *"
registry:
enabled: {{GITLAB_REGISTRY_ENABLED}}
host: {{GITLAB_REGISTRY_HOST}}
port: {{GITLAB_REGISTRY_PORT}}
api_url: {{GITLAB_REGISTRY_API_URL}} # internal address to the registry, will be used by GitLab to directly communicate with API
key: {{GITLAB_REGISTRY_KEY_PATH}}
path: {{GITLAB_REGISTRY_DIR}}
issuer: {{GITLAB_REGISTRY_ISSUER}}
#
# 2. GitLab CI settings
# ==========================
gitlab_ci:
# Default project notifications settings:
#
# Send emails only on broken builds (default: true)
all_broken_builds: {{GITLAB_NOTIFY_ON_BROKEN_BUILDS}}
#
# Add pusher to recipients list (default: false)
add_pusher: {{GITLAB_NOTIFY_PUSHER}}
# The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root
builds_path: {{GITLAB_BUILDS_DIR}}
#
# 3. Auth settings
# ==========================
## LDAP settings
# You can inspect a sample of the LDAP users with login access by running:
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
ldap:
enabled: {{LDAP_ENABLED}}
servers:
##########################################################################
#
# Since GitLab 7.4, LDAP servers get ID's (below the ID is 'main'). GitLab
# Enterprise Edition now supports connecting to multiple LDAP servers.
#
# If you are updating from the old (pre-7.4) syntax, you MUST give your
# old server the ID 'main'.
#
##########################################################################
main: # 'main' is the GitLab 'provider ID' of this LDAP server
## label
#
# A human-friendly name for your LDAP server. It is OK to change the label later,
# for instance if you find out it is too large to fit on the web page.
#
# Example: 'Paris' or 'Acme, Ltd.'
label: '{{LDAP_LABEL}}'
host: '{{LDAP_HOST}}'
port: {{LDAP_PORT}}
uid: '{{LDAP_UID}}'
encryption: '{{LDAP_METHOD}}' # "start_tls" or "simple_tls" or "plain"
verify_certificates: {{LDAP_VERIFY_SSL}}
ca_file: '{{LDAP_CA_FILE}}'
ssl_version: '{{LDAP_SSL_VERSION}}'
bind_dn: '{{LDAP_BIND_DN}}'
password: '{{LDAP_PASS}}'
# Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
# a request if the LDAP server becomes unresponsive.
# A value of 0 means there is no timeout.
timeout: {{LDAP_TIMEOUT}}
# This setting specifies if LDAP server is Active Directory LDAP server.
# For non AD servers it skips the AD specific queries.
# If your LDAP server is not AD, set this to false.
active_directory: {{LDAP_ACTIVE_DIRECTORY}}
# If allow_username_or_email_login is enabled, GitLab will ignore everything
# after the first '@' in the LDAP username submitted by the user on login.
#
# Example:
# - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
# - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
#
# If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
# disable this setting, because the userPrincipalName contains an '@'.
allow_username_or_email_login: {{LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN}}
# To maintain tight control over the number of active users on your GitLab installation,
# enable this setting to keep new users blocked until they have been cleared by the admin
# (default: false).
block_auto_created_users: {{LDAP_BLOCK_AUTO_CREATED_USERS}}
# Base where we can search for users
#
# Ex. ou=People,dc=gitlab,dc=example
#
base: '{{LDAP_BASE}}'
# Filter LDAP users
#
# Format: RFC 4515 http://tools.ietf.org/search/rfc4515
# Ex. (employeeType=developer)
#
# Note: GitLab does not support omniauth-ldap's custom filter syntax.
#
user_filter: '{{LDAP_USER_FILTER}}'
# LDAP attributes that GitLab will use to create an account for the LDAP user.
# The specified attribute can either be the attribute name as a string (e.g. 'mail'),
# or an array of attribute names to try in order (e.g. ['mail', 'email']).
# Note that the user's LDAP login will always be the attribute specified as `uid` above.
attributes:
# The username will be used in paths for the user's own projects
# (like `gitlab.example.com/username/project`) and when mentioning
# them in issues, merge request and comments (like `@username`).
# If the attribute specified for `username` contains an email address,
# the GitLab username will be the part of the email address before the '@'.
username: ['uid', 'userid', 'sAMAccountName']
email: ['mail', 'email', 'userPrincipalName']
# If no full name could be found at the attribute specified for `name`,
# the full name is determined using the attributes specified for
# `first_name` and `last_name`.
name: 'cn'
first_name: 'givenName'
last_name: 'sn'
# If lowercase_usernames is enabled, GitLab will lower case the username.
lowercase_usernames: {{LDAP_LOWERCASE_USERNAMES}}
# GitLab EE only: add more LDAP servers
# Choose an ID made of a-z and 0-9 . This ID will be stored in the database
# so that GitLab can remember which LDAP server a user belongs to.
# uswest2:
# label:
# host:
# ....
## OmniAuth settings
omniauth:
# Allow login via Twitter, Google, etc. using OmniAuth providers
enabled: {{OAUTH_ENABLED}}
# Uncomment this to automatically sign in with a specific omniauth provider's without
# showing GitLab's sign-in page (default: show the GitLab sign-in page)
auto_sign_in_with_provider: {{OAUTH_AUTO_SIGN_IN_WITH_PROVIDER}}
# Sync user's email address from the specified Omniauth provider every time the user logs
# in (default: nil). And consequently make this field read-only.
# sync_email_from_provider: cas3
# CAUTION!
# This allows users to login without having a user account first. Define the allowed providers
# using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none.
# User accounts will be created automatically when authentication was successful.
allow_single_sign_on: [{{OAUTH_ALLOW_SSO}}]
# Locks down those users until they have been cleared by the admin (default: true).
block_auto_created_users: {{OAUTH_BLOCK_AUTO_CREATED_USERS}}
# Look up new users in LDAP servers. If a match is found (same uid), automatically
# link the omniauth identity with the LDAP account. (default: false)
auto_link_ldap_user: {{OAUTH_AUTO_LINK_LDAP_USER}}
# Allow users with existing accounts to login and auto link their account via SAML
# login, without having to do a manual login first and manually add SAML
# (default: false)
auto_link_saml_user: {{OAUTH_AUTO_LINK_SAML_USER}}
# Set different Omniauth providers as external so that all users creating accounts
# via these providers will not be able to have access to internal projects. You
# will need to use the full name of the provider, like `google_oauth2` for Google.
# Refer to the examples below for the full names of the supported providers.
# (default: [])
external_providers: [{{OAUTH_EXTERNAL_PROVIDERS}}]
## Auth providers
# Uncomment the following lines and fill in the data of the auth provider you want to use
# If your favorite auth provider is not listed you can use others:
# see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
# The 'app_id' and 'app_secret' parameters are always passed as the first two
# arguments, followed by optional 'args' which can be either a hash or an array.
# Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
providers:
# See omniauth-cas3 for more configuration details
- { name: 'cas3',
label: '{{OAUTH_CAS3_LABEL}}',
args: {
url: '{{OAUTH_CAS3_SERVER}}',
disable_ssl_verification: {{OAUTH_CAS3_DISABLE_SSL_VERIFICATION}},
login_url: '{{OAUTH_CAS3_LOGIN_URL}}',
service_validate_url: '{{OAUTH_CAS3_VALIDATE_URL}}',
logout_url: '{{OAUTH_CAS3_LOGOUT_URL}}'} }
- { name: 'authentiq',
app_id: '{{OAUTH_AUTHENTIQ_CLIENT_ID}}',
app_secret: 'OAUTH_AUTHENTIQ_CLIENT_SECRET',
args: { scope: {{OAUTH_AUTHENTIQ_SCOPE}}, redirect_uri: '{{OAUTH_AUTHENTIQ_REDIRECT_URI}}' } }
- { name: 'github',
label: 'GitHub',
app_id: '{{OAUTH_GITHUB_API_KEY}}',
app_secret: '{{OAUTH_GITHUB_APP_SECRET}}',
url: "{{OAUTH_GITHUB_URL}}",
verify_ssl: {{OAUTH_GITHUB_VERIFY_SSL}},
args: { scope: '{{OAUTH_GITHUB_SCOPE}}' } }
- { name: 'bitbucket',
app_id: '{{OAUTH_BITBUCKET_API_KEY}}',
app_secret: '{{OAUTH_BITBUCKET_APP_SECRET}}' }
- { name: 'gitlab',
label: 'GitLab.com',
app_id: '{{OAUTH_GITLAB_API_KEY}}',
app_secret: '{{OAUTH_GITLAB_APP_SECRET}}',
args: { scope: '{{OAUTH_GITLAB_SCOPE}}' } }
- { name: 'google_oauth2',
label: 'Google',
app_id: '{{OAUTH_GOOGLE_API_KEY}}',
app_secret: '{{OAUTH_GOOGLE_APP_SECRET}}',
args: {
access_type: 'offline',
approval_prompt: '{{OAUTH_GOOGLE_APPROVAL_PROMPT}}',
hd: [{{OAUTH_GOOGLE_RESTRICT_DOMAIN}}] } }
- { name: 'facebook',
app_id: '{{OAUTH_FACEBOOK_API_KEY}}',
app_secret: '{{OAUTH_FACEBOOK_APP_SECRET}}' }
- { name: 'twitter',
app_id: '{{OAUTH_TWITTER_API_KEY}}',
app_secret: '{{OAUTH_TWITTER_APP_SECRET}}' }
- { name: 'saml',
label: '{{OAUTH_SAML_LABEL}}',
groups_attribute: '{{OAUTH_SAML_GROUPS_ATTRIBUTE}}',
external_groups: [{{OAUTH_SAML_EXTERNAL_GROUPS}}],
args: {
assertion_consumer_service_url: '{{OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL}}',
idp_cert_fingerprint: '{{OAUTH_SAML_IDP_CERT_FINGERPRINT}}',
idp_sso_target_url: '{{OAUTH_SAML_IDP_SSO_TARGET_URL}}',
issuer: '{{OAUTH_SAML_ISSUER}}',
attribute_statements: {
first_name: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME}}'],
last_name: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME}}'],
name: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME}}'],
email: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL}}'] },
name_identifier_format: '{{OAUTH_SAML_NAME_IDENTIFIER_FORMAT}}' } }
- { name: 'crowd',
args: {
crowd_server_url: '{{OAUTH_CROWD_SERVER_URL}}',
application_name: '{{OAUTH_CROWD_APP_NAME}}',
application_password: '{{OAUTH_CROWD_APP_PASSWORD}}' } }
- { name: 'auth0',
args: {
client_id: '{{OAUTH_AUTH0_CLIENT_ID}}',
client_secret: '{{OAUTH_AUTH0_CLIENT_SECRET}}',
namespace: '{{OAUTH_AUTH0_DOMAIN}}' } }
- { name: 'azure_oauth2',
args: {
client_id: '{{OAUTH_AZURE_API_KEY}}',
client_secret: '{{OAUTH_AZURE_API_SECRET}}',
tenant_id: '{{OAUTH_AZURE_TENANT_ID}}' } }
# SSO maximum session duration in seconds. Defaults to CAS default of 8 hours.
# cas3:
# session_duration: 28800
# Shared file storage settings
shared:
path: {{GITLAB_SHARED_DIR}}
# Gitaly settings
gitaly:
# Path to the directory containing Gitaly client executables.
client_path: {{GITALY_CLIENT_PATH}}
# Default Gitaly authentication token. Can be overriden per storage. Can
# be left blank when Gitaly is running locally on a Unix socket, which
# is the normal way to deploy Gitaly.
token: {{GITALY_TOKEN}}
#
# 4. Advanced settings
# ==========================
## Repositories settings
repositories:
# Paths where repositories can be stored. Give the canonicalized absolute pathname.
# IMPORTANT: None of the path components may be symlink, because
# gitlab-shell invokes Dir.pwd inside the repository path and that results
# real path not the symlink.
storages: # You must have at least a `default` storage path.
default:
path: {{GITLAB_REPOS_DIR}}/
gitaly_address: unix:/home/git/gitlab/tmp/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port)
## Backup settings
backup:
path: "{{GITLAB_BACKUP_DIR}}" # Relative paths are relative to Rails.root (default: tmp/backups/)
archive_permissions: {{GITLAB_BACKUP_ARCHIVE_PERMISSIONS}} # Permissions for the resulting backup.tar file (default: 0600)
keep_time: {{GITLAB_BACKUP_EXPIRY}} # default: 0 (forever) (in seconds)
pg_schema: {{GITLAB_BACKUP_PG_SCHEMA}} # default: nil, it means that all schemas will be backed up
upload:
# Fog storage connection settings, see http://fog.io/storage/ .
#start-aws
connection:
provider: AWS
region: {{AWS_BACKUP_REGION}}
endpoint: {{AWS_BACKUP_ENDPOINT}}
path_style: {{AWS_BACKUP_PATH_STYLE}}
aws_access_key_id: {{AWS_BACKUP_ACCESS_KEY_ID}}
aws_secret_access_key: '{{AWS_BACKUP_SECRET_ACCESS_KEY}}'
# The remote 'directory' to store your backups. For S3, this would be the bucket name.
remote_directory: '{{AWS_BACKUP_BUCKET}}'
#start-multipart-aws
# Use multipart uploads when file size reaches 100MB, see
# http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
multipart_chunk_size: {{AWS_BACKUP_MULTIPART_CHUNK_SIZE}}
#end-multipart-aws
#start-encryption-aws
# Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
encryption: 'AES256'
#end-encryption-aws
# Specifies Amazon S3 storage class to use for backups, this is optional
storage_class: '{{AWS_BACKUP_STORAGE_CLASS}}'
# Fog storage connection settings, see http://fog.io/storage/ .
#end-aws
#start-gcs
connection:
provider: Google
google_storage_access_key_id: {{GCS_BACKUP_ACCESS_KEY_ID}}
google_storage_secret_access_key: '{{GCS_BACKUP_SECRET_ACCESS_KEY}}'
remote_directory: '{{GCS_BACKUP_BUCKET}}'
#end-gcs
## GitLab Shell settings
gitlab_shell:
path: {{GITLAB_SHELL_INSTALL_DIR}}/
hooks_path: {{GITLAB_SHELL_INSTALL_DIR}}/hooks/
# File that contains the secret key for verifying access for gitlab-shell.
# Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app).
secret_file: {{GITLAB_INSTALL_DIR}}/.gitlab_shell_secret
# Git over HTTP
upload_pack: true
receive_pack: true
# Git import/fetch timeout, in seconds. Defaults to 3 hours.
# git_timeout: 10800
# If you use non-standard ssh port you need to specify it
ssh_port: {{GITLAB_SSH_PORT}}
## Git settings
# CAUTION!
# Use the default values unless you really know what you are doing
git:
bin_path: /usr/bin/git
## Webpack settings
# If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running
# on a given port instead of serving directly from /assets/webpack. This is only indended for use
# in development.<Paste>
webpack:
# dev_server:
# enabled: true
# host: localhost
# port: 3808
## Monitoring
# Built in monitoring settings
monitoring:
# Time between sampling of unicorn socket metrics, in seconds
unicorn_sampler_interval: {{GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL}}
# IP whitelist to access monitoring endpoints
ip_whitelist:
- {{GITLAB_MONITORING_IP_WHITELIST}}
# Sidekiq exporter is webserver built in to Sidekiq to expose Prometheus metrics
sidekiq_exporter:
enabled: {{GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED}}
address: {{GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS}}
port: {{GITLAB_MONITORING_SIDEKIQ_EXPORTER_PORT}}
#
# 5. Extra customization
# ==========================
extra:
## Google analytics. Uncomment if you want it
google_analytics_id: '{{GOOGLE_ANALYTICS_ID}}'
## Piwik analytics.
piwik_url: '{{PIWIK_URL}}'
piwik_site_id: '{{PIWIK_SITE_ID}}'
rack_attack:
git_basic_auth:
# Rack Attack IP banning enabled
enabled: {{RACK_ATTACK_ENABLED}}
#
# Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers
ip_whitelist: [{{RACK_ATTACK_WHITELIST}}]
#
# Limit the number of Git HTTP authentication attempts per IP
maxretry: {{RACK_ATTACK_MAXRETRY}}
#
# Reset the auth attempt counter per IP after 60 seconds
findtime: {{RACK_ATTACK_FINDTIME}}
#
# Ban an IP for one hour (3600s) after too many auth attempts
bantime: {{RACK_ATTACK_BANTIME}}
development:
<<: *base
test:
<<: *base
gravatar:
enabled: true
lfs:
enabled: false
gitlab:
host: localhost
port: 80
# When you run tests we clone and setup gitlab-shell
# In order to setup it correctly you need to specify
# your system username you use to run GitLab
# user: YOUR_USERNAME
pages:
path: tmp/tests/pages
artifacts:
path: tmp/tests/artifacts
repositories:
storages:
default:
path: tmp/tests/repositories/
gitaly_adress: unix:tmp/tests/gitaly/gitaly.socket
backup:
path: tmp/tests/backups
gitlab_shell:
path: tmp/tests/gitlab-shell/
hooks_path: tmp/tests/gitlab-shell/hooks/
issues_tracker:
redmine:
title: "Redmine"
project_url: "http://redmine/projects/:issues_tracker_id"
issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
jira:
title: "JIRA"
url: https://sample_company.atlasian.net
project_key: PROJECT
ldap:
enabled: false
servers:
main:
label: ldap
host: 127.0.0.1
port: 3890
uid: 'uid'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
base: 'dc=example,dc=com'
user_filter: ''
group_base: 'ou=groups,dc=example,dc=com'
admin_group: ''
staging:
<<: *base
Reference in New Issue View Git Blame Copy Permalink