diff options
author | Caleb Maclennan | 2018-07-03 10:31:59 +0000 |
---|---|---|
committer | Caleb Maclennan | 2018-07-03 11:44:32 +0000 |
commit | 1db7f95a1b4d152411eef427034377e5eded26fe (patch) | |
tree | 2bf96eb82d238ee205646a7a4dc845c91a95eedb | |
parent | d80024dcd039c6add8829780558f99750fa90a97 (diff) | |
download | aur-1db7f95a1b4d152411eef427034377e5eded26fe.tar.gz |
Update to 11.0.2 and sync with [community]/gitlab
-rw-r--r-- | .SRCINFO | 31 | ||||
-rw-r--r-- | PKGBUILD | 67 | ||||
-rw-r--r-- | apache-ssl.conf.example | 94 | ||||
-rw-r--r-- | apache.conf.example | 64 | ||||
-rw-r--r-- | apache2.2-ssl.conf.example | 93 | ||||
-rw-r--r-- | apache2.2.conf.example | 63 | ||||
-rw-r--r-- | lighttpd.conf.example | 35 | ||||
-rw-r--r-- | nginx-ssl.conf.example | 112 | ||||
-rw-r--r-- | nginx.conf.example | 69 |
9 files changed, 32 insertions, 596 deletions
@@ -1,9 +1,9 @@ # Generated by mksrcinfo v8 -# Sat Apr 28 01:12:39 UTC 2018 +# Tue Jul 3 10:32:07 UTC 2018 pkgbase = gitlab-ee pkgdesc = Project management and code hosting application - pkgver = 10.7.1 - pkgrel = 4 + pkgver = 11.0.2 + pkgrel = 1 url = https://gitlab.com/gitlab-org/gitlab-ee install = gitlab.install arch = x86_64 @@ -13,6 +13,7 @@ pkgbase = gitlab-ee makedepends = mariadb makedepends = yarn makedepends = go + makedepends = nodejs depends = ruby2.3 depends = git depends = ruby2.3-bundler @@ -22,8 +23,8 @@ pkgbase = gitlab-ee depends = redis depends = libxslt depends = icu - depends = nodejs depends = re2 + depends = http-parser optdepends = postgresql: database backend optdepends = mysql: database backend optdepends = python2-docutils: reStructuredText markup language support @@ -36,7 +37,7 @@ pkgbase = gitlab-ee backup = etc/webapps/gitlab/resque.yml backup = etc/webapps/gitlab/unicorn.rb backup = etc/logrotate.d/gitlab - source = gitlab-ee-10.7.1.tar.bz2::https://gitlab.com/gitlab-org/gitlab-ee/repository/archive.tar.bz2?ref=v10.7.1-ee + source = gitlab-ee-11.0.2.tar.gz::https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab-ee/repository/archive?sha=v11.0.2-ee source = gitlab-unicorn.service source = gitlab-sidekiq.service source = gitlab-backup.service @@ -45,14 +46,8 @@ pkgbase = gitlab-ee source = gitlab.target source = gitlab.tmpfiles.d source = gitlab.logrotate - source = apache.conf.example - source = apache-ssl.conf.example - source = apache2.2.conf.example - source = apache2.2-ssl.conf.example - source = nginx.conf.example - source = nginx-ssl.conf.example - source = lighttpd.conf.example - sha512sums = 22e1436c782b5a44aa9d51c6f08e687af1ebc6745aa85ebf796270e05a7b0740dc821a915d53577467d4b132e3000673452a67c3ee4432dabbd61c7c3bbc56c7 + source = b41b2de702c26bfbbe375c70c48293a75546df42.patch::https://git.archlinux.org/svntogit/community.git/plain/trunk/b41b2de702c26bfbbe375c70c48293a75546df42.patch?h=packages/gitlab + sha512sums = c4413b59212fb34197d6b2ef8d57635290768ad8f1fc4baa2e2ee0636e58c67965bbbd43dcafca72d9c3ac2c4f1104873b58d183a642f4797aa838211578f687 sha512sums = e96364b3373420a0704552584264f42fee23d64d44d3f769dffa6b516ea9d4c09873da8b2a279445ae9a09f17f81628815efc83e8d0070b3246e56aa13c02ac6 sha512sums = 1104db0397ae5f9a69452ea2a432b837cfaf37d72d063226c2156de5f753b5ae42be1f90292c34f27e251ce3d265ac9c1f79faad1d377c923e7dbc6744100471 sha512sums = bfc98f3890dfbe11a6f7fa3275f2b04b54b8e31455dcf70abfdc7f1021ff9acb1243f7af8381465346cd780bc76fa2b1c80fada860b8c3c87c7c56bb5229c1ee @@ -61,13 +56,7 @@ pkgbase = gitlab-ee sha512sums = bf33b818e4ea671c16f58563997ba5fe0a09090e5c03577ff974d31324d4e9782b85a9bb4f1749b97257ce93400c692de935f003770d52b5994c9cab9aee57c6 sha512sums = abacbff0d7be918337a17b56481c84e6bf3eddd9551efe78ba9fb74337179e95c9b60f41c49f275e05074a4074a616be36fa208a48fc12d5b940f0554fbd89c3 sha512sums = 20b93eab504e82cc4401685b59e6311b4d2c0285bc594d47ce4106d3f418a3e2ba92c4f49732748c0ba913aa3e3299126166e37d2a2d5b4d327d66bae4b8abda - sha512sums = 441585489fb992d5e893f14bf0770df04ada95ffdbfcc80bb98a44eda7db520d12c985f600d003d80a196562654d2231598f8481ff9bf664bb5889f564e897e7 - sha512sums = 99f31439d348e21f764875b6207db8663b47f3224ad6a9f35b89c8a2ed29a9e831a974aa6b9429a3882fb74c1c9d42ed5c38b2d16ae122b5d55d5873a0c57cd3 - sha512sums = 624eb1f13e0265522290faa8c22b4150e6081ca2580391c9dfd871f1ee1b9c1c745c95d3d8f7fdbf85038990060141b844c3d8097c577ab68e5506bfa2d2dddb - sha512sums = 248d47b44fa5ed65e2a940f2b60d0482c481b3a438357ca510848221370367ffbc0d83ce046d688bebbbc75d4e321b140f6a5ce1a9d7ec0b034fafcf92dee107 - sha512sums = 53a9d6d6f87874b29e48a8fb2e207094ebc1a80af478562ec4b591926d59e135a3166c20966704aa948ca7063ba63c1ec4ac290a343832fa18025ec3d85081ba - sha512sums = 6d3006da591acefcc534c6e3f1da8e812d0b3b21fc416bfaa8678b8e2d922be6b17d1c92b0d7164de3b8ad864139253707107ca082f78e823d23f3b65fcb5914 - sha512sums = c78b6f46abcf603d8db6e38cf50868e14145928422ddfe17c88e2f006b5b910dddf456ec5d6d724b250994530643963809688a98f7e12ebd5b5dabf7f96f0e06 + sha512sums = 32c432bf5e45be7b63e078335deaab5d05f8c0e78da891038cc607beed75c670f4c825138bb2c6ba0b4cf879ef45f5cbeb12cebd4fa63d7f58362960788c9e72 pkgname = gitlab-ee depends = ruby2.3 @@ -79,7 +68,7 @@ pkgname = gitlab-ee depends = redis depends = libxslt depends = icu - depends = nodejs depends = re2 + depends = http-parser depends = gitlab-shell @@ -1,4 +1,5 @@ -# Maintainer: Michael Taboada <michael@2mb.solutions> +# Maintainer: Caleb Maclennan <caleb@alerque.com> +# Contributor: Michael Taboada <michael@2mb.solutions> # Contributor: Janne Heß<jannehess@gmail.com> # Contributor: Sven-Hendrik Haase <sh@lutzhaase.com> # Contributor: Pavol (Lopo) Hluchy <lopo AT losys DOT eu> @@ -6,12 +7,11 @@ # Contributor: Massimiliano Torromeo <massimiliano.torromeo@gmail.com> # Contributor: Tobias Hunger <tobias DOT hunger AT gmail DOT com> # Contributor: Stefan Tatschner <stefan@sevenbyte.org> -# Contributor: Caleb Maclennan <caleb@alerque.com> _pkgname=gitlab pkgname=${_pkgname}-ee -pkgver=10.7.1 -pkgrel=4 +pkgver=11.0.2 +pkgrel=1 pkgdesc="Project management and code hosting application" arch=('x86_64') url="https://gitlab.com/gitlab-org/gitlab-ee" @@ -19,8 +19,8 @@ license=('MIT') conflicts=("${_pkgname}") provides=("${_pkgname}") options=(!buildflags) -depends=('ruby2.3' 'git' 'ruby2.3-bundler' 'gitlab-workhorse' 'gitlab-gitaly' 'openssh' 'redis' 'libxslt' 'icu' 'nodejs' 're2') -makedepends=('cmake' 'postgresql' 'mariadb' 'yarn' 'go') +depends=('ruby2.3' 'git' 'ruby2.3-bundler' 'gitlab-workhorse' 'gitlab-gitaly' 'openssh' 'redis' 'libxslt' 'icu' 're2' 'http-parser') +makedepends=('cmake' 'postgresql' 'mariadb' 'yarn' 'go' 'nodejs') optdepends=('postgresql: database backend' 'mysql: database backend' 'python2-docutils: reStructuredText markup language support' @@ -30,7 +30,7 @@ backup=("etc/webapps/${_pkgname}/application.rb" "etc/webapps/${_pkgname}/resque.yml" "etc/webapps/${_pkgname}/unicorn.rb" "etc/logrotate.d/${_pkgname}") -source=("${pkgname}-${pkgver}.tar.bz2::https://gitlab.com/gitlab-org/gitlab-ee/repository/archive.tar.bz2?ref=v${pkgver}-ee" +source=("${pkgname}-${pkgver}.tar.gz::https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab-ee/repository/archive?sha=v${pkgver}-ee" gitlab-unicorn.service gitlab-sidekiq.service gitlab-backup.service @@ -39,15 +39,9 @@ source=("${pkgname}-${pkgver}.tar.bz2::https://gitlab.com/gitlab-org/gitlab-ee/r gitlab.target gitlab.tmpfiles.d gitlab.logrotate - apache.conf.example - apache-ssl.conf.example - apache2.2.conf.example - apache2.2-ssl.conf.example - nginx.conf.example - nginx-ssl.conf.example - lighttpd.conf.example) + "b41b2de702c26bfbbe375c70c48293a75546df42.patch::https://git.archlinux.org/svntogit/community.git/plain/trunk/b41b2de702c26bfbbe375c70c48293a75546df42.patch?h=packages/gitlab") install='gitlab.install' -sha512sums=('22e1436c782b5a44aa9d51c6f08e687af1ebc6745aa85ebf796270e05a7b0740dc821a915d53577467d4b132e3000673452a67c3ee4432dabbd61c7c3bbc56c7' +sha512sums=('c4413b59212fb34197d6b2ef8d57635290768ad8f1fc4baa2e2ee0636e58c67965bbbd43dcafca72d9c3ac2c4f1104873b58d183a642f4797aa838211578f687' 'e96364b3373420a0704552584264f42fee23d64d44d3f769dffa6b516ea9d4c09873da8b2a279445ae9a09f17f81628815efc83e8d0070b3246e56aa13c02ac6' '1104db0397ae5f9a69452ea2a432b837cfaf37d72d063226c2156de5f753b5ae42be1f90292c34f27e251ce3d265ac9c1f79faad1d377c923e7dbc6744100471' 'bfc98f3890dfbe11a6f7fa3275f2b04b54b8e31455dcf70abfdc7f1021ff9acb1243f7af8381465346cd780bc76fa2b1c80fada860b8c3c87c7c56bb5229c1ee' @@ -56,13 +50,7 @@ sha512sums=('22e1436c782b5a44aa9d51c6f08e687af1ebc6745aa85ebf796270e05a7b0740dc8 'bf33b818e4ea671c16f58563997ba5fe0a09090e5c03577ff974d31324d4e9782b85a9bb4f1749b97257ce93400c692de935f003770d52b5994c9cab9aee57c6' 'abacbff0d7be918337a17b56481c84e6bf3eddd9551efe78ba9fb74337179e95c9b60f41c49f275e05074a4074a616be36fa208a48fc12d5b940f0554fbd89c3' '20b93eab504e82cc4401685b59e6311b4d2c0285bc594d47ce4106d3f418a3e2ba92c4f49732748c0ba913aa3e3299126166e37d2a2d5b4d327d66bae4b8abda' - '441585489fb992d5e893f14bf0770df04ada95ffdbfcc80bb98a44eda7db520d12c985f600d003d80a196562654d2231598f8481ff9bf664bb5889f564e897e7' - '99f31439d348e21f764875b6207db8663b47f3224ad6a9f35b89c8a2ed29a9e831a974aa6b9429a3882fb74c1c9d42ed5c38b2d16ae122b5d55d5873a0c57cd3' - '624eb1f13e0265522290faa8c22b4150e6081ca2580391c9dfd871f1ee1b9c1c745c95d3d8f7fdbf85038990060141b844c3d8097c577ab68e5506bfa2d2dddb' - '248d47b44fa5ed65e2a940f2b60d0482c481b3a438357ca510848221370367ffbc0d83ce046d688bebbbc75d4e321b140f6a5ce1a9d7ec0b034fafcf92dee107' - '53a9d6d6f87874b29e48a8fb2e207094ebc1a80af478562ec4b591926d59e135a3166c20966704aa948ca7063ba63c1ec4ac290a343832fa18025ec3d85081ba' - '6d3006da591acefcc534c6e3f1da8e812d0b3b21fc416bfaa8678b8e2d922be6b17d1c92b0d7164de3b8ad864139253707107ca082f78e823d23f3b65fcb5914' - 'c78b6f46abcf603d8db6e38cf50868e14145928422ddfe17c88e2f006b5b910dddf456ec5d6d724b250994530643963809688a98f7e12ebd5b5dabf7f96f0e06') + '32c432bf5e45be7b63e078335deaab5d05f8c0e78da891038cc607beed75c670f4c825138bb2c6ba0b4cf879ef45f5cbeb12cebd4fa63d7f58362960788c9e72') _datadir="/usr/share/webapps/${_pkgname}" _etcdir="/etc/webapps/${_pkgname}" @@ -71,16 +59,15 @@ _logdir="/var/log/${_pkgname}" _srcdir="${pkgname}-v${pkgver}-ee-" prepare() { - cd "${srcdir}" - # Get first 7 characters from sha1 which has 40 characters in total local revision=$(ls -d ${_srcdir}* | rev | cut -c 34-40 | rev) cd "${_srcdir}"* - msg2 "Patching git revision in config/initializers/2_app.rb..." - sed -i -e "s|REVISION = Gitlab::Popen.popen(%W(#{config.git.bin_path} log --pretty=format:%h -n 1)).first.chomp.freeze|REVISION = \"${revision}\"|" \ - config/initializers/2_app.rb + # patch -Np1 -i "${srcdir}"/b41b2de702c26bfbbe375c70c48293a75546df42.patch + + # GitLab tries to read its revision information from a file. + echo "${revision}" > REVISION export SKIP_STORAGE_VALIDATION='true' @@ -136,20 +123,12 @@ build() { cp config/resque.yml.example config/resque.yml sed -i 's/url.*/nope.sock/g' config/resque.yml - #we need to get rid of the custom paths in case someone has gitlab already installed. - mv config/gitlab.yml config/gitlab.yml.bak - # and create default - cp config/gitlab.yml.example config/gitlab.yml - yarn install --production --pure-lockfile bundle-2.3 exec rake gitlab:assets:compile RAILS_ENV=production NODE_ENV=production bundle-2.3 exec rake gettext:compile RAILS_ENV=production # After building assets, clean this up again rm config/database.yml config/database.yml.postgresql.orig mv config/resque.yml.patched config/resque.yml - - #put back the custom .yml - mv config/gitlab.yml.bak config/gitlab.yml } package() { @@ -159,6 +138,13 @@ package() { install -d "${pkgdir}/usr/share/webapps" cp -r "${srcdir}/${_srcdir}"* "${pkgdir}${_datadir}" + # Remove unneeded directories: node_modules is only needed during build + rm -r "${pkgdir}${_datadir}/node_modules" + # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/194cf8f12e51c26980c09de6388bbd08409e1209/config/software/gitlab-rails.rb#L179 + for dir in spec qa rubocop app/assets vendor/assets; do + rm -r "${pkgdir}${_datadir}/${dir}" + done + chown -R root:root "${pkgdir}${_datadir}" chmod 755 "${pkgdir}${_datadir}" @@ -166,7 +152,7 @@ package() { install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/satellites" install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/shared/"{,artifacts,lfs-objects} install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/builds" - install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/uploads" + install -dm700 -o 105 -g 105 "${pkgdir}${_homedir}/uploads" install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/backups" install -dm750 -o 105 -g 105 "${pkgdir}${_etcdir}" install -dm755 "${pkgdir}/usr/share/doc/${_pkgname}" @@ -202,7 +188,6 @@ package() { # Install config files for config_file in application.rb gitlab.yml unicorn.rb resque.yml; do mv "config/${config_file}" "${pkgdir}${_etcdir}/" - chown 105:105 "${pkgdir}${_etcdir}/${config_file}" [[ -f "${pkgdir}${_datadir}/config/${config_file}" ]] && rm "${pkgdir}${_datadir}/config/${config_file}" ln -fs "${_etcdir}/${config_file}" "${pkgdir}${_datadir}/config/" done @@ -231,14 +216,6 @@ package() { install -Dm644 "${srcdir}/gitlab.tmpfiles.d" "${pkgdir}/usr/lib/tmpfiles.d/gitlab.conf" install -Dm644 "${srcdir}/gitlab.logrotate" "${pkgdir}/etc/logrotate.d/gitlab" - - # Install webserver config templates - for config_file in apache apache-ssl apache2.2 apache2.2-ssl nginx nginx-ssl lighttpd; do - install -m644 "${srcdir}/${config_file}.conf.example" "${pkgdir}/usr/share/doc/${_pkgname}" - done - - # Fix FS#58292 - chmod 644 "${pkgdir}"/usr/share/webapps/gitlab/vendor/bundle/ruby/2.3.0/gems/omniauth-jwt-0.0.2/lib/omniauth/strategies/jwt.rb } # vim:set ts=2 sw=2 et: diff --git a/apache-ssl.conf.example b/apache-ssl.conf.example deleted file mode 100644 index f8495644d1c5..000000000000 --- a/apache-ssl.conf.example +++ /dev/null @@ -1,94 +0,0 @@ -# This configuration has been tested on GitLab 8.2 -# Note this config assumes unicorn is listening on default port 8080 and -# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to -# listen on port 8181, edit or create /etc/default/gitlab and change or add the following: -# -# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080" -# -#Module dependencies -# mod_rewrite -# mod_ssl -# mod_proxy -# mod_proxy_http -# mod_headers - -# This section is only needed if you want to redirect http traffic to https. -# You can live without it but clients will have to type in https:// to reach gitlab. -<VirtualHost *:80> - ServerName YOUR_SERVER_FQDN - ServerSignature Off - - RewriteEngine on - RewriteCond %{HTTPS} !=on - RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] -</VirtualHost> - -<VirtualHost *:443> - SSLEngine on - #strong encryption ciphers only - #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html - SSLProtocol all -SSLv2 -SSLv3 - SSLHonorCipherOrder on -# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" - SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA" - Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" - SSLCompression Off - SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt - SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key - SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt - - ServerName YOUR_SERVER_FQDN - ServerSignature Off - - ProxyPreserveHost On - - # Ensure that encoded slashes are not decoded but left in their encoded state. - # http://doc.gitlab.com/ce/api/projects.html#get-single-project - AllowEncodedSlashes NoDecode - - <Location /> - # New authorization commands for apache 2.4 and up - # http://httpd.apache.org/docs/2.4/upgrading.html#access - Require all granted - - #Allow forwarding to gitlab-workhorse - ProxyPassReverse http://127.0.0.1:8181 - ProxyPassReverse http://YOUR_SERVER_FQDN/ - </Location> - - # Apache equivalent of nginx try files - # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files - # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab - RewriteEngine on - - #Don't escape encoded characters in api requests - RewriteCond %{REQUEST_URI} ^/api/v3/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE] - - #Forward all requests to gitlab-workhorse except existing files like error documents - RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] - RewriteCond %{REQUEST_URI} ^/uploads/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA] - - RequestHeader set X_FORWARDED_PROTO 'https' - RequestHeader set X-Forwarded-Ssl on - - # needed for downloading attachments - DocumentRoot /usr/share/webapps/gitlab/public - - #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. - ErrorDocument 404 /404.html - ErrorDocument 422 /422.html - ErrorDocument 500 /500.html - ErrorDocument 503 /deploy.html - - # It is assumed that the log directory is in /var/log/httpd. - # For Debian distributions you might want to change this to - # /var/log/apache2. - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded - ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined - -</VirtualHost> diff --git a/apache.conf.example b/apache.conf.example deleted file mode 100644 index d05c5269044c..000000000000 --- a/apache.conf.example +++ /dev/null @@ -1,64 +0,0 @@ -# This configuration has been tested on GitLab 8.2 -# Note this config assumes unicorn is listening on default port 8080 and -# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to -# listen on port 8181, edit or create /etc/default/gitlab and change or add the following: -# -# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080" -# -#Module dependencies -# mod_rewrite -# mod_proxy -# mod_proxy_http -<VirtualHost *:80> - ServerName YOUR_SERVER_FQDN - ServerSignature Off - - ProxyPreserveHost On - - # Ensure that encoded slashes are not decoded but left in their encoded state. - # http://doc.gitlab.com/ce/api/projects.html#get-single-project - AllowEncodedSlashes NoDecode - - <Location /> - # New authorization commands for apache 2.4 and up - # http://httpd.apache.org/docs/2.4/upgrading.html#access - Require all granted - - #Allow forwarding to gitlab-workhorse - ProxyPassReverse http://127.0.0.1:8181 - ProxyPassReverse http://YOUR_SERVER_FQDN/ - </Location> - - # Apache equivalent of nginx try files - # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files - # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab - RewriteEngine on - - #Don't escape encoded characters in api requests - RewriteCond %{REQUEST_URI} ^/api/v3/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE] - - #Forward all requests to gitlab-workhorse except existing files like error documents - RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] - RewriteCond %{REQUEST_URI} ^/uploads/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA] - - # needed for downloading attachments - DocumentRoot /usr/share/webapps/gitlab/public - - #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. - ErrorDocument 404 /404.html - ErrorDocument 422 /422.html - ErrorDocument 500 /500.html - ErrorDocument 503 /deploy.html - - # It is assumed that the log directory is in /var/log/httpd. - # For Debian distributions you might want to change this to - # /var/log/apache2. - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded - ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined - -</VirtualHost> diff --git a/apache2.2-ssl.conf.example b/apache2.2-ssl.conf.example deleted file mode 100644 index 0e6ed900c2e1..000000000000 --- a/apache2.2-ssl.conf.example +++ /dev/null @@ -1,93 +0,0 @@ -# This configuration has been tested on GitLab 8.2 -# Note this config assumes unicorn is listening on default port 8080 and -# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to -# listen on port 8181, edit or create /etc/default/gitlab and change or add the following: -# -# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080" -# -#Module dependencies -# mod_rewrite -# mod_ssl -# mod_proxy -# mod_proxy_http -# mod_headers - -# This section is only needed if you want to redirect http traffic to https. -# You can live without it but clients will have to type in https:// to reach gitlab. -<VirtualHost *:80> - ServerName YOUR_SERVER_FQDN - ServerSignature Off - - RewriteEngine on - RewriteCond %{HTTPS} !=on - RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] -</VirtualHost> - -<VirtualHost *:443> - SSLEngine on - #strong encryption ciphers only - #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html - SSLProtocol all -SSLv2 -SSLv3 - SSLHonorCipherOrder on -# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" - SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA" - Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" - SSLCompression Off - SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt - SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key - SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt - - ServerName YOUR_SERVER_FQDN - ServerSignature Off - - ProxyPreserveHost On - - # Ensure that encoded slashes are not decoded but left in their encoded state. - # http://doc.gitlab.com/ce/api/projects.html#get-single-project - AllowEncodedSlashes NoDecode - - <Location /> - Order deny,allow - Allow from all - - #Allow forwarding to gitlab-workhorse - ProxyPassReverse http://127.0.0.1:8181 - ProxyPassReverse http://YOUR_SERVER_FQDN/ - </Location> - - # Apache equivalent of nginx try files - # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files - # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab - RewriteEngine on - - #Don't escape encoded characters in api requests - RewriteCond %{REQUEST_URI} ^/api/v3/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE] - - #Forward all requests to gitlab-workhorse except existing files like error documents - RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] - RewriteCond %{REQUEST_URI} ^/uploads/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA] - - RequestHeader set X_FORWARDED_PROTO 'https' - RequestHeader set X-Forwarded-Ssl on - - # needed for downloading attachments - DocumentRoot /usr/share/webapps/gitlab/public - - #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. - ErrorDocument 404 /404.html - ErrorDocument 422 /422.html - ErrorDocument 500 /500.html - ErrorDocument 503 /deploy.html - - # It is assumed that the log directory is in /var/log/httpd. - # For Debian distributions you might want to change this to - # /var/log/apache2. - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded - ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined - -</VirtualHost> diff --git a/apache2.2.conf.example b/apache2.2.conf.example deleted file mode 100644 index a751df0138db..000000000000 --- a/apache2.2.conf.example +++ /dev/null @@ -1,63 +0,0 @@ -# This configuration has been tested on GitLab 8.2 -# Note this config assumes unicorn is listening on default port 8080 and -# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to -# listen on port 8181, edit or create /etc/default/gitlab and change or add the following: -# -# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080" -# -#Module dependencies -# mod_rewrite -# mod_proxy -# mod_proxy_http -<VirtualHost *:80> - ServerName YOUR_SERVER_FQDN - ServerSignature Off - - ProxyPreserveHost On - - # Ensure that encoded slashes are not decoded but left in their encoded state. - # http://doc.gitlab.com/ce/api/projects.html#get-single-project - AllowEncodedSlashes NoDecode - - <Location /> - Order deny,allow - Allow from all - - #Allow forwarding to gitlab-workhorse - ProxyPassReverse http://127.0.0.1:8181 - ProxyPassReverse http://YOUR_SERVER_FQDN/ - </Location> - - # Apache equivalent of nginx try files - # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files - # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab - RewriteEngine on - - #Don't escape encoded characters in api requests - RewriteCond %{REQUEST_URI} ^/api/v3/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE] - - #Forward all requests to gitlab-workhorse except existing files like error documents - RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] - RewriteCond %{REQUEST_URI} ^/uploads/.* - RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA] - - # needed for downloading attachments - DocumentRoot /usr/share/webapps/gitlab/public - - #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. - ErrorDocument 404 /404.html - ErrorDocument 422 /422.html - ErrorDocument 500 /500.html - ErrorDocument 503 /deploy.html - - # It is assumed that the log directory is in /var/log/httpd. - # For Debian distributions you might want to change this to - # /var/log/apache2. - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded - ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog - CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined - -</VirtualHost> diff --git a/lighttpd.conf.example b/lighttpd.conf.example deleted file mode 100644 index c34853005f44..000000000000 --- a/lighttpd.conf.example +++ /dev/null @@ -1,35 +0,0 @@ -# GITLAB -# Maintainer: @tvn87 -# App Version: 2.8 - -server.modules += ( - "mod_simple_vhost", - "mod_proxy" -) - -## The document root of a virtual host is document-root = -## simple-vhost.server-root + $HTTP["host"] + simple-vhost.document-root -simple-vhost.server-root = "/var/www" -simple-vhost.document-root = "htdocs" - -## the default host if no host is sent -simple-vhost.default-host = "YOUR_SERVER_FQDN" - -## uploads must be served as static files -$HTTP["url"] == "^/upload" { - var.vhost.name = "YOUR_SERVER_FQDN" - var.vhost.path = "/usr/share/webapps/gitlab/public" -} -## otherwise everything is proxied -else $HTTP["host"] == "YOUR_SERVER_FQDN" { - var.vhost_name = "YOUR_SERVER_FQDN" - var.vhost_path = "/var/www/YOUR_SERVER_FQDN" # This directory should be empty - - proxy.server = ( "" => ( ( - "host" => "127.0.0.1", - "port" => "8080" - ), - ) - ) - ssl.pemfile = "/etc/lighttpd/certs/YOUR_SERVER_FQDN.pem" # If ssl is enabled -} diff --git a/nginx-ssl.conf.example b/nginx-ssl.conf.example deleted file mode 100644 index 5fcf081ba79c..000000000000 --- a/nginx-ssl.conf.example +++ /dev/null @@ -1,112 +0,0 @@ -## GitLab -## -## Modified from nginx http version -## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/ -## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html -## -## Lines starting with two hashes (##) are comments with information. -## Lines starting with one hash (#) are configuration parameters that can be uncommented. -## -################################## -## CONTRIBUTING ## -################################## -## -## If you change this file in a Merge Request, please also create -## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests -## -################################### -## configuration ## -################################### -## -## See installation.md#using-https for additional HTTPS configuration details. - -upstream gitlab-workhorse { - server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0; -} - -## Redirects all HTTP traffic to the HTTPS host -server { - ## Either remove "default_server" from the listen line below, - ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab - ## to be served if you visit any address that your server responds to, eg. - ## the ip address of the server (http://x.x.x.x/) - listen 0.0.0.0:80; - listen [::]:80 ipv6only=on default_server; - server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com - server_tokens off; ## Don't show the nginx version number, a security best practice - return 301 https://$http_host$request_uri; - access_log /var/log/nginx/gitlab_access.log; - error_log /var/log/nginx/gitlab_error.log; -} - -## HTTPS host -server { - listen 0.0.0.0:443 ssl; - listen [::]:443 ipv6only=on ssl default_server; - server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com - server_tokens off; ## Don't show the nginx version number, a security best practice - - ## Strong SSL Security - ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ - ssl on; - ssl_certificate /etc/nginx/ssl/gitlab.crt; - ssl_certificate_key /etc/nginx/ssl/gitlab.key; - - # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs - ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 5m; - - ## See app/controllers/application_controller.rb for headers set - - ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. - ## Replace with your ssl_trusted_certificate. For more info see: - ## - https://medium.com/devops-programming/4445f4862461 - ## - https://www.ruby-forum.com/topic/4419319 - ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx - # ssl_stapling on; - # ssl_stapling_verify on; - # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt; - # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired - # resolver_timeout 5s; - - ## [Optional] Generate a stronger DHE parameter: - ## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096 - ## - # ssl_dhparam /etc/ssl/certs/dhparam.pem; - - ## Individual nginx logs for this GitLab vhost - access_log /var/log/nginx/gitlab_access.log; - error_log /var/log/nginx/gitlab_error.log; - - location / { - client_max_body_size 0; - gzip off; - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - - proxy_http_version 1.1; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Ssl on; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://gitlab-workhorse; - } - - error_page 404 /404.html; - error_page 422 /422.html; - error_page 500 /500.html; - error_page 502 /502.html; - location ~ ^/(404|422|500|502)\.html$ { - root /usr/share/webapps/gitlab/public; - internal; - } -} diff --git a/nginx.conf.example b/nginx.conf.example deleted file mode 100644 index 26d9ae321c53..000000000000 --- a/nginx.conf.example +++ /dev/null @@ -1,69 +0,0 @@ -## GitLab -## -## Lines starting with two hashes (##) are comments with information. -## Lines starting with one hash (#) are configuration parameters that can be uncommented. -## -################################## -## CONTRIBUTING ## -################################## -## -## If you change this file in a Merge Request, please also create -## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests -## -################################### -## configuration ## -################################### -## -## See installation.md#using-https for additional HTTPS configuration details. - -upstream gitlab-workhorse { - server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0; -} - -## Normal HTTP host -server { - ## Either remove "default_server" from the listen line below, - ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab - ## to be served if you visit any address that your server responds to, eg. - ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server; - listen 0.0.0.0:80 default_server; - listen [::]:80 default_server; - server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com - server_tokens off; ## Don't show the nginx version number, a security best practice - - ## See app/controllers/application_controller.rb for headers set - - ## Individual nginx logs for this GitLab vhost - access_log /var/log/nginx/gitlab_access.log; - error_log /var/log/nginx/gitlab_error.log; - - location / { - client_max_body_size 0; - gzip off; - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - - proxy_http_version 1.1; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_pass http://gitlab-workhorse; - } - - error_page 404 /404.html; - error_page 422 /422.html; - error_page 500 /500.html; - error_page 502 /502.html; - location ~ ^/(404|422|500|502)\.html$ { - root /usr/share/webapps/gitlab/public; - internal; - } - -} |