diff options
author | Lopo | 2015-06-17 20:07:30 +0200 |
---|---|---|
committer | Lopo | 2015-06-17 20:07:30 +0200 |
commit | 9c7eec6f762ec992ef753c727241c0590c2d5ec3 (patch) | |
tree | 063696ddce80c9825e6603a69baa1c6495f251fe /nginx-ssl.conf.example | |
download | aur-9c7eec6f762ec992ef753c727241c0590c2d5ec3.tar.gz |
Initial import
Diffstat (limited to 'nginx-ssl.conf.example')
-rw-r--r-- | nginx-ssl.conf.example | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/nginx-ssl.conf.example b/nginx-ssl.conf.example new file mode 100644 index 000000000000..48d89bca9401 --- /dev/null +++ b/nginx-ssl.conf.example @@ -0,0 +1,67 @@ +# GITLAB CI + +# You need to run openssl to generate a self-signed ssl certificate. +# cd /etc/nginx/ +# sudo openssl req -new -x509 -nodes -days 3560 -out gitlabci.crt -keyout gitlabci.key +# sudo chmod o-r gitlabci.key +# You also need to edit gitlab-ci/config/application.yml +# 1) Define port for http "port: 443" +# 2) Enable https "https: true" +# 3) Update ssl for gravatar "ssl_url: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm" + +upstream gitlab_ci { + ## Uncomment if you have set up puma/unicorn to listen on a unix socket (recommended). + server unix:/var/run/gitlab-ci/gitlab-ci.socket; + + ## Uncomment if puma/unicorn are configured to listen on a tcp port. + ## Check the port number in /etc/webapps/gitlab-ci/{puma.rb/unicorn.rb} + # server 127.0.0.1:8081; +} + +# This is a normal HTTP host which redirects all traffic to the HTTPS host. +# Replace git.example.com with your FQDN. +server { + listen *:80; + server_name gitlabci.example.com; + server_tokens off; + root /nowhere; # this doesn't have to be a valid path since we are redirecting, you don't have to change it. + rewrite ^ https://$server_name$request_uri permanent; +} +server { + listen 443 ssl; + server_name gitlabci.example.com; + server_tokens off; + root /usr/share/webapps/gitlab-ci/public; + + ssl on; + ssl_certificate /etc/nginx/gitlabci.crt; + ssl_certificate_key /etc/nginx/gitlabci.key; + ssl_protocols TLSv1 TLSv1.2; + ssl_ciphers AES:HIGH:!ADH:!MD5; + ssl_prefer_server_ciphers on; + + # individual nginx logs for this gitlab vhost + access_log /var/log/nginx/gitlab-ci_access.log; + error_log /var/log/nginx/gitlab-ci_error.log; + + location / { + # serve static files from defined root folder;. + # @gitlab is a named location for the upstream fallback, see below + try_files $uri $uri/index.html $uri.html @gitlab_ci; + } + + # if a file, which is not found in the root folder is requested, + # then the proxy pass the request to the upsteam (gitlab unicorn) + location @gitlab_ci { + proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694 + proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694 + proxy_redirect off; + + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Ssl on; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + + proxy_pass http://gitlab_ci; + } +} |