blob: 48d89bca94016f6931779c5dca47d89d768ab942 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
# GITLAB CI
# You need to run openssl to generate a self-signed ssl certificate.
# cd /etc/nginx/
# sudo openssl req -new -x509 -nodes -days 3560 -out gitlabci.crt -keyout gitlabci.key
# sudo chmod o-r gitlabci.key
# You also need to edit gitlab-ci/config/application.yml
# 1) Define port for http "port: 443"
# 2) Enable https "https: true"
# 3) Update ssl for gravatar "ssl_url: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm"
upstream gitlab_ci {
## Uncomment if you have set up puma/unicorn to listen on a unix socket (recommended).
server unix:/var/run/gitlab-ci/gitlab-ci.socket;
## Uncomment if puma/unicorn are configured to listen on a tcp port.
## Check the port number in /etc/webapps/gitlab-ci/{puma.rb/unicorn.rb}
# server 127.0.0.1:8081;
}
# This is a normal HTTP host which redirects all traffic to the HTTPS host.
# Replace git.example.com with your FQDN.
server {
listen *:80;
server_name gitlabci.example.com;
server_tokens off;
root /nowhere; # this doesn't have to be a valid path since we are redirecting, you don't have to change it.
rewrite ^ https://$server_name$request_uri permanent;
}
server {
listen 443 ssl;
server_name gitlabci.example.com;
server_tokens off;
root /usr/share/webapps/gitlab-ci/public;
ssl on;
ssl_certificate /etc/nginx/gitlabci.crt;
ssl_certificate_key /etc/nginx/gitlabci.key;
ssl_protocols TLSv1 TLSv1.2;
ssl_ciphers AES:HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
# individual nginx logs for this gitlab vhost
access_log /var/log/nginx/gitlab-ci_access.log;
error_log /var/log/nginx/gitlab-ci_error.log;
location / {
# serve static files from defined root folder;.
# @gitlab is a named location for the upstream fallback, see below
try_files $uri $uri/index.html $uri.html @gitlab_ci;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location @gitlab_ci {
proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_redirect off;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://gitlab_ci;
}
}
|