[arch-commits] Commit in gitlab/repos (68 files)
Sven-Hendrik Haase
svenstaro at archlinux.org
Thu Aug 25 20:13:29 UTC 2016
Date: Thursday, August 25, 2016 @ 20:13:28
Author: svenstaro
Revision: 187546
archrelease: copy trunk to community-i686, community-x86_64
Added:
gitlab/repos/community-i686/PKGBUILD
(from rev 187545, gitlab/trunk/PKGBUILD)
gitlab/repos/community-i686/apache-ssl.conf.example
(from rev 187545, gitlab/trunk/apache-ssl.conf.example)
gitlab/repos/community-i686/apache.conf.example
(from rev 187545, gitlab/trunk/apache.conf.example)
gitlab/repos/community-i686/apache2.2-ssl.conf.example
(from rev 187545, gitlab/trunk/apache2.2-ssl.conf.example)
gitlab/repos/community-i686/apache2.2.conf.example
(from rev 187545, gitlab/trunk/apache2.2.conf.example)
gitlab/repos/community-i686/gitlab-backup.service
(from rev 187545, gitlab/trunk/gitlab-backup.service)
gitlab/repos/community-i686/gitlab-backup.timer
(from rev 187545, gitlab/trunk/gitlab-backup.timer)
gitlab/repos/community-i686/gitlab-mailroom.service
(from rev 187545, gitlab/trunk/gitlab-mailroom.service)
gitlab/repos/community-i686/gitlab-sidekiq.service
(from rev 187545, gitlab/trunk/gitlab-sidekiq.service)
gitlab/repos/community-i686/gitlab-unicorn.service
(from rev 187545, gitlab/trunk/gitlab-unicorn.service)
gitlab/repos/community-i686/gitlab.install
(from rev 187545, gitlab/trunk/gitlab.install)
gitlab/repos/community-i686/gitlab.logrotate
(from rev 187545, gitlab/trunk/gitlab.logrotate)
gitlab/repos/community-i686/gitlab.target
(from rev 187545, gitlab/trunk/gitlab.target)
gitlab/repos/community-i686/gitlab.tmpfiles.d
(from rev 187545, gitlab/trunk/gitlab.tmpfiles.d)
gitlab/repos/community-i686/lighttpd.conf.example
(from rev 187545, gitlab/trunk/lighttpd.conf.example)
gitlab/repos/community-i686/nginx-ssl.conf.example
(from rev 187545, gitlab/trunk/nginx-ssl.conf.example)
gitlab/repos/community-i686/nginx.conf.example
(from rev 187545, gitlab/trunk/nginx.conf.example)
gitlab/repos/community-x86_64/PKGBUILD
(from rev 187545, gitlab/trunk/PKGBUILD)
gitlab/repos/community-x86_64/apache-ssl.conf.example
(from rev 187545, gitlab/trunk/apache-ssl.conf.example)
gitlab/repos/community-x86_64/apache.conf.example
(from rev 187545, gitlab/trunk/apache.conf.example)
gitlab/repos/community-x86_64/apache2.2-ssl.conf.example
(from rev 187545, gitlab/trunk/apache2.2-ssl.conf.example)
gitlab/repos/community-x86_64/apache2.2.conf.example
(from rev 187545, gitlab/trunk/apache2.2.conf.example)
gitlab/repos/community-x86_64/gitlab-backup.service
(from rev 187545, gitlab/trunk/gitlab-backup.service)
gitlab/repos/community-x86_64/gitlab-backup.timer
(from rev 187545, gitlab/trunk/gitlab-backup.timer)
gitlab/repos/community-x86_64/gitlab-mailroom.service
(from rev 187545, gitlab/trunk/gitlab-mailroom.service)
gitlab/repos/community-x86_64/gitlab-sidekiq.service
(from rev 187545, gitlab/trunk/gitlab-sidekiq.service)
gitlab/repos/community-x86_64/gitlab-unicorn.service
(from rev 187545, gitlab/trunk/gitlab-unicorn.service)
gitlab/repos/community-x86_64/gitlab.install
(from rev 187545, gitlab/trunk/gitlab.install)
gitlab/repos/community-x86_64/gitlab.logrotate
(from rev 187545, gitlab/trunk/gitlab.logrotate)
gitlab/repos/community-x86_64/gitlab.target
(from rev 187545, gitlab/trunk/gitlab.target)
gitlab/repos/community-x86_64/gitlab.tmpfiles.d
(from rev 187545, gitlab/trunk/gitlab.tmpfiles.d)
gitlab/repos/community-x86_64/lighttpd.conf.example
(from rev 187545, gitlab/trunk/lighttpd.conf.example)
gitlab/repos/community-x86_64/nginx-ssl.conf.example
(from rev 187545, gitlab/trunk/nginx-ssl.conf.example)
gitlab/repos/community-x86_64/nginx.conf.example
(from rev 187545, gitlab/trunk/nginx.conf.example)
Deleted:
gitlab/repos/community-i686/PKGBUILD
gitlab/repos/community-i686/apache-ssl.conf.example
gitlab/repos/community-i686/apache.conf.example
gitlab/repos/community-i686/apache2.2-ssl.conf.example
gitlab/repos/community-i686/apache2.2.conf.example
gitlab/repos/community-i686/gitlab-backup.service
gitlab/repos/community-i686/gitlab-backup.timer
gitlab/repos/community-i686/gitlab-mailroom.service
gitlab/repos/community-i686/gitlab-sidekiq.service
gitlab/repos/community-i686/gitlab-unicorn.service
gitlab/repos/community-i686/gitlab.install
gitlab/repos/community-i686/gitlab.logrotate
gitlab/repos/community-i686/gitlab.target
gitlab/repos/community-i686/gitlab.tmpfiles.d
gitlab/repos/community-i686/lighttpd.conf.example
gitlab/repos/community-i686/nginx-ssl.conf.example
gitlab/repos/community-i686/nginx.conf.example
gitlab/repos/community-x86_64/PKGBUILD
gitlab/repos/community-x86_64/apache-ssl.conf.example
gitlab/repos/community-x86_64/apache.conf.example
gitlab/repos/community-x86_64/apache2.2-ssl.conf.example
gitlab/repos/community-x86_64/apache2.2.conf.example
gitlab/repos/community-x86_64/gitlab-backup.service
gitlab/repos/community-x86_64/gitlab-backup.timer
gitlab/repos/community-x86_64/gitlab-mailroom.service
gitlab/repos/community-x86_64/gitlab-sidekiq.service
gitlab/repos/community-x86_64/gitlab-unicorn.service
gitlab/repos/community-x86_64/gitlab.install
gitlab/repos/community-x86_64/gitlab.logrotate
gitlab/repos/community-x86_64/gitlab.target
gitlab/repos/community-x86_64/gitlab.tmpfiles.d
gitlab/repos/community-x86_64/lighttpd.conf.example
gitlab/repos/community-x86_64/nginx-ssl.conf.example
gitlab/repos/community-x86_64/nginx.conf.example
---------------------------------------------+
/PKGBUILD | 398 ++++++++++++++++++++++++++
/apache-ssl.conf.example | 188 ++++++++++++
/apache.conf.example | 128 ++++++++
/apache2.2-ssl.conf.example | 186 ++++++++++++
/apache2.2.conf.example | 126 ++++++++
/gitlab-backup.service | 38 ++
/gitlab-backup.timer | 20 +
/gitlab-mailroom.service | 40 ++
/gitlab-sidekiq.service | 60 +++
/gitlab-unicorn.service | 58 +++
/gitlab.install | 40 ++
/gitlab.logrotate | 22 +
/gitlab.target | 28 +
/gitlab.tmpfiles.d | 2
/lighttpd.conf.example | 70 ++++
/nginx-ssl.conf.example | 224 ++++++++++++++
/nginx.conf.example | 138 +++++++++
community-i686/PKGBUILD | 199 -------------
community-i686/apache-ssl.conf.example | 94 ------
community-i686/apache.conf.example | 64 ----
community-i686/apache2.2-ssl.conf.example | 93 ------
community-i686/apache2.2.conf.example | 63 ----
community-i686/gitlab-backup.service | 19 -
community-i686/gitlab-backup.timer | 10
community-i686/gitlab-mailroom.service | 20 -
community-i686/gitlab-sidekiq.service | 30 -
community-i686/gitlab-unicorn.service | 29 -
community-i686/gitlab.install | 18 -
community-i686/gitlab.logrotate | 11
community-i686/gitlab.target | 14
community-i686/gitlab.tmpfiles.d | 1
community-i686/lighttpd.conf.example | 35 --
community-i686/nginx-ssl.conf.example | 112 -------
community-i686/nginx.conf.example | 69 ----
community-x86_64/PKGBUILD | 199 -------------
community-x86_64/apache-ssl.conf.example | 94 ------
community-x86_64/apache.conf.example | 64 ----
community-x86_64/apache2.2-ssl.conf.example | 93 ------
community-x86_64/apache2.2.conf.example | 63 ----
community-x86_64/gitlab-backup.service | 19 -
community-x86_64/gitlab-backup.timer | 10
community-x86_64/gitlab-mailroom.service | 20 -
community-x86_64/gitlab-sidekiq.service | 30 -
community-x86_64/gitlab-unicorn.service | 29 -
community-x86_64/gitlab.install | 18 -
community-x86_64/gitlab.logrotate | 11
community-x86_64/gitlab.target | 14
community-x86_64/gitlab.tmpfiles.d | 1
community-x86_64/lighttpd.conf.example | 35 --
community-x86_64/nginx-ssl.conf.example | 112 -------
community-x86_64/nginx.conf.example | 69 ----
51 files changed, 1766 insertions(+), 1762 deletions(-)
Deleted: community-i686/PKGBUILD
===================================================================
--- community-i686/PKGBUILD 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/PKGBUILD 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,199 +0,0 @@
-# Maintainer: Sven-Hendrik Haase <sh at lutzhaase.com>
-# Contributor: Pavol (Lopo) Hluchy <lopo AT losys DOT eu>
-# Contributor: Jonas Heinrich <onny at project-insanity.org>
-# Contributor: Massimiliano Torromeo <massimiliano.torromeo at gmail.com>
-# Contributor: Tobias Hunger <tobias DOT hunger AT gmail DOT com>
-# Contributor: Stefan Tatschner <stefan at sevenbyte.org>
-# Contributor: Caleb Maclennan <caleb at alerque.com>
-
-pkgname=gitlab
-pkgver=8.11.0
-pkgrel=2
-pkgdesc="Project management and code hosting application"
-arch=('i686' 'x86_64')
-url="https://gitlab.com/gitlab-org/gitlab-ce/tree/master#README"
-license=('MIT')
-depends=('ruby' 'git' 'ruby-bundler' 'gitlab-shell' 'gitlab-workhorse' 'openssh' 'redis' 'libxslt' 'icu' 'nodejs')
-makedepends=('cmake' 'postgresql' 'mariadb')
-optdepends=('postgresql: database backend'
- 'mysql: database backend'
- 'python2-docutils: reStructuredText markup language support'
- 'smtp-server: mail server in order to receive mail notifications')
-backup=("etc/webapps/${pkgname}/application.rb"
- "etc/webapps/${pkgname}/gitlab.yml"
- "etc/webapps/${pkgname}/secret"
- "etc/webapps/${pkgname}/resque.yml"
- "etc/webapps/${pkgname}/unicorn.rb"
- "etc/logrotate.d/${pkgname}")
-source=("$pkgname-$pkgver.tar.gz::https://github.com/gitlabhq/gitlabhq/archive/v${pkgver}.tar.gz"
- gitlab-unicorn.service
- gitlab-sidekiq.service
- gitlab-backup.service
- gitlab-mailroom.service
- gitlab-backup.timer
- gitlab.target
- gitlab.tmpfiles.d
- gitlab.logrotate
- apache.conf.example
- apache-ssl.conf.example
- apache2.2.conf.example
- apache2.2-ssl.conf.example
- nginx.conf.example
- nginx-ssl.conf.example
- lighttpd.conf.example)
-install='gitlab.install'
-sha256sums=('8f78e05ad66e68383de198cfc20454675f3518732d609c88e6cc39f8a7c9806c'
- 'becafe0f9811fea69a69b8e2739857ef007f0b7e89391229f123c79c285f34f3'
- 'fbe5ec709ead1729e4de85f3f036f053b2b14041c540742315ff2d63a7bdd59a'
- 'd21d8c961b2834115a1d9c646278782aaaae0d1d1cde2357b58e67bad3a58527'
- '06c9f6575ddaeb9cfb70dd9c6cc50a2e676b0aba42731d1c7793a5ba12a2d4e5'
- 'e2539301fe42869d8fdbaa1b53b30076fb436c4220a37e576ed704458f804852'
- 'a1ee236a1f3e65cd26d9adb5f636f66fbab68777fd60d1c796cb26036bd0903f'
- '84614a2bfbd734f09c2c91531dd3c13e795186b50c0780a120c8e5bc2a892607'
- '7b3137b8175db06e97c7577fb1df3d9095ff0797e6428c12d9c633ddd9121ad5'
- '87fa65bc2d8f382d22fe77a6958bac9058e99021b230e2922a5b7e7afff39dcc'
- '5e8c0e5d66ae5039620bd5d92076112bd47d9894a9cfbf06242dad412618f01a'
- 'b4b10b401de60a714ebb38b0e17c9efe123967565d9b73297503fbaea4bcf03d'
- '8944a5eb8972a63f962dc34ed1c2843e019b2b521d8f045a2552ddc2f2e28ec3'
- '481427bec661c8bebc652a3349e10dd8c9435f51a0dcbb7b2e6833309ce90a1b'
- '822d0b80f1974c8418a9f4d66fbefb7679313b6de9a49c137c83c0bfe622460f'
- 'ea5a5f0b4c0ffd26d977efaf564800ee7fa88579a9e4f0556143a591a7ff198c')
-
-_homedir="/var/lib/${pkgname}"
-_datadir="/usr/share/webapps/${pkgname}"
-_logdir="/var/log/${pkgname}"
-_srcdir="gitlabhq-${pkgver}"
-_etcdir="/etc/webapps/${pkgname}"
-
-prepare() {
- cd "${srcdir}/${_srcdir}"
-
- export SKIP_STORAGE_VALIDATION='true'
-
- # Patching config files:
- msg2 "Patching paths in and username gitlab.yml..."
- sed -e "s|# user: git|user: gitlab|" \
- -e "s|/home/git/repositories|${_homedir}/repositories|" \
- -e "s|/home/git/gitlab-satellites|${_homedir}/satellites|" \
- -e "s|# path: /mnt/gitlab|path: ${_homedir}/shared|" \
- -e "s|/home/git/gitlab-shell|/usr/share/webapps/gitlab-shell|" \
- -e "s|tmp/backups|${_homedir}/backups|" \
- config/gitlab.yml.example > config/gitlab.yml
-
- msg2 "Patching paths and timeout in unicorn.rb..."
- sed -e "s|/home/git/gitlab/tmp/.*/|/run/gitlab/|g" \
- -e "s|/var/run/|/run/|g" \
- -e "s|/home/git/gitlab|${_datadir}|g" \
- -e "s|timeout 30|timeout 300|" \
- -e "s|${_datadir}/log/|${_logdir}/|g" \
- config/unicorn.rb.example > config/unicorn.rb
-
- # We need this one untouched because otherwise assets will fail
- cp config/database.yml.postgresql config/database.yml.postgresql.orig
-
- msg2 "Patching username in database.yml.{mysql,postgresql}..."
- sed -i -e "s|username: git|username: gitlab|" config/database.yml.mysql
- sed -i -e "s|username: git|username: gitlab|" config/database.yml.postgresql
-
- msg2 "Patching redis connection in resque.yml"
- sed -e "s|production: unix:/var/run/redis/redis.sock|production: redis://localhost:6379|" \
- config/resque.yml.example > config/resque.yml
-
- msg2 "Setting up systemd service files ..."
- for service_file in gitlab-sidekiq.service gitlab-unicorn.service gitlab.logrotate gitlab-backup.service gitlab-mailroom.service; do
- sed -i "s|<HOMEDIR>|${_homedir}|g" "${srcdir}/${service_file}"
- sed -i "s|<DATADIR>|${_datadir}|g" "${srcdir}/${service_file}"
- sed -i "s|<LOGDIR>|${_logdir}|g" "${srcdir}/${service_file}"
- done
-}
-
-build() {
- cd "${srcdir}/${_srcdir}"
-
- msg "Fetching bundled gems..."
- # Gems will be installed into vendor/bundle
-
- bundle config build.nokogiri --use-system-libraries
- bundle install -j$(nproc) --no-cache --deployment --without development test aws kerberos
-
- # We'll temporarily stick this in here so we can build the assets
- cp config/database.yml.postgresql.orig config/database.yml
- sed -i '/generate_and_link_secret_token/d' config/initializers/gitlab_shell_secret_token.rb
- bundle exec rake assets:precompile RAILS_ENV=production
- # After building assets, clean this up again
- rm config/database.yml config/database.yml.postgresql.orig
-}
-
-package() {
- cd "${srcdir}/${_srcdir}"
-
- install -d "${pkgdir}/usr/share/webapps"
-
- cp -r "${srcdir}/${_srcdir}" "${pkgdir}${_datadir}"
- chown -R 105:105 "${pkgdir}${_datadir}"
- chmod 755 "${pkgdir}${_datadir}"
-
- install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}"
- install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/satellites"
- install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/shared"
- install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/builds"
- install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/uploads"
- install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/backups"
- install -dm750 -o 105 -g 105 "${pkgdir}${_etcdir}"
- install -dm755 "${pkgdir}/usr/share/doc/${pkgname}"
-
- touch "${pkgdir}${_etcdir}/secret"
- chmod 640 "${pkgdir}${_etcdir}/secret"
- chown root:105 "${pkgdir}${_etcdir}/secret"
-
- ln -fs /run/gitlab "${pkgdir}${_homedir}/pids"
- ln -fs /run/gitlab "${pkgdir}${_homedir}/sockets"
- ln -fs ${_datadir}/log "${pkgdir}${_homedir}/log"
- ln -fs "${_etcdir}/secret" "${pkgdir}${_datadir}/.secret"
-
- rm -rf "${pkgdir}${_datadir}/public/uploads" && ln -fs "${_homedir}/uploads" "${pkgdir}${_datadir}/public/uploads"
- rm -rf "${pkgdir}${_datadir}/builds" && ln -fs "${_homedir}/builds" "${pkgdir}${_datadir}/builds"
- rm -rf "${pkgdir}${_datadir}/tmp" && ln -fs /var/tmp "${pkgdir}${_datadir}/tmp"
- rm -rf "${pkgdir}${_datadir}/log" && ln -fs "${_logdir}" "${pkgdir}${_datadir}/log"
-
- ln -fs /etc/webapps/gitlab-shell/secret "${pkgdir}${_datadir}/.gitlab_shell_secret"
-
- sed -i "s|require_relative '../lib|require '${_datadir}/lib|" config/application.rb
-
- # Install config files
- for config_file in application.rb gitlab.yml unicorn.rb resque.yml; do
- mv "config/${config_file}" "${pkgdir}${_etcdir}/"
- [[ -f "${pkgdir}${_datadir}/config/${config_file}" ]] && rm "${pkgdir}${_datadir}/config/${config_file}"
- ln -fs "${_etcdir}/${config_file}" "${pkgdir}${_datadir}/config/"
- done
-
- # Install database symlink
- ln -fs "${_etcdir}/database.yml" "${pkgdir}${_datadir}/config/database.yml"
-
- # Install secrets symlink
- ln -fs "${_etcdir}/secrets.yml" "${pkgdir}${_datadir}/config/secrets.yml"
-
- # Install license and help files
- mv README.md MAINTENANCE.md CONTRIBUTING.md CHANGELOG config/*.{example,mysql,postgresql} "${pkgdir}/usr/share/doc/${pkgname}"
- install -D "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
-
- # https://gitlab.com/gitlab-org/gitlab-ce/issues/765
- cp -r "${pkgdir}${_datadir}/doc" "${pkgdir}${_datadir}/public/help"
- find "${pkgdir}${_datadir}/public/help" -name "*.md" -exec rm {} \;
- find "${pkgdir}${_datadir}/public/help/" -depth -type d -empty -exec rmdir {} \;
-
- # Install systemd service files
- for service_file in gitlab-unicorn.service gitlab-sidekiq.service gitlab-backup.service gitlab-backup.timer gitlab.target gitlab-mailroom.service; do
- install -Dm644 "${srcdir}/${service_file}" "${pkgdir}/usr/lib/systemd/system/${service_file}"
- done
-
- install -Dm644 "${srcdir}/gitlab.tmpfiles.d" "${pkgdir}/usr/lib/tmpfiles.d/gitlab.conf"
- install -Dm644 "${srcdir}/gitlab.logrotate" "${pkgdir}/etc/logrotate.d/gitlab"
-
- # Install webserver config templates
- for config_file in apache apache-ssl apache2.2 apache2.2-ssl nginx nginx-ssl lighttpd; do
- install -m644 "${srcdir}/${config_file}.conf.example" "${pkgdir}/usr/share/doc/${pkgname}"
- done
-}
-
-# vim:set ts=2 sw=2 et:
Copied: gitlab/repos/community-i686/PKGBUILD (from rev 187545, gitlab/trunk/PKGBUILD)
===================================================================
--- community-i686/PKGBUILD (rev 0)
+++ community-i686/PKGBUILD 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,199 @@
+# Maintainer: Sven-Hendrik Haase <sh at lutzhaase.com>
+# Contributor: Pavol (Lopo) Hluchy <lopo AT losys DOT eu>
+# Contributor: Jonas Heinrich <onny at project-insanity.org>
+# Contributor: Massimiliano Torromeo <massimiliano.torromeo at gmail.com>
+# Contributor: Tobias Hunger <tobias DOT hunger AT gmail DOT com>
+# Contributor: Stefan Tatschner <stefan at sevenbyte.org>
+# Contributor: Caleb Maclennan <caleb at alerque.com>
+
+pkgname=gitlab
+pkgver=8.11.0
+pkgrel=3
+pkgdesc="Project management and code hosting application"
+arch=('i686' 'x86_64')
+url="https://gitlab.com/gitlab-org/gitlab-ce/tree/master#README"
+license=('MIT')
+depends=('ruby' 'git' 'ruby-bundler' 'gitlab-shell' 'gitlab-workhorse' 'openssh' 'redis' 'libxslt' 'icu' 'nodejs')
+makedepends=('cmake' 'postgresql' 'mariadb')
+optdepends=('postgresql: database backend'
+ 'mysql: database backend'
+ 'python2-docutils: reStructuredText markup language support'
+ 'smtp-server: mail server in order to receive mail notifications')
+backup=("etc/webapps/${pkgname}/application.rb"
+ "etc/webapps/${pkgname}/gitlab.yml"
+ "etc/webapps/${pkgname}/secret"
+ "etc/webapps/${pkgname}/resque.yml"
+ "etc/webapps/${pkgname}/unicorn.rb"
+ "etc/logrotate.d/${pkgname}")
+source=("$pkgname-$pkgver.tar.gz::https://github.com/gitlabhq/gitlabhq/archive/v${pkgver}.tar.gz"
+ gitlab-unicorn.service
+ gitlab-sidekiq.service
+ gitlab-backup.service
+ gitlab-mailroom.service
+ gitlab-backup.timer
+ gitlab.target
+ gitlab.tmpfiles.d
+ gitlab.logrotate
+ apache.conf.example
+ apache-ssl.conf.example
+ apache2.2.conf.example
+ apache2.2-ssl.conf.example
+ nginx.conf.example
+ nginx-ssl.conf.example
+ lighttpd.conf.example)
+install='gitlab.install'
+sha256sums=('8f78e05ad66e68383de198cfc20454675f3518732d609c88e6cc39f8a7c9806c'
+ '0dabb9c10f6ba49404c13d6be2d0d6cf1bf7e5a0b95f0dea566e33c356997307'
+ 'a348d69cf0d08a1aa0713deb615815ae5a2305a1a1c386bcee29f49eae446757'
+ 'e16a68539eeb49d24d2ab4a53ff95e33c67264a674b611c006dc5c8a24f41e0e'
+ 'f3863b2906526ba487cb594f7fdca926e6dd8b8cfe95dccbba0ff9171ef2bb62'
+ 'e2539301fe42869d8fdbaa1b53b30076fb436c4220a37e576ed704458f804852'
+ 'a1ee236a1f3e65cd26d9adb5f636f66fbab68777fd60d1c796cb26036bd0903f'
+ '84614a2bfbd734f09c2c91531dd3c13e795186b50c0780a120c8e5bc2a892607'
+ '7b3137b8175db06e97c7577fb1df3d9095ff0797e6428c12d9c633ddd9121ad5'
+ '87fa65bc2d8f382d22fe77a6958bac9058e99021b230e2922a5b7e7afff39dcc'
+ '5e8c0e5d66ae5039620bd5d92076112bd47d9894a9cfbf06242dad412618f01a'
+ 'b4b10b401de60a714ebb38b0e17c9efe123967565d9b73297503fbaea4bcf03d'
+ '8944a5eb8972a63f962dc34ed1c2843e019b2b521d8f045a2552ddc2f2e28ec3'
+ '481427bec661c8bebc652a3349e10dd8c9435f51a0dcbb7b2e6833309ce90a1b'
+ '822d0b80f1974c8418a9f4d66fbefb7679313b6de9a49c137c83c0bfe622460f'
+ 'ea5a5f0b4c0ffd26d977efaf564800ee7fa88579a9e4f0556143a591a7ff198c')
+
+_homedir="/var/lib/${pkgname}"
+_datadir="/usr/share/webapps/${pkgname}"
+_logdir="/var/log/${pkgname}"
+_srcdir="gitlabhq-${pkgver}"
+_etcdir="/etc/webapps/${pkgname}"
+
+prepare() {
+ cd "${srcdir}/${_srcdir}"
+
+ export SKIP_STORAGE_VALIDATION='true'
+
+ # Patching config files:
+ msg2 "Patching paths in and username gitlab.yml..."
+ sed -e "s|# user: git|user: gitlab|" \
+ -e "s|/home/git/repositories|${_homedir}/repositories|" \
+ -e "s|/home/git/gitlab-satellites|${_homedir}/satellites|" \
+ -e "s|# path: /mnt/gitlab|path: ${_homedir}/shared|" \
+ -e "s|/home/git/gitlab-shell|/usr/share/webapps/gitlab-shell|" \
+ -e "s|tmp/backups|${_homedir}/backups|" \
+ config/gitlab.yml.example > config/gitlab.yml
+
+ msg2 "Patching paths and timeout in unicorn.rb..."
+ sed -e "s|/home/git/gitlab/tmp/.*/|/run/gitlab/|g" \
+ -e "s|/var/run/|/run/|g" \
+ -e "s|/home/git/gitlab|${_datadir}|g" \
+ -e "s|timeout 30|timeout 300|" \
+ -e "s|${_datadir}/log/|${_logdir}/|g" \
+ config/unicorn.rb.example > config/unicorn.rb
+
+ # We need this one untouched because otherwise assets will fail
+ cp config/database.yml.postgresql config/database.yml.postgresql.orig
+
+ msg2 "Patching username in database.yml.{mysql,postgresql}..."
+ sed -i -e "s|username: git|username: gitlab|" config/database.yml.mysql
+ sed -i -e "s|username: git|username: gitlab|" config/database.yml.postgresql
+
+ msg2 "Patching redis connection in resque.yml"
+ sed -e "s|production: unix:/var/run/redis/redis.sock|production: redis://localhost:6379|" \
+ config/resque.yml.example > config/resque.yml
+
+ msg2 "Setting up systemd service files ..."
+ for service_file in gitlab-sidekiq.service gitlab-unicorn.service gitlab.logrotate gitlab-backup.service gitlab-mailroom.service; do
+ sed -i "s|<HOMEDIR>|${_homedir}|g" "${srcdir}/${service_file}"
+ sed -i "s|<DATADIR>|${_datadir}|g" "${srcdir}/${service_file}"
+ sed -i "s|<LOGDIR>|${_logdir}|g" "${srcdir}/${service_file}"
+ done
+}
+
+build() {
+ cd "${srcdir}/${_srcdir}"
+
+ msg "Fetching bundled gems..."
+ # Gems will be installed into vendor/bundle
+
+ bundle config build.nokogiri --use-system-libraries
+ bundle install -j$(nproc) --no-cache --deployment --without development test aws kerberos
+
+ # We'll temporarily stick this in here so we can build the assets
+ cp config/database.yml.postgresql.orig config/database.yml
+ sed -i '/generate_and_link_secret_token/d' config/initializers/gitlab_shell_secret_token.rb
+ bundle exec rake assets:precompile RAILS_ENV=production
+ # After building assets, clean this up again
+ rm config/database.yml config/database.yml.postgresql.orig
+}
+
+package() {
+ cd "${srcdir}/${_srcdir}"
+
+ install -d "${pkgdir}/usr/share/webapps"
+
+ cp -r "${srcdir}/${_srcdir}" "${pkgdir}${_datadir}"
+ chown -R 105:105 "${pkgdir}${_datadir}"
+ chmod 755 "${pkgdir}${_datadir}"
+
+ install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}"
+ install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/satellites"
+ install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/shared"
+ install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/builds"
+ install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/uploads"
+ install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/backups"
+ install -dm750 -o 105 -g 105 "${pkgdir}${_etcdir}"
+ install -dm755 "${pkgdir}/usr/share/doc/${pkgname}"
+
+ touch "${pkgdir}${_etcdir}/secret"
+ chmod 640 "${pkgdir}${_etcdir}/secret"
+ chown root:105 "${pkgdir}${_etcdir}/secret"
+
+ ln -fs /run/gitlab "${pkgdir}${_homedir}/pids"
+ ln -fs /run/gitlab "${pkgdir}${_homedir}/sockets"
+ ln -fs ${_datadir}/log "${pkgdir}${_homedir}/log"
+ ln -fs "${_etcdir}/secret" "${pkgdir}${_datadir}/.secret"
+
+ rm -rf "${pkgdir}${_datadir}/public/uploads" && ln -fs "${_homedir}/uploads" "${pkgdir}${_datadir}/public/uploads"
+ rm -rf "${pkgdir}${_datadir}/builds" && ln -fs "${_homedir}/builds" "${pkgdir}${_datadir}/builds"
+ rm -rf "${pkgdir}${_datadir}/tmp" && ln -fs /var/tmp "${pkgdir}${_datadir}/tmp"
+ rm -rf "${pkgdir}${_datadir}/log" && ln -fs "${_logdir}" "${pkgdir}${_datadir}/log"
+
+ ln -fs /etc/webapps/gitlab-shell/secret "${pkgdir}${_datadir}/.gitlab_shell_secret"
+
+ sed -i "s|require_relative '../lib|require '${_datadir}/lib|" config/application.rb
+
+ # Install config files
+ for config_file in application.rb gitlab.yml unicorn.rb resque.yml; do
+ mv "config/${config_file}" "${pkgdir}${_etcdir}/"
+ [[ -f "${pkgdir}${_datadir}/config/${config_file}" ]] && rm "${pkgdir}${_datadir}/config/${config_file}"
+ ln -fs "${_etcdir}/${config_file}" "${pkgdir}${_datadir}/config/"
+ done
+
+ # Install database symlink
+ ln -fs "${_etcdir}/database.yml" "${pkgdir}${_datadir}/config/database.yml"
+
+ # Install secrets symlink
+ ln -fs "${_etcdir}/secrets.yml" "${pkgdir}${_datadir}/config/secrets.yml"
+
+ # Install license and help files
+ mv README.md MAINTENANCE.md CONTRIBUTING.md CHANGELOG config/*.{example,mysql,postgresql} "${pkgdir}/usr/share/doc/${pkgname}"
+ install -D "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+
+ # https://gitlab.com/gitlab-org/gitlab-ce/issues/765
+ cp -r "${pkgdir}${_datadir}/doc" "${pkgdir}${_datadir}/public/help"
+ find "${pkgdir}${_datadir}/public/help" -name "*.md" -exec rm {} \;
+ find "${pkgdir}${_datadir}/public/help/" -depth -type d -empty -exec rmdir {} \;
+
+ # Install systemd service files
+ for service_file in gitlab-unicorn.service gitlab-sidekiq.service gitlab-backup.service gitlab-backup.timer gitlab.target gitlab-mailroom.service; do
+ install -Dm644 "${srcdir}/${service_file}" "${pkgdir}/usr/lib/systemd/system/${service_file}"
+ done
+
+ install -Dm644 "${srcdir}/gitlab.tmpfiles.d" "${pkgdir}/usr/lib/tmpfiles.d/gitlab.conf"
+ install -Dm644 "${srcdir}/gitlab.logrotate" "${pkgdir}/etc/logrotate.d/gitlab"
+
+ # Install webserver config templates
+ for config_file in apache apache-ssl apache2.2 apache2.2-ssl nginx nginx-ssl lighttpd; do
+ install -m644 "${srcdir}/${config_file}.conf.example" "${pkgdir}/usr/share/doc/${pkgname}"
+ done
+}
+
+# vim:set ts=2 sw=2 et:
Deleted: community-i686/apache-ssl.conf.example
===================================================================
--- community-i686/apache-ssl.conf.example 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/apache-ssl.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,94 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_ssl
-# mod_proxy
-# mod_proxy_http
-# mod_headers
-
-# This section is only needed if you want to redirect http traffic to https.
-# You can live without it but clients will have to type in https:// to reach gitlab.
-<VirtualHost *:80>
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- RewriteEngine on
- RewriteCond %{HTTPS} !=on
- RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
-</VirtualHost>
-
-<VirtualHost *:443>
- SSLEngine on
- #strong encryption ciphers only
- #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
- SSLProtocol all -SSLv2 -SSLv3
- SSLHonorCipherOrder on
-# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
- SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
- Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
- SSLCompression Off
- SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
- SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
- SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
-
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- ProxyPreserveHost On
-
- # Ensure that encoded slashes are not decoded but left in their encoded state.
- # http://doc.gitlab.com/ce/api/projects.html#get-single-project
- AllowEncodedSlashes NoDecode
-
- <Location />
- # New authorization commands for apache 2.4 and up
- # http://httpd.apache.org/docs/2.4/upgrading.html#access
- Require all granted
-
- #Allow forwarding to gitlab-workhorse
- ProxyPassReverse http://127.0.0.1:8181
- ProxyPassReverse http://YOUR_SERVER_FQDN/
- </Location>
-
- # Apache equivalent of nginx try files
- # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
- # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
- RewriteEngine on
-
- #Don't escape encoded characters in api requests
- RewriteCond %{REQUEST_URI} ^/api/v3/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
- #Forward all requests to gitlab-workhorse except existing files like error documents
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
- RewriteCond %{REQUEST_URI} ^/uploads/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
- RequestHeader set X_FORWARDED_PROTO 'https'
- RequestHeader set X-Forwarded-Ssl on
-
- # needed for downloading attachments
- DocumentRoot /usr/share/webapps/gitlab/public
-
- #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
- ErrorDocument 404 /404.html
- ErrorDocument 422 /422.html
- ErrorDocument 500 /500.html
- ErrorDocument 503 /deploy.html
-
- # It is assumed that the log directory is in /var/log/httpd.
- # For Debian distributions you might want to change this to
- # /var/log/apache2.
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
- ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>
Copied: gitlab/repos/community-i686/apache-ssl.conf.example (from rev 187545, gitlab/trunk/apache-ssl.conf.example)
===================================================================
--- community-i686/apache-ssl.conf.example (rev 0)
+++ community-i686/apache-ssl.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,94 @@
+# This configuration has been tested on GitLab 8.2
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
+# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
+#
+# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
+#
+#Module dependencies
+# mod_rewrite
+# mod_ssl
+# mod_proxy
+# mod_proxy_http
+# mod_headers
+
+# This section is only needed if you want to redirect http traffic to https.
+# You can live without it but clients will have to type in https:// to reach gitlab.
+<VirtualHost *:80>
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ RewriteEngine on
+ RewriteCond %{HTTPS} !=on
+ RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+ SSLEngine on
+ #strong encryption ciphers only
+ #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLHonorCipherOrder on
+# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
+ SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
+ Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+ SSLCompression Off
+ SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
+ SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
+ SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
+
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ ProxyPreserveHost On
+
+ # Ensure that encoded slashes are not decoded but left in their encoded state.
+ # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+ AllowEncodedSlashes NoDecode
+
+ <Location />
+ # New authorization commands for apache 2.4 and up
+ # http://httpd.apache.org/docs/2.4/upgrading.html#access
+ Require all granted
+
+ #Allow forwarding to gitlab-workhorse
+ ProxyPassReverse http://127.0.0.1:8181
+ ProxyPassReverse http://YOUR_SERVER_FQDN/
+ </Location>
+
+ # Apache equivalent of nginx try files
+ # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+ # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+ RewriteEngine on
+
+ #Don't escape encoded characters in api requests
+ RewriteCond %{REQUEST_URI} ^/api/v3/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
+
+ #Forward all requests to gitlab-workhorse except existing files like error documents
+ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+ RewriteCond %{REQUEST_URI} ^/uploads/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+ RequestHeader set X_FORWARDED_PROTO 'https'
+ RequestHeader set X-Forwarded-Ssl on
+
+ # needed for downloading attachments
+ DocumentRoot /usr/share/webapps/gitlab/public
+
+ #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+ ErrorDocument 404 /404.html
+ ErrorDocument 422 /422.html
+ ErrorDocument 500 /500.html
+ ErrorDocument 503 /deploy.html
+
+ # It is assumed that the log directory is in /var/log/httpd.
+ # For Debian distributions you might want to change this to
+ # /var/log/apache2.
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+ ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+</VirtualHost>
Deleted: community-i686/apache.conf.example
===================================================================
--- community-i686/apache.conf.example 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/apache.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,64 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_proxy
-# mod_proxy_http
-<VirtualHost *:80>
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- ProxyPreserveHost On
-
- # Ensure that encoded slashes are not decoded but left in their encoded state.
- # http://doc.gitlab.com/ce/api/projects.html#get-single-project
- AllowEncodedSlashes NoDecode
-
- <Location />
- # New authorization commands for apache 2.4 and up
- # http://httpd.apache.org/docs/2.4/upgrading.html#access
- Require all granted
-
- #Allow forwarding to gitlab-workhorse
- ProxyPassReverse http://127.0.0.1:8181
- ProxyPassReverse http://YOUR_SERVER_FQDN/
- </Location>
-
- # Apache equivalent of nginx try files
- # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
- # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
- RewriteEngine on
-
- #Don't escape encoded characters in api requests
- RewriteCond %{REQUEST_URI} ^/api/v3/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
- #Forward all requests to gitlab-workhorse except existing files like error documents
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
- RewriteCond %{REQUEST_URI} ^/uploads/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
- # needed for downloading attachments
- DocumentRoot /usr/share/webapps/gitlab/public
-
- #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
- ErrorDocument 404 /404.html
- ErrorDocument 422 /422.html
- ErrorDocument 500 /500.html
- ErrorDocument 503 /deploy.html
-
- # It is assumed that the log directory is in /var/log/httpd.
- # For Debian distributions you might want to change this to
- # /var/log/apache2.
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
- ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>
Copied: gitlab/repos/community-i686/apache.conf.example (from rev 187545, gitlab/trunk/apache.conf.example)
===================================================================
--- community-i686/apache.conf.example (rev 0)
+++ community-i686/apache.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,64 @@
+# This configuration has been tested on GitLab 8.2
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
+# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
+#
+# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
+#
+#Module dependencies
+# mod_rewrite
+# mod_proxy
+# mod_proxy_http
+<VirtualHost *:80>
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ ProxyPreserveHost On
+
+ # Ensure that encoded slashes are not decoded but left in their encoded state.
+ # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+ AllowEncodedSlashes NoDecode
+
+ <Location />
+ # New authorization commands for apache 2.4 and up
+ # http://httpd.apache.org/docs/2.4/upgrading.html#access
+ Require all granted
+
+ #Allow forwarding to gitlab-workhorse
+ ProxyPassReverse http://127.0.0.1:8181
+ ProxyPassReverse http://YOUR_SERVER_FQDN/
+ </Location>
+
+ # Apache equivalent of nginx try files
+ # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+ # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+ RewriteEngine on
+
+ #Don't escape encoded characters in api requests
+ RewriteCond %{REQUEST_URI} ^/api/v3/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
+
+ #Forward all requests to gitlab-workhorse except existing files like error documents
+ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+ RewriteCond %{REQUEST_URI} ^/uploads/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+ # needed for downloading attachments
+ DocumentRoot /usr/share/webapps/gitlab/public
+
+ #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+ ErrorDocument 404 /404.html
+ ErrorDocument 422 /422.html
+ ErrorDocument 500 /500.html
+ ErrorDocument 503 /deploy.html
+
+ # It is assumed that the log directory is in /var/log/httpd.
+ # For Debian distributions you might want to change this to
+ # /var/log/apache2.
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+ ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+</VirtualHost>
Deleted: community-i686/apache2.2-ssl.conf.example
===================================================================
--- community-i686/apache2.2-ssl.conf.example 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/apache2.2-ssl.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,93 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_ssl
-# mod_proxy
-# mod_proxy_http
-# mod_headers
-
-# This section is only needed if you want to redirect http traffic to https.
-# You can live without it but clients will have to type in https:// to reach gitlab.
-<VirtualHost *:80>
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- RewriteEngine on
- RewriteCond %{HTTPS} !=on
- RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
-</VirtualHost>
-
-<VirtualHost *:443>
- SSLEngine on
- #strong encryption ciphers only
- #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
- SSLProtocol all -SSLv2 -SSLv3
- SSLHonorCipherOrder on
-# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
- SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
- Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
- SSLCompression Off
- SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
- SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
- SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
-
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- ProxyPreserveHost On
-
- # Ensure that encoded slashes are not decoded but left in their encoded state.
- # http://doc.gitlab.com/ce/api/projects.html#get-single-project
- AllowEncodedSlashes NoDecode
-
- <Location />
- Order deny,allow
- Allow from all
-
- #Allow forwarding to gitlab-workhorse
- ProxyPassReverse http://127.0.0.1:8181
- ProxyPassReverse http://YOUR_SERVER_FQDN/
- </Location>
-
- # Apache equivalent of nginx try files
- # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
- # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
- RewriteEngine on
-
- #Don't escape encoded characters in api requests
- RewriteCond %{REQUEST_URI} ^/api/v3/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
- #Forward all requests to gitlab-workhorse except existing files like error documents
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
- RewriteCond %{REQUEST_URI} ^/uploads/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
- RequestHeader set X_FORWARDED_PROTO 'https'
- RequestHeader set X-Forwarded-Ssl on
-
- # needed for downloading attachments
- DocumentRoot /usr/share/webapps/gitlab/public
-
- #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
- ErrorDocument 404 /404.html
- ErrorDocument 422 /422.html
- ErrorDocument 500 /500.html
- ErrorDocument 503 /deploy.html
-
- # It is assumed that the log directory is in /var/log/httpd.
- # For Debian distributions you might want to change this to
- # /var/log/apache2.
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
- ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>
Copied: gitlab/repos/community-i686/apache2.2-ssl.conf.example (from rev 187545, gitlab/trunk/apache2.2-ssl.conf.example)
===================================================================
--- community-i686/apache2.2-ssl.conf.example (rev 0)
+++ community-i686/apache2.2-ssl.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,93 @@
+# This configuration has been tested on GitLab 8.2
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
+# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
+#
+# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
+#
+#Module dependencies
+# mod_rewrite
+# mod_ssl
+# mod_proxy
+# mod_proxy_http
+# mod_headers
+
+# This section is only needed if you want to redirect http traffic to https.
+# You can live without it but clients will have to type in https:// to reach gitlab.
+<VirtualHost *:80>
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ RewriteEngine on
+ RewriteCond %{HTTPS} !=on
+ RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+ SSLEngine on
+ #strong encryption ciphers only
+ #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLHonorCipherOrder on
+# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
+ SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
+ Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+ SSLCompression Off
+ SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
+ SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
+ SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
+
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ ProxyPreserveHost On
+
+ # Ensure that encoded slashes are not decoded but left in their encoded state.
+ # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+ AllowEncodedSlashes NoDecode
+
+ <Location />
+ Order deny,allow
+ Allow from all
+
+ #Allow forwarding to gitlab-workhorse
+ ProxyPassReverse http://127.0.0.1:8181
+ ProxyPassReverse http://YOUR_SERVER_FQDN/
+ </Location>
+
+ # Apache equivalent of nginx try files
+ # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+ # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+ RewriteEngine on
+
+ #Don't escape encoded characters in api requests
+ RewriteCond %{REQUEST_URI} ^/api/v3/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
+
+ #Forward all requests to gitlab-workhorse except existing files like error documents
+ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+ RewriteCond %{REQUEST_URI} ^/uploads/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+ RequestHeader set X_FORWARDED_PROTO 'https'
+ RequestHeader set X-Forwarded-Ssl on
+
+ # needed for downloading attachments
+ DocumentRoot /usr/share/webapps/gitlab/public
+
+ #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+ ErrorDocument 404 /404.html
+ ErrorDocument 422 /422.html
+ ErrorDocument 500 /500.html
+ ErrorDocument 503 /deploy.html
+
+ # It is assumed that the log directory is in /var/log/httpd.
+ # For Debian distributions you might want to change this to
+ # /var/log/apache2.
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+ ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+</VirtualHost>
Deleted: community-i686/apache2.2.conf.example
===================================================================
--- community-i686/apache2.2.conf.example 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/apache2.2.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,63 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_proxy
-# mod_proxy_http
-<VirtualHost *:80>
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- ProxyPreserveHost On
-
- # Ensure that encoded slashes are not decoded but left in their encoded state.
- # http://doc.gitlab.com/ce/api/projects.html#get-single-project
- AllowEncodedSlashes NoDecode
-
- <Location />
- Order deny,allow
- Allow from all
-
- #Allow forwarding to gitlab-workhorse
- ProxyPassReverse http://127.0.0.1:8181
- ProxyPassReverse http://YOUR_SERVER_FQDN/
- </Location>
-
- # Apache equivalent of nginx try files
- # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
- # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
- RewriteEngine on
-
- #Don't escape encoded characters in api requests
- RewriteCond %{REQUEST_URI} ^/api/v3/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
- #Forward all requests to gitlab-workhorse except existing files like error documents
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
- RewriteCond %{REQUEST_URI} ^/uploads/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
- # needed for downloading attachments
- DocumentRoot /usr/share/webapps/gitlab/public
-
- #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
- ErrorDocument 404 /404.html
- ErrorDocument 422 /422.html
- ErrorDocument 500 /500.html
- ErrorDocument 503 /deploy.html
-
- # It is assumed that the log directory is in /var/log/httpd.
- # For Debian distributions you might want to change this to
- # /var/log/apache2.
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
- ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>
Copied: gitlab/repos/community-i686/apache2.2.conf.example (from rev 187545, gitlab/trunk/apache2.2.conf.example)
===================================================================
--- community-i686/apache2.2.conf.example (rev 0)
+++ community-i686/apache2.2.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,63 @@
+# This configuration has been tested on GitLab 8.2
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
+# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
+#
+# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
+#
+#Module dependencies
+# mod_rewrite
+# mod_proxy
+# mod_proxy_http
+<VirtualHost *:80>
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ ProxyPreserveHost On
+
+ # Ensure that encoded slashes are not decoded but left in their encoded state.
+ # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+ AllowEncodedSlashes NoDecode
+
+ <Location />
+ Order deny,allow
+ Allow from all
+
+ #Allow forwarding to gitlab-workhorse
+ ProxyPassReverse http://127.0.0.1:8181
+ ProxyPassReverse http://YOUR_SERVER_FQDN/
+ </Location>
+
+ # Apache equivalent of nginx try files
+ # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+ # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+ RewriteEngine on
+
+ #Don't escape encoded characters in api requests
+ RewriteCond %{REQUEST_URI} ^/api/v3/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
+
+ #Forward all requests to gitlab-workhorse except existing files like error documents
+ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+ RewriteCond %{REQUEST_URI} ^/uploads/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+ # needed for downloading attachments
+ DocumentRoot /usr/share/webapps/gitlab/public
+
+ #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+ ErrorDocument 404 /404.html
+ ErrorDocument 422 /422.html
+ ErrorDocument 500 /500.html
+ ErrorDocument 503 /deploy.html
+
+ # It is assumed that the log directory is in /var/log/httpd.
+ # For Debian distributions you might want to change this to
+ # /var/log/apache2.
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+ ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+</VirtualHost>
Deleted: community-i686/gitlab-backup.service
===================================================================
--- community-i686/gitlab-backup.service 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/gitlab-backup.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,19 +0,0 @@
-[Unit]
-Description=GitLab Backup process
-Requires=
-After=network.target
-
-[Service]
-Type=oneshot
-User=gitlab
-Group=gitlab
-SyslogIdentifier=gitlab-backup
-WorkingDirectory=<DATADIR>
-Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
-CapabilityBoundingSet=
-PrivateTmp=true
-PrivateDevices=true
-ProtectSystem=full
-ProtectHome=true
-NoNewPrivileges=true
-ExecStart=/usr/bin/bundle exec rake gitlab:backup:create
Copied: gitlab/repos/community-i686/gitlab-backup.service (from rev 187545, gitlab/trunk/gitlab-backup.service)
===================================================================
--- community-i686/gitlab-backup.service (rev 0)
+++ community-i686/gitlab-backup.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,19 @@
+[Unit]
+Description=GitLab Backup process
+Requires=
+After=network.target
+
+[Service]
+Type=oneshot
+User=gitlab
+Group=gitlab
+SyslogIdentifier=gitlab-backup
+WorkingDirectory=<DATADIR>
+Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
+CapabilityBoundingSet=
+PrivateTmp=true
+PrivateDevices=true
+ProtectSystem=full
+ProtectHome=true
+NoNewPrivileges=true
+ExecStart=/usr/bin/bundle exec rake gitlab:backup:create
Deleted: community-i686/gitlab-backup.timer
===================================================================
--- community-i686/gitlab-backup.timer 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/gitlab-backup.timer 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,10 +0,0 @@
-[Unit]
-Description=Daily gitlab backup
-
-[Timer]
-OnCalendar=daily
-AccuracySec=12h
-Persistent=true
-
-[Install]
-WantedBy=multi-user.target
Copied: gitlab/repos/community-i686/gitlab-backup.timer (from rev 187545, gitlab/trunk/gitlab-backup.timer)
===================================================================
--- community-i686/gitlab-backup.timer (rev 0)
+++ community-i686/gitlab-backup.timer 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,10 @@
+[Unit]
+Description=Daily gitlab backup
+
+[Timer]
+OnCalendar=daily
+AccuracySec=12h
+Persistent=true
+
+[Install]
+WantedBy=multi-user.target
Deleted: community-i686/gitlab-mailroom.service
===================================================================
--- community-i686/gitlab-mailroom.service 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/gitlab-mailroom.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,20 +0,0 @@
-[Unit]
-Description=Gitlab Mailroom Worker
-Requires=gitlab-unicorn.service
-Wants=gitlab-unicorn.service
-After=gitlab-unicorn.service
-
-[Service]
-User=gitlab
-Group=gitlab
-WorkingDirectory=<DATADIR>
-Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
-SyslogIdentifier=gitlab-mailroom
-PIDFile=/run/gitlab/mailroom.pid
-ExecStart=/usr/bin/bundle exec mail_room -q -c <DATADIR>/config/mail_room.yml
-ExecStop=/usr/bin/kill -QUIT $MAINPID
-Restart=on-failure
-RestartSec=1
-
-[Install]
-WantedBy=multi-user.target
Copied: gitlab/repos/community-i686/gitlab-mailroom.service (from rev 187545, gitlab/trunk/gitlab-mailroom.service)
===================================================================
--- community-i686/gitlab-mailroom.service (rev 0)
+++ community-i686/gitlab-mailroom.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,20 @@
+[Unit]
+Description=Gitlab Mailroom Worker
+Requires=gitlab-unicorn.service
+Wants=gitlab-unicorn.service
+After=gitlab-unicorn.service
+
+[Service]
+User=gitlab
+Group=gitlab
+WorkingDirectory=<DATADIR>
+Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
+SyslogIdentifier=gitlab-mailroom
+PIDFile=/run/gitlab/mailroom.pid
+ExecStart=/usr/bin/bundle exec mail_room -q -c <DATADIR>/config/mail_room.yml
+ExecStop=/usr/bin/kill -QUIT $MAINPID
+Restart=on-failure
+RestartSec=1
+
+[Install]
+WantedBy=multi-user.target
Deleted: community-i686/gitlab-sidekiq.service
===================================================================
--- community-i686/gitlab-sidekiq.service 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/gitlab-sidekiq.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,30 +0,0 @@
-[Unit]
-Description=GitLab Sidekiq Worker
-Requires=redis.service gitlab-unicorn.service
-Wants=mysqld.service postgresql.service
-After=redis.service mysqld.service postgresql.service network.target gitlab-unicorn.service
-JoinsNamespaceOf=gitlab-unicorn.service
-
-[Service]
-User=gitlab
-Group=gitlab
-WorkingDirectory=<DATADIR>
-Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
-SyslogIdentifier=gitlab-sidekiq
-PIDFile=/run/gitlab/sidekiq.pid
-CapabilityBoundingSet=
-PrivateTmp=true
-PrivateDevices=true
-ProtectSystem=full
-ProtectHome=true
-# NoNewPrivileges breaks gitlabs' email delivery if you
-# use postfix' sendmail wrapper. If you use an SMTP server
-# instead you can safely enable this security feature.
-#NoNewPrivileges=true
-ExecStart=/usr/bin/bundle exec sidekiq -q post_receive -q mailers -q system_hook -q incoming_email -q project_web_hook -q gitlab_shell -q common -q default -q archive_repo -e production
-ExecStop=/usr/bin/bundle exec sidekiqctl stop /run/gitlab/sidekiq.pid
-Restart=on-failure
-RestartSec=1
-
-[Install]
-WantedBy=multi-user.target
Copied: gitlab/repos/community-i686/gitlab-sidekiq.service (from rev 187545, gitlab/trunk/gitlab-sidekiq.service)
===================================================================
--- community-i686/gitlab-sidekiq.service (rev 0)
+++ community-i686/gitlab-sidekiq.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,30 @@
+[Unit]
+Description=GitLab Sidekiq Worker
+Requires=redis.service gitlab-unicorn.service
+Wants=mysqld.service postgresql.service
+After=redis.service mysqld.service postgresql.service network.target gitlab-unicorn.service
+JoinsNamespaceOf=gitlab-unicorn.service
+
+[Service]
+User=gitlab
+Group=gitlab
+WorkingDirectory=<DATADIR>
+Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
+SyslogIdentifier=gitlab-sidekiq
+PIDFile=/run/gitlab/sidekiq.pid
+CapabilityBoundingSet=
+PrivateTmp=true
+PrivateDevices=true
+ProtectSystem=full
+ProtectHome=true
+# NoNewPrivileges breaks gitlabs' email delivery if you
+# use postfix' sendmail wrapper. If you use an SMTP server
+# instead you can safely enable this security feature.
+#NoNewPrivileges=true
+ExecStart=/usr/bin/bundle exec sidekiq -q post_receive -q mailers -q system_hook -q incoming_email -q project_web_hook -q gitlab_shell -q common -q default -q archive_repo -e production
+ExecStop=/usr/bin/bundle exec sidekiqctl stop /run/gitlab/sidekiq.pid
+Restart=on-failure
+RestartSec=1
+
+[Install]
+WantedBy=multi-user.target
Deleted: community-i686/gitlab-unicorn.service
===================================================================
--- community-i686/gitlab-unicorn.service 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/gitlab-unicorn.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,29 +0,0 @@
-[Unit]
-Description=GitLab Unicorn Server
-Requires=redis.service
-Wants=mysqld.service postgresql.service
-After=redis.service mysqld.service postgresql.service network.target
-
-[Service]
-User=gitlab
-Group=gitlab
-WorkingDirectory=<DATADIR>
-Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
-SyslogIdentifier=gitlab-unicorn
-PIDFile=/run/gitlab/unicorn.pid
-RuntimeDirectory=gitlab
-RuntimeDirectoryMode=775
-CapabilityBoundingSet=
-PrivateTmp=true
-PrivateDevices=true
-ProtectSystem=full
-ProtectHome=true
-NoNewPrivileges=true
-ExecStart=/usr/bin/bundle exec unicorn_rails -c <DATADIR>/config/unicorn.rb -E production
-ExecStop=/usr/bin/kill -QUIT $MAINPID
-ExecReload=/usr/bin/kill -USR2 $MAINPID
-Restart=on-failure
-RestartSec=1
-
-[Install]
-WantedBy=multi-user.target
Copied: gitlab/repos/community-i686/gitlab-unicorn.service (from rev 187545, gitlab/trunk/gitlab-unicorn.service)
===================================================================
--- community-i686/gitlab-unicorn.service (rev 0)
+++ community-i686/gitlab-unicorn.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,29 @@
+[Unit]
+Description=GitLab Unicorn Server
+Requires=redis.service
+Wants=mysqld.service postgresql.service
+After=redis.service mysqld.service postgresql.service network.target
+
+[Service]
+User=gitlab
+Group=gitlab
+WorkingDirectory=<DATADIR>
+Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
+SyslogIdentifier=gitlab-unicorn
+PIDFile=/run/gitlab/unicorn.pid
+RuntimeDirectory=gitlab
+RuntimeDirectoryMode=775
+CapabilityBoundingSet=
+PrivateTmp=true
+PrivateDevices=true
+ProtectSystem=full
+ProtectHome=true
+NoNewPrivileges=true
+ExecStart=/usr/bin/bundle exec unicorn_rails -c <DATADIR>/config/unicorn.rb -E production
+ExecStop=/usr/bin/kill -QUIT $MAINPID
+ExecReload=/usr/bin/kill -USR2 $MAINPID
+Restart=on-failure
+RestartSec=1
+
+[Install]
+WantedBy=multi-user.target
Deleted: community-i686/gitlab.install
===================================================================
--- community-i686/gitlab.install 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/gitlab.install 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,18 +0,0 @@
-post_install() {
- systemd-tmpfiles --create gitlab.conf
-
- echo "Put a secret bytestring to /etc/webapps/gitlab/secret"
- echo "Copy /usr/share/doc/gitlab/secrets.yml.example to /etc/webapps/gitlab/secrets.yml and configure it"
- echo "Copy a database example config from /usr/share/doc/gitlab/ to /etc/webapps/gitlab/database.yml and configure it"
- echo "Setup the database:"
- echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.1 exec rake gitlab:setup RAILS_ENV=production\""
- echo "Finally run the following commands to check your installation:"
- echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.1 exec rake gitlab:env:info RAILS_ENV=production\""
- echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.1 exec rake gitlab:check RAILS_ENV=production\""
-}
-
-post_upgrade() {
- echo "You should upgrade your database:"
- echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.1 exec rake db:migrate RAILS_ENV=production\""
- echo "Afterwards, restart gitlab"
-}
Copied: gitlab/repos/community-i686/gitlab.install (from rev 187545, gitlab/trunk/gitlab.install)
===================================================================
--- community-i686/gitlab.install (rev 0)
+++ community-i686/gitlab.install 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,20 @@
+post_install() {
+ systemd-tmpfiles --create gitlab.conf
+
+ echo "Configure your /etc/webapps/gitlab/gitlab.yml"
+ echo "Set up your redis to run on /var/run/redis/redis.sock or configure gitlab to use redis TCP"
+ echo "Put a secret bytestring to /etc/webapps/gitlab/secret"
+ echo "Copy /usr/share/doc/gitlab/secrets.yml.example to /etc/webapps/gitlab/secrets.yml and configure it"
+ echo "Copy a database example config from /usr/share/doc/gitlab/ to /etc/webapps/gitlab/database.yml and configure it"
+ echo "Setup the database:"
+ echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle exec rake gitlab:setup RAILS_ENV=production\""
+ echo "Finally run the following commands to check your installation:"
+ echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle exec rake gitlab:env:info RAILS_ENV=production\""
+ echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle exec rake gitlab:check RAILS_ENV=production\""
+}
+
+post_upgrade() {
+ echo "You should upgrade your database:"
+ echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle exec rake db:migrate RAILS_ENV=production\""
+ echo "Afterwards, restart gitlab"
+}
Deleted: community-i686/gitlab.logrotate
===================================================================
--- community-i686/gitlab.logrotate 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/gitlab.logrotate 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,11 +0,0 @@
-# GitLab logrotate settings
-# based on: http://stackoverflow.com/a/4883967
-
-<LOGDIR>/*.log {
- daily
- missingok
- rotate 90
- compress
- notifempty
- copytruncate
-}
Copied: gitlab/repos/community-i686/gitlab.logrotate (from rev 187545, gitlab/trunk/gitlab.logrotate)
===================================================================
--- community-i686/gitlab.logrotate (rev 0)
+++ community-i686/gitlab.logrotate 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,11 @@
+# GitLab logrotate settings
+# based on: http://stackoverflow.com/a/4883967
+
+<LOGDIR>/*.log {
+ daily
+ missingok
+ rotate 90
+ compress
+ notifempty
+ copytruncate
+}
Deleted: community-i686/gitlab.target
===================================================================
--- community-i686/gitlab.target 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/gitlab.target 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,14 +0,0 @@
-###########################################################################################
-#
-# GitLab version : 5.x - 7.x
-# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91
-# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd
-#
-###########################################################################################
-
-[Unit]
-Description=GitLab - Self Hosted Git Management
-Wants=gitlab-unicorn.service gitlab-sidekiq.service gitlab-backup.timer
-
-[Install]
-WantedBy=multi-user.target
Copied: gitlab/repos/community-i686/gitlab.target (from rev 187545, gitlab/trunk/gitlab.target)
===================================================================
--- community-i686/gitlab.target (rev 0)
+++ community-i686/gitlab.target 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,14 @@
+###########################################################################################
+#
+# GitLab version : 5.x - 7.x
+# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91
+# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd
+#
+###########################################################################################
+
+[Unit]
+Description=GitLab - Self Hosted Git Management
+Wants=gitlab-unicorn.service gitlab-sidekiq.service gitlab-backup.timer
+
+[Install]
+WantedBy=multi-user.target
Deleted: community-i686/gitlab.tmpfiles.d
===================================================================
--- community-i686/gitlab.tmpfiles.d 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/gitlab.tmpfiles.d 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1 +0,0 @@
-d /run/gitlab 0775 gitlab gitlab - -
Copied: gitlab/repos/community-i686/gitlab.tmpfiles.d (from rev 187545, gitlab/trunk/gitlab.tmpfiles.d)
===================================================================
--- community-i686/gitlab.tmpfiles.d (rev 0)
+++ community-i686/gitlab.tmpfiles.d 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1 @@
+d /run/gitlab 0775 gitlab gitlab - -
Deleted: community-i686/lighttpd.conf.example
===================================================================
--- community-i686/lighttpd.conf.example 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/lighttpd.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,35 +0,0 @@
-# GITLAB
-# Maintainer: @tvn87
-# App Version: 2.8
-
-server.modules += (
- "mod_simple_vhost",
- "mod_proxy"
-)
-
-## The document root of a virtual host is document-root =
-## simple-vhost.server-root + $HTTP["host"] + simple-vhost.document-root
-simple-vhost.server-root = "/var/www"
-simple-vhost.document-root = "htdocs"
-
-## the default host if no host is sent
-simple-vhost.default-host = "YOUR_SERVER_FQDN"
-
-## uploads must be served as static files
-$HTTP["url"] == "^/upload" {
- var.vhost.name = "YOUR_SERVER_FQDN"
- var.vhost.path = "/usr/share/webapps/gitlab/public"
-}
-## otherwise everything is proxied
-else $HTTP["host"] == "YOUR_SERVER_FQDN" {
- var.vhost_name = "YOUR_SERVER_FQDN"
- var.vhost_path = "/var/www/YOUR_SERVER_FQDN" # This directory should be empty
-
- proxy.server = ( "" => ( (
- "host" => "127.0.0.1",
- "port" => "8080"
- ),
- )
- )
- ssl.pemfile = "/etc/lighttpd/certs/YOUR_SERVER_FQDN.pem" # If ssl is enabled
-}
Copied: gitlab/repos/community-i686/lighttpd.conf.example (from rev 187545, gitlab/trunk/lighttpd.conf.example)
===================================================================
--- community-i686/lighttpd.conf.example (rev 0)
+++ community-i686/lighttpd.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,35 @@
+# GITLAB
+# Maintainer: @tvn87
+# App Version: 2.8
+
+server.modules += (
+ "mod_simple_vhost",
+ "mod_proxy"
+)
+
+## The document root of a virtual host is document-root =
+## simple-vhost.server-root + $HTTP["host"] + simple-vhost.document-root
+simple-vhost.server-root = "/var/www"
+simple-vhost.document-root = "htdocs"
+
+## the default host if no host is sent
+simple-vhost.default-host = "YOUR_SERVER_FQDN"
+
+## uploads must be served as static files
+$HTTP["url"] == "^/upload" {
+ var.vhost.name = "YOUR_SERVER_FQDN"
+ var.vhost.path = "/usr/share/webapps/gitlab/public"
+}
+## otherwise everything is proxied
+else $HTTP["host"] == "YOUR_SERVER_FQDN" {
+ var.vhost_name = "YOUR_SERVER_FQDN"
+ var.vhost_path = "/var/www/YOUR_SERVER_FQDN" # This directory should be empty
+
+ proxy.server = ( "" => ( (
+ "host" => "127.0.0.1",
+ "port" => "8080"
+ ),
+ )
+ )
+ ssl.pemfile = "/etc/lighttpd/certs/YOUR_SERVER_FQDN.pem" # If ssl is enabled
+}
Deleted: community-i686/nginx-ssl.conf.example
===================================================================
--- community-i686/nginx-ssl.conf.example 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/nginx-ssl.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,112 +0,0 @@
-## GitLab
-##
-## Modified from nginx http version
-## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
-## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-##
-## Lines starting with two hashes (##) are comments with information.
-## Lines starting with one hash (#) are configuration parameters that can be uncommented.
-##
-##################################
-## CONTRIBUTING ##
-##################################
-##
-## If you change this file in a Merge Request, please also create
-## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
-##
-###################################
-## configuration ##
-###################################
-##
-## See installation.md#using-https for additional HTTPS configuration details.
-
-upstream gitlab-workhorse {
- server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
-}
-
-## Redirects all HTTP traffic to the HTTPS host
-server {
- ## Either remove "default_server" from the listen line below,
- ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
- ## to be served if you visit any address that your server responds to, eg.
- ## the ip address of the server (http://x.x.x.x/)
- listen 0.0.0.0:80;
- listen [::]:80 ipv6only=on default_server;
- server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
- server_tokens off; ## Don't show the nginx version number, a security best practice
- return 301 https://$http_host$request_uri;
- access_log /var/log/nginx/gitlab_access.log;
- error_log /var/log/nginx/gitlab_error.log;
-}
-
-## HTTPS host
-server {
- listen 0.0.0.0:443 ssl;
- listen [::]:443 ipv6only=on ssl default_server;
- server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
- server_tokens off; ## Don't show the nginx version number, a security best practice
-
- ## Strong SSL Security
- ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
- ssl on;
- ssl_certificate /etc/nginx/ssl/gitlab.crt;
- ssl_certificate_key /etc/nginx/ssl/gitlab.key;
-
- # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
- ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m;
- ssl_session_timeout 5m;
-
- ## See app/controllers/application_controller.rb for headers set
-
- ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
- ## Replace with your ssl_trusted_certificate. For more info see:
- ## - https://medium.com/devops-programming/4445f4862461
- ## - https://www.ruby-forum.com/topic/4419319
- ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
- # ssl_stapling on;
- # ssl_stapling_verify on;
- # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
- # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
- # resolver_timeout 5s;
-
- ## [Optional] Generate a stronger DHE parameter:
- ## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
- ##
- # ssl_dhparam /etc/ssl/certs/dhparam.pem;
-
- ## Individual nginx logs for this GitLab vhost
- access_log /var/log/nginx/gitlab_access.log;
- error_log /var/log/nginx/gitlab_error.log;
-
- location / {
- client_max_body_size 0;
- gzip off;
-
- ## https://github.com/gitlabhq/gitlabhq/issues/694
- ## Some requests take more than 30 seconds.
- proxy_read_timeout 300;
- proxy_connect_timeout 300;
- proxy_redirect off;
-
- proxy_http_version 1.1;
-
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-Ssl on;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_pass http://gitlab-workhorse;
- }
-
- error_page 404 /404.html;
- error_page 422 /422.html;
- error_page 500 /500.html;
- error_page 502 /502.html;
- location ~ ^/(404|422|500|502)\.html$ {
- root /usr/share/webapps/gitlab/public;
- internal;
- }
-}
Copied: gitlab/repos/community-i686/nginx-ssl.conf.example (from rev 187545, gitlab/trunk/nginx-ssl.conf.example)
===================================================================
--- community-i686/nginx-ssl.conf.example (rev 0)
+++ community-i686/nginx-ssl.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,112 @@
+## GitLab
+##
+## Modified from nginx http version
+## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
+## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+##
+## Lines starting with two hashes (##) are comments with information.
+## Lines starting with one hash (#) are configuration parameters that can be uncommented.
+##
+##################################
+## CONTRIBUTING ##
+##################################
+##
+## If you change this file in a Merge Request, please also create
+## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
+##
+###################################
+## configuration ##
+###################################
+##
+## See installation.md#using-https for additional HTTPS configuration details.
+
+upstream gitlab-workhorse {
+ server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
+}
+
+## Redirects all HTTP traffic to the HTTPS host
+server {
+ ## Either remove "default_server" from the listen line below,
+ ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
+ ## to be served if you visit any address that your server responds to, eg.
+ ## the ip address of the server (http://x.x.x.x/)
+ listen 0.0.0.0:80;
+ listen [::]:80 ipv6only=on default_server;
+ server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
+ server_tokens off; ## Don't show the nginx version number, a security best practice
+ return 301 https://$http_host$request_uri;
+ access_log /var/log/nginx/gitlab_access.log;
+ error_log /var/log/nginx/gitlab_error.log;
+}
+
+## HTTPS host
+server {
+ listen 0.0.0.0:443 ssl;
+ listen [::]:443 ipv6only=on ssl default_server;
+ server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
+ server_tokens off; ## Don't show the nginx version number, a security best practice
+
+ ## Strong SSL Security
+ ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
+ ssl on;
+ ssl_certificate /etc/nginx/ssl/gitlab.crt;
+ ssl_certificate_key /etc/nginx/ssl/gitlab.key;
+
+ # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
+ ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_prefer_server_ciphers on;
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 5m;
+
+ ## See app/controllers/application_controller.rb for headers set
+
+ ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
+ ## Replace with your ssl_trusted_certificate. For more info see:
+ ## - https://medium.com/devops-programming/4445f4862461
+ ## - https://www.ruby-forum.com/topic/4419319
+ ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
+ # ssl_stapling on;
+ # ssl_stapling_verify on;
+ # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
+ # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
+ # resolver_timeout 5s;
+
+ ## [Optional] Generate a stronger DHE parameter:
+ ## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
+ ##
+ # ssl_dhparam /etc/ssl/certs/dhparam.pem;
+
+ ## Individual nginx logs for this GitLab vhost
+ access_log /var/log/nginx/gitlab_access.log;
+ error_log /var/log/nginx/gitlab_error.log;
+
+ location / {
+ client_max_body_size 0;
+ gzip off;
+
+ ## https://github.com/gitlabhq/gitlabhq/issues/694
+ ## Some requests take more than 30 seconds.
+ proxy_read_timeout 300;
+ proxy_connect_timeout 300;
+ proxy_redirect off;
+
+ proxy_http_version 1.1;
+
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-Ssl on;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass http://gitlab-workhorse;
+ }
+
+ error_page 404 /404.html;
+ error_page 422 /422.html;
+ error_page 500 /500.html;
+ error_page 502 /502.html;
+ location ~ ^/(404|422|500|502)\.html$ {
+ root /usr/share/webapps/gitlab/public;
+ internal;
+ }
+}
Deleted: community-i686/nginx.conf.example
===================================================================
--- community-i686/nginx.conf.example 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-i686/nginx.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,69 +0,0 @@
-## GitLab
-##
-## Lines starting with two hashes (##) are comments with information.
-## Lines starting with one hash (#) are configuration parameters that can be uncommented.
-##
-##################################
-## CONTRIBUTING ##
-##################################
-##
-## If you change this file in a Merge Request, please also create
-## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
-##
-###################################
-## configuration ##
-###################################
-##
-## See installation.md#using-https for additional HTTPS configuration details.
-
-upstream gitlab-workhorse {
- server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
-}
-
-## Normal HTTP host
-server {
- ## Either remove "default_server" from the listen line below,
- ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
- ## to be served if you visit any address that your server responds to, eg.
- ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
- listen 0.0.0.0:80 default_server;
- listen [::]:80 default_server;
- server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
- server_tokens off; ## Don't show the nginx version number, a security best practice
-
- ## See app/controllers/application_controller.rb for headers set
-
- ## Individual nginx logs for this GitLab vhost
- access_log /var/log/nginx/gitlab_access.log;
- error_log /var/log/nginx/gitlab_error.log;
-
- location / {
- client_max_body_size 0;
- gzip off;
-
- ## https://github.com/gitlabhq/gitlabhq/issues/694
- ## Some requests take more than 30 seconds.
- proxy_read_timeout 300;
- proxy_connect_timeout 300;
- proxy_redirect off;
-
- proxy_http_version 1.1;
-
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
-
- proxy_pass http://gitlab-workhorse;
- }
-
- error_page 404 /404.html;
- error_page 422 /422.html;
- error_page 500 /500.html;
- error_page 502 /502.html;
- location ~ ^/(404|422|500|502)\.html$ {
- root /usr/share/webapps/gitlab/public;
- internal;
- }
-
-}
Copied: gitlab/repos/community-i686/nginx.conf.example (from rev 187545, gitlab/trunk/nginx.conf.example)
===================================================================
--- community-i686/nginx.conf.example (rev 0)
+++ community-i686/nginx.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,69 @@
+## GitLab
+##
+## Lines starting with two hashes (##) are comments with information.
+## Lines starting with one hash (#) are configuration parameters that can be uncommented.
+##
+##################################
+## CONTRIBUTING ##
+##################################
+##
+## If you change this file in a Merge Request, please also create
+## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
+##
+###################################
+## configuration ##
+###################################
+##
+## See installation.md#using-https for additional HTTPS configuration details.
+
+upstream gitlab-workhorse {
+ server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
+}
+
+## Normal HTTP host
+server {
+ ## Either remove "default_server" from the listen line below,
+ ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
+ ## to be served if you visit any address that your server responds to, eg.
+ ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
+ listen 0.0.0.0:80 default_server;
+ listen [::]:80 default_server;
+ server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
+ server_tokens off; ## Don't show the nginx version number, a security best practice
+
+ ## See app/controllers/application_controller.rb for headers set
+
+ ## Individual nginx logs for this GitLab vhost
+ access_log /var/log/nginx/gitlab_access.log;
+ error_log /var/log/nginx/gitlab_error.log;
+
+ location / {
+ client_max_body_size 0;
+ gzip off;
+
+ ## https://github.com/gitlabhq/gitlabhq/issues/694
+ ## Some requests take more than 30 seconds.
+ proxy_read_timeout 300;
+ proxy_connect_timeout 300;
+ proxy_redirect off;
+
+ proxy_http_version 1.1;
+
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ proxy_pass http://gitlab-workhorse;
+ }
+
+ error_page 404 /404.html;
+ error_page 422 /422.html;
+ error_page 500 /500.html;
+ error_page 502 /502.html;
+ location ~ ^/(404|422|500|502)\.html$ {
+ root /usr/share/webapps/gitlab/public;
+ internal;
+ }
+
+}
Deleted: community-x86_64/PKGBUILD
===================================================================
--- community-x86_64/PKGBUILD 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/PKGBUILD 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,199 +0,0 @@
-# Maintainer: Sven-Hendrik Haase <sh at lutzhaase.com>
-# Contributor: Pavol (Lopo) Hluchy <lopo AT losys DOT eu>
-# Contributor: Jonas Heinrich <onny at project-insanity.org>
-# Contributor: Massimiliano Torromeo <massimiliano.torromeo at gmail.com>
-# Contributor: Tobias Hunger <tobias DOT hunger AT gmail DOT com>
-# Contributor: Stefan Tatschner <stefan at sevenbyte.org>
-# Contributor: Caleb Maclennan <caleb at alerque.com>
-
-pkgname=gitlab
-pkgver=8.11.0
-pkgrel=2
-pkgdesc="Project management and code hosting application"
-arch=('i686' 'x86_64')
-url="https://gitlab.com/gitlab-org/gitlab-ce/tree/master#README"
-license=('MIT')
-depends=('ruby' 'git' 'ruby-bundler' 'gitlab-shell' 'gitlab-workhorse' 'openssh' 'redis' 'libxslt' 'icu' 'nodejs')
-makedepends=('cmake' 'postgresql' 'mariadb')
-optdepends=('postgresql: database backend'
- 'mysql: database backend'
- 'python2-docutils: reStructuredText markup language support'
- 'smtp-server: mail server in order to receive mail notifications')
-backup=("etc/webapps/${pkgname}/application.rb"
- "etc/webapps/${pkgname}/gitlab.yml"
- "etc/webapps/${pkgname}/secret"
- "etc/webapps/${pkgname}/resque.yml"
- "etc/webapps/${pkgname}/unicorn.rb"
- "etc/logrotate.d/${pkgname}")
-source=("$pkgname-$pkgver.tar.gz::https://github.com/gitlabhq/gitlabhq/archive/v${pkgver}.tar.gz"
- gitlab-unicorn.service
- gitlab-sidekiq.service
- gitlab-backup.service
- gitlab-mailroom.service
- gitlab-backup.timer
- gitlab.target
- gitlab.tmpfiles.d
- gitlab.logrotate
- apache.conf.example
- apache-ssl.conf.example
- apache2.2.conf.example
- apache2.2-ssl.conf.example
- nginx.conf.example
- nginx-ssl.conf.example
- lighttpd.conf.example)
-install='gitlab.install'
-sha256sums=('8f78e05ad66e68383de198cfc20454675f3518732d609c88e6cc39f8a7c9806c'
- 'becafe0f9811fea69a69b8e2739857ef007f0b7e89391229f123c79c285f34f3'
- 'fbe5ec709ead1729e4de85f3f036f053b2b14041c540742315ff2d63a7bdd59a'
- 'd21d8c961b2834115a1d9c646278782aaaae0d1d1cde2357b58e67bad3a58527'
- '06c9f6575ddaeb9cfb70dd9c6cc50a2e676b0aba42731d1c7793a5ba12a2d4e5'
- 'e2539301fe42869d8fdbaa1b53b30076fb436c4220a37e576ed704458f804852'
- 'a1ee236a1f3e65cd26d9adb5f636f66fbab68777fd60d1c796cb26036bd0903f'
- '84614a2bfbd734f09c2c91531dd3c13e795186b50c0780a120c8e5bc2a892607'
- '7b3137b8175db06e97c7577fb1df3d9095ff0797e6428c12d9c633ddd9121ad5'
- '87fa65bc2d8f382d22fe77a6958bac9058e99021b230e2922a5b7e7afff39dcc'
- '5e8c0e5d66ae5039620bd5d92076112bd47d9894a9cfbf06242dad412618f01a'
- 'b4b10b401de60a714ebb38b0e17c9efe123967565d9b73297503fbaea4bcf03d'
- '8944a5eb8972a63f962dc34ed1c2843e019b2b521d8f045a2552ddc2f2e28ec3'
- '481427bec661c8bebc652a3349e10dd8c9435f51a0dcbb7b2e6833309ce90a1b'
- '822d0b80f1974c8418a9f4d66fbefb7679313b6de9a49c137c83c0bfe622460f'
- 'ea5a5f0b4c0ffd26d977efaf564800ee7fa88579a9e4f0556143a591a7ff198c')
-
-_homedir="/var/lib/${pkgname}"
-_datadir="/usr/share/webapps/${pkgname}"
-_logdir="/var/log/${pkgname}"
-_srcdir="gitlabhq-${pkgver}"
-_etcdir="/etc/webapps/${pkgname}"
-
-prepare() {
- cd "${srcdir}/${_srcdir}"
-
- export SKIP_STORAGE_VALIDATION='true'
-
- # Patching config files:
- msg2 "Patching paths in and username gitlab.yml..."
- sed -e "s|# user: git|user: gitlab|" \
- -e "s|/home/git/repositories|${_homedir}/repositories|" \
- -e "s|/home/git/gitlab-satellites|${_homedir}/satellites|" \
- -e "s|# path: /mnt/gitlab|path: ${_homedir}/shared|" \
- -e "s|/home/git/gitlab-shell|/usr/share/webapps/gitlab-shell|" \
- -e "s|tmp/backups|${_homedir}/backups|" \
- config/gitlab.yml.example > config/gitlab.yml
-
- msg2 "Patching paths and timeout in unicorn.rb..."
- sed -e "s|/home/git/gitlab/tmp/.*/|/run/gitlab/|g" \
- -e "s|/var/run/|/run/|g" \
- -e "s|/home/git/gitlab|${_datadir}|g" \
- -e "s|timeout 30|timeout 300|" \
- -e "s|${_datadir}/log/|${_logdir}/|g" \
- config/unicorn.rb.example > config/unicorn.rb
-
- # We need this one untouched because otherwise assets will fail
- cp config/database.yml.postgresql config/database.yml.postgresql.orig
-
- msg2 "Patching username in database.yml.{mysql,postgresql}..."
- sed -i -e "s|username: git|username: gitlab|" config/database.yml.mysql
- sed -i -e "s|username: git|username: gitlab|" config/database.yml.postgresql
-
- msg2 "Patching redis connection in resque.yml"
- sed -e "s|production: unix:/var/run/redis/redis.sock|production: redis://localhost:6379|" \
- config/resque.yml.example > config/resque.yml
-
- msg2 "Setting up systemd service files ..."
- for service_file in gitlab-sidekiq.service gitlab-unicorn.service gitlab.logrotate gitlab-backup.service gitlab-mailroom.service; do
- sed -i "s|<HOMEDIR>|${_homedir}|g" "${srcdir}/${service_file}"
- sed -i "s|<DATADIR>|${_datadir}|g" "${srcdir}/${service_file}"
- sed -i "s|<LOGDIR>|${_logdir}|g" "${srcdir}/${service_file}"
- done
-}
-
-build() {
- cd "${srcdir}/${_srcdir}"
-
- msg "Fetching bundled gems..."
- # Gems will be installed into vendor/bundle
-
- bundle config build.nokogiri --use-system-libraries
- bundle install -j$(nproc) --no-cache --deployment --without development test aws kerberos
-
- # We'll temporarily stick this in here so we can build the assets
- cp config/database.yml.postgresql.orig config/database.yml
- sed -i '/generate_and_link_secret_token/d' config/initializers/gitlab_shell_secret_token.rb
- bundle exec rake assets:precompile RAILS_ENV=production
- # After building assets, clean this up again
- rm config/database.yml config/database.yml.postgresql.orig
-}
-
-package() {
- cd "${srcdir}/${_srcdir}"
-
- install -d "${pkgdir}/usr/share/webapps"
-
- cp -r "${srcdir}/${_srcdir}" "${pkgdir}${_datadir}"
- chown -R 105:105 "${pkgdir}${_datadir}"
- chmod 755 "${pkgdir}${_datadir}"
-
- install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}"
- install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/satellites"
- install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/shared"
- install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/builds"
- install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/uploads"
- install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/backups"
- install -dm750 -o 105 -g 105 "${pkgdir}${_etcdir}"
- install -dm755 "${pkgdir}/usr/share/doc/${pkgname}"
-
- touch "${pkgdir}${_etcdir}/secret"
- chmod 640 "${pkgdir}${_etcdir}/secret"
- chown root:105 "${pkgdir}${_etcdir}/secret"
-
- ln -fs /run/gitlab "${pkgdir}${_homedir}/pids"
- ln -fs /run/gitlab "${pkgdir}${_homedir}/sockets"
- ln -fs ${_datadir}/log "${pkgdir}${_homedir}/log"
- ln -fs "${_etcdir}/secret" "${pkgdir}${_datadir}/.secret"
-
- rm -rf "${pkgdir}${_datadir}/public/uploads" && ln -fs "${_homedir}/uploads" "${pkgdir}${_datadir}/public/uploads"
- rm -rf "${pkgdir}${_datadir}/builds" && ln -fs "${_homedir}/builds" "${pkgdir}${_datadir}/builds"
- rm -rf "${pkgdir}${_datadir}/tmp" && ln -fs /var/tmp "${pkgdir}${_datadir}/tmp"
- rm -rf "${pkgdir}${_datadir}/log" && ln -fs "${_logdir}" "${pkgdir}${_datadir}/log"
-
- ln -fs /etc/webapps/gitlab-shell/secret "${pkgdir}${_datadir}/.gitlab_shell_secret"
-
- sed -i "s|require_relative '../lib|require '${_datadir}/lib|" config/application.rb
-
- # Install config files
- for config_file in application.rb gitlab.yml unicorn.rb resque.yml; do
- mv "config/${config_file}" "${pkgdir}${_etcdir}/"
- [[ -f "${pkgdir}${_datadir}/config/${config_file}" ]] && rm "${pkgdir}${_datadir}/config/${config_file}"
- ln -fs "${_etcdir}/${config_file}" "${pkgdir}${_datadir}/config/"
- done
-
- # Install database symlink
- ln -fs "${_etcdir}/database.yml" "${pkgdir}${_datadir}/config/database.yml"
-
- # Install secrets symlink
- ln -fs "${_etcdir}/secrets.yml" "${pkgdir}${_datadir}/config/secrets.yml"
-
- # Install license and help files
- mv README.md MAINTENANCE.md CONTRIBUTING.md CHANGELOG config/*.{example,mysql,postgresql} "${pkgdir}/usr/share/doc/${pkgname}"
- install -D "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
-
- # https://gitlab.com/gitlab-org/gitlab-ce/issues/765
- cp -r "${pkgdir}${_datadir}/doc" "${pkgdir}${_datadir}/public/help"
- find "${pkgdir}${_datadir}/public/help" -name "*.md" -exec rm {} \;
- find "${pkgdir}${_datadir}/public/help/" -depth -type d -empty -exec rmdir {} \;
-
- # Install systemd service files
- for service_file in gitlab-unicorn.service gitlab-sidekiq.service gitlab-backup.service gitlab-backup.timer gitlab.target gitlab-mailroom.service; do
- install -Dm644 "${srcdir}/${service_file}" "${pkgdir}/usr/lib/systemd/system/${service_file}"
- done
-
- install -Dm644 "${srcdir}/gitlab.tmpfiles.d" "${pkgdir}/usr/lib/tmpfiles.d/gitlab.conf"
- install -Dm644 "${srcdir}/gitlab.logrotate" "${pkgdir}/etc/logrotate.d/gitlab"
-
- # Install webserver config templates
- for config_file in apache apache-ssl apache2.2 apache2.2-ssl nginx nginx-ssl lighttpd; do
- install -m644 "${srcdir}/${config_file}.conf.example" "${pkgdir}/usr/share/doc/${pkgname}"
- done
-}
-
-# vim:set ts=2 sw=2 et:
Copied: gitlab/repos/community-x86_64/PKGBUILD (from rev 187545, gitlab/trunk/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD (rev 0)
+++ community-x86_64/PKGBUILD 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,199 @@
+# Maintainer: Sven-Hendrik Haase <sh at lutzhaase.com>
+# Contributor: Pavol (Lopo) Hluchy <lopo AT losys DOT eu>
+# Contributor: Jonas Heinrich <onny at project-insanity.org>
+# Contributor: Massimiliano Torromeo <massimiliano.torromeo at gmail.com>
+# Contributor: Tobias Hunger <tobias DOT hunger AT gmail DOT com>
+# Contributor: Stefan Tatschner <stefan at sevenbyte.org>
+# Contributor: Caleb Maclennan <caleb at alerque.com>
+
+pkgname=gitlab
+pkgver=8.11.0
+pkgrel=3
+pkgdesc="Project management and code hosting application"
+arch=('i686' 'x86_64')
+url="https://gitlab.com/gitlab-org/gitlab-ce/tree/master#README"
+license=('MIT')
+depends=('ruby' 'git' 'ruby-bundler' 'gitlab-shell' 'gitlab-workhorse' 'openssh' 'redis' 'libxslt' 'icu' 'nodejs')
+makedepends=('cmake' 'postgresql' 'mariadb')
+optdepends=('postgresql: database backend'
+ 'mysql: database backend'
+ 'python2-docutils: reStructuredText markup language support'
+ 'smtp-server: mail server in order to receive mail notifications')
+backup=("etc/webapps/${pkgname}/application.rb"
+ "etc/webapps/${pkgname}/gitlab.yml"
+ "etc/webapps/${pkgname}/secret"
+ "etc/webapps/${pkgname}/resque.yml"
+ "etc/webapps/${pkgname}/unicorn.rb"
+ "etc/logrotate.d/${pkgname}")
+source=("$pkgname-$pkgver.tar.gz::https://github.com/gitlabhq/gitlabhq/archive/v${pkgver}.tar.gz"
+ gitlab-unicorn.service
+ gitlab-sidekiq.service
+ gitlab-backup.service
+ gitlab-mailroom.service
+ gitlab-backup.timer
+ gitlab.target
+ gitlab.tmpfiles.d
+ gitlab.logrotate
+ apache.conf.example
+ apache-ssl.conf.example
+ apache2.2.conf.example
+ apache2.2-ssl.conf.example
+ nginx.conf.example
+ nginx-ssl.conf.example
+ lighttpd.conf.example)
+install='gitlab.install'
+sha256sums=('8f78e05ad66e68383de198cfc20454675f3518732d609c88e6cc39f8a7c9806c'
+ '0dabb9c10f6ba49404c13d6be2d0d6cf1bf7e5a0b95f0dea566e33c356997307'
+ 'a348d69cf0d08a1aa0713deb615815ae5a2305a1a1c386bcee29f49eae446757'
+ 'e16a68539eeb49d24d2ab4a53ff95e33c67264a674b611c006dc5c8a24f41e0e'
+ 'f3863b2906526ba487cb594f7fdca926e6dd8b8cfe95dccbba0ff9171ef2bb62'
+ 'e2539301fe42869d8fdbaa1b53b30076fb436c4220a37e576ed704458f804852'
+ 'a1ee236a1f3e65cd26d9adb5f636f66fbab68777fd60d1c796cb26036bd0903f'
+ '84614a2bfbd734f09c2c91531dd3c13e795186b50c0780a120c8e5bc2a892607'
+ '7b3137b8175db06e97c7577fb1df3d9095ff0797e6428c12d9c633ddd9121ad5'
+ '87fa65bc2d8f382d22fe77a6958bac9058e99021b230e2922a5b7e7afff39dcc'
+ '5e8c0e5d66ae5039620bd5d92076112bd47d9894a9cfbf06242dad412618f01a'
+ 'b4b10b401de60a714ebb38b0e17c9efe123967565d9b73297503fbaea4bcf03d'
+ '8944a5eb8972a63f962dc34ed1c2843e019b2b521d8f045a2552ddc2f2e28ec3'
+ '481427bec661c8bebc652a3349e10dd8c9435f51a0dcbb7b2e6833309ce90a1b'
+ '822d0b80f1974c8418a9f4d66fbefb7679313b6de9a49c137c83c0bfe622460f'
+ 'ea5a5f0b4c0ffd26d977efaf564800ee7fa88579a9e4f0556143a591a7ff198c')
+
+_homedir="/var/lib/${pkgname}"
+_datadir="/usr/share/webapps/${pkgname}"
+_logdir="/var/log/${pkgname}"
+_srcdir="gitlabhq-${pkgver}"
+_etcdir="/etc/webapps/${pkgname}"
+
+prepare() {
+ cd "${srcdir}/${_srcdir}"
+
+ export SKIP_STORAGE_VALIDATION='true'
+
+ # Patching config files:
+ msg2 "Patching paths in and username gitlab.yml..."
+ sed -e "s|# user: git|user: gitlab|" \
+ -e "s|/home/git/repositories|${_homedir}/repositories|" \
+ -e "s|/home/git/gitlab-satellites|${_homedir}/satellites|" \
+ -e "s|# path: /mnt/gitlab|path: ${_homedir}/shared|" \
+ -e "s|/home/git/gitlab-shell|/usr/share/webapps/gitlab-shell|" \
+ -e "s|tmp/backups|${_homedir}/backups|" \
+ config/gitlab.yml.example > config/gitlab.yml
+
+ msg2 "Patching paths and timeout in unicorn.rb..."
+ sed -e "s|/home/git/gitlab/tmp/.*/|/run/gitlab/|g" \
+ -e "s|/var/run/|/run/|g" \
+ -e "s|/home/git/gitlab|${_datadir}|g" \
+ -e "s|timeout 30|timeout 300|" \
+ -e "s|${_datadir}/log/|${_logdir}/|g" \
+ config/unicorn.rb.example > config/unicorn.rb
+
+ # We need this one untouched because otherwise assets will fail
+ cp config/database.yml.postgresql config/database.yml.postgresql.orig
+
+ msg2 "Patching username in database.yml.{mysql,postgresql}..."
+ sed -i -e "s|username: git|username: gitlab|" config/database.yml.mysql
+ sed -i -e "s|username: git|username: gitlab|" config/database.yml.postgresql
+
+ msg2 "Patching redis connection in resque.yml"
+ sed -e "s|production: unix:/var/run/redis/redis.sock|production: redis://localhost:6379|" \
+ config/resque.yml.example > config/resque.yml
+
+ msg2 "Setting up systemd service files ..."
+ for service_file in gitlab-sidekiq.service gitlab-unicorn.service gitlab.logrotate gitlab-backup.service gitlab-mailroom.service; do
+ sed -i "s|<HOMEDIR>|${_homedir}|g" "${srcdir}/${service_file}"
+ sed -i "s|<DATADIR>|${_datadir}|g" "${srcdir}/${service_file}"
+ sed -i "s|<LOGDIR>|${_logdir}|g" "${srcdir}/${service_file}"
+ done
+}
+
+build() {
+ cd "${srcdir}/${_srcdir}"
+
+ msg "Fetching bundled gems..."
+ # Gems will be installed into vendor/bundle
+
+ bundle config build.nokogiri --use-system-libraries
+ bundle install -j$(nproc) --no-cache --deployment --without development test aws kerberos
+
+ # We'll temporarily stick this in here so we can build the assets
+ cp config/database.yml.postgresql.orig config/database.yml
+ sed -i '/generate_and_link_secret_token/d' config/initializers/gitlab_shell_secret_token.rb
+ bundle exec rake assets:precompile RAILS_ENV=production
+ # After building assets, clean this up again
+ rm config/database.yml config/database.yml.postgresql.orig
+}
+
+package() {
+ cd "${srcdir}/${_srcdir}"
+
+ install -d "${pkgdir}/usr/share/webapps"
+
+ cp -r "${srcdir}/${_srcdir}" "${pkgdir}${_datadir}"
+ chown -R 105:105 "${pkgdir}${_datadir}"
+ chmod 755 "${pkgdir}${_datadir}"
+
+ install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}"
+ install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/satellites"
+ install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/shared"
+ install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/builds"
+ install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/uploads"
+ install -dm750 -o 105 -g 105 "${pkgdir}${_homedir}/backups"
+ install -dm750 -o 105 -g 105 "${pkgdir}${_etcdir}"
+ install -dm755 "${pkgdir}/usr/share/doc/${pkgname}"
+
+ touch "${pkgdir}${_etcdir}/secret"
+ chmod 640 "${pkgdir}${_etcdir}/secret"
+ chown root:105 "${pkgdir}${_etcdir}/secret"
+
+ ln -fs /run/gitlab "${pkgdir}${_homedir}/pids"
+ ln -fs /run/gitlab "${pkgdir}${_homedir}/sockets"
+ ln -fs ${_datadir}/log "${pkgdir}${_homedir}/log"
+ ln -fs "${_etcdir}/secret" "${pkgdir}${_datadir}/.secret"
+
+ rm -rf "${pkgdir}${_datadir}/public/uploads" && ln -fs "${_homedir}/uploads" "${pkgdir}${_datadir}/public/uploads"
+ rm -rf "${pkgdir}${_datadir}/builds" && ln -fs "${_homedir}/builds" "${pkgdir}${_datadir}/builds"
+ rm -rf "${pkgdir}${_datadir}/tmp" && ln -fs /var/tmp "${pkgdir}${_datadir}/tmp"
+ rm -rf "${pkgdir}${_datadir}/log" && ln -fs "${_logdir}" "${pkgdir}${_datadir}/log"
+
+ ln -fs /etc/webapps/gitlab-shell/secret "${pkgdir}${_datadir}/.gitlab_shell_secret"
+
+ sed -i "s|require_relative '../lib|require '${_datadir}/lib|" config/application.rb
+
+ # Install config files
+ for config_file in application.rb gitlab.yml unicorn.rb resque.yml; do
+ mv "config/${config_file}" "${pkgdir}${_etcdir}/"
+ [[ -f "${pkgdir}${_datadir}/config/${config_file}" ]] && rm "${pkgdir}${_datadir}/config/${config_file}"
+ ln -fs "${_etcdir}/${config_file}" "${pkgdir}${_datadir}/config/"
+ done
+
+ # Install database symlink
+ ln -fs "${_etcdir}/database.yml" "${pkgdir}${_datadir}/config/database.yml"
+
+ # Install secrets symlink
+ ln -fs "${_etcdir}/secrets.yml" "${pkgdir}${_datadir}/config/secrets.yml"
+
+ # Install license and help files
+ mv README.md MAINTENANCE.md CONTRIBUTING.md CHANGELOG config/*.{example,mysql,postgresql} "${pkgdir}/usr/share/doc/${pkgname}"
+ install -D "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+
+ # https://gitlab.com/gitlab-org/gitlab-ce/issues/765
+ cp -r "${pkgdir}${_datadir}/doc" "${pkgdir}${_datadir}/public/help"
+ find "${pkgdir}${_datadir}/public/help" -name "*.md" -exec rm {} \;
+ find "${pkgdir}${_datadir}/public/help/" -depth -type d -empty -exec rmdir {} \;
+
+ # Install systemd service files
+ for service_file in gitlab-unicorn.service gitlab-sidekiq.service gitlab-backup.service gitlab-backup.timer gitlab.target gitlab-mailroom.service; do
+ install -Dm644 "${srcdir}/${service_file}" "${pkgdir}/usr/lib/systemd/system/${service_file}"
+ done
+
+ install -Dm644 "${srcdir}/gitlab.tmpfiles.d" "${pkgdir}/usr/lib/tmpfiles.d/gitlab.conf"
+ install -Dm644 "${srcdir}/gitlab.logrotate" "${pkgdir}/etc/logrotate.d/gitlab"
+
+ # Install webserver config templates
+ for config_file in apache apache-ssl apache2.2 apache2.2-ssl nginx nginx-ssl lighttpd; do
+ install -m644 "${srcdir}/${config_file}.conf.example" "${pkgdir}/usr/share/doc/${pkgname}"
+ done
+}
+
+# vim:set ts=2 sw=2 et:
Deleted: community-x86_64/apache-ssl.conf.example
===================================================================
--- community-x86_64/apache-ssl.conf.example 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/apache-ssl.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,94 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_ssl
-# mod_proxy
-# mod_proxy_http
-# mod_headers
-
-# This section is only needed if you want to redirect http traffic to https.
-# You can live without it but clients will have to type in https:// to reach gitlab.
-<VirtualHost *:80>
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- RewriteEngine on
- RewriteCond %{HTTPS} !=on
- RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
-</VirtualHost>
-
-<VirtualHost *:443>
- SSLEngine on
- #strong encryption ciphers only
- #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
- SSLProtocol all -SSLv2 -SSLv3
- SSLHonorCipherOrder on
-# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
- SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
- Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
- SSLCompression Off
- SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
- SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
- SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
-
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- ProxyPreserveHost On
-
- # Ensure that encoded slashes are not decoded but left in their encoded state.
- # http://doc.gitlab.com/ce/api/projects.html#get-single-project
- AllowEncodedSlashes NoDecode
-
- <Location />
- # New authorization commands for apache 2.4 and up
- # http://httpd.apache.org/docs/2.4/upgrading.html#access
- Require all granted
-
- #Allow forwarding to gitlab-workhorse
- ProxyPassReverse http://127.0.0.1:8181
- ProxyPassReverse http://YOUR_SERVER_FQDN/
- </Location>
-
- # Apache equivalent of nginx try files
- # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
- # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
- RewriteEngine on
-
- #Don't escape encoded characters in api requests
- RewriteCond %{REQUEST_URI} ^/api/v3/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
- #Forward all requests to gitlab-workhorse except existing files like error documents
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
- RewriteCond %{REQUEST_URI} ^/uploads/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
- RequestHeader set X_FORWARDED_PROTO 'https'
- RequestHeader set X-Forwarded-Ssl on
-
- # needed for downloading attachments
- DocumentRoot /usr/share/webapps/gitlab/public
-
- #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
- ErrorDocument 404 /404.html
- ErrorDocument 422 /422.html
- ErrorDocument 500 /500.html
- ErrorDocument 503 /deploy.html
-
- # It is assumed that the log directory is in /var/log/httpd.
- # For Debian distributions you might want to change this to
- # /var/log/apache2.
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
- ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>
Copied: gitlab/repos/community-x86_64/apache-ssl.conf.example (from rev 187545, gitlab/trunk/apache-ssl.conf.example)
===================================================================
--- community-x86_64/apache-ssl.conf.example (rev 0)
+++ community-x86_64/apache-ssl.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,94 @@
+# This configuration has been tested on GitLab 8.2
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
+# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
+#
+# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
+#
+#Module dependencies
+# mod_rewrite
+# mod_ssl
+# mod_proxy
+# mod_proxy_http
+# mod_headers
+
+# This section is only needed if you want to redirect http traffic to https.
+# You can live without it but clients will have to type in https:// to reach gitlab.
+<VirtualHost *:80>
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ RewriteEngine on
+ RewriteCond %{HTTPS} !=on
+ RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+ SSLEngine on
+ #strong encryption ciphers only
+ #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLHonorCipherOrder on
+# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
+ SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
+ Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+ SSLCompression Off
+ SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
+ SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
+ SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
+
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ ProxyPreserveHost On
+
+ # Ensure that encoded slashes are not decoded but left in their encoded state.
+ # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+ AllowEncodedSlashes NoDecode
+
+ <Location />
+ # New authorization commands for apache 2.4 and up
+ # http://httpd.apache.org/docs/2.4/upgrading.html#access
+ Require all granted
+
+ #Allow forwarding to gitlab-workhorse
+ ProxyPassReverse http://127.0.0.1:8181
+ ProxyPassReverse http://YOUR_SERVER_FQDN/
+ </Location>
+
+ # Apache equivalent of nginx try files
+ # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+ # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+ RewriteEngine on
+
+ #Don't escape encoded characters in api requests
+ RewriteCond %{REQUEST_URI} ^/api/v3/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
+
+ #Forward all requests to gitlab-workhorse except existing files like error documents
+ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+ RewriteCond %{REQUEST_URI} ^/uploads/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+ RequestHeader set X_FORWARDED_PROTO 'https'
+ RequestHeader set X-Forwarded-Ssl on
+
+ # needed for downloading attachments
+ DocumentRoot /usr/share/webapps/gitlab/public
+
+ #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+ ErrorDocument 404 /404.html
+ ErrorDocument 422 /422.html
+ ErrorDocument 500 /500.html
+ ErrorDocument 503 /deploy.html
+
+ # It is assumed that the log directory is in /var/log/httpd.
+ # For Debian distributions you might want to change this to
+ # /var/log/apache2.
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+ ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+</VirtualHost>
Deleted: community-x86_64/apache.conf.example
===================================================================
--- community-x86_64/apache.conf.example 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/apache.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,64 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_proxy
-# mod_proxy_http
-<VirtualHost *:80>
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- ProxyPreserveHost On
-
- # Ensure that encoded slashes are not decoded but left in their encoded state.
- # http://doc.gitlab.com/ce/api/projects.html#get-single-project
- AllowEncodedSlashes NoDecode
-
- <Location />
- # New authorization commands for apache 2.4 and up
- # http://httpd.apache.org/docs/2.4/upgrading.html#access
- Require all granted
-
- #Allow forwarding to gitlab-workhorse
- ProxyPassReverse http://127.0.0.1:8181
- ProxyPassReverse http://YOUR_SERVER_FQDN/
- </Location>
-
- # Apache equivalent of nginx try files
- # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
- # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
- RewriteEngine on
-
- #Don't escape encoded characters in api requests
- RewriteCond %{REQUEST_URI} ^/api/v3/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
- #Forward all requests to gitlab-workhorse except existing files like error documents
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
- RewriteCond %{REQUEST_URI} ^/uploads/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
- # needed for downloading attachments
- DocumentRoot /usr/share/webapps/gitlab/public
-
- #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
- ErrorDocument 404 /404.html
- ErrorDocument 422 /422.html
- ErrorDocument 500 /500.html
- ErrorDocument 503 /deploy.html
-
- # It is assumed that the log directory is in /var/log/httpd.
- # For Debian distributions you might want to change this to
- # /var/log/apache2.
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
- ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>
Copied: gitlab/repos/community-x86_64/apache.conf.example (from rev 187545, gitlab/trunk/apache.conf.example)
===================================================================
--- community-x86_64/apache.conf.example (rev 0)
+++ community-x86_64/apache.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,64 @@
+# This configuration has been tested on GitLab 8.2
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
+# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
+#
+# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
+#
+#Module dependencies
+# mod_rewrite
+# mod_proxy
+# mod_proxy_http
+<VirtualHost *:80>
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ ProxyPreserveHost On
+
+ # Ensure that encoded slashes are not decoded but left in their encoded state.
+ # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+ AllowEncodedSlashes NoDecode
+
+ <Location />
+ # New authorization commands for apache 2.4 and up
+ # http://httpd.apache.org/docs/2.4/upgrading.html#access
+ Require all granted
+
+ #Allow forwarding to gitlab-workhorse
+ ProxyPassReverse http://127.0.0.1:8181
+ ProxyPassReverse http://YOUR_SERVER_FQDN/
+ </Location>
+
+ # Apache equivalent of nginx try files
+ # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+ # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+ RewriteEngine on
+
+ #Don't escape encoded characters in api requests
+ RewriteCond %{REQUEST_URI} ^/api/v3/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
+
+ #Forward all requests to gitlab-workhorse except existing files like error documents
+ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+ RewriteCond %{REQUEST_URI} ^/uploads/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+ # needed for downloading attachments
+ DocumentRoot /usr/share/webapps/gitlab/public
+
+ #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+ ErrorDocument 404 /404.html
+ ErrorDocument 422 /422.html
+ ErrorDocument 500 /500.html
+ ErrorDocument 503 /deploy.html
+
+ # It is assumed that the log directory is in /var/log/httpd.
+ # For Debian distributions you might want to change this to
+ # /var/log/apache2.
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+ ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+</VirtualHost>
Deleted: community-x86_64/apache2.2-ssl.conf.example
===================================================================
--- community-x86_64/apache2.2-ssl.conf.example 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/apache2.2-ssl.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,93 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_ssl
-# mod_proxy
-# mod_proxy_http
-# mod_headers
-
-# This section is only needed if you want to redirect http traffic to https.
-# You can live without it but clients will have to type in https:// to reach gitlab.
-<VirtualHost *:80>
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- RewriteEngine on
- RewriteCond %{HTTPS} !=on
- RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
-</VirtualHost>
-
-<VirtualHost *:443>
- SSLEngine on
- #strong encryption ciphers only
- #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
- SSLProtocol all -SSLv2 -SSLv3
- SSLHonorCipherOrder on
-# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
- SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
- Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
- SSLCompression Off
- SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
- SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
- SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
-
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- ProxyPreserveHost On
-
- # Ensure that encoded slashes are not decoded but left in their encoded state.
- # http://doc.gitlab.com/ce/api/projects.html#get-single-project
- AllowEncodedSlashes NoDecode
-
- <Location />
- Order deny,allow
- Allow from all
-
- #Allow forwarding to gitlab-workhorse
- ProxyPassReverse http://127.0.0.1:8181
- ProxyPassReverse http://YOUR_SERVER_FQDN/
- </Location>
-
- # Apache equivalent of nginx try files
- # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
- # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
- RewriteEngine on
-
- #Don't escape encoded characters in api requests
- RewriteCond %{REQUEST_URI} ^/api/v3/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
- #Forward all requests to gitlab-workhorse except existing files like error documents
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
- RewriteCond %{REQUEST_URI} ^/uploads/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
- RequestHeader set X_FORWARDED_PROTO 'https'
- RequestHeader set X-Forwarded-Ssl on
-
- # needed for downloading attachments
- DocumentRoot /usr/share/webapps/gitlab/public
-
- #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
- ErrorDocument 404 /404.html
- ErrorDocument 422 /422.html
- ErrorDocument 500 /500.html
- ErrorDocument 503 /deploy.html
-
- # It is assumed that the log directory is in /var/log/httpd.
- # For Debian distributions you might want to change this to
- # /var/log/apache2.
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
- ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>
Copied: gitlab/repos/community-x86_64/apache2.2-ssl.conf.example (from rev 187545, gitlab/trunk/apache2.2-ssl.conf.example)
===================================================================
--- community-x86_64/apache2.2-ssl.conf.example (rev 0)
+++ community-x86_64/apache2.2-ssl.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,93 @@
+# This configuration has been tested on GitLab 8.2
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
+# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
+#
+# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
+#
+#Module dependencies
+# mod_rewrite
+# mod_ssl
+# mod_proxy
+# mod_proxy_http
+# mod_headers
+
+# This section is only needed if you want to redirect http traffic to https.
+# You can live without it but clients will have to type in https:// to reach gitlab.
+<VirtualHost *:80>
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ RewriteEngine on
+ RewriteCond %{HTTPS} !=on
+ RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+ SSLEngine on
+ #strong encryption ciphers only
+ #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLHonorCipherOrder on
+# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
+ SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
+ Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+ SSLCompression Off
+ SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
+ SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
+ SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
+
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ ProxyPreserveHost On
+
+ # Ensure that encoded slashes are not decoded but left in their encoded state.
+ # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+ AllowEncodedSlashes NoDecode
+
+ <Location />
+ Order deny,allow
+ Allow from all
+
+ #Allow forwarding to gitlab-workhorse
+ ProxyPassReverse http://127.0.0.1:8181
+ ProxyPassReverse http://YOUR_SERVER_FQDN/
+ </Location>
+
+ # Apache equivalent of nginx try files
+ # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+ # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+ RewriteEngine on
+
+ #Don't escape encoded characters in api requests
+ RewriteCond %{REQUEST_URI} ^/api/v3/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
+
+ #Forward all requests to gitlab-workhorse except existing files like error documents
+ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+ RewriteCond %{REQUEST_URI} ^/uploads/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+ RequestHeader set X_FORWARDED_PROTO 'https'
+ RequestHeader set X-Forwarded-Ssl on
+
+ # needed for downloading attachments
+ DocumentRoot /usr/share/webapps/gitlab/public
+
+ #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+ ErrorDocument 404 /404.html
+ ErrorDocument 422 /422.html
+ ErrorDocument 500 /500.html
+ ErrorDocument 503 /deploy.html
+
+ # It is assumed that the log directory is in /var/log/httpd.
+ # For Debian distributions you might want to change this to
+ # /var/log/apache2.
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+ ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+</VirtualHost>
Deleted: community-x86_64/apache2.2.conf.example
===================================================================
--- community-x86_64/apache2.2.conf.example 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/apache2.2.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,63 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_proxy
-# mod_proxy_http
-<VirtualHost *:80>
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- ProxyPreserveHost On
-
- # Ensure that encoded slashes are not decoded but left in their encoded state.
- # http://doc.gitlab.com/ce/api/projects.html#get-single-project
- AllowEncodedSlashes NoDecode
-
- <Location />
- Order deny,allow
- Allow from all
-
- #Allow forwarding to gitlab-workhorse
- ProxyPassReverse http://127.0.0.1:8181
- ProxyPassReverse http://YOUR_SERVER_FQDN/
- </Location>
-
- # Apache equivalent of nginx try files
- # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
- # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
- RewriteEngine on
-
- #Don't escape encoded characters in api requests
- RewriteCond %{REQUEST_URI} ^/api/v3/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
- #Forward all requests to gitlab-workhorse except existing files like error documents
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
- RewriteCond %{REQUEST_URI} ^/uploads/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
- # needed for downloading attachments
- DocumentRoot /usr/share/webapps/gitlab/public
-
- #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
- ErrorDocument 404 /404.html
- ErrorDocument 422 /422.html
- ErrorDocument 500 /500.html
- ErrorDocument 503 /deploy.html
-
- # It is assumed that the log directory is in /var/log/httpd.
- # For Debian distributions you might want to change this to
- # /var/log/apache2.
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
- ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>
Copied: gitlab/repos/community-x86_64/apache2.2.conf.example (from rev 187545, gitlab/trunk/apache2.2.conf.example)
===================================================================
--- community-x86_64/apache2.2.conf.example (rev 0)
+++ community-x86_64/apache2.2.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,63 @@
+# This configuration has been tested on GitLab 8.2
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
+# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
+#
+# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
+#
+#Module dependencies
+# mod_rewrite
+# mod_proxy
+# mod_proxy_http
+<VirtualHost *:80>
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ ProxyPreserveHost On
+
+ # Ensure that encoded slashes are not decoded but left in their encoded state.
+ # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+ AllowEncodedSlashes NoDecode
+
+ <Location />
+ Order deny,allow
+ Allow from all
+
+ #Allow forwarding to gitlab-workhorse
+ ProxyPassReverse http://127.0.0.1:8181
+ ProxyPassReverse http://YOUR_SERVER_FQDN/
+ </Location>
+
+ # Apache equivalent of nginx try files
+ # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+ # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+ RewriteEngine on
+
+ #Don't escape encoded characters in api requests
+ RewriteCond %{REQUEST_URI} ^/api/v3/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
+
+ #Forward all requests to gitlab-workhorse except existing files like error documents
+ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+ RewriteCond %{REQUEST_URI} ^/uploads/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+ # needed for downloading attachments
+ DocumentRoot /usr/share/webapps/gitlab/public
+
+ #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+ ErrorDocument 404 /404.html
+ ErrorDocument 422 /422.html
+ ErrorDocument 500 /500.html
+ ErrorDocument 503 /deploy.html
+
+ # It is assumed that the log directory is in /var/log/httpd.
+ # For Debian distributions you might want to change this to
+ # /var/log/apache2.
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+ ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+</VirtualHost>
Deleted: community-x86_64/gitlab-backup.service
===================================================================
--- community-x86_64/gitlab-backup.service 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/gitlab-backup.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,19 +0,0 @@
-[Unit]
-Description=GitLab Backup process
-Requires=
-After=network.target
-
-[Service]
-Type=oneshot
-User=gitlab
-Group=gitlab
-SyslogIdentifier=gitlab-backup
-WorkingDirectory=<DATADIR>
-Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
-CapabilityBoundingSet=
-PrivateTmp=true
-PrivateDevices=true
-ProtectSystem=full
-ProtectHome=true
-NoNewPrivileges=true
-ExecStart=/usr/bin/bundle exec rake gitlab:backup:create
Copied: gitlab/repos/community-x86_64/gitlab-backup.service (from rev 187545, gitlab/trunk/gitlab-backup.service)
===================================================================
--- community-x86_64/gitlab-backup.service (rev 0)
+++ community-x86_64/gitlab-backup.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,19 @@
+[Unit]
+Description=GitLab Backup process
+Requires=
+After=network.target
+
+[Service]
+Type=oneshot
+User=gitlab
+Group=gitlab
+SyslogIdentifier=gitlab-backup
+WorkingDirectory=<DATADIR>
+Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
+CapabilityBoundingSet=
+PrivateTmp=true
+PrivateDevices=true
+ProtectSystem=full
+ProtectHome=true
+NoNewPrivileges=true
+ExecStart=/usr/bin/bundle exec rake gitlab:backup:create
Deleted: community-x86_64/gitlab-backup.timer
===================================================================
--- community-x86_64/gitlab-backup.timer 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/gitlab-backup.timer 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,10 +0,0 @@
-[Unit]
-Description=Daily gitlab backup
-
-[Timer]
-OnCalendar=daily
-AccuracySec=12h
-Persistent=true
-
-[Install]
-WantedBy=multi-user.target
Copied: gitlab/repos/community-x86_64/gitlab-backup.timer (from rev 187545, gitlab/trunk/gitlab-backup.timer)
===================================================================
--- community-x86_64/gitlab-backup.timer (rev 0)
+++ community-x86_64/gitlab-backup.timer 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,10 @@
+[Unit]
+Description=Daily gitlab backup
+
+[Timer]
+OnCalendar=daily
+AccuracySec=12h
+Persistent=true
+
+[Install]
+WantedBy=multi-user.target
Deleted: community-x86_64/gitlab-mailroom.service
===================================================================
--- community-x86_64/gitlab-mailroom.service 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/gitlab-mailroom.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,20 +0,0 @@
-[Unit]
-Description=Gitlab Mailroom Worker
-Requires=gitlab-unicorn.service
-Wants=gitlab-unicorn.service
-After=gitlab-unicorn.service
-
-[Service]
-User=gitlab
-Group=gitlab
-WorkingDirectory=<DATADIR>
-Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
-SyslogIdentifier=gitlab-mailroom
-PIDFile=/run/gitlab/mailroom.pid
-ExecStart=/usr/bin/bundle exec mail_room -q -c <DATADIR>/config/mail_room.yml
-ExecStop=/usr/bin/kill -QUIT $MAINPID
-Restart=on-failure
-RestartSec=1
-
-[Install]
-WantedBy=multi-user.target
Copied: gitlab/repos/community-x86_64/gitlab-mailroom.service (from rev 187545, gitlab/trunk/gitlab-mailroom.service)
===================================================================
--- community-x86_64/gitlab-mailroom.service (rev 0)
+++ community-x86_64/gitlab-mailroom.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,20 @@
+[Unit]
+Description=Gitlab Mailroom Worker
+Requires=gitlab-unicorn.service
+Wants=gitlab-unicorn.service
+After=gitlab-unicorn.service
+
+[Service]
+User=gitlab
+Group=gitlab
+WorkingDirectory=<DATADIR>
+Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
+SyslogIdentifier=gitlab-mailroom
+PIDFile=/run/gitlab/mailroom.pid
+ExecStart=/usr/bin/bundle exec mail_room -q -c <DATADIR>/config/mail_room.yml
+ExecStop=/usr/bin/kill -QUIT $MAINPID
+Restart=on-failure
+RestartSec=1
+
+[Install]
+WantedBy=multi-user.target
Deleted: community-x86_64/gitlab-sidekiq.service
===================================================================
--- community-x86_64/gitlab-sidekiq.service 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/gitlab-sidekiq.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,30 +0,0 @@
-[Unit]
-Description=GitLab Sidekiq Worker
-Requires=redis.service gitlab-unicorn.service
-Wants=mysqld.service postgresql.service
-After=redis.service mysqld.service postgresql.service network.target gitlab-unicorn.service
-JoinsNamespaceOf=gitlab-unicorn.service
-
-[Service]
-User=gitlab
-Group=gitlab
-WorkingDirectory=<DATADIR>
-Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
-SyslogIdentifier=gitlab-sidekiq
-PIDFile=/run/gitlab/sidekiq.pid
-CapabilityBoundingSet=
-PrivateTmp=true
-PrivateDevices=true
-ProtectSystem=full
-ProtectHome=true
-# NoNewPrivileges breaks gitlabs' email delivery if you
-# use postfix' sendmail wrapper. If you use an SMTP server
-# instead you can safely enable this security feature.
-#NoNewPrivileges=true
-ExecStart=/usr/bin/bundle exec sidekiq -q post_receive -q mailers -q system_hook -q incoming_email -q project_web_hook -q gitlab_shell -q common -q default -q archive_repo -e production
-ExecStop=/usr/bin/bundle exec sidekiqctl stop /run/gitlab/sidekiq.pid
-Restart=on-failure
-RestartSec=1
-
-[Install]
-WantedBy=multi-user.target
Copied: gitlab/repos/community-x86_64/gitlab-sidekiq.service (from rev 187545, gitlab/trunk/gitlab-sidekiq.service)
===================================================================
--- community-x86_64/gitlab-sidekiq.service (rev 0)
+++ community-x86_64/gitlab-sidekiq.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,30 @@
+[Unit]
+Description=GitLab Sidekiq Worker
+Requires=redis.service gitlab-unicorn.service
+Wants=mysqld.service postgresql.service
+After=redis.service mysqld.service postgresql.service network.target gitlab-unicorn.service
+JoinsNamespaceOf=gitlab-unicorn.service
+
+[Service]
+User=gitlab
+Group=gitlab
+WorkingDirectory=<DATADIR>
+Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
+SyslogIdentifier=gitlab-sidekiq
+PIDFile=/run/gitlab/sidekiq.pid
+CapabilityBoundingSet=
+PrivateTmp=true
+PrivateDevices=true
+ProtectSystem=full
+ProtectHome=true
+# NoNewPrivileges breaks gitlabs' email delivery if you
+# use postfix' sendmail wrapper. If you use an SMTP server
+# instead you can safely enable this security feature.
+#NoNewPrivileges=true
+ExecStart=/usr/bin/bundle exec sidekiq -q post_receive -q mailers -q system_hook -q incoming_email -q project_web_hook -q gitlab_shell -q common -q default -q archive_repo -e production
+ExecStop=/usr/bin/bundle exec sidekiqctl stop /run/gitlab/sidekiq.pid
+Restart=on-failure
+RestartSec=1
+
+[Install]
+WantedBy=multi-user.target
Deleted: community-x86_64/gitlab-unicorn.service
===================================================================
--- community-x86_64/gitlab-unicorn.service 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/gitlab-unicorn.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,29 +0,0 @@
-[Unit]
-Description=GitLab Unicorn Server
-Requires=redis.service
-Wants=mysqld.service postgresql.service
-After=redis.service mysqld.service postgresql.service network.target
-
-[Service]
-User=gitlab
-Group=gitlab
-WorkingDirectory=<DATADIR>
-Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
-SyslogIdentifier=gitlab-unicorn
-PIDFile=/run/gitlab/unicorn.pid
-RuntimeDirectory=gitlab
-RuntimeDirectoryMode=775
-CapabilityBoundingSet=
-PrivateTmp=true
-PrivateDevices=true
-ProtectSystem=full
-ProtectHome=true
-NoNewPrivileges=true
-ExecStart=/usr/bin/bundle exec unicorn_rails -c <DATADIR>/config/unicorn.rb -E production
-ExecStop=/usr/bin/kill -QUIT $MAINPID
-ExecReload=/usr/bin/kill -USR2 $MAINPID
-Restart=on-failure
-RestartSec=1
-
-[Install]
-WantedBy=multi-user.target
Copied: gitlab/repos/community-x86_64/gitlab-unicorn.service (from rev 187545, gitlab/trunk/gitlab-unicorn.service)
===================================================================
--- community-x86_64/gitlab-unicorn.service (rev 0)
+++ community-x86_64/gitlab-unicorn.service 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,29 @@
+[Unit]
+Description=GitLab Unicorn Server
+Requires=redis.service
+Wants=mysqld.service postgresql.service
+After=redis.service mysqld.service postgresql.service network.target
+
+[Service]
+User=gitlab
+Group=gitlab
+WorkingDirectory=<DATADIR>
+Environment=RAILS_ENV=production PATH=/opt/ruby/bin:/usr/bin
+SyslogIdentifier=gitlab-unicorn
+PIDFile=/run/gitlab/unicorn.pid
+RuntimeDirectory=gitlab
+RuntimeDirectoryMode=775
+CapabilityBoundingSet=
+PrivateTmp=true
+PrivateDevices=true
+ProtectSystem=full
+ProtectHome=true
+NoNewPrivileges=true
+ExecStart=/usr/bin/bundle exec unicorn_rails -c <DATADIR>/config/unicorn.rb -E production
+ExecStop=/usr/bin/kill -QUIT $MAINPID
+ExecReload=/usr/bin/kill -USR2 $MAINPID
+Restart=on-failure
+RestartSec=1
+
+[Install]
+WantedBy=multi-user.target
Deleted: community-x86_64/gitlab.install
===================================================================
--- community-x86_64/gitlab.install 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/gitlab.install 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,18 +0,0 @@
-post_install() {
- systemd-tmpfiles --create gitlab.conf
-
- echo "Put a secret bytestring to /etc/webapps/gitlab/secret"
- echo "Copy /usr/share/doc/gitlab/secrets.yml.example to /etc/webapps/gitlab/secrets.yml and configure it"
- echo "Copy a database example config from /usr/share/doc/gitlab/ to /etc/webapps/gitlab/database.yml and configure it"
- echo "Setup the database:"
- echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.1 exec rake gitlab:setup RAILS_ENV=production\""
- echo "Finally run the following commands to check your installation:"
- echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.1 exec rake gitlab:env:info RAILS_ENV=production\""
- echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.1 exec rake gitlab:check RAILS_ENV=production\""
-}
-
-post_upgrade() {
- echo "You should upgrade your database:"
- echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle-2.1 exec rake db:migrate RAILS_ENV=production\""
- echo "Afterwards, restart gitlab"
-}
Copied: gitlab/repos/community-x86_64/gitlab.install (from rev 187545, gitlab/trunk/gitlab.install)
===================================================================
--- community-x86_64/gitlab.install (rev 0)
+++ community-x86_64/gitlab.install 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,20 @@
+post_install() {
+ systemd-tmpfiles --create gitlab.conf
+
+ echo "Configure your /etc/webapps/gitlab/gitlab.yml"
+ echo "Set up your redis to run on /var/run/redis/redis.sock or configure gitlab to use redis TCP"
+ echo "Put a secret bytestring to /etc/webapps/gitlab/secret"
+ echo "Copy /usr/share/doc/gitlab/secrets.yml.example to /etc/webapps/gitlab/secrets.yml and configure it"
+ echo "Copy a database example config from /usr/share/doc/gitlab/ to /etc/webapps/gitlab/database.yml and configure it"
+ echo "Setup the database:"
+ echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle exec rake gitlab:setup RAILS_ENV=production\""
+ echo "Finally run the following commands to check your installation:"
+ echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle exec rake gitlab:env:info RAILS_ENV=production\""
+ echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle exec rake gitlab:check RAILS_ENV=production\""
+}
+
+post_upgrade() {
+ echo "You should upgrade your database:"
+ echo "# su - gitlab -s /bin/sh -c \"cd '/usr/share/webapps/gitlab'; bundle exec rake db:migrate RAILS_ENV=production\""
+ echo "Afterwards, restart gitlab"
+}
Deleted: community-x86_64/gitlab.logrotate
===================================================================
--- community-x86_64/gitlab.logrotate 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/gitlab.logrotate 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,11 +0,0 @@
-# GitLab logrotate settings
-# based on: http://stackoverflow.com/a/4883967
-
-<LOGDIR>/*.log {
- daily
- missingok
- rotate 90
- compress
- notifempty
- copytruncate
-}
Copied: gitlab/repos/community-x86_64/gitlab.logrotate (from rev 187545, gitlab/trunk/gitlab.logrotate)
===================================================================
--- community-x86_64/gitlab.logrotate (rev 0)
+++ community-x86_64/gitlab.logrotate 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,11 @@
+# GitLab logrotate settings
+# based on: http://stackoverflow.com/a/4883967
+
+<LOGDIR>/*.log {
+ daily
+ missingok
+ rotate 90
+ compress
+ notifempty
+ copytruncate
+}
Deleted: community-x86_64/gitlab.target
===================================================================
--- community-x86_64/gitlab.target 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/gitlab.target 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,14 +0,0 @@
-###########################################################################################
-#
-# GitLab version : 5.x - 7.x
-# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91
-# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd
-#
-###########################################################################################
-
-[Unit]
-Description=GitLab - Self Hosted Git Management
-Wants=gitlab-unicorn.service gitlab-sidekiq.service gitlab-backup.timer
-
-[Install]
-WantedBy=multi-user.target
Copied: gitlab/repos/community-x86_64/gitlab.target (from rev 187545, gitlab/trunk/gitlab.target)
===================================================================
--- community-x86_64/gitlab.target (rev 0)
+++ community-x86_64/gitlab.target 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,14 @@
+###########################################################################################
+#
+# GitLab version : 5.x - 7.x
+# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91
+# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd
+#
+###########################################################################################
+
+[Unit]
+Description=GitLab - Self Hosted Git Management
+Wants=gitlab-unicorn.service gitlab-sidekiq.service gitlab-backup.timer
+
+[Install]
+WantedBy=multi-user.target
Deleted: community-x86_64/gitlab.tmpfiles.d
===================================================================
--- community-x86_64/gitlab.tmpfiles.d 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/gitlab.tmpfiles.d 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1 +0,0 @@
-d /run/gitlab 0775 gitlab gitlab - -
Copied: gitlab/repos/community-x86_64/gitlab.tmpfiles.d (from rev 187545, gitlab/trunk/gitlab.tmpfiles.d)
===================================================================
--- community-x86_64/gitlab.tmpfiles.d (rev 0)
+++ community-x86_64/gitlab.tmpfiles.d 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1 @@
+d /run/gitlab 0775 gitlab gitlab - -
Deleted: community-x86_64/lighttpd.conf.example
===================================================================
--- community-x86_64/lighttpd.conf.example 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/lighttpd.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,35 +0,0 @@
-# GITLAB
-# Maintainer: @tvn87
-# App Version: 2.8
-
-server.modules += (
- "mod_simple_vhost",
- "mod_proxy"
-)
-
-## The document root of a virtual host is document-root =
-## simple-vhost.server-root + $HTTP["host"] + simple-vhost.document-root
-simple-vhost.server-root = "/var/www"
-simple-vhost.document-root = "htdocs"
-
-## the default host if no host is sent
-simple-vhost.default-host = "YOUR_SERVER_FQDN"
-
-## uploads must be served as static files
-$HTTP["url"] == "^/upload" {
- var.vhost.name = "YOUR_SERVER_FQDN"
- var.vhost.path = "/usr/share/webapps/gitlab/public"
-}
-## otherwise everything is proxied
-else $HTTP["host"] == "YOUR_SERVER_FQDN" {
- var.vhost_name = "YOUR_SERVER_FQDN"
- var.vhost_path = "/var/www/YOUR_SERVER_FQDN" # This directory should be empty
-
- proxy.server = ( "" => ( (
- "host" => "127.0.0.1",
- "port" => "8080"
- ),
- )
- )
- ssl.pemfile = "/etc/lighttpd/certs/YOUR_SERVER_FQDN.pem" # If ssl is enabled
-}
Copied: gitlab/repos/community-x86_64/lighttpd.conf.example (from rev 187545, gitlab/trunk/lighttpd.conf.example)
===================================================================
--- community-x86_64/lighttpd.conf.example (rev 0)
+++ community-x86_64/lighttpd.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,35 @@
+# GITLAB
+# Maintainer: @tvn87
+# App Version: 2.8
+
+server.modules += (
+ "mod_simple_vhost",
+ "mod_proxy"
+)
+
+## The document root of a virtual host is document-root =
+## simple-vhost.server-root + $HTTP["host"] + simple-vhost.document-root
+simple-vhost.server-root = "/var/www"
+simple-vhost.document-root = "htdocs"
+
+## the default host if no host is sent
+simple-vhost.default-host = "YOUR_SERVER_FQDN"
+
+## uploads must be served as static files
+$HTTP["url"] == "^/upload" {
+ var.vhost.name = "YOUR_SERVER_FQDN"
+ var.vhost.path = "/usr/share/webapps/gitlab/public"
+}
+## otherwise everything is proxied
+else $HTTP["host"] == "YOUR_SERVER_FQDN" {
+ var.vhost_name = "YOUR_SERVER_FQDN"
+ var.vhost_path = "/var/www/YOUR_SERVER_FQDN" # This directory should be empty
+
+ proxy.server = ( "" => ( (
+ "host" => "127.0.0.1",
+ "port" => "8080"
+ ),
+ )
+ )
+ ssl.pemfile = "/etc/lighttpd/certs/YOUR_SERVER_FQDN.pem" # If ssl is enabled
+}
Deleted: community-x86_64/nginx-ssl.conf.example
===================================================================
--- community-x86_64/nginx-ssl.conf.example 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/nginx-ssl.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,112 +0,0 @@
-## GitLab
-##
-## Modified from nginx http version
-## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
-## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-##
-## Lines starting with two hashes (##) are comments with information.
-## Lines starting with one hash (#) are configuration parameters that can be uncommented.
-##
-##################################
-## CONTRIBUTING ##
-##################################
-##
-## If you change this file in a Merge Request, please also create
-## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
-##
-###################################
-## configuration ##
-###################################
-##
-## See installation.md#using-https for additional HTTPS configuration details.
-
-upstream gitlab-workhorse {
- server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
-}
-
-## Redirects all HTTP traffic to the HTTPS host
-server {
- ## Either remove "default_server" from the listen line below,
- ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
- ## to be served if you visit any address that your server responds to, eg.
- ## the ip address of the server (http://x.x.x.x/)
- listen 0.0.0.0:80;
- listen [::]:80 ipv6only=on default_server;
- server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
- server_tokens off; ## Don't show the nginx version number, a security best practice
- return 301 https://$http_host$request_uri;
- access_log /var/log/nginx/gitlab_access.log;
- error_log /var/log/nginx/gitlab_error.log;
-}
-
-## HTTPS host
-server {
- listen 0.0.0.0:443 ssl;
- listen [::]:443 ipv6only=on ssl default_server;
- server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
- server_tokens off; ## Don't show the nginx version number, a security best practice
-
- ## Strong SSL Security
- ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
- ssl on;
- ssl_certificate /etc/nginx/ssl/gitlab.crt;
- ssl_certificate_key /etc/nginx/ssl/gitlab.key;
-
- # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
- ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m;
- ssl_session_timeout 5m;
-
- ## See app/controllers/application_controller.rb for headers set
-
- ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
- ## Replace with your ssl_trusted_certificate. For more info see:
- ## - https://medium.com/devops-programming/4445f4862461
- ## - https://www.ruby-forum.com/topic/4419319
- ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
- # ssl_stapling on;
- # ssl_stapling_verify on;
- # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
- # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
- # resolver_timeout 5s;
-
- ## [Optional] Generate a stronger DHE parameter:
- ## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
- ##
- # ssl_dhparam /etc/ssl/certs/dhparam.pem;
-
- ## Individual nginx logs for this GitLab vhost
- access_log /var/log/nginx/gitlab_access.log;
- error_log /var/log/nginx/gitlab_error.log;
-
- location / {
- client_max_body_size 0;
- gzip off;
-
- ## https://github.com/gitlabhq/gitlabhq/issues/694
- ## Some requests take more than 30 seconds.
- proxy_read_timeout 300;
- proxy_connect_timeout 300;
- proxy_redirect off;
-
- proxy_http_version 1.1;
-
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-Ssl on;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_pass http://gitlab-workhorse;
- }
-
- error_page 404 /404.html;
- error_page 422 /422.html;
- error_page 500 /500.html;
- error_page 502 /502.html;
- location ~ ^/(404|422|500|502)\.html$ {
- root /usr/share/webapps/gitlab/public;
- internal;
- }
-}
Copied: gitlab/repos/community-x86_64/nginx-ssl.conf.example (from rev 187545, gitlab/trunk/nginx-ssl.conf.example)
===================================================================
--- community-x86_64/nginx-ssl.conf.example (rev 0)
+++ community-x86_64/nginx-ssl.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,112 @@
+## GitLab
+##
+## Modified from nginx http version
+## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
+## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+##
+## Lines starting with two hashes (##) are comments with information.
+## Lines starting with one hash (#) are configuration parameters that can be uncommented.
+##
+##################################
+## CONTRIBUTING ##
+##################################
+##
+## If you change this file in a Merge Request, please also create
+## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
+##
+###################################
+## configuration ##
+###################################
+##
+## See installation.md#using-https for additional HTTPS configuration details.
+
+upstream gitlab-workhorse {
+ server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
+}
+
+## Redirects all HTTP traffic to the HTTPS host
+server {
+ ## Either remove "default_server" from the listen line below,
+ ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
+ ## to be served if you visit any address that your server responds to, eg.
+ ## the ip address of the server (http://x.x.x.x/)
+ listen 0.0.0.0:80;
+ listen [::]:80 ipv6only=on default_server;
+ server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
+ server_tokens off; ## Don't show the nginx version number, a security best practice
+ return 301 https://$http_host$request_uri;
+ access_log /var/log/nginx/gitlab_access.log;
+ error_log /var/log/nginx/gitlab_error.log;
+}
+
+## HTTPS host
+server {
+ listen 0.0.0.0:443 ssl;
+ listen [::]:443 ipv6only=on ssl default_server;
+ server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
+ server_tokens off; ## Don't show the nginx version number, a security best practice
+
+ ## Strong SSL Security
+ ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
+ ssl on;
+ ssl_certificate /etc/nginx/ssl/gitlab.crt;
+ ssl_certificate_key /etc/nginx/ssl/gitlab.key;
+
+ # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
+ ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_prefer_server_ciphers on;
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 5m;
+
+ ## See app/controllers/application_controller.rb for headers set
+
+ ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
+ ## Replace with your ssl_trusted_certificate. For more info see:
+ ## - https://medium.com/devops-programming/4445f4862461
+ ## - https://www.ruby-forum.com/topic/4419319
+ ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
+ # ssl_stapling on;
+ # ssl_stapling_verify on;
+ # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
+ # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
+ # resolver_timeout 5s;
+
+ ## [Optional] Generate a stronger DHE parameter:
+ ## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
+ ##
+ # ssl_dhparam /etc/ssl/certs/dhparam.pem;
+
+ ## Individual nginx logs for this GitLab vhost
+ access_log /var/log/nginx/gitlab_access.log;
+ error_log /var/log/nginx/gitlab_error.log;
+
+ location / {
+ client_max_body_size 0;
+ gzip off;
+
+ ## https://github.com/gitlabhq/gitlabhq/issues/694
+ ## Some requests take more than 30 seconds.
+ proxy_read_timeout 300;
+ proxy_connect_timeout 300;
+ proxy_redirect off;
+
+ proxy_http_version 1.1;
+
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-Ssl on;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass http://gitlab-workhorse;
+ }
+
+ error_page 404 /404.html;
+ error_page 422 /422.html;
+ error_page 500 /500.html;
+ error_page 502 /502.html;
+ location ~ ^/(404|422|500|502)\.html$ {
+ root /usr/share/webapps/gitlab/public;
+ internal;
+ }
+}
Deleted: community-x86_64/nginx.conf.example
===================================================================
--- community-x86_64/nginx.conf.example 2016-08-25 20:13:08 UTC (rev 187545)
+++ community-x86_64/nginx.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -1,69 +0,0 @@
-## GitLab
-##
-## Lines starting with two hashes (##) are comments with information.
-## Lines starting with one hash (#) are configuration parameters that can be uncommented.
-##
-##################################
-## CONTRIBUTING ##
-##################################
-##
-## If you change this file in a Merge Request, please also create
-## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
-##
-###################################
-## configuration ##
-###################################
-##
-## See installation.md#using-https for additional HTTPS configuration details.
-
-upstream gitlab-workhorse {
- server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
-}
-
-## Normal HTTP host
-server {
- ## Either remove "default_server" from the listen line below,
- ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
- ## to be served if you visit any address that your server responds to, eg.
- ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
- listen 0.0.0.0:80 default_server;
- listen [::]:80 default_server;
- server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
- server_tokens off; ## Don't show the nginx version number, a security best practice
-
- ## See app/controllers/application_controller.rb for headers set
-
- ## Individual nginx logs for this GitLab vhost
- access_log /var/log/nginx/gitlab_access.log;
- error_log /var/log/nginx/gitlab_error.log;
-
- location / {
- client_max_body_size 0;
- gzip off;
-
- ## https://github.com/gitlabhq/gitlabhq/issues/694
- ## Some requests take more than 30 seconds.
- proxy_read_timeout 300;
- proxy_connect_timeout 300;
- proxy_redirect off;
-
- proxy_http_version 1.1;
-
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
-
- proxy_pass http://gitlab-workhorse;
- }
-
- error_page 404 /404.html;
- error_page 422 /422.html;
- error_page 500 /500.html;
- error_page 502 /502.html;
- location ~ ^/(404|422|500|502)\.html$ {
- root /usr/share/webapps/gitlab/public;
- internal;
- }
-
-}
Copied: gitlab/repos/community-x86_64/nginx.conf.example (from rev 187545, gitlab/trunk/nginx.conf.example)
===================================================================
--- community-x86_64/nginx.conf.example (rev 0)
+++ community-x86_64/nginx.conf.example 2016-08-25 20:13:28 UTC (rev 187546)
@@ -0,0 +1,69 @@
+## GitLab
+##
+## Lines starting with two hashes (##) are comments with information.
+## Lines starting with one hash (#) are configuration parameters that can be uncommented.
+##
+##################################
+## CONTRIBUTING ##
+##################################
+##
+## If you change this file in a Merge Request, please also create
+## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
+##
+###################################
+## configuration ##
+###################################
+##
+## See installation.md#using-https for additional HTTPS configuration details.
+
+upstream gitlab-workhorse {
+ server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
+}
+
+## Normal HTTP host
+server {
+ ## Either remove "default_server" from the listen line below,
+ ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
+ ## to be served if you visit any address that your server responds to, eg.
+ ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
+ listen 0.0.0.0:80 default_server;
+ listen [::]:80 default_server;
+ server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
+ server_tokens off; ## Don't show the nginx version number, a security best practice
+
+ ## See app/controllers/application_controller.rb for headers set
+
+ ## Individual nginx logs for this GitLab vhost
+ access_log /var/log/nginx/gitlab_access.log;
+ error_log /var/log/nginx/gitlab_error.log;
+
+ location / {
+ client_max_body_size 0;
+ gzip off;
+
+ ## https://github.com/gitlabhq/gitlabhq/issues/694
+ ## Some requests take more than 30 seconds.
+ proxy_read_timeout 300;
+ proxy_connect_timeout 300;
+ proxy_redirect off;
+
+ proxy_http_version 1.1;
+
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ proxy_pass http://gitlab-workhorse;
+ }
+
+ error_page 404 /404.html;
+ error_page 422 /422.html;
+ error_page 500 /500.html;
+ error_page 502 /502.html;
+ location ~ ^/(404|422|500|502)\.html$ {
+ root /usr/share/webapps/gitlab/public;
+ internal;
+ }
+
+}
More information about the arch-commits
mailing list