[arch-commits] Commit in gitlab/trunk (7 files)

Tue Aug 8 21:28:46 UTC 2017

Date: Tuesday, August 8, 2017 @ 21:28:45
  Author: svenstaro
Revision: 249627

upgpkg: gitlab 9.4.3-3

Remove webserver config templates

I can't downstream maintain these properly and there is no good upstream source for those anymore.
This kind of thing is much better done in the wiki or upstream but not as files maintained by me.

Modified:
  gitlab/trunk/PKGBUILD
Deleted:
  gitlab/trunk/apache-ssl.conf.example
  gitlab/trunk/apache.conf.example
  gitlab/trunk/apache2.2-ssl.conf.example
  gitlab/trunk/apache2.2.conf.example
  gitlab/trunk/nginx-ssl.conf.example
  gitlab/trunk/nginx.conf.example

----------------------------+
 PKGBUILD                   |   25 +--------
 apache-ssl.conf.example    |   94 ------------------------------------
 apache.conf.example        |   64 ------------------------
 apache2.2-ssl.conf.example |   93 -----------------------------------
 apache2.2.conf.example     |   63 ------------------------
 nginx-ssl.conf.example     |  112 -------------------------------------------
 nginx.conf.example         |   69 --------------------------
 7 files changed, 3 insertions(+), 517 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2017-08-08 21:26:41 UTC (rev 249626)
+++ PKGBUILD	2017-08-08 21:28:45 UTC (rev 249627)
@@ -8,7 +8,7 @@
 
 pkgname=gitlab
 pkgver=9.4.3
-pkgrel=2
+pkgrel=3
 pkgdesc="Project management and code hosting application"
 arch=('x86_64')
 url="https://gitlab.com/gitlab-org/gitlab-ce/tree/master#README"
@@ -33,14 +33,7 @@
         gitlab-backup.timer
         gitlab.target
         gitlab.tmpfiles.d
-        gitlab.logrotate
-        apache.conf.example
-        apache-ssl.conf.example
-        apache2.2.conf.example
-        apache2.2-ssl.conf.example
-        nginx.conf.example
-        nginx-ssl.conf.example
-        lighttpd.conf.example)
+        gitlab.logrotate)
 install='gitlab.install'
 sha512sums=('1caac46183ce7a7926401a831459bb8e5fc006420e3208c637bb7cf8e13f94c7da69adf968cd911b97f82b3842e7afc3f122eeb708d68e8f8c1a750c348e5978'
             '56cce150645ef74fa42a6100c8bc7689c4012579e1f3ba237c06c367b121246b39e968044615fa21c4757bc8e9d06f37f8ac8d39aa8b808c758e716857553f66'
@@ -50,14 +43,7 @@
             'c11d2c59da8325551a465227096e8d39b0e4bcd5b1db21565cf3439e431838c04bc00aa6f07f4d493f3f47fd6b4e25aeb0fe0fc1a05756064706bf5708c960ec'
             'c519a51d31300074ea12594fbcc8e9610d991ef04b1dac94d93a2b201df3465999cc7c6ac7f3896e02b117c2366d61dea1ef2f6b9cd7b18998385a7f26e5700f'
             'abacbff0d7be918337a17b56481c84e6bf3eddd9551efe78ba9fb74337179e95c9b60f41c49f275e05074a4074a616be36fa208a48fc12d5b940f0554fbd89c3'
-            '20b93eab504e82cc4401685b59e6311b4d2c0285bc594d47ce4106d3f418a3e2ba92c4f49732748c0ba913aa3e3299126166e37d2a2d5b4d327d66bae4b8abda'
-            '441585489fb992d5e893f14bf0770df04ada95ffdbfcc80bb98a44eda7db520d12c985f600d003d80a196562654d2231598f8481ff9bf664bb5889f564e897e7'
-            '99f31439d348e21f764875b6207db8663b47f3224ad6a9f35b89c8a2ed29a9e831a974aa6b9429a3882fb74c1c9d42ed5c38b2d16ae122b5d55d5873a0c57cd3'
-            '624eb1f13e0265522290faa8c22b4150e6081ca2580391c9dfd871f1ee1b9c1c745c95d3d8f7fdbf85038990060141b844c3d8097c577ab68e5506bfa2d2dddb'
-            '248d47b44fa5ed65e2a940f2b60d0482c481b3a438357ca510848221370367ffbc0d83ce046d688bebbbc75d4e321b140f6a5ce1a9d7ec0b034fafcf92dee107'
-            '53a9d6d6f87874b29e48a8fb2e207094ebc1a80af478562ec4b591926d59e135a3166c20966704aa948ca7063ba63c1ec4ac290a343832fa18025ec3d85081ba'
-            '6d3006da591acefcc534c6e3f1da8e812d0b3b21fc416bfaa8678b8e2d922be6b17d1c92b0d7164de3b8ad864139253707107ca082f78e823d23f3b65fcb5914'
-            'c78b6f46abcf603d8db6e38cf50868e14145928422ddfe17c88e2f006b5b910dddf456ec5d6d724b250994530643963809688a98f7e12ebd5b5dabf7f96f0e06')
+            '20b93eab504e82cc4401685b59e6311b4d2c0285bc594d47ce4106d3f418a3e2ba92c4f49732748c0ba913aa3e3299126166e37d2a2d5b4d327d66bae4b8abda')
 
 _datadir="/usr/share/webapps/${pkgname}"
 _etcdir="/etc/webapps/${pkgname}"
@@ -211,11 +197,6 @@
 
   install -Dm644 "${srcdir}/gitlab.tmpfiles.d" "${pkgdir}/usr/lib/tmpfiles.d/gitlab.conf"
   install -Dm644 "${srcdir}/gitlab.logrotate" "${pkgdir}/etc/logrotate.d/gitlab"
-
-  # Install webserver config templates
-  for config_file in apache apache-ssl apache2.2 apache2.2-ssl nginx nginx-ssl lighttpd; do
-    install -m644 "${srcdir}/${config_file}.conf.example" "${pkgdir}/usr/share/doc/${pkgname}"
-  done
 }
 
 # vim:set ts=2 sw=2 et:

Deleted: apache-ssl.conf.example
===================================================================
--- apache-ssl.conf.example	2017-08-08 21:26:41 UTC (rev 249626)
+++ apache-ssl.conf.example	2017-08-08 21:28:45 UTC (rev 249627)
@@ -1,94 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_ssl
-# mod_proxy
-# mod_proxy_http
-# mod_headers
-
-# This section is only needed if you want to redirect http traffic to https.
-# You can live without it but clients will have to type in https:// to reach gitlab.
-<VirtualHost *:80>
-  ServerName YOUR_SERVER_FQDN
-  ServerSignature Off
-
-  RewriteEngine on
-  RewriteCond %{HTTPS} !=on
-  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
-</VirtualHost>
-
-<VirtualHost *:443>
-  SSLEngine on
-  #strong encryption ciphers only
-  #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
-  SSLProtocol all -SSLv2 -SSLv3
-  SSLHonorCipherOrder on
-#  SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
-  SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
-  Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
-  SSLCompression Off
-  SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
-  SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
-  SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
-
-  ServerName YOUR_SERVER_FQDN
-  ServerSignature Off
-
-  ProxyPreserveHost On
-
-  # Ensure that encoded slashes are not decoded but left in their encoded state.
-  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
-  AllowEncodedSlashes NoDecode
-
-  <Location />
-    # New authorization commands for apache 2.4 and up
-    # http://httpd.apache.org/docs/2.4/upgrading.html#access
-    Require all granted
-
-    #Allow forwarding to gitlab-workhorse
-    ProxyPassReverse http://127.0.0.1:8181
-    ProxyPassReverse http://YOUR_SERVER_FQDN/
-  </Location>
-
-  # Apache equivalent of nginx try files
-  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
-  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
-  RewriteEngine on
-
-  #Don't escape encoded characters in api requests
-  RewriteCond %{REQUEST_URI} ^/api/v3/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
-  #Forward all requests to gitlab-workhorse except existing files like error documents
-  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
-  RewriteCond %{REQUEST_URI} ^/uploads/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
-  RequestHeader set X_FORWARDED_PROTO 'https'
-  RequestHeader set X-Forwarded-Ssl on
-
-  # needed for downloading attachments
-  DocumentRoot /usr/share/webapps/gitlab/public
-
-  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
-  ErrorDocument 404 /404.html
-  ErrorDocument 422 /422.html
-  ErrorDocument 500 /500.html
-  ErrorDocument 503 /deploy.html
-
-  # It is assumed that the log directory is in /var/log/httpd.
-  # For Debian distributions you might want to change this to
-  # /var/log/apache2.
-  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
-  ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>

Deleted: apache.conf.example
===================================================================
--- apache.conf.example	2017-08-08 21:26:41 UTC (rev 249626)
+++ apache.conf.example	2017-08-08 21:28:45 UTC (rev 249627)
@@ -1,64 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_proxy
-# mod_proxy_http
-<VirtualHost *:80>
-  ServerName YOUR_SERVER_FQDN
-  ServerSignature Off
-
-  ProxyPreserveHost On
-
-  # Ensure that encoded slashes are not decoded but left in their encoded state.
-  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
-  AllowEncodedSlashes NoDecode
-
-  <Location />
-    # New authorization commands for apache 2.4 and up
-    # http://httpd.apache.org/docs/2.4/upgrading.html#access
-    Require all granted
-
-    #Allow forwarding to gitlab-workhorse
-    ProxyPassReverse http://127.0.0.1:8181
-    ProxyPassReverse http://YOUR_SERVER_FQDN/
-  </Location>
-
-  # Apache equivalent of nginx try files
-  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
-  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
-  RewriteEngine on
-
-  #Don't escape encoded characters in api requests
-  RewriteCond %{REQUEST_URI} ^/api/v3/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
-  #Forward all requests to gitlab-workhorse except existing files like error documents
-  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
-  RewriteCond %{REQUEST_URI} ^/uploads/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
-  # needed for downloading attachments
-  DocumentRoot /usr/share/webapps/gitlab/public
-
-  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
-  ErrorDocument 404 /404.html
-  ErrorDocument 422 /422.html
-  ErrorDocument 500 /500.html
-  ErrorDocument 503 /deploy.html
-
-  # It is assumed that the log directory is in /var/log/httpd.
-  # For Debian distributions you might want to change this to
-  # /var/log/apache2.
-  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
-  ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>

Deleted: apache2.2-ssl.conf.example
===================================================================
--- apache2.2-ssl.conf.example	2017-08-08 21:26:41 UTC (rev 249626)
+++ apache2.2-ssl.conf.example	2017-08-08 21:28:45 UTC (rev 249627)
@@ -1,93 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_ssl
-# mod_proxy
-# mod_proxy_http
-# mod_headers
-
-# This section is only needed if you want to redirect http traffic to https.
-# You can live without it but clients will have to type in https:// to reach gitlab.
-<VirtualHost *:80>
-  ServerName YOUR_SERVER_FQDN
-  ServerSignature Off
-
-  RewriteEngine on
-  RewriteCond %{HTTPS} !=on
-  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
-</VirtualHost>
-
-<VirtualHost *:443>
-  SSLEngine on
-  #strong encryption ciphers only
-  #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
-  SSLProtocol all -SSLv2 -SSLv3
-  SSLHonorCipherOrder on
-#  SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
-  SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
-  Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
-  SSLCompression Off
-  SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
-  SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
-  SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
-
-  ServerName YOUR_SERVER_FQDN
-  ServerSignature Off
-
-  ProxyPreserveHost On
-
-  # Ensure that encoded slashes are not decoded but left in their encoded state.
-  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
-  AllowEncodedSlashes NoDecode
-
-  <Location />
-    Order deny,allow
-    Allow from all
-
-    #Allow forwarding to gitlab-workhorse
-    ProxyPassReverse http://127.0.0.1:8181
-    ProxyPassReverse http://YOUR_SERVER_FQDN/
-  </Location>
-
-  # Apache equivalent of nginx try files
-  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
-  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
-  RewriteEngine on
-
-  #Don't escape encoded characters in api requests
-  RewriteCond %{REQUEST_URI} ^/api/v3/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
-  #Forward all requests to gitlab-workhorse except existing files like error documents
-  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
-  RewriteCond %{REQUEST_URI} ^/uploads/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
-  RequestHeader set X_FORWARDED_PROTO 'https'
-  RequestHeader set X-Forwarded-Ssl on
-
-  # needed for downloading attachments
-  DocumentRoot /usr/share/webapps/gitlab/public
-
-  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
-  ErrorDocument 404 /404.html
-  ErrorDocument 422 /422.html
-  ErrorDocument 500 /500.html
-  ErrorDocument 503 /deploy.html
-
-  # It is assumed that the log directory is in /var/log/httpd.
-  # For Debian distributions you might want to change this to
-  # /var/log/apache2.
-  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
-  ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>

Deleted: apache2.2.conf.example
===================================================================
--- apache2.2.conf.example	2017-08-08 21:26:41 UTC (rev 249626)
+++ apache2.2.conf.example	2017-08-08 21:28:45 UTC (rev 249627)
@@ -1,63 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_proxy
-# mod_proxy_http
-<VirtualHost *:80>
-  ServerName YOUR_SERVER_FQDN
-  ServerSignature Off
-
-  ProxyPreserveHost On
-
-  # Ensure that encoded slashes are not decoded but left in their encoded state.
-  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
-  AllowEncodedSlashes NoDecode
-
-  <Location />
-    Order deny,allow
-    Allow from all
-
-    #Allow forwarding to gitlab-workhorse
-    ProxyPassReverse http://127.0.0.1:8181
-    ProxyPassReverse http://YOUR_SERVER_FQDN/
-  </Location>
-
-  # Apache equivalent of nginx try files
-  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
-  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
-  RewriteEngine on
-
-  #Don't escape encoded characters in api requests
-  RewriteCond %{REQUEST_URI} ^/api/v3/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
-  #Forward all requests to gitlab-workhorse except existing files like error documents
-  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
-  RewriteCond %{REQUEST_URI} ^/uploads/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
-  # needed for downloading attachments
-  DocumentRoot /usr/share/webapps/gitlab/public
-
-  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
-  ErrorDocument 404 /404.html
-  ErrorDocument 422 /422.html
-  ErrorDocument 500 /500.html
-  ErrorDocument 503 /deploy.html
-
-  # It is assumed that the log directory is in /var/log/httpd.
-  # For Debian distributions you might want to change this to
-  # /var/log/apache2.
-  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
-  ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>

Deleted: nginx-ssl.conf.example
===================================================================
--- nginx-ssl.conf.example	2017-08-08 21:26:41 UTC (rev 249626)
+++ nginx-ssl.conf.example	2017-08-08 21:28:45 UTC (rev 249627)
@@ -1,112 +0,0 @@
-## GitLab
-##
-## Modified from nginx http version
-## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
-## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-##
-## Lines starting with two hashes (##) are comments with information.
-## Lines starting with one hash (#) are configuration parameters that can be uncommented.
-##
-##################################
-##        CONTRIBUTING          ##
-##################################
-##
-## If you change this file in a Merge Request, please also create
-## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
-##
-###################################
-##         configuration         ##
-###################################
-##
-## See installation.md#using-https for additional HTTPS configuration details.
-
-upstream gitlab-workhorse {
-  server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
-}
-
-## Redirects all HTTP traffic to the HTTPS host
-server {
-  ## Either remove "default_server" from the listen line below,
-  ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
-  ## to be served if you visit any address that your server responds to, eg.
-  ## the ip address of the server (http://x.x.x.x/)
-  listen 0.0.0.0:80;
-  listen [::]:80 ipv6only=on default_server;
-  server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
-  server_tokens off; ## Don't show the nginx version number, a security best practice
-  return 301 https://$http_host$request_uri;
-  access_log  /var/log/nginx/gitlab_access.log;
-  error_log   /var/log/nginx/gitlab_error.log;
-}
-
-## HTTPS host
-server {
-  listen 0.0.0.0:443 ssl;
-  listen [::]:443 ipv6only=on ssl default_server;
-  server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
-  server_tokens off; ## Don't show the nginx version number, a security best practice
-
-  ## Strong SSL Security
-  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
-  ssl on;
-  ssl_certificate /etc/nginx/ssl/gitlab.crt;
-  ssl_certificate_key /etc/nginx/ssl/gitlab.key;
-
-  # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
-  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-  ssl_prefer_server_ciphers on;
-  ssl_session_cache shared:SSL:10m;
-  ssl_session_timeout 5m;
-
-  ## See app/controllers/application_controller.rb for headers set
-
-  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
-  ## Replace with your ssl_trusted_certificate. For more info see:
-  ## - https://medium.com/devops-programming/4445f4862461
-  ## - https://www.ruby-forum.com/topic/4419319
-  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
-  # ssl_stapling on;
-  # ssl_stapling_verify on;
-  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
-  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
-  # resolver_timeout 5s;
-
-  ## [Optional] Generate a stronger DHE parameter:
-  ##   sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
-  ##
-  # ssl_dhparam /etc/ssl/certs/dhparam.pem;
-
-  ## Individual nginx logs for this GitLab vhost
-  access_log  /var/log/nginx/gitlab_access.log;
-  error_log   /var/log/nginx/gitlab_error.log;
-
-  location / {
-    client_max_body_size 0;
-    gzip off;
-
-    ## https://github.com/gitlabhq/gitlabhq/issues/694
-    ## Some requests take more than 30 seconds.
-    proxy_read_timeout      300;
-    proxy_connect_timeout   300;
-    proxy_redirect          off;
-
-    proxy_http_version 1.1;
-
-    proxy_set_header    Host                $http_host;
-    proxy_set_header    X-Real-IP           $remote_addr;
-    proxy_set_header    X-Forwarded-Ssl     on;
-    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-    proxy_set_header    X-Forwarded-Proto   $scheme;
-    proxy_pass http://gitlab-workhorse;
-  }
-
-  error_page 404 /404.html;
-  error_page 422 /422.html;
-  error_page 500 /500.html;
-  error_page 502 /502.html;
-  location ~ ^/(404|422|500|502)\.html$ {
-    root /usr/share/webapps/gitlab/public;
-    internal;
-  }
-}

Deleted: nginx.conf.example
===================================================================
--- nginx.conf.example	2017-08-08 21:26:41 UTC (rev 249626)
+++ nginx.conf.example	2017-08-08 21:28:45 UTC (rev 249627)
@@ -1,69 +0,0 @@
-## GitLab
-##
-## Lines starting with two hashes (##) are comments with information.
-## Lines starting with one hash (#) are configuration parameters that can be uncommented.
-##
-##################################
-##        CONTRIBUTING          ##
-##################################
-##
-## If you change this file in a Merge Request, please also create
-## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
-##
-###################################
-##         configuration         ##
-###################################
-##
-## See installation.md#using-https for additional HTTPS configuration details.
-
-upstream gitlab-workhorse {
-  server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
-}
-
-## Normal HTTP host
-server {
-  ## Either remove "default_server" from the listen line below,
-  ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
-  ## to be served if you visit any address that your server responds to, eg.
-  ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
-  listen 0.0.0.0:80 default_server;
-  listen [::]:80 default_server;
-  server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
-  server_tokens off; ## Don't show the nginx version number, a security best practice
-
-  ## See app/controllers/application_controller.rb for headers set
-
-  ## Individual nginx logs for this GitLab vhost
-  access_log  /var/log/nginx/gitlab_access.log;
-  error_log   /var/log/nginx/gitlab_error.log;
-
-  location / {
-    client_max_body_size 0;
-    gzip off;
-
-    ## https://github.com/gitlabhq/gitlabhq/issues/694
-    ## Some requests take more than 30 seconds.
-    proxy_read_timeout      300;
-    proxy_connect_timeout   300;
-    proxy_redirect          off;
-
-    proxy_http_version 1.1;
-
-    proxy_set_header    Host                $http_host;
-    proxy_set_header    X-Real-IP           $remote_addr;
-    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-    proxy_set_header    X-Forwarded-Proto   $scheme;
-
-    proxy_pass http://gitlab-workhorse;
-  }
-
-  error_page 404 /404.html;
-  error_page 422 /422.html;
-  error_page 500 /500.html;
-  error_page 502 /502.html;
-  location ~ ^/(404|422|500|502)\.html$ {
-    root /usr/share/webapps/gitlab/public;
-    internal;
-  }
-
-}

