Skip to content

Commit

Permalink
Merge branch 'fix-relative-url-support'
Browse files Browse the repository at this point in the history 
Refer #646 #38
  • Loading branch information
Sameer Naik committed Mar 27, 2016
2 parents 9a22188 + 6eceaf2 commit ddfd001
Show file tree
Hide file tree
Showing 5 changed files with 67 additions and 82 deletions.
1 change: 1 addition & 0 deletions Changelog.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ This file only reflects the changes that are made in this image. Please refer to
- gitlab-workhorse: upgrade to v0.7.1
- gitlab: upgrade to CE v8.6.0
- exposed configuration parameters for auth0 OAUTH support
- fixed relative_url support

**8.5.8**
- gitlab: upgrade to CE v8.5.8
Expand Down
10 changes: 10 additions & 0 deletions assets/runtime/config/gitlabhq/relative_url.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Relative URL support
# WARNING: We recommend using an FQDN to host GitLab in a root path instead
# of using a relative URL.
# Documentation: http://doc.gitlab.com/ce/install/relative_url.html
# Copy this file to relative_url.rb and customize it to run in a non-root path
#

Rails.application.configure do
config.relative_url_root = "{{GITLAB_RELATIVE_URL_ROOT}}"
end
40 changes: 8 additions & 32 deletions assets/runtime/config/nginx/gitlab
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,6 @@
##
## See installation.md#using-https for additional HTTPS configuration details.

upstream gitlab {
server unix:{{GITLAB_INSTALL_DIR}}/tmp/sockets/gitlab.socket fail_timeout=0;
}

upstream gitlab-workhorse {
server unix:{{GITLAB_INSTALL_DIR}}/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
}
Expand All @@ -34,7 +30,6 @@ server {
listen [::]:80 default_server;
server_name {{GITLAB_HOST}}; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
root {{GITLAB_INSTALL_DIR}}/public;

## See app/controllers/application_controller.rb for headers set
add_header X-Accel-Buffering {{NGINX_ACCEL_BUFFERING}};
Expand All @@ -44,7 +39,7 @@ server {
access_log {{GITLAB_LOG_DIR}}/nginx/gitlab_access.log;
error_log {{GITLAB_LOG_DIR}}/nginx/gitlab_error.log;

location {{GITLAB_RELATIVE_URL_ROOT__without_trailing_slash}} {
location / {
client_max_body_size 0;
gzip off;

Expand All @@ -65,32 +60,13 @@ server {
proxy_pass http://gitlab-workhorse;
}

## If a static asset file is requested, then proxy passes the request to
## the upsteam (gitlab unicorn).
## As of 8.3.0 gitlab-workhorse does not properly generated the static assets
## when relative_url is used
location {{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}}assets {
try_files $uri /index.html $uri.html @gitlab;
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;
location ~ ^/(404|422|500|502)\.html$ {
root {{GITLAB_INSTALL_DIR}}/public;
internal;
}

location @gitlab {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
# gzip off;

## /~https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_buffering {{NGINX_PROXY_BUFFERING}};

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto {{NGINX_X_FORWARDED_PROTO}};
proxy_set_header X-Frame-Options SAMEORIGIN;

proxy_pass http://gitlab;
}
}
41 changes: 8 additions & 33 deletions assets/runtime/config/nginx/gitlab-ssl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,6 @@
##
## See installation.md#using-https for additional HTTPS configuration details.

upstream gitlab {
server unix:{{GITLAB_INSTALL_DIR}}/tmp/sockets/gitlab.socket fail_timeout=0;
}

upstream gitlab-workhorse {
server unix:{{GITLAB_INSTALL_DIR}}/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
}
Expand All @@ -49,7 +45,6 @@ server {
listen [::]:443 ssl spdy default_server;
server_name {{GITLAB_HOST}}; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
root {{GITLAB_INSTALL_DIR}}/public;

## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
Expand Down Expand Up @@ -90,7 +85,7 @@ server {
access_log {{GITLAB_LOG_DIR}}/nginx/gitlab_access.log;
error_log {{GITLAB_LOG_DIR}}/nginx/gitlab_error.log;

location {{GITLAB_RELATIVE_URL_ROOT__without_trailing_slash}} {
location / {
client_max_body_size 0;
gzip off;

Expand All @@ -111,32 +106,12 @@ server {
proxy_pass http://gitlab-workhorse;
}

## If a static asset file is requested, then proxy passes the request to
## the upsteam (gitlab unicorn).
## As of 8.3.0 gitlab-workhorse does not properly generated the static assets
## when relative_url is used
location {{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}}assets {
try_files $uri /index.html $uri.html @gitlab;
}

location @gitlab {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
# gzip off;

## /~https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_buffering {{NGINX_PROXY_BUFFERING}};

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto {{NGINX_X_FORWARDED_PROTO}};
proxy_set_header X-Frame-Options SAMEORIGIN;

proxy_pass http://gitlab;
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;
location ~ ^/(404|422|500|502)\.html$ {
root {{GITLAB_INSTALL_DIR}}/public;
internal;
}
}
57 changes: 40 additions & 17 deletions assets/runtime/functions
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ USERCONF_TEMPLATES_DIR="${GITLAB_DATA_DIR}/config"
GITLAB_CONFIG="${GITLAB_INSTALL_DIR}/config/gitlab.yml"
GITLAB_DATABASE_CONFIG="${GITLAB_INSTALL_DIR}/config/database.yml"
GITLAB_UNICORN_CONFIG="${GITLAB_INSTALL_DIR}/config/unicorn.rb"
GITLAB_RELATIVE_URL_CONFIG="${GITLAB_INSTALL_DIR}/config/initializers/relative_url.rb"
GITLAB_RACK_ATTACK_CONFIG="${GITLAB_INSTALL_DIR}/config/initializers/rack_attack.rb"
GITLAB_SMTP_CONFIG="${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb"
GITLAB_RESQUE_CONFIG="${GITLAB_INSTALL_DIR}/config/resque.yml"
Expand Down Expand Up @@ -286,6 +287,13 @@ gitlab_configure_unicorn() {
UNICORN_TIMEOUT
}

gitlab_configure_relative_url() {
if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then
echo "Configuring gitlab::relative_url..."
update_template ${GITLAB_RELATIVE_URL_CONFIG} GITLAB_RELATIVE_URL_ROOT
fi
}

gitlab_configure_timezone() {
echo "Configuring gitlab::timezone..."
update_template ${GITLAB_CONFIG} GITLAB_TIMEZONE
Expand Down Expand Up @@ -797,20 +805,6 @@ nginx_configure_gitlab_hsts() {
fi
}

nginx_configure_gitlab_relative_url() {
if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then
echo "Configuring nginx::gitlab::relative_url..."
GITLAB_RELATIVE_URL_ROOT__with_trailing_slash=${GITLAB_RELATIVE_URL_ROOT}/
GITLAB_RELATIVE_URL_ROOT__without_trailing_slash=${GITLAB_RELATIVE_URL_ROOT}
else
GITLAB_RELATIVE_URL_ROOT__with_trailing_slash=/
GITLAB_RELATIVE_URL_ROOT__without_trailing_slash=/
fi
update_template ${GITLAB_NGINX_CONFIG} \
GITLAB_RELATIVE_URL_ROOT__with_trailing_slash \
GITLAB_RELATIVE_URL_ROOT__without_trailing_slash
}

nginx_configure_gitlab_ipv6() {
if [[ ! -f /proc/net/if_inet6 ]]; then
# disable ipv6 support
Expand All @@ -834,7 +828,6 @@ nginx_configure_gitlab() {

nginx_configure_gitlab_ssl
nginx_configure_gitlab_hsts
nginx_configure_gitlab_relative_url
nginx_configure_gitlab_ipv6
}

Expand Down Expand Up @@ -960,6 +953,25 @@ initialize_datadir() {
chmod 700 ${GITLAB_DATA_DIR}/.ssh
chmod 600 ${GITLAB_DATA_DIR}/.ssh/authorized_keys
chown -R ${GITLAB_USER}: ${GITLAB_DATA_DIR}/.ssh

# recompile and persist assets when relative_url is in use
if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then
mkdir -p ${GITLAB_TEMP_DIR}/cache
chmod 755 ${GITLAB_TEMP_DIR}/cache
chown ${GITLAB_USER}: ${GITLAB_TEMP_DIR}/cache

mkdir -p ${GITLAB_TEMP_DIR}/assets
chmod 755 ${GITLAB_TEMP_DIR}/assets
chown ${GITLAB_USER}: ${GITLAB_TEMP_DIR}/assets

# symlink ${GITLAB_INSTALL_DIR}/tmp/cache -> ${GITLAB_TEMP_DIR}/cache
rm -rf ${GITLAB_INSTALL_DIR}/tmp/cache
exec_as_git ln -s ${GITLAB_TEMP_DIR}/cache ${GITLAB_INSTALL_DIR}/tmp/cache

# symlink ${GITLAB_INSTALL_DIR}/public/assets -> ${GITLAB_TEMP_DIR}/assets
rm -rf ${GITLAB_INSTALL_DIR}/public/assets
exec_as_git ln -s ${GITLAB_TEMP_DIR}/assets ${GITLAB_INSTALL_DIR}/public/assets
fi

This comment has been minimized.

Sign in to view

Copy link
@ninja-

ninja- Apr 16, 2016

that's a long downtime on updates for me @sameersbn...maybe I could make a PR that would use regex(more or less) to do it :)?
(if needed, the compiled version would be using some marker like /%GITLABPATH% which would then be changed to either / or /suburl)

This comment has been minimized.

Sign in to view

Copy link
@sameersbn

sameersbn Apr 17, 2016

Owner

Not sure if it would work. You can give it a try.
}

sanitize_datadir() {
Expand Down Expand Up @@ -1038,6 +1050,10 @@ install_configuration_templates() {
install_template ${GITLAB_USER}: gitlabhq/secrets.yml ${GITLAB_SECRETS_CONFIG} 0600
install_template ${GITLAB_USER}: gitlab-shell/config.yml ${GITLAB_SHELL_CONFIG} 0640

if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then
install_template ${GITLAB_USER}: gitlabhq/relative_url.rb ${GITLAB_RELATIVE_URL_CONFIG} 0644
fi

if [[ ${SMTP_ENABLED} == true ]]; then
install_template ${GITLAB_USER}: gitlabhq/smtp_settings.rb ${GITLAB_SMTP_CONFIG}
fi
Expand Down Expand Up @@ -1090,6 +1106,7 @@ configure_gitlab() {
gitlab_configure_secrets
gitlab_configure_sidekiq
gitlab_configure_gitlab_workhorse
gitlab_configure_relative_url
gitlab_configure_unicorn
gitlab_configure_timezone
gitlab_configure_rack_attack
Expand Down Expand Up @@ -1190,8 +1207,14 @@ migrate_database() {
fi

# clear cache if relative_url has changed.
[[ -f ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT ]] && CACHE_GITLAB_RELATIVE_URL_ROOT=$(cat ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT)
if [[ ! -f ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT || ${GITLAB_RELATIVE_URL_ROOT} != ${CACHE_GITLAB_RELATIVE_URL_ROOT} ]]; then
[[ -f ${GITLAB_TEMP_DIR}/GITLAB_RELATIVE_URL_ROOT ]] && CACHE_GITLAB_RELATIVE_URL_ROOT=$(cat ${GITLAB_TEMP_DIR}/GITLAB_RELATIVE_URL_ROOT)
if [[ ! -f ${GITLAB_TEMP_DIR}/GITLAB_RELATIVE_URL_ROOT || ${GITLAB_RELATIVE_URL_ROOT} != ${CACHE_GITLAB_RELATIVE_URL_ROOT} ]]; then
# assets need to be recompiled when GITLAB_RELATIVE_URL_ROOT is used
if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then
echo "Recompiling assets (relative_url in use), this could take a while..."
exec_as_git bundle exec rake assets:clean assets:precompile >/dev/null 2>&1
fi

echo "Clearing cache..."
exec_as_git bundle exec rake cache:clear >/dev/null 2>&1
echo "${GITLAB_RELATIVE_URL_ROOT}" > ${GITLAB_TEMP_DIR}/GITLAB_RELATIVE_URL_ROOT
Expand Down

0 comments on commit ddfd001

Please sign in to comment.