Added nginx config example to cut-off ".git" #173
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,62 @@ | ||
| # GITLAB with SSL with connection limit with requests limit with ".git" cut-off | ||
|
|
||
| limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m; | ||
| limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; | ||
|
|
||
| server { | ||
| listen 0.0.0.0:443 ssl; | ||
| root /home/git/gitlab/public; | ||
|
|
||
| ssl on; | ||
| ssl_certificate /etc/nginx/gitlab.crt; | ||
| ssl_certificate_key /etc/nginx/gitlab.key; | ||
| ssl_protocols SSLv3 TLSv1 TLSv1.2; | ||
| ssl_ciphers AES:HIGH:!ADH:!MD5; | ||
| ssl_prefer_server_ciphers on; | ||
| server_name git.example.com; | ||
|
|
||
| location ~ ^/([^/]*/[^/]*)\.git { | ||
| try_files maintenance.html $uri $uri/index.html $uri.htm @gitlab; | ||
| } | ||
|
|
||
| location ~ ^/([^/]+/[^/]+)/(.*) { | ||
| rewrite ^/([^/]+/[^/]+)/info/(.*) /$1.git/info/$2 last; | ||
| rewrite ^/([^/]+/[^/]+)/git-(.*) /$1.git/git-$2 last; | ||
| try_files maintenance.html $uri $uri/index.html $uri.htm @gitlab; | ||
| } | ||
|
|
||
| location ~ /$ { | ||
| limit_req zone=one burst=15 nodelay; | ||
| try_files maintenance.html $uri $uri/index.html $uri.htm @gitlab; | ||
| } | ||
|
|
||
| location / { | ||
| try_files maintenance.html $uri $uri/index.html $uri.htm @gitlab; | ||
| } | ||
|
|
||
| location @gitlab { | ||
| limit_conn conn_limit_per_ip 20; | ||
| proxy_pass http://127.0.0.1:3000; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header Referer $scheme://$host$request_uri; | ||
| client_max_body_size 256M; | ||
| proxy_redirect off; | ||
|
|
||
| proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694 | ||
| proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694 | ||
| proxy_redirect off; | ||
|
|
||
| proxy_set_header X-Forwarded-Proto https; | ||
| proxy_set_header X-Forwarded-Ssl on; | ||
| } | ||
| } | ||
|
|
||
| server { | ||
| listen *:80 default; | ||
| location / { | ||
| rewrite ^ https://git.example.com$request_uri? permanent; | ||
| } | ||
| } | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| # GITLAB with SSL with connection limit with requests limit with ".git" cut-off | ||
| # and with "public/projects" as the start page | ||
|
|
||
| limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m; | ||
| limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; | ||
|
|
||
| server { | ||
| listen 0.0.0.0:443 ssl; | ||
| root /home/git/gitlab/public; | ||
|
|
||
| ssl on; | ||
| ssl_certificate /etc/nginx/gitlab.crt; | ||
| ssl_certificate_key /etc/nginx/gitlab.key; | ||
| ssl_protocols SSLv3 TLSv1 TLSv1.2; | ||
| ssl_ciphers AES:HIGH:!ADH:!MD5; | ||
| ssl_prefer_server_ciphers on; | ||
| server_name git.example.com; | ||
|
|
||
| location = /users/sign_in { | ||
| if ($http_referer ~ "^$") { | ||
| rewrite ^ https://git.example.com/public/projects redirect; | ||
|
There was a problem hiding this comment. Can you document somewhere that people have to change this? |
||
| } | ||
| try_files maintenance.html $uri $uri/index.html $uri.htm @gitlab; | ||
| } | ||
|
|
||
| location ~ ^/([^/]*/[^/]*)\.git { | ||
| try_files maintenance.html $uri $uri/index.html $uri.htm @gitlab; | ||
| } | ||
|
|
||
| location ~ ^/([^/]+/[^/]+)/(.*) { | ||
| rewrite ^/([^/]+/[^/]+)/info/(.*) /$1.git/info/$2 last; | ||
| rewrite ^/([^/]+/[^/]+)/git-(.*) /$1.git/git-$2 last; | ||
| try_files maintenance.html $uri $uri/index.html $uri.htm @gitlab; | ||
| } | ||
|
|
||
| location ~ /$ { | ||
| limit_req zone=one burst=15 nodelay; | ||
| try_files maintenance.html $uri $uri/index.html $uri.htm @gitlab; | ||
| } | ||
|
|
||
| location / { | ||
| try_files maintenance.html $uri $uri/index.html $uri.htm @gitlab; | ||
| } | ||
|
|
||
| location @gitlab { | ||
| limit_conn conn_limit_per_ip 20; | ||
| proxy_pass http://127.0.0.1:3000; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header Referer $scheme://$host$request_uri; | ||
| client_max_body_size 256M; | ||
| proxy_redirect off; | ||
|
|
||
| proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694 | ||
| proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694 | ||
| proxy_redirect off; | ||
|
|
||
| proxy_set_header X-Forwarded-Proto https; | ||
| proxy_set_header X-Forwarded-Ssl on; | ||
| } | ||
| } | ||
|
|
||
| server { | ||
| listen *:80 default; | ||
| location / { | ||
| rewrite ^ https://git.example.com$request_uri? permanent; | ||
| } | ||
| } | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you document somewhere that people have to change this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for my English skills, but I don't understand the question.
Did you mean "why people have to change that"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At this point you have hardcoded the url
https://git.example.compeople may not know that they have to change this.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see. Can you show an example of the "documentation"? Should I just add a note in the first lines of this configuration file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@xaionaro I guess @jvanbaarsen means something like this https://github.com/gitlabhq/gitlab-recipes/blob/master/web-server/nginx/gitlab-ssl#L31
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@axilleas Yeah thanks :)