Skip to content

Instantly share code, notes, and snippets.

@trusktr

trusktr/10-gitlab.conf

Last active August 29, 2015 13:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save trusktr/8896135 to your computer and use it in GitHub Desktop.
Save trusktr/8896135 to your computer and use it in GitHub Desktop.
Download ZIP
AUR/gitlab
Raw
10-gitlab.conf
# GITLAB
# Maintainer: @tvn87
# App Version: 2.8
server.modules += (
"mod_simple_vhost",
"mod_proxy"
)
## The document root of a virtual host is document-root =
## simple-vhost.server-root + $HTTP["host"] + simple-vhost.document-root
simple-vhost.server-root = "/var/www"
simple-vhost.document-root = "htdocs"
## the default host if no host is sent
simple-vhost.default-host = "YOUR_SERVER_FQDN"
## uploads must be served as static files
$HTTP["url"] == "^/upload" {
var.vhost.name = "YOUR_SERVER_FQDN"
var.vhost.path = "/usr/share/webapps/gitlab/public"
}
## otherwise everything is proxied
else $HTTP["host"] == "YOUR_SERVER_FQDN" {
var.vhost_name = "YOUR_SERVER_FQDN"
var.vhost_path = "/var/www/YOUR_SERVER_FQDN" # This directory should be empty
proxy.server = ( "" => ( (
"host" => "127.0.0.1",
"port" => "8080"
),
)
)
ssl.pemfile = "/etc/lighttpd/certs/YOUR_SERVER_FQDN.pem" # If ssl is enabled
}
Raw
gitlab-sidekiq.service
#####################################################
#
# GitLab version : 5.x - 6.x
# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91
# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd
#
####################################################
[Unit]
Description=GitLab Sidekiq Worker
[Service]
Type=forking
User=git
WorkingDirectory=/usr/share/webapps/gitlab
Environment=RAILS_ENV=production
SyslogIdentifier=gitlab-sidekiq
PIDFile=/var/run/gitlab/sidekiq.pid
ExecStart=/usr/bin/bundle exec "sidekiq -q post_receive,mailer,system_hook,project_web_hook,gitlab_shell,common,default -e production -P /var/run/gitlab/sidekiq.pid -d -L log/sidekiq.log >> log/sidekiq.log 2>&1"
ExecStop=/usr/bin/bundle exec "sidekiqctl stop /var/run/gitlab/sidekiq.pid >> /srv/git/log/sidekiq.log 2>&1"
[Install]
WantedBy=gitlab.target
Raw
gitlab-ssl
# GITLAB
# Contributors: yin8086, sashkab, orkoden, axilleas
# App Version: 5.4 - 6.0
# Modified from nginx http version
# Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
# You need to run openssl to generate a self-signed ssl certificate.
# cd /etc/nginx/
# sudo openssl req -new -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key
# sudo chmod o-r gitlab.key
# Also you need to edit gitlab-shell config.
# 1) Set "gitlab_url" param in gitlab-shell/config.yml to https://git.example.com
# 2) Set "ca_file" to /etc/nginx/gitlab.crt
# 3) Set "self_signed_cert" to true
# You also need to edit gitlab/config/gitlab.yml
# 1) Define port for http "port: 443"
# 2) Enable https "https: true"
# 3) Update ssl for gravatar "ssl_url: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm"
upstream gitlab {
## Uncomment if you have set up puma/unicorn to listen on a unix socket (recommended).
server unix:/var/run/gitlab/gitlab.socket;
## Uncomment if puma/unicorn are configured to listen on a tcp port.
## Check the port number in /home/git/gitlab/config/{puma.rb/unicorn.rb}
# server 127.0.0.1:9292;
}
# This is a normal HTTP host which redirects all traffic to the HTTPS host.
# Replace git.example.com with your FQDN.
server {
listen *:80;
server_name git.example.com;
server_tokens off;
root /nowhere; # this doesn't have to be a valid path since we are redirecting, you don't have to change it.
rewrite ^ https://$server_name$request_uri permanent;
}
server {
listen 443 ssl;
server_name git.example.com;
server_tokens off;
root /usr/share/webapps/gitlab/public;
ssl on;
ssl_certificate /etc/nginx/gitlab.crt;
ssl_certificate_key /etc/nginx/gitlab.key;
ssl_protocols SSLv3 TLSv1 TLSv1.2;
ssl_ciphers AES:HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
# individual nginx logs for this gitlab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
# serve static files from defined root folder;.
# @gitlab is a named location for the upstream fallback, see below
try_files $uri $uri/index.html $uri.html @gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location @gitlab {
proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_redirect off;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://gitlab;
}
}
Raw
gitlab-ssl.conf
#This configuration has been tested on GitLab 6.0.0 and GitLab 6.0.1
#Note this config assumes unicorn is listening on default port 8080.
#Module dependencies
# mod_rewrite
# mod_ssl
# mod_proxy
# mod_proxy_http
# mod_headers
# This section is only needed if you want to redirect http traffic to https.
# You can live without it but clients will have to type in https:// to reach gitlab.
<VirtualHost *:80>
ServerName gitlab.example.com
ServerSignature Off
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
#strong encryption ciphers only
#see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
SSLCertificateFile /etc/httpd/ssl.crt/gitlab.example.com.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/gitlab.example.com.key
SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
ServerName gitlab.example.com
ServerSignature Off
ProxyPreserveHost On
<Location />
Order deny,allow
Allow from all
ProxyPassReverse http://127.0.0.1:8080
ProxyPassReverse http://gitlab.example.com/
</Location>
#apache equivalent of nginx try files
# http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
# http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]
RequestHeader set X_FORWARDED_PROTO 'https'
# needed for downloading attachments
DocumentRoot /usr/share/webapps/gitlab/public
#Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/httpd/logs/gitlab.example.com_error.log
CustomLog /var/log/httpd/logs/gitlab.example.com_forwarded.log common_forwarded
CustomLog /var/log/httpd/logs/gitlab.example.com_access.log combined env=!dontlog
CustomLog /var/log/httpd/logs/gitlab.example.com.log combined
</VirtualHost>
Raw
gitlab-unicorn.service
#####################################################
#
# GitLab version : 5.x - 6.x
# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91
# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd
#
####################################################
[Unit]
Description=GitLab Unicorn Server
[Service]
User=git
WorkingDirectory=/usr/share/webapps/gitlab
Environment=RAILS_ENV=production
SyslogIdentifier=gitlab-unicorn
PIDFile=/var/run/gitlab/unicorn.pid
ExecStart=/usr/bin/bundle exec "unicorn_rails -c /usr/share/webapps/gitlab/config/unicorn.rb -E production"
ExecStop=/usr/bin/kill -QUIT $MAINPID
ExecReload=/usr/bin/kill -USR2 $MAINPID
[Install]
WantedBy=gitlab.target
Raw
gitlab.conf
#This configuration has been tested on GitLab 6.0.0 and GitLab 6.0.1
#Note this config assumes unicorn is listening on default port 8080.
#Module dependencies
# mod_rewrite
# mod_proxy
# mod_proxy_http
<VirtualHost *:80>
ServerName gitlab.example.com
ServerSignature Off
ProxyPreserveHost On
<Location />
Order deny,allow
Allow from all
ProxyPassReverse http://127.0.0.1:8080
ProxyPassReverse http://gitlab.example.com/
</Location>
#apache equivalent of nginx try files
# http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
# http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]
# needed for downloading attachments
DocumentRoot /usr/share/webapps/gitlab/public
#Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/httpd/logs/gitlab.example.com_error.log
CustomLog /var/log/httpd/logs/gitlab.example.com_forwarded.log common_forwarded
CustomLog /var/log/httpd/logs/gitlab.example.com_access.log combined env=!dontlog
CustomLog /var/log/httpd/logs/gitlab.example.com.log combined
</VirtualHost>
Raw
gitlab.install
_datadir=/usr/share/webapps/gitlab
_homedir=/srv/git
fix_perms() {
chown -R git:git "${_datadir}/www"
chown -R git "${_datadir}/tmp"
chown -R git "${_datadir}/log"
chmod -R u+rwX "${_datadir}/tmp"
chmod -R u+rwX "${_datadir}/log"
chown -R git:git "${_homedir}"
# Rails needs to create a token file called .secret into datadir
chown -R git:git "${_datadir}"
}
pids_dir() {
systemd-tmpfiles --create gitlab.conf
}
post_install() {
fix_perms
pids_dir
sudo -u git -H git config --global user.name "GitLab" # IMPORTANT, must be "GitLab"
sudo -u git -H git config --global user.email "git@localhost"
echo "You have to configure the database.
Configure the application database in /etc/webapps/gitlab/database.yml and run:
# su - git -s /bin/sh -c \"cd ${_datadir}; bundle exec rake gitlab:setup RAILS_ENV=production\""
}
pre_upgrade() {
fix_perms
cd "${_datadir}"
sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
}
post_upgrade() {
pids_dir
echo "The database may need to be migrated to reflect the latest changes in the application"
echo "To migrate run the following command:"
echo "# su - git -s /bin/sh -c \"cd ${_datadir}; bundle exec rake db:migrate RAILS_ENV=production\""
echo "To clean up assets and cache:"
echo "# su - git -s /bin/sh -c \"cd ${_datadir}; bundle exec rake assets:clean assets:precompile cache:clear RAILS_ENV=production\""
}
Raw
gitlab.logrotate
# GitLab logrotate settings
# based on: http://stackoverflow.com/a/4883967
/usr/share/webapps/gitlab/log/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
copytruncate
}
Raw
gitlab.target
###########################################################################################
#
# GitLab version : 5.x - 6.x
# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91
# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd
#
###########################################################################################
[Unit]
Description=GitLab - Self Hosted Git Management
Requires=redis.service mysqld.service
After=redis.service mysqld.service syslog.target network.target
[Install]
WantedBy=multi-user.target
Raw
gitlab.tmpfiles.d
d /run/gitlab 0755 git git -
Raw
PKGBUILD
# Contributor: Jonas Heinrich <onny@project-insanity.org>
# Contributor: Massimiliano Torromeo <massimiliano.torromeo@gmail.com>
# Contributor: Pavol (Lopo) Hluchy <lopo AT losys DOT eu>
# Contributor: Joseph Orbegoso Pea <trusktr@gmail.com>
# Maintainer: Jonas Heinrich <onny@project-insanity.org>
pkgname=gitlab
pkgver=6.5.1
pkgrel=6
pkgdesc="Project management and code hosting application"
arch=('any')
url="https://www.gitlab.org"
license=('MIT')
depends=('ruby' 'git' 'ruby-bundler' 'python2' 'gitlab-shell' 'openssh' 'redis')
makedepends=('libxslt' 'icu')
optdepends=(
'mariadb: database backend'
'postgresql: database backend'
'python2-docutils: reStructuredText markup language support'
'postifx: mail server in order to receive mail notifications'
)
_server=''
backup=()
if [[ -n $(which httpd 2> /dev/null) ]]; then
backup+=('etc/httpd/conf/extra/gitlab.conf'
'etc/httpd/conf/extra/gitlab-ssl.conf')
_server+='apache'
fi
if [[ -n $(which nginx 2> /dev/null) ]]; then
backup+=('etc/nginx/sites-available/gitlab-ssl')
_server+='nginx'
fi
if [[ -n $(which lighttpd 2> /dev/null) ]]; then
backup+=('etc/lighttpd/conf.d/10-gitlab.conf')
_server+='lighttpd'
fi
backup+=('etc/webapps/gitlab/gitlab.yml' 'etc/webapps/gitlab/database.yml' 'etc/webapps/gitlab/unicorn.rb')
source=("$pkgname-$pkgver.tar.gz::https://gitlab.com/gitlab-org/gitlab-ce/repository/archive.tar.gz?ref=v${pkgver}"
"gitlab.target"
"gitlab-unicorn.service"
"gitlab-sidekiq.service"
"gitlab.conf"
"gitlab-ssl.conf"
"gitlab-ssl"
"10-gitlab.conf"
"gitlab.tmpfiles.d"
"gitlab.logrotate")
install='gitlab.install'
sha512sums=("becb8c97b937e97ba1ff0229f476276df44e82ac7549d427a16f4b1a0be03a473f156f9cda043ff1a805fb117040a3058731e4763a6290b8241aebb4683ba14e"
"c88b7b500225c9a2bfaf10912fc09e5a3beb7c28890dcc1d49d55dfe92df02cef3f1865a138e7e2802b4e795c9a45cb130819be0a1c115eca9b566b8b9fb4395"
"b08afab73baf8ca02a429fc09ed779f52658c79af2d0c1c7a78297c01707015e06690676ddba25fa804d08dfc29cc819b8fcf45f4374859560e395b4e18f861c"
"e8db9043d65189e3f786dcad9da8cd5e12df8747286c542792504469eb2da7a88f759605ee948583380c6952be80f8cb0a11cb510aa34266648b81a1d6f02fec"
"f021ddcaaf8f4e92db7684f3a7eb34d4d00911efe5a3d57bc78ebb0b9636b2639b1990047c8da3f6d7339ad7a89574cfbfeb59a79c30b099e6f44ecfbf3166f7"
"12b1775f9457d62657e388125b6f6a24a87577632696d3f7b8d5765deb57c2feba13fe8037e93fc362f6d328f3cf00183ff563631ef6b4b8badf104af126854d"
"4a27e26f309063b615045f4ae0a789d4221389539d69aedafde81a7cde0e29f56aeaff2b17d2da51c6d615a9f6c2c087971d3565b3687c1e8023b498c2ec1202"
"c78b6f46abcf603d8db6e38cf50868e14145928422ddfe17c88e2f006b5b910dddf456ec5d6d724b250994530643963809688a98f7e12ebd5b5dabf7f96f0e06"
"09b655ab6eadcb15e81933e0f7bd082e5b6bdacfdd0278f2d024d22b6e0da9d5cf61bd219007c75fa34b7d6d98b179304f3ca5acf0caa050e717ddead974ee22"
"8b0094a4f7bffb909a0ded0d86fbe93c96dd684902354e191844361e36a61109c4696b2003734d57d2d4fe65ba4ebafb87d211c1a9ee532cdc87a1a8abeec0f6")
options=('!strip')
_homedir="/srv/git"
_datadir="/usr/share/webapps/gitlab"
_wo=""
prepare() {
if [[ `pacman -T libmariadbclient` != '' ]]; then
_wo+="${_wo} mysql"
fi
if [[ `pacman -T postgresql-libs` != '' ]]; then
_wo+="${_wo} postgres"
fi
if [[ ${#_wo[@]} == 2 ]]; then
error "Usable DB libs not found"
msg2 "Install at least libmariadbclient or postgresql-libs"
return 1
fi
cd "${srcdir}/gitlab-ce.git"
# Patching config files:
msg "Patching config files:"
sed -e "s|# user: git|user: git|" \
-e "s|/home/git/repositories|${_homedir}/repositories|" \
-e "s|/home/git/gitlab-satellites|${_homedir}/satellites|" \
-e "s|/home/git/gitlab-shell|/usr/share/gitlab-shell|" \
config/gitlab.yml.example > config/gitlab.yml
sed -e "s|/home/git/gitlab/tmp/.*/|/var/run/gitlab/|g" \
-e "s|/home/git/gitlab|${_datadir}|g" \
-e "s|timeout 30|timeout 300|" \
config/unicorn.rb.example > config/unicorn.rb
sed -e "s|username: git|username: git|" \
config/database.yml.mysql > config/database.yml
}
build() {
cd "${srcdir}/gitlab-ce.git"
msg "Fetching bundled gems..."
# Gems will be installed into vendor/bundle
bundle install --no-cache --no-prune --deployment --without development test aws ${_wo[@]}
}
package() {
# Copy main files
msg "Copying main files."
cd "${srcdir}/gitlab-ce.git"
install -d "${pkgdir}/usr/share/webapps"
cp -r "${srcdir}/gitlab-ce.git" "${pkgdir}${_datadir}"
# Creating directories
msg "Creating directories"
install -d \
"${pkgdir}/etc/webapps/gitlab" \
"${pkgdir}/usr/share/webapps" \
"${pkgdir}/usr/share/doc/${pkgname}" \
"${pkgdir}${_homedir}/www" \
"${pkgdir}${_datadir}/www" \
"${pkgdir}${_datadir}/public/uploads"
ln -fs /run/gitlab "${pkgdir}${_homedir}/pids"
ln -fs /run/gitlab "${pkgdir}${_homedir}/sockets"
# Install config files
msg "Install config files"
for _file in gitlab.yml unicorn.rb database.yml; do
mv "config/${_file}" "${pkgdir}/etc/webapps/gitlab/"
[[ -f "${pkgdir}${_datadir}/config/${_file}" ]] && rm "${pkgdir}${_datadir}/config/${_file}"
ln -s "/etc/webapps/gitlab/${_file}" "${pkgdir}${_datadir}/config/"
done
# Install license and help files
msg "Install license and help files"
mv README.md MAINTENANCE.md CONTRIBUTING.md CHANGELOG config/*.{example,mysql,postgresql} "${pkgdir}/usr/share/doc/${pkgname}"
install -D "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
rm "${pkgdir}/usr/share/webapps/gitlab/LICENSE"
# Install systemd service files
msg "Install systemd service files"
for _file in gitlab.target gitlab-unicorn.service gitlab-sidekiq.service; do
install -Dm0755 "${srcdir}/${_file}" "${pkgdir}/usr/lib/systemd/system/${_file}"
done
install -Dm644 "${srcdir}/gitlab.tmpfiles.d" "${pkgdir}/usr/lib/tmpfiles.d/gitlab.conf"
install -Dm644 "${srcdir}/gitlab.logrotate" "${pkgdir}/etc/logrotate.d/gitlab"
# Install apache, nginx and lighttpd template files (if they are installed)
msg "Install apache, nginx and lighttpd template files (if they are installed)"
case ${_server} in
apache)
install -d "${pkgdir}/etc/httpd/conf/extra"
install -m 644 "${srcdir}/gitlab.conf" "${pkgdir}/etc/httpd/conf/extra/"
install -m 644 "${srcdir}/gitlab-ssl.conf" "${pkgdir}/etc/httpd/conf/extra/"
;;
nginx)
install -d "${pkgdir}/etc/nginx/sites-available"
install -m 644 "${srcdir}/gitlab-ssl" "${pkgdir}/etc/nginx/sites-available/"
;;
lighttpd)
install -d "${pkgdir}/etc/lighttpd/conf.d"
install -m 644 "${srcdir}/10-gitlab.conf" "${pkgdir}/etc/lighttpd/conf.d/"
;;
esac
}
# vim:set ts=4 sw=4 et:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment