Skip to content
Snippets Groups Projects
Commit 457b39d2 authored by Jacob Vosmaer (GitLab)'s avatar Jacob Vosmaer (GitLab)
Browse files

Use NGINX for HTTPS development

parent e6b58035
No related branches found
No related tags found
1 merge request!158Use NGINX for HTTPS development
Hide whitespace changes
Inline Side-by-side
.gitignore
+ 8
0
View file @ 457b39d2
@@ -34,3 +34,11 @@ grafana/
openssh/*_key
openssh/*.pub
openssh/sshd_config
nginx/logs
nginx/conf/nginx.conf
nginx/tmp
nginx/client_body_temp
nginx/fastcgi_temp
nginx/proxy_temp
nginx/scgi_temp
nginx/uwsgi_temp
Makefile
+ 12
6
View file @ 457b39d2
@@ -88,7 +88,7 @@ gitlab-shell/.git/pull:
 
# Set up supporting services
 
support-setup: .ruby-version foreman Procfile redis postgresql openssh-setup
support-setup: .ruby-version foreman Procfile redis postgresql openssh-setup nginx-setup
@echo ""
@echo "*********************************************"
@echo "************** Setup finished! **************"
@@ -137,11 +137,6 @@ foreman:
.ruby-version:
ln -s ${gitlab_development_root}/gitlab/.ruby-version $@
 
localhost.pem: localhost.crt localhost.key
touch $@
chmod 600 $@
cat localhost.key localhost.crt > $@
localhost.crt: localhost.key
 
localhost.key:
@@ -206,6 +201,17 @@ openssh/sshd_config:
openssh/ssh_host_rsa_key:
ssh-keygen -f $@ -N '' -t rsa
 
nginx-setup: nginx/conf/nginx.conf nginx/logs nginx/tmp
nginx/conf/nginx.conf:
sed -e "s|/home/git|${gitlab_development_root}|" nginx/conf/nginx.conf.example > $@
nginx/logs:
mkdir -p $@
nginx/tmp:
mkdir -p $@
clean-config:
rm -f \
gitlab/config/gitlab.yml \
Procfile.example
+ 1
1
View file @ 457b39d2
@@ -5,7 +5,7 @@ postgresql: support/postgresql-signal-wrapper postgres -D /home/git/postgresql/d
gitlab-workhorse: PATH=/home/git/gitlab-workhorse:$PATH gitlab-workhorse -authSocket /home/git/gitlab.socket -listenAddr $host:$port -documentRoot /home/git/gitlab/public -developmentMode
rails-web: RAILS_ENV=development support/exec-cd gitlab bin/web start_foreground
rails-background-jobs: RAILS_ENV=development support/exec-cd gitlab bin/background_jobs start_foreground
#workhorse-stunnel: support/workhorse-stunnel localhost:3443 /home/git/gitlab.socket /home/git/localhost.pem
#influxdb: influxdb/bin/influxd -config influxdb/influxdb.conf
#grafana: support/wait-postgresql-ready support/exec-cd grafana bin/grafana-server -config grafana.ini
#sshd: /usr/sbin/sshd -e -D -f /home/git/openssh/sshd_config
#nginx: nginx -p /home/git/nginx -c conf/nginx.conf
\ No newline at end of file
README.md
+ 10
6
View file @ 457b39d2
@@ -584,22 +584,26 @@ sudo mount 127.0.0.1:/exports/gitlab-data/gitlab-satellites gitlab-satellites
## HTTPS
 
If you want to access GitLab via HTTPS in development you can use
stunnel. The `support/workhorse-stunnel` script requires stunnel 4.0 or
newer. On OS X you can install stunnel with `brew install stunnel`.
NGINX. On OS X you can install stunnel with `brew install nginx`.
 
First generate a key and certificate for localhost:
 
```
make localhost.pem
make localhost.crt
```
 
On OS X you can add this certificate to the trust store with:
`security add-trusted-cert localhost.crt`.
 
Next make sure that HTTPS is enabled in gitlab/config/gitlab.yml.
Next make sure that HTTPS is enabled in gitlab/config/gitlab.yml: look
for the `https:` and `port:` settings.
 
Uncomment the `workhorse-stunnel` line in your Procfile. Now `./run app`
(and `./run`) will start stunnel listening on https://localhost:3443.
Uncomment the `nginx` line in your Procfile. Now `./run app`
(and `./run`) will start NGINX listening on https://localhost:3443.
If you are using a port other than localhost:3000 for
gitlab-workhorse, or if you want to use a port other than
localhost:3443 for NGINX, please edit `nginx/conf/nginx.conf`.
 
## SSH
 
nginx/conf/mime.types 0 → 100644
+ 89
0
View file @ 457b39d2
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
nginx/conf/nginx.conf.example 0 → 100644
+ 51
0
View file @ 457b39d2
worker_processes 1;
daemon off;
pid tmp/nginx.pid;
error_log stderr;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
access_log logs/access.log;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
proxy_temp_path proxy_temp;
client_body_temp_path client_body_temp;
uwsgi_temp_path uwsgi_temp;
fastcgi_temp_path fastcgi_temp;
scgi_temp_path scgi_temp;
client_max_body_size 0;
upstream gitlab-workhorse {
server 127.0.0.1:3000 fail_timeout=0;
}
server {
listen 127.0.0.1:3443 ssl;
ssl_certificate /home/git/localhost.crt;
ssl_certificate_key /home/git/localhost.key;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-workhorse;
}
}
}
run
+ 1
1
View file @ 457b39d2
@@ -55,7 +55,7 @@ db() {
 
app() {
print_port
foreman_start -c all=0,rails-web=1,rails-background-jobs=1,gitlab-workhorse=1,workhorse-stunnel=1,grafana=1,sshd=1
foreman_start -c all=0,rails-web=1,rails-background-jobs=1,gitlab-workhorse=1,nginx=1,grafana=1,sshd=1
}
 
grafana() {
support/workhorse-stunnel deleted 100755 → 0
+ 0
19
View file @ e6b58035
#!/bin/sh
main() {
exec stunnel -fd 3 3<<EOF
foreground = yes
[workhorse-https]
accept = $1
connect = $2
cert = $3
EOF
}
if [ $# -ne 3 ] ; then
echo "Usage: $0 LISTEN_ADDRESS WORKHORSE_SOCKET CERTIFICATE"
exit 1
fi
main "$@"
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment