Add missing omnibus configs for Apache and update instructions

cherry-picked from 2a11c674, bfa6fb3a and 078878c3

Add missing omnibus configs for Apache and update instructions
40815914 · Achilleas Pipinellis · p-schneider · d3eae4c0 · 40815914 · 40815914
Commit 40815914 authored 9 years ago by Achilleas Pipinellis Committed by p-schneider 9 years ago
--- a/web-server/apache/README.md
+++ b/web-server/apache/README.md
@@ -3,14 +3,30 @@
 The configuration files in this directory were tested with GitLab 8.1. For
 versions of GitLab older than 8.0, check the `apache-old` branch.
  
+## Installations from source
+
 If you are using Apache version 2.4 or above, please use files
 [gitlab-apache24.conf](gitlab-apache24.conf) or [gitlab-ssl-apache24.conf](gitlab-ssl-apache24.conf)
 for the HTTP and HTTPS versions of the vhost repectively.
  
-If you are using Apache version 2.2 or above, please use files
+If you are using Apache version 2.2, please use files
 [gitlab-apache22.conf](gitlab-apache22.conf) or [gitlab-ssl-apache22.conf](gitlab-ssl-apache22.conf)
 for the HTTP and HTTPS versions of the vhost repectively.
  
+To allow `gitlab-git-http-server` to listen on port 8181, edit or create
+`/etc/default/gitlab` and change or add the following:
+
+```
+gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
+```
+
+## Installations unsing the Omnibus packages
+
+[Omnibus packages][] use their own bundled Nginx server. If you want to use your
+own external Apache server, follow the steps to [configure GitLab][omnibuswebext].
+
+In the last step you will need to download the config from this repository.
+
 # RHEL6/CentOS6 recommendations
  
 Most of the settings below were tested on CentOS 6, but are probably applicable
@@ -214,3 +230,5 @@ to better understand it.
 [sock]: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
 [reports]: https://github.com/gitlabhq/gitlabhq/issues/5139
 [digiocean]: https://www.digitalocean.com/community/tutorials/how-to-get-started-with-mod_pagespeed-with-apache-on-an-ubuntu-and-debian-cloud-server
+[Omnibus packages]: https://about.gitlab.com/downloads/
+[omnibuswebext]: http://doc.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
--- a/web-server/apache/gitlab-apache22.conf
+++ b/web-server/apache/gitlab-apache22.conf
 # This configuration has been tested on GitLab 8.1
 # Note this config assumes unicorn is listening on default port 8080 and gitlab-git-http-server is listening on port 8181.
 # To allow gitlab-git-http-server to listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr localhost:8181 -authBackend http://127.0.0.1:8080"
+# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
  
 #Module dependencies
 #  mod_rewrite
@@ -9,7 +9,7 @@
 #  mod_proxy_http
 # HTTP Configuration
 <VirtualHost *:80>
-  ServerName gitlab.example.com
+  ServerName YOUR_SERVER_FQDN
  ServerSignature Off
  
  ProxyPreserveHost On
@@ -26,7 +26,7 @@
      ProxyPassReverse http://127.0.0.1:8181
      #Allow forwarding to GitLab Rails app (Unicorn)
      ProxyPassReverse http://127.0.0.1:8080
-      ProxyPassReverse http://gitlab.example.com/
+      ProxyPassReverse http://YOUR_SERVER_FQDN/
  </Location>
  
  #apache equivalent of nginx try files
@@ -57,9 +57,9 @@
  # For Debian distributions you might want to change this to
  # /var/log/apache2.
  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
-  ErrorLog  /var/log/httpd/logs/gitlab.example.com_error.log
-  CustomLog /var/log/httpd/logs/gitlab.example.com_forwarded.log common_forwarded
-  CustomLog /var/log/httpd/logs/gitlab.example.com_access.log combined env=!dontlog
-  CustomLog /var/log/httpd/logs/gitlab.example.com.log combined
+  ErrorLog  /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
  
 </VirtualHost>
--- a/web-server/apache/gitlab-apache24.conf
+++ b/web-server/apache/gitlab-apache24.conf
-# This configuration has been tested on GitLab 8.0.0
+# This configuration has been tested on GitLab 8.1
 # Note this config assumes unicorn is listening on default port 8080 and gitlab-git-http-server is listening on port 8181.
 # To allow gitlab-git-http-server to listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr localhost:8181 -authBackend http://127.0.0.1:8080"
+# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
  
 #Module dependencies
 #  mod_rewrite

--- a/web-server/apache/gitlab-omnibus-apache22.conf
+++ b/web-server/apache/gitlab-omnibus-apache22.conf
+# This configuration has been tested on GitLab 8.1
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-git-http-server is listening on port 8181. To allow gitlab-git-http-server to
+# listen on port 8181, edit /etc/gitlab/gitlab.rb and change the following:
+#
+# gitlab_git_http_server['listen_network'] = "tcp"
+# gitlab_git_http_server['listen_addr'] = "127.0.0.1:8181"
+#
+#Module dependencies
+#  mod_rewrite
+#  mod_proxy
+#  mod_proxy_http
+# HTTP Configuration
+<VirtualHost *:80>
+  ServerName YOUR_SERVER_FQDN
+  ServerSignature Off
+
+  ProxyPreserveHost On
+
+  # Ensure that encoded slashes are not decoded but left in their encoded state.
+  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+  AllowEncodedSlashes NoDecode
+
+  <Location />
+      Order deny,allow
+      Allow from all
+
+      #Allow forwarding to gitlab-git-http-server
+      ProxyPassReverse http://127.0.0.1:8181
+      #Allow forwarding to GitLab Rails app (Unicorn)
+      ProxyPassReverse http://127.0.0.1:8080
+      ProxyPassReverse http://YOUR_SERVER_FQDN/
+  </Location>
+
+  #apache equivalent of nginx try files
+  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+  RewriteEngine on
+  #Forward these requests to gitlab-git-http-server
+  RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/repository/archive.* [OR]
+  RewriteCond %{REQUEST_URI} ^/api/v3/projects/.*/repository/archive.* [OR]
+  RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$
+  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+  #Forward any other requests to GitLab Rails app (Unicorn)
+  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+  RewriteCond %{REQUEST_URI} ^/uploads
+  RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE]
+
+  # needed for downloading attachments
+  DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
+
+  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+  ErrorDocument 404 /404.html
+  ErrorDocument 422 /422.html
+  ErrorDocument 500 /500.html
+  ErrorDocument 503 /deploy.html
+
+  # It is assumed that the log directory is in /var/log/httpd.
+  # For Debian distributions you might want to change this to
+  # /var/log/apache2.
+  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+  ErrorLog  /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+</VirtualHost>
--- a/web-server/apache/gitlab-omnibus-apache24.conf
+++ b/web-server/apache/gitlab-omnibus-apache24.conf
+# This configuration has been tested on GitLab 8.1
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-git-http-server is listening on port 8181. To allow gitlab-git-http-server to
+# listen on port 8181, edit /etc/gitlab/gitlab.rb and change the following:
+#
+# gitlab_git_http_server['listen_network'] = "tcp"
+# gitlab_git_http_server['listen_addr'] = "127.0.0.1:8181"
+#
+#Module dependencies
+#  mod_rewrite
+#  mod_proxy
+#  mod_proxy_http
+<VirtualHost *:80>
+  ServerName YOUR_SERVER_FQDN
+  ServerSignature Off
+
+  ProxyPreserveHost On
+
+  # Ensure that encoded slashes are not decoded but left in their encoded state.
+  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+  AllowEncodedSlashes NoDecode
+
+  <Location />
+    # New authorization commands for apache 2.4 and up
+    # http://httpd.apache.org/docs/2.4/upgrading.html#access
+    Require all granted
+
+    #Allow forwarding to gitlab-git-http-server
+    ProxyPassReverse http://127.0.0.1:8181
+    #Allow forwarding to GitLab Rails app (Unicorn)
+    ProxyPassReverse http://127.0.0.1:8080
+    ProxyPassReverse http://YOUR_SERVER_FQDN/
+  </Location>
+
+  #apache equivalent of nginx try files
+  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+  RewriteEngine on
+  #Forward these requests to gitlab-git-http-server
+  RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/repository/archive.* [OR]
+  RewriteCond %{REQUEST_URI} ^/api/v3/projects/.*/repository/archive.* [OR]
+  RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$
+  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+  #Forward any other requests to GitLab Rails app (Unicorn)
+  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+  RewriteCond %{REQUEST_URI} ^/uploads
+  RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE]
+
+  # needed for downloading attachments
+  DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
+
+  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+  ErrorDocument 404 /404.html
+  ErrorDocument 422 /422.html
+  ErrorDocument 500 /500.html
+  ErrorDocument 503 /deploy.html
+
+  # It is assumed that the log directory is in /var/log/httpd.
+  # For Debian distributions you might want to change this to
+  # /var/log/apache2.
+  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+  ErrorLog  /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+</VirtualHost>
--- a/web-server/apache/gitlab-omnibus-ssl-apache22.conf
+++ b/web-server/apache/gitlab-omnibus-ssl-apache22.conf
+# This configuration has been tested on GitLab 8.1
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-git-http-server is listening on port 8181. To allow gitlab-git-http-server to
+# listen on port 8181, edit /etc/gitlab/gitlab.rb and change the following:
+#
+# gitlab_git_http_server['listen_network'] = "tcp"
+# gitlab_git_http_server['listen_addr'] = "127.0.0.1:8181"
+#
+#Module dependencies
+# mod_rewrite
+# mod_ssl
+# mod_proxy
+# mod_proxy_http
+# mod_headers
+
+# This section is only needed if you want to redirect http traffic to https.
+# You can live without it but clients will have to type in https:// to reach gitlab.
+<VirtualHost *:80>
+  ServerName YOUR_SERVER_FQDN
+  ServerSignature Off
+
+  RewriteEngine on
+  RewriteCond %{HTTPS} !=on
+  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+  SSLEngine on
+  #strong encryption ciphers only
+  #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
+  SSLProtocol all -SSLv2
+  SSLHonorCipherOrder on
+  SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
+  Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+  SSLCompression Off
+  SSLCertificateFile    /etc/pki/tls/certs/YOUR_SERVER_FQDN.crt
+  SSLCertificateKeyFile /etc/pki/tls/private/YOUR_SERVER_FQDN.key
+  SSLCACertificateFile  /etc/pki/tls/certs/YOUR_SERVER_FQDN.ca-bundle.crt
+
+  ServerName YOUR_SERVER_FQDN
+  ServerSignature Off
+
+  ProxyPreserveHost On
+
+  # Ensure that encoded slashes are not decoded but left in their encoded state.
+  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+  AllowEncodedSlashes NoDecode
+
+  <Location />
+      Order deny,allow
+      Allow from all
+
+      #Allow forwarding to gitlab-git-http-server
+      ProxyPassReverse http://127.0.0.1:8181
+      #Allow forwarding to GitLab Rails app (Unicorn)
+      ProxyPassReverse http://127.0.0.1:8080
+      ProxyPassReverse http://YOUR_SERVER_FQDN/
+  </Location>
+
+  # Apache equivalent of nginx try files
+  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+  RewriteEngine on
+
+  #Forward these requests to gitlab-git-http-server
+  RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/repository/archive.* [OR]
+  RewriteCond %{REQUEST_URI} ^/api/v3/projects/.*/repository/archive.* [OR]
+  RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$
+  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+  #Forward any other requests to GitLab Rails app (Unicorn)
+  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+  RewriteCond %{REQUEST_URI} ^/uploads
+  RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE]
+  RequestHeader set X_FORWARDED_PROTO 'https'
+  RequestHeader set X-Forwarded-Ssl on
+
+  # needed for downloading attachments
+  DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
+
+  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+  ErrorDocument 404 /404.html
+  ErrorDocument 422 /422.html
+  ErrorDocument 500 /500.html
+  ErrorDocument 503 /deploy.html
+
+  # It is assumed that the log directory is in /var/log/httpd.
+  # For Debian distributions you might want to change this to
+  # /var/log/apache2.
+  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+  ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+</VirtualHost>
--- a/web-server/apache/gitlab-omnibus-ssl-apache24.conf
+++ b/web-server/apache/gitlab-omnibus-ssl-apache24.conf
+# This configuration has been tested on GitLab 8.1
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-git-http-server is listening on port 8181. To allow gitlab-git-http-server to
+# listen on port 8181, edit /etc/gitlab/gitlab.rb and change the following:
+#
+# gitlab_git_http_server['listen_network'] = "tcp"
+# gitlab_git_http_server['listen_addr'] = "127.0.0.1:8181"
+#
+#Module dependencies
+# mod_rewrite
+# mod_ssl
+# mod_proxy
+# mod_proxy_http
+# mod_headers
+
+# This section is only needed if you want to redirect http traffic to https.
+# You can live without it but clients will have to type in https:// to reach gitlab.
+<VirtualHost *:80>
+  ServerName YOUR_SERVER_FQDN
+  ServerSignature Off
+
+  RewriteEngine on
+  RewriteCond %{HTTPS} !=on
+  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+  SSLEngine on
+  #strong encryption ciphers only
+  #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
+  SSLProtocol all -SSLv2
+  SSLHonorCipherOrder on
+  SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
+  Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+  SSLCompression Off
+  SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
+  SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
+  SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
+
+  ServerName YOUR_SERVER_FQDN
+  ServerSignature Off
+
+  ProxyPreserveHost On
+
+  # Ensure that encoded slashes are not decoded but left in their encoded state.
+  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+  AllowEncodedSlashes NoDecode
+
+  <Location />
+    # New authorization commands for apache 2.4 and up
+    # http://httpd.apache.org/docs/2.4/upgrading.html#access
+    Require all granted
+
+    #Allow forwarding to gitlab-git-http-server
+    ProxyPassReverse http://127.0.0.1:8181
+    #Allow forwarding to GitLab Rails app (Unicorn)
+    ProxyPassReverse http://127.0.0.1:8080
+    ProxyPassReverse http://YOUR_SERVER_FQDN/
+  </Location>
+
+  # Apache equivalent of nginx try files
+  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+  RewriteEngine on
+
+  #Forward these requests to gitlab-git-http-server
+  RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/repository/archive.* [OR]
+  RewriteCond %{REQUEST_URI} ^/api/v3/projects/.*/repository/archive.* [OR]
+  RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$
+  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+  #Forward any other requests to GitLab Rails app (Unicorn)
+  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+  RewriteCond %{REQUEST_URI} ^/uploads
+  RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE]
+  RequestHeader set X_FORWARDED_PROTO 'https'
+  RequestHeader set X-Forwarded-Ssl on
+
+  # needed for downloading attachments
+  DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
+
+  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+  ErrorDocument 404 /404.html
+  ErrorDocument 422 /422.html
+  ErrorDocument 500 /500.html
+  ErrorDocument 503 /deploy.html
+
+  # It is assumed that the log directory is in /var/log/httpd.
+  # For Debian distributions you might want to change this to
+  # /var/log/apache2.
+  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+  ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+</VirtualHost>
--- a/web-server/apache/gitlab-ssl-apache22.conf
+++ b/web-server/apache/gitlab-ssl-apache22.conf
 # This configuration has been tested on GitLab 8.1
 # Note this config assumes unicorn is listening on default port 8080 and gitlab-git-http-server is listening on port 8181.
 # To allow gitlab-git-http-server to listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr localhost:8181 -authBackend http://127.0.0.1:8080"
+# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
  
 #Module dependencies
 # mod_rewrite

--- a/web-server/apache/gitlab-ssl-apache24.conf
+++ b/web-server/apache/gitlab-ssl-apache24.conf
 # This configuration has been tested on GitLab 8.1
 # Note this config assumes unicorn is listening on default port 8080 and gitlab-git-http-server is listening on port 8181.
 # To allow gitlab-git-http-server to listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr localhost:8181 -authBackend http://127.0.0.1:8080"
+# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
  
 #Module dependencies
 # mod_rewrite

--- a/web-server/nginx/README.md
+++ b/web-server/nginx/README.md
 ## Nginx config moved to official repository
  
-You can find the nginx config in [GitLab official repository][gitlab].
+You can find the nginx config in [GitLab official repository][gitlab] which can
+be used for source installations.
+
+## Omnibus configs
+
+[Omnibus packages][] use their own bundled nginx server. If you want to use your
+own external Nginx server, follow the first 3 steps to
+[configure GitLab][omnibusnginxext] and then download the appropriate config
+file (ssl or non-ssl) from this directory.
+
+After placing the configs in their appropriate location
+(read [Different conf directories](#different-conf-directories)), make sure to
+restart Nginx.
  
 ## CentOS related Nginx notes
  
 ### Different conf directories
  
-If nginx is installed through the package manager, adjust sites in `/etc/nginx/conf.d/` 
+If nginx is installed through the package manager, adjust sites in `/etc/nginx/conf.d/`
 instead of `/etc/nginx/sites-available/` or create those directories and tell `nginx`
 to monitor them:
  
@@ -31,3 +43,5 @@ or replace the default `nginx` user with `git` and group `root` in `/etc/nginx/n
    user              git root;
  
 [gitlab]: https://gitlab.com/gitlab-org/gitlab-ce/tree/master/lib/support/nginx "Nginx config for GitLab"
+[Omnibus packages]: https://about.gitlab.com/downloads/
+[omnibusnginxext]: http://doc.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server