Put nginx config

2b2b0506 · Kamil Trzcińśki · e0fdbfd3 · 2b2b0506 · 2b2b0506
Commit 2b2b0506 authored 9 years ago by Kamil Trzcińśki
--- a/lib/support/nginx/gitlab
+++ b/lib/support/nginx/gitlab
@@ -206,3 +206,24 @@ server {
  
  error_page 502 /502.html;
 }
+
+## Pages serving host
+server {
+  listen 0.0.0.0:80;
+  listen [::]:80 ipv6only=on;
+  server_name ~^(?<subdomain>.*)\.example\.gitlab\.com$;
+  root /home/git/gitlab/shared/pages/${subdomain};
+
+  ## Individual nginx logs for this GitLab vhost
+  access_log  /var/log/nginx/gitlab_pages_access.log;
+  error_log   /var/log/nginx/gitlab_pages_error.log;
+
+  location / {
+    ## Serve static files from defined root folder.
+    ## @gitlab is a named location for the upstream fallback, see below.
+    try_files $uri $uri/index.html $uri.html;
+  }
+
+  error_page 404 /404.html;
+  error_page 502 /502.html;
+}
--- a/lib/support/nginx/gitlab-ssl
+++ b/lib/support/nginx/gitlab-ssl
@@ -238,3 +238,37 @@ server {
  
  error_page 502 /502.html;
 }
+
+## Pages serving host
+server {
+  listen 0.0.0.0:443 ssl;
+  listen [::]:443 ipv6only=on ssl default_server;
+  server_name ~^(?<subdomain>.*)\.gitlab\.com$;
+  root /home/git/gitlab/shared/pages/${subdomain};
+
+  ## Strong SSL Security
+  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/gitlab_wildcard.crt;
+  ssl_certificate_key /etc/nginx/ssl/gitlab_wildcard.key;
+
+  # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
+  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_prefer_server_ciphers on;
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_timeout 5m;
+
+  ## Individual nginx logs for this GitLab vhost
+  access_log  /var/log/nginx/gitlab_pages_access.log;
+  error_log   /var/log/nginx/gitlab_pages_error.log;
+
+  location / {
+    ## Serve static files from defined root folder.
+    ## @gitlab is a named location for the upstream fallback, see below.
+    try_files $uri $uri/index.html $uri.html;
+  }
+
+  error_page 404 /404.html;
+  error_page 502 /502.html;
+}