From 2b120087f3fdddca03d79c6b67275b0509afa154 Mon Sep 17 00:00:00 2001 From: Adam Coldrick Date: Fri, 9 May 2014 10:52:06 +0000 Subject: Add a configure extension and relevant files for installing GitLab --- .../gitlab-ci/config/application.yml | 43 ++++ .../gitlab-install/gitlab-ci/config/resque.yml | 3 + .../gitlab-install/gitlab-ci/config/unicorn.rb | 102 ++++++++ .../gitlab-ci/lib/support/nginx/gitlab_ci | 36 +++ .../share/gitlab-install/gitlab-shell/config.yml | 41 ++++ .../gitlab-install/gitlab/config/database.yml | 49 ++++ .../share/gitlab-install/gitlab/config/gitlab.yml | 270 +++++++++++++++++++++ .../gitlab/config/initializers/rack_attack.rb | 18 ++ .../share/gitlab-install/gitlab/config/resque.yml | 3 + .../share/gitlab-install/gitlab/config/unicorn.rb | 113 +++++++++ .../gitlab-install/gitlab/lib/support/nginx/gitlab | 70 ++++++ gitlab-server/usr/share/gitlab-install/nginx.conf | 73 ++++++ .../systemd-units/gitlab-ci-sidekiq.service | 24 ++ .../systemd-units/gitlab-ci-unicorn.service | 24 ++ .../systemd-units/gitlab-sidekiq.service | 24 ++ .../systemd-units/gitlab-unicorn.service | 24 ++ .../gitlab-install/systemd-units/gitlab.target | 15 ++ .../gitlab-install/systemd-units/nginx.service | 15 ++ .../gitlab-install/systemd-units/postgres.service | 25 ++ .../gitlab-install/systemd-units/redis.service | 13 + gitlab-server/usr/share/gitlab-setup | 104 ++++++++ 21 files changed, 1089 insertions(+) create mode 100644 gitlab-server/usr/share/gitlab-install/gitlab-ci/config/application.yml create mode 100644 gitlab-server/usr/share/gitlab-install/gitlab-ci/config/resque.yml create mode 100644 gitlab-server/usr/share/gitlab-install/gitlab-ci/config/unicorn.rb create mode 100644 gitlab-server/usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci create mode 100644 gitlab-server/usr/share/gitlab-install/gitlab-shell/config.yml create mode 100644 gitlab-server/usr/share/gitlab-install/gitlab/config/database.yml create mode 100644 gitlab-server/usr/share/gitlab-install/gitlab/config/gitlab.yml create mode 100644 gitlab-server/usr/share/gitlab-install/gitlab/config/initializers/rack_attack.rb create mode 100644 gitlab-server/usr/share/gitlab-install/gitlab/config/resque.yml create mode 100644 gitlab-server/usr/share/gitlab-install/gitlab/config/unicorn.rb create mode 100644 gitlab-server/usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab create mode 100644 gitlab-server/usr/share/gitlab-install/nginx.conf create mode 100644 gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-sidekiq.service create mode 100644 gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-unicorn.service create mode 100644 gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-sidekiq.service create mode 100644 gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-unicorn.service create mode 100644 gitlab-server/usr/share/gitlab-install/systemd-units/gitlab.target create mode 100644 gitlab-server/usr/share/gitlab-install/systemd-units/nginx.service create mode 100644 gitlab-server/usr/share/gitlab-install/systemd-units/postgres.service create mode 100644 gitlab-server/usr/share/gitlab-install/systemd-units/redis.service create mode 100755 gitlab-server/usr/share/gitlab-setup (limited to 'gitlab-server/usr/share') diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/application.yml b/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/application.yml new file mode 100644 index 00000000..6eb5eb19 --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/application.yml @@ -0,0 +1,43 @@ +defaults: &defaults + gitlab_server_urls: + # Replace with your gitlab server url + - 'http://##GITLAB_HOSTNAME##/' + + ## Gitlab CI settings + gitlab_ci: + ## Web server settings + host: ##GITLAB_HOSTNAME## + port: ##CI_PORT## + https: false + + ## Email settings + # Email address used in the "From" field in mails sent by GitLab-CI + email_from: gitlab-ci@localhost + + # Email address of your support contact (default: same as email_from) + support_email: support@localhost + + # Default project notifications settings: + # + # Send emails only on broken builds (default: true) + # all_broken_builds: true + # + # Add committer to recipients list (default: false) + # add_committer: true + + gravatar: + enabled: true + plain_url: "http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=mm" + ssl_url: "https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm" + + +development: + <<: *defaults + +test: + <<: *defaults + gitlab_server_urls: + - 'http://demo.gitlab.com/' + +production: + <<: *defaults diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/resque.yml b/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/resque.yml new file mode 100644 index 00000000..f42ffe78 --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/resque.yml @@ -0,0 +1,3 @@ +development: redis://127.0.0.1:6379 +test: redis://127.0.0.1:6379 +production: redis://127.0.0.1:6379 diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/unicorn.rb b/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/unicorn.rb new file mode 100644 index 00000000..cdcbe39a --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/unicorn.rb @@ -0,0 +1,102 @@ +# Sample verbose configuration file for Unicorn (not Rack) +# +# This configuration file documents many features of Unicorn +# that may not be needed for some applications. See +# http://unicorn.bogomips.org/examples/unicorn.conf.minimal.rb +# for a much simpler configuration file. +# +# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete +# documentation. + +# Use at least one worker per core if you're on a dedicated server, +# more will usually help for _short_ waits on databases/caches. +worker_processes 2 + +# Since Unicorn is never exposed to outside clients, it does not need to +# run on the standard HTTP port (80), there is no reason to start Unicorn +# as root unless it's from system init scripts. +# If running the master process as root and the workers as an unprivileged +# user, do this to switch euid/egid in the workers (also chowns logs): +# user "unprivileged_user", "unprivileged_group" + +# Help ensure your application will always spawn in the symlinked +# "current" directory that Capistrano sets up. +working_directory "/home/gitlab_ci/gitlab-ci" # available in 0.94.0+ + +# listen on both a Unix domain socket and a TCP port, +# we use a shorter backlog for quicker failover when busy +listen "/home/gitlab_ci/gitlab-ci/tmp/sockets/gitlab-ci.socket", :backlog => 64 +listen "127.0.0.1:##UNICORN_CI_PORT##", :tcp_nopush => true + +# nuke workers after 30 seconds instead of 60 seconds (the default) +timeout 30 + +# feel free to point this anywhere accessible on the filesystem +pid "/home/gitlab_ci/gitlab-ci/tmp/pids/unicorn.pid" + +# By default, the Unicorn logger will write to stderr. +# Additionally, some applications/frameworks log to stderr or stdout, +# so prevent them from going to /dev/null when daemonized here: +stderr_path "/home/gitlab_ci/gitlab-ci/log/unicorn.stderr.log" +stdout_path "/home/gitlab_ci/gitlab-ci/log/unicorn.stdout.log" + +# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings +# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow +preload_app true +GC.respond_to?(:copy_on_write_friendly=) and + GC.copy_on_write_friendly = true + +# Enable this flag to have unicorn test client connections by writing the +# beginning of the HTTP headers before calling the application. This +# prevents calling the application for connections that have disconnected +# while queued. This is only guaranteed to detect clients on the same +# host unicorn runs on, and unlikely to detect disconnects even on a +# fast LAN. +check_client_connection false + +before_fork do |server, worker| + # the following is highly recomended for Rails + "preload_app true" + # as there's no need for the master process to hold a connection + defined?(ActiveRecord::Base) and + ActiveRecord::Base.connection.disconnect! + + # The following is only recommended for memory/DB-constrained + # installations. It is not needed if your system can house + # twice as many worker_processes as you have configured. + # + # This allows a new master process to incrementally + # phase out the old master process with SIGTTOU to avoid a + # thundering herd (especially in the "preload_app false" case) + # when doing a transparent upgrade. The last worker spawned + # will then kill off the old master process with a SIGQUIT. + old_pid = "#{server.config[:pid]}.oldbin" + if old_pid != server.pid + begin + sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU + Process.kill(sig, File.read(old_pid).to_i) + rescue Errno::ENOENT, Errno::ESRCH + end + end + # + # Throttle the master from forking too quickly by sleeping. Due + # to the implementation of standard Unix signal handlers, this + # helps (but does not completely) prevent identical, repeated signals + # from being lost when the receiving process is busy. + # sleep 1 +end + +after_fork do |server, worker| + # per-process listener ports for debugging/admin/migrations + # addr = "127.0.0.1:#{9293 + worker.nr}" + # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true) + + # the following is *required* for Rails + "preload_app true", + defined?(ActiveRecord::Base) and + ActiveRecord::Base.establish_connection + + # if preload_app is true, then you may also want to check and + # restart any other shared sockets/descriptors such as Memcached, + # and Redis. TokyoCabinet file handles are safe to reuse + # between any number of forked children (assuming your kernel + # correctly implements pread()/pwrite() system calls) +end diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci b/gitlab-server/usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci new file mode 100644 index 00000000..aa26614c --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci @@ -0,0 +1,36 @@ +# GITLAB CI +# Maintainer: @randx +# App Version: 2.0 + +upstream gitlab_ci { + server unix:/home/gitlab_ci/gitlab-ci/tmp/sockets/gitlab-ci.socket; +} + +server { + listen 81 default_server; # e.g., listen 192.168.1.1:80; + server_name ct-gitlab.dyn.ducie.codethink.co.uk; # e.g., server_name source.example.com; + root /home/gitlab_ci/gitlab-ci/public; + + access_log /var/log/nginx/gitlab_ci_access.log; + error_log /var/log/nginx/gitlab_ci_error.log; + + location / { + try_files $uri $uri/index.html $uri.html @gitlab_ci; + } + + location @gitlab_ci { + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_redirect off; + + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + + proxy_pass http://gitlab_ci; + } + + # adjust this to match the largest build log your runners might submit, + # set to 0 to disable limit + client_max_body_size 10m; +} diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-shell/config.yml b/gitlab-server/usr/share/gitlab-install/gitlab-shell/config.yml new file mode 100644 index 00000000..fba31eb6 --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/gitlab-shell/config.yml @@ -0,0 +1,41 @@ +# GitLab user. git by default +user: git + +# Url to gitlab instance. Used for api calls. Should end with a slash. +gitlab_url: "http://##GITLAB_HOSTNAME##/" + +http_settings: +# user: someone +# password: somepass +# ca_file: /etc/ssl/cert.pem +# ca_path: /etc/pki/tls/certs + self_signed_cert: false + +# Repositories path +# Give the canonicalized absolute pathname, +# REPOS_PATH MUST NOT CONTAIN ANY SYMLINK!!! +# Check twice that none of the components is a symlink, including "/home". +repos_path: "/home/git/repositories" + +# File used as authorized_keys for gitlab user +auth_file: "/home/git/.ssh/authorized_keys" + +# Redis settings used for pushing commit notices to gitlab +redis: + bin: /usr/bin/redis-cli + host: 127.0.0.1 + port: 6379 + # socket: /tmp/redis.socket # Only define this if you want to use sockets + namespace: resque:gitlab + +# Log file. +# Default is gitlab-shell.log in the root directory. +# log_file: "/home/git/gitlab-shell/gitlab-shell.log" + +# Log level. INFO by default +log_level: INFO + +# Audit usernames. +# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but +# incurs an extra API call on every gitlab-shell command. +audit_usernames: false diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/config/database.yml b/gitlab-server/usr/share/gitlab-install/gitlab/config/database.yml new file mode 100644 index 00000000..66960551 --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/gitlab/config/database.yml @@ -0,0 +1,49 @@ +# +# PRODUCTION +# +production: + adapter: postgresql + encoding: unicode + database: gitlabhq_production + pool: 10 + # username: git + # password: + # host: localhost + # port: 5432 + # socket: /tmp/postgresql.sock + +# +# Development specific +# +development: + adapter: postgresql + encoding: unicode + database: gitlabhq_development + pool: 5 + username: postgres + password: + # socket: /tmp/postgresql.sock + +# +# Staging specific +# +staging: + adapter: postgresql + encoding: unicode + database: gitlabhq_staging + pool: 5 + username: postgres + password: + # socket: /tmp/postgresql.sock + +# Warning: The database defined as "test" will be erased and +# re-generated from your development database when you run "rake". +# Do not set this db to the same as development or production. +test: &test + adapter: postgresql + encoding: unicode + database: gitlabhq_test + pool: 5 + username: postgres + password: + # socket: /tmp/postgresql.sock diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/config/gitlab.yml b/gitlab-server/usr/share/gitlab-install/gitlab/config/gitlab.yml new file mode 100644 index 00000000..06d2cee5 --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/gitlab/config/gitlab.yml @@ -0,0 +1,270 @@ +# # # # # # # # # # # # # # # # # # +# GitLab application config file # +# # # # # # # # # # # # # # # # # # +# +# How to use: +# 1. copy file as gitlab.yml +# 2. Replace gitlab -> host with your domain +# 3. Replace gitlab -> email_from + +production: &base + # + # 1. GitLab app settings + # ========================== + + ## GitLab settings + gitlab: + ## Web server settings (note: host is the FQDN, do not include http://) + host: ##GITLAB_HOSTNAME## + port: ##GITLAB_PORT## + https: false + + # Uncomment and customize the last line to run in a non-root path + # WARNING: We recommend creating a FQDN to host GitLab in a root path instead of this. + # Note that four settings need to be changed for this to work. + # 1) In your application.rb file: config.relative_url_root = "/gitlab" + # 2) In your gitlab.yml file: relative_url_root: /gitlab + # 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" + # 4) In ../gitlab-shell/config.yml: gitlab_url: "http://127.0.0.1/gitlab" + # To update the path, run: sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production + # + # relative_url_root: /gitlab + + # Uncomment and customize if you can't use the default user to run GitLab (default: 'git') + # user: git + + ## Email settings + # Email address used in the "From" field in mails sent by GitLab + email_from: ##GITLAB_EMAIL## + + # Email address of your support contact (default: same as email_from) + support_email: ##GITLAB_EMAIL## + + ## User settings + default_projects_limit: 10 + # default_can_create_group: false # default: true + # username_changing_enabled: false # default: true - User can change her username/namespace + ## Default theme + ## BASIC = 1 + ## MARS = 2 + ## MODERN = 3 + ## GRAY = 4 + ## COLOR = 5 + # default_theme: 2 # default: 2 + + + ## Users management + # default: false - Account passwords are not sent via the email if signup is enabled. + # signup_enabled: true + # + # default: true - If set to false, standard login form won't be shown on the sign-in page + # signin_enabled: false + + + # Restrict setting visibility levels for non-admin users. + # The default is to allow all levels. + #restricted_visibility_levels: [ "public" ] + + ## Automatic issue closing + # If a commit message matches this regular expression, all issues referenced from the matched text will be closed. + # This happens when the commit is pushed or merged into the default branch of a project. + # When not specified the default issue_closing_pattern as specified below will be used. + # issue_closing_pattern: '([Cc]lose[sd]|[Ff]ixe[sd]) #(\d+)' + + ## Default project features settings + default_projects_features: + issues: true + merge_requests: true + wiki: true + wall: false + snippets: false + visibility_level: "private" # can be "private" | "internal" | "public" + + ## Repository downloads directory + # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory. + # The default is 'tmp/repositories' relative to the root of the Rails app. + # repository_downloads_path: tmp/repositories + + ## External issues trackers + issues_tracker: + # redmine: + # title: "Redmine" + # ## If not nil, link 'Issues' on project page will be replaced with this + # ## Use placeholders: + # ## :project_id - GitLab project identifier + # ## :issues_tracker_id - Project Name or Id in external issue tracker + # project_url: "http://redmine.sample/projects/:issues_tracker_id" + # + # ## If not nil, links from /#\d/ entities from commit messages will replaced with this + # ## Use placeholders: + # ## :project_id - GitLab project identifier + # ## :issues_tracker_id - Project Name or Id in external issue tracker + # ## :id - Issue id (from commit messages) + # issues_url: "http://redmine.sample/issues/:id" + # + # ## If not nil, linkis to creating new issues will be replaced with this + # ## Use placeholders: + # ## :project_id - GitLab project identifier + # ## :issues_tracker_id - Project Name or Id in external issue tracker + # new_issue_url: "http://redmine.sample/projects/:issues_tracker_id/issues/new" + # + # jira: + # title: "Atlassian Jira" + # project_url: "http://jira.sample/issues/?jql=project=:issues_tracker_id" + # issues_url: "http://jira.sample/browse/:id" + # new_issue_url: "http://jira.sample/secure/CreateIssue.jspa" + + ## Gravatar + gravatar: + enabled: true # Use user avatar image from Gravatar.com (default: true) + # plain_url: "http://..." # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=mm + # ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm + + # + # 2. Auth settings + # ========================== + + ## LDAP settings + # You can inspect a sample of the LDAP users with login access by running: + # bundle exec rake gitlab:ldap:check RAILS_ENV=production + ldap: + enabled: false + host: '_your_ldap_server' + port: 636 + uid: 'sAMAccountName' + method: 'ssl' # "tls" or "ssl" or "plain" + bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' + password: '_the_password_of_the_bind_user' + # If allow_username_or_email_login is enabled, GitLab will ignore everything + # after the first '@' in the LDAP username submitted by the user on login. + # + # Example: + # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials; + # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'. + # + # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to + # disable this setting, because the userPrincipalName contains an '@'. + allow_username_or_email_login: true + + # Base where we can search for users + # + # Ex. ou=People,dc=gitlab,dc=example + # + base: '' + + # Filter LDAP users + # + # Format: RFC 4515 + # Ex. (employeeType=developer) + # + user_filter: '' + + + ## OmniAuth settings + omniauth: + # Allow login via Twitter, Google, etc. using OmniAuth providers + enabled: false + + # CAUTION! + # This allows users to login without having a user account first (default: false). + # User accounts will be created automatically when authentication was successful. + allow_single_sign_on: false + # Locks down those users until they have been cleared by the admin (default: true). + block_auto_created_users: true + + ## Auth providers + # Uncomment the following lines and fill in the data of the auth provider you want to use + # If your favorite auth provider is not listed you can use others: + # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations + # The 'app_id' and 'app_secret' parameters are always passed as the first two + # arguments, followed by optional 'args' which can be either a hash or an array. + # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html + providers: + # - { name: 'google_oauth2', app_id: 'YOUR APP ID', + # app_secret: 'YOUR APP SECRET', + # args: { access_type: 'offline', approval_prompt: '' } } + # - { name: 'twitter', app_id: 'YOUR APP ID', + # app_secret: 'YOUR APP SECRET'} + # - { name: 'github', app_id: 'YOUR APP ID', + # app_secret: 'YOUR APP SECRET', + # args: { scope: 'user:email' } } + + + + # + # 3. Advanced settings + # ========================== + + # GitLab Satellites + satellites: + # Relative paths are relative to Rails.root (default: tmp/repo_satellites/) + path: /home/git/gitlab-satellites/ + + ## Backup settings + backup: + path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/) + # keep_time: 604800 # default: 0 (forever) (in seconds) + + ## GitLab Shell settings + gitlab_shell: + path: /home/git/gitlab-shell/ + + # REPOS_PATH MUST NOT BE A SYMLINK!!! + repos_path: /home/git/repositories/ + hooks_path: /home/git/gitlab-shell/hooks/ + + # Git over HTTP + upload_pack: true + receive_pack: true + + # If you use non-standard ssh port you need to specify it + # ssh_port: 22 + + ## Git settings + # CAUTION! + # Use the default values unless you really know what you are doing + git: + bin_path: /usr/bin/git + # The next value is the maximum memory size grit can use + # Given in number of bytes per git object (e.g. a commit) + # This value can be increased if you have very large commits + max_size: 5242880 # 5.megabytes + # Git timeout to read a commit, in seconds + timeout: 10 + + # + # 4. Extra customization + # ========================== + + extra: + ## Google analytics. Uncomment if you want it + # google_analytics_id: '_your_tracking_id' + + ## Piwik analytics. + # piwik_url: '_your_piwik_url' + # piwik_site_id: '_your_piwik_site_id' + + ## Text under sign-in page (Markdown enabled) + # sign_in_text: | + # ![Company Logo](http://www.companydomain.com/logo.png) + # [Learn more about CompanyName](http://www.companydomain.com/) + +development: + <<: *base + +test: + <<: *base + gravatar: + enabled: true + gitlab: + host: localhost + port: 80 + issues_tracker: + redmine: + title: "Redmine" + project_url: "http://redmine/projects/:issues_tracker_id" + issues_url: "http://redmine/:project_id/:issues_tracker_id/:id" + new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new" + +staging: + <<: *base diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/config/initializers/rack_attack.rb b/gitlab-server/usr/share/gitlab-install/gitlab/config/initializers/rack_attack.rb new file mode 100644 index 00000000..bc3234bf --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/gitlab/config/initializers/rack_attack.rb @@ -0,0 +1,18 @@ +# 1. Rename this file to rack_attack.rb +# 2. Review the paths_to_be_protected and add any other path you need protecting +# + +paths_to_be_protected = [ + "#{Rails.application.config.relative_url_root}/users/password", + "#{Rails.application.config.relative_url_root}/users/sign_in", + "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json", + "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session", + "#{Rails.application.config.relative_url_root}/users", + "#{Rails.application.config.relative_url_root}/users/confirmation" +] + +unless Rails.env.test? + Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req| + req.ip if paths_to_be_protected.include?(req.path) && req.post? + end +end diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/config/resque.yml b/gitlab-server/usr/share/gitlab-install/gitlab/config/resque.yml new file mode 100644 index 00000000..f42ffe78 --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/gitlab/config/resque.yml @@ -0,0 +1,3 @@ +development: redis://127.0.0.1:6379 +test: redis://127.0.0.1:6379 +production: redis://127.0.0.1:6379 diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/config/unicorn.rb b/gitlab-server/usr/share/gitlab-install/gitlab/config/unicorn.rb new file mode 100644 index 00000000..02dbd98a --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/gitlab/config/unicorn.rb @@ -0,0 +1,113 @@ +# Sample verbose configuration file for Unicorn (not Rack) +# +# This configuration file documents many features of Unicorn +# that may not be needed for some applications. See +# http://unicorn.bogomips.org/examples/unicorn.conf.minimal.rb +# for a much simpler configuration file. +# +# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete +# documentation. + +# Uncomment and customize the last line to run in a non-root path +# WARNING: We recommend creating a FQDN to host GitLab in a root path instead of this. +# Note that four settings need to be changed for this to work. +# 1) In your application.rb file: config.relative_url_root = "/gitlab" +# 2) In your gitlab.yml file: relative_url_root: /gitlab +# 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" +# 4) In ../gitlab-shell/config.yml: gitlab_url: "http://127.0.0.1/gitlab" +# To update the path, run: sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production +# +# ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" + +# Use at least one worker per core if you're on a dedicated server, +# more will usually help for _short_ waits on databases/caches. +worker_processes 2 + +# Since Unicorn is never exposed to outside clients, it does not need to +# run on the standard HTTP port (80), there is no reason to start Unicorn +# as root unless it's from system init scripts. +# If running the master process as root and the workers as an unprivileged +# user, do this to switch euid/egid in the workers (also chowns logs): +# user "unprivileged_user", "unprivileged_group" + +# Help ensure your application will always spawn in the symlinked +# "current" directory that Capistrano sets up. +working_directory "/home/git/gitlab" # available in 0.94.0+ + +# listen on both a Unix domain socket and a TCP port, +# we use a shorter backlog for quicker failover when busy +listen "/home/git/gitlab/tmp/sockets/gitlab.socket", :backlog => 64 +listen "127.0.0.1:##UNICORN_PORT##", :tcp_nopush => true + +# nuke workers after 30 seconds instead of 60 seconds (the default) +timeout 30 + +# feel free to point this anywhere accessible on the filesystem +pid "/home/git/gitlab/tmp/pids/unicorn.pid" + +# By default, the Unicorn logger will write to stderr. +# Additionally, some applications/frameworks log to stderr or stdout, +# so prevent them from going to /dev/null when daemonized here: +stderr_path "/home/git/gitlab/log/unicorn.stderr.log" +stdout_path "/home/git/gitlab/log/unicorn.stdout.log" + +# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings +# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow +preload_app true +GC.respond_to?(:copy_on_write_friendly=) and + GC.copy_on_write_friendly = true + +# Enable this flag to have unicorn test client connections by writing the +# beginning of the HTTP headers before calling the application. This +# prevents calling the application for connections that have disconnected +# while queued. This is only guaranteed to detect clients on the same +# host unicorn runs on, and unlikely to detect disconnects even on a +# fast LAN. +check_client_connection false + +before_fork do |server, worker| + # the following is highly recomended for Rails + "preload_app true" + # as there's no need for the master process to hold a connection + defined?(ActiveRecord::Base) and + ActiveRecord::Base.connection.disconnect! + + # The following is only recommended for memory/DB-constrained + # installations. It is not needed if your system can house + # twice as many worker_processes as you have configured. + # + # This allows a new master process to incrementally + # phase out the old master process with SIGTTOU to avoid a + # thundering herd (especially in the "preload_app false" case) + # when doing a transparent upgrade. The last worker spawned + # will then kill off the old master process with a SIGQUIT. + old_pid = "#{server.config[:pid]}.oldbin" + if old_pid != server.pid + begin + sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU + Process.kill(sig, File.read(old_pid).to_i) + rescue Errno::ENOENT, Errno::ESRCH + end + end + # + # Throttle the master from forking too quickly by sleeping. Due + # to the implementation of standard Unix signal handlers, this + # helps (but does not completely) prevent identical, repeated signals + # from being lost when the receiving process is busy. + # sleep 1 +end + +after_fork do |server, worker| + # per-process listener ports for debugging/admin/migrations + # addr = "127.0.0.1:#{9293 + worker.nr}" + # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true) + + # the following is *required* for Rails + "preload_app true", + defined?(ActiveRecord::Base) and + ActiveRecord::Base.establish_connection + + # if preload_app is true, then you may also want to check and + # restart any other shared sockets/descriptors such as Memcached, + # and Redis. TokyoCabinet file handles are safe to reuse + # between any number of forked children (assuming your kernel + # correctly implements pread()/pwrite() system calls) +end diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab b/gitlab-server/usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab new file mode 100644 index 00000000..e9d3b1f0 --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab @@ -0,0 +1,70 @@ +# GITLAB +# Maintainer: @randx + +# CHUNKED TRANSFER +# It is a known issue that Git-over-HTTP requires chunked transfer encoding [0] which is not +# supported by Nginx < 1.3.9 [1]. As a result, pushing a large object with Git (i.e. a single large file) +# can lead to a 411 error. In theory you can get around this by tweaking this configuration file and either +# - installing an old version of Nginx with the chunkin module [2] compiled in, or +# - using a newer version of Nginx. +# +# At the time of writing we do not know if either of these theoretical solutions works. As a workaround +# users can use Git over SSH to push large files. +# +# [0] https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99 +# [1] https://github.com/agentzh/chunkin-nginx-module#status +# [2] https://github.com/agentzh/chunkin-nginx-module + +upstream gitlab { + server unix:/home/git/gitlab/tmp/sockets/gitlab.socket; +} + +server { + listen *:##GITLAB_PORT## default_server; # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea + server_name ##GITLAB_HOSTNAME##; # e.g., server_name source.example.com; + server_tokens off; # don't show the version number, a security best practice + root /home/git/gitlab/public; + + # Increase this if you want to upload large attachments + # Or if you want to accept large git objects over http + client_max_body_size 20m; + + # individual nginx logs for this gitlab vhost + access_log /var/log/nginx/gitlab_access.log; + error_log /var/log/nginx/gitlab_error.log; + + location / { + # serve static files from defined root folder;. + # @gitlab is a named location for the upstream fallback, see below + try_files $uri $uri/index.html $uri.html @gitlab; + } + + # if a file, which is not found in the root folder is requested, + # then the proxy pass the request to the upsteam (gitlab unicorn) + location @gitlab { + # If you use https make sure you disable gzip compression + # to be safe against BREACH attack + # gzip off; + + proxy_read_timeout 300; # Some requests take more than 30 seconds. + proxy_connect_timeout 300; # Some requests take more than 30 seconds. + proxy_redirect off; + + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_pass http://gitlab; + } + + # Enable gzip compression as per rails guide: http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression + location ~ ^/(assets)/ { + root /home/git/gitlab/public; + #gzip_static on; # to serve pre-gzipped version + expires max; + add_header Cache-Control public; + } + + error_page 502 /502.html; +} diff --git a/gitlab-server/usr/share/gitlab-install/nginx.conf b/gitlab-server/usr/share/gitlab-install/nginx.conf new file mode 100644 index 00000000..6e40b0e9 --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/nginx.conf @@ -0,0 +1,73 @@ + +#user nobody; +worker_processes 1; + +#error_log logs/error.log; +#error_log logs/error.log notice; +#error_log logs/error.log info; + +#pid logs/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include mime.types; + default_type application/octet-stream; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + #access_log logs/access.log main; + + sendfile on; + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + + include /home/git/gitlab/lib/support/nginx/gitlab; + include /home/gitlab_ci/gitlab-ci/lib/support/nginx/gitlab_ci; + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443 ssl; + # server_name localhost; + + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # ssl_session_cache shared:SSL:1m; + # ssl_session_timeout 5m; + + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + +} diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-sidekiq.service b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-sidekiq.service new file mode 100644 index 00000000..9a1a82d2 --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-sidekiq.service @@ -0,0 +1,24 @@ +##################################################### +# +# GitLab version : 5.x - 6.x +# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91 +# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd +# +#################################################### + +[Unit] +Description=GitLab CI Sidekiq Worker + +[Service] +Type=forking +User=gitlab_ci +WorkingDirectory=/home/gitlab_ci/gitlab-ci +Environment=RAILS_ENV=production +SyslogIdentifier=gitlab-ci-sidekiq +PIDFile=/home/gitlab_ci/gitlab-ci/tmp/pids/sidekiq.pid + +ExecStart=/usr/bin/bundle exec "sidekiq -q post_receive,mailer,system_hook,project_web_hook,gitlab_shell,common,default -e production -P tmp/pids/sidekiq.pid -d -L log/sidekiq.log >> log/sidekiq.log 2>&1" +ExecStop=/usr/bin/bundle exec "sidekiqctl stop /home/gitlab_ci/gitlab-ci/tmp/pids/sidekiq.pid >> /home/gitlab_ci/gitlab-ci/log/sidekiq.log 2>&1" + +[Install] +WantedBy=gitlab.target diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-unicorn.service b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-unicorn.service new file mode 100644 index 00000000..811b3fc0 --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-unicorn.service @@ -0,0 +1,24 @@ +##################################################### +# +# GitLab version : 5.x - 6.x +# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91 +# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd +# +#################################################### + +[Unit] +Description=GitLab CI Unicorn Server + +[Service] +User=gitlab_ci +WorkingDirectory=/home/gitlab_ci/gitlab-ci +Environment=RAILS_ENV=production +SyslogIdentifier=gitlab-ci-unicorn +PIDFile=/home/gitlab_ci/gitlab-ci/tmp/pids/unicorn.pid + +ExecStart=/usr/bin/bundle exec "unicorn_rails -c /home/gitlab_ci/gitlab-ci/config/unicorn.rb -E production" +ExecStop=/usr/bin/kill -QUIT $MAINPID +ExecReload=/usr/bin/kill -USR2 $MAINPID + +[Install] +WantedBy=gitlab.target diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-sidekiq.service b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-sidekiq.service new file mode 100644 index 00000000..82ff78d4 --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-sidekiq.service @@ -0,0 +1,24 @@ +##################################################### +# +# GitLab version : 5.x - 6.x +# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91 +# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd +# +#################################################### + +[Unit] +Description=GitLab Sidekiq Worker + +[Service] +Type=forking +User=git +WorkingDirectory=/home/git/gitlab +Environment=RAILS_ENV=production +SyslogIdentifier=gitlab-sidekiq +PIDFile=/home/git/gitlab/tmp/pids/sidekiq.pid + +ExecStart=/usr/bin/bundle exec "sidekiq -q post_receive,mailer,system_hook,project_web_hook,gitlab_shell,common,default -e production -P tmp/pids/sidekiq.pid -d -L log/sidekiq.log >> log/sidekiq.log 2>&1" +ExecStop=/usr/bin/bundle exec "sidekiqctl stop /home/git/gitlab/tmp/pids/sidekiq.pid >> /home/git/gitlab/log/sidekiq.log 2>&1" + +[Install] +WantedBy=gitlab.target diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-unicorn.service b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-unicorn.service new file mode 100644 index 00000000..71e3d84d --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-unicorn.service @@ -0,0 +1,24 @@ +##################################################### +# +# GitLab version : 5.x - 6.x +# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91 +# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd +# +#################################################### + +[Unit] +Description=GitLab Unicorn Server + +[Service] +User=git +WorkingDirectory=/home/git/gitlab +Environment=RAILS_ENV=production +SyslogIdentifier=gitlab-unicorn +PIDFile=/home/git/gitlab/tmp/pids/unicorn.pid + +ExecStart=/usr/bin/bundle exec "unicorn_rails -c /home/git/gitlab/config/unicorn.rb -E production" +ExecStop=/usr/bin/kill -QUIT $MAINPID +ExecReload=/usr/bin/kill -USR2 $MAINPID + +[Install] +WantedBy=gitlab.target diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab.target b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab.target new file mode 100644 index 00000000..11e85441 --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab.target @@ -0,0 +1,15 @@ +########################################################################################### +# +# GitLab version : 5.x - 6.x +# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91 +# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd +# +########################################################################################### + +[Unit] +Description=GitLab - Self Hosted Git Management +Requires=redis.service postgres.service +After=redis.service postgres.service syslog.target network.target + +[Install] +WantedBy=multi-user.target diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/nginx.service b/gitlab-server/usr/share/gitlab-install/systemd-units/nginx.service new file mode 100644 index 00000000..0a50c50b --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/systemd-units/nginx.service @@ -0,0 +1,15 @@ +[Unit] +Description=The nginx HTTP and reverse proxy server +After=syslog.target network.target remote-fs.target nss-lookup.target + +[Service] +Type=forking +PIDFile=/etc/nginx/nginx.pid +ExecStartPre=/usr/sbin/nginx -t +ExecStart=/usr/sbin/nginx +ExecReload=/bin/kill -s HUP $MAINPID +ExecStop=/bin/kill -s QUIT $MAINPID +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/postgres.service b/gitlab-server/usr/share/gitlab-install/systemd-units/postgres.service new file mode 100644 index 00000000..ed46d965 --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/systemd-units/postgres.service @@ -0,0 +1,25 @@ +[Unit] +Description=PostgreSQL database server +After=network.target + +[Service] +Type=forking +TimeoutSec=120 +User=postgres +Group=postgres + +Environment=PGROOT=/home/postgres/pgsql + +SyslogIdentifier=postgres +PIDFile=/home/postgres/pgsql/data/postmaster.pid + +ExecStart= /usr/bin/pg_ctl -s -D ${PGROOT}/data start -w -t 120 +ExecReload=/usr/bin/pg_ctl -s -D ${PGROOT}/data reload +ExecStop= /usr/bin/pg_ctl -s -D ${PGROOT}/data stop -m fast + +# Due to PostgreSQL's use of shared memory, OOM killer is often overzealous in +# killing Postgres, so adjust it downward +OOMScoreAdjust=-200 + +[Install] +WantedBy=multi-user.target diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/redis.service b/gitlab-server/usr/share/gitlab-install/systemd-units/redis.service new file mode 100644 index 00000000..c936f8da --- /dev/null +++ b/gitlab-server/usr/share/gitlab-install/systemd-units/redis.service @@ -0,0 +1,13 @@ +[Unit] +Description=Redis Server +After=network.target + +[Service] +Type=simple +ExecStart=/usr/bin/redis-server +ExecStop=/bin/kill -15 $MAINPID +PIDFile=/var/run/redis.pid +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/gitlab-server/usr/share/gitlab-setup b/gitlab-server/usr/share/gitlab-setup new file mode 100755 index 00000000..5c53c859 --- /dev/null +++ b/gitlab-server/usr/share/gitlab-setup @@ -0,0 +1,104 @@ +#!/bin/sh +# +# Copyright (C) 2014 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -e + +# install bundler (not nice, we need to figure out how to do this traceably) +gem install bundler + +# create required users +adduser -D --gecos 'GitLab' -s /bin/sh git +adduser -D -s /bin/sh postgres +adduser -D --gecos 'GitLab CI' -s /bin/sh gitlab_ci + +# initialize postgres database, start server +su -c "mkdir -p pgsql/data" - postgres +su -c "pg_ctl -D pgsql/data initdb" - postgres +su -c "pg_ctl -D pgsql/data -l logfile start" - postgres + +# wait for the database server to start +echo "Waiting for database..." +sleep 2s + +# create gitlab database +su -c "psql -d template1 -c 'CREATE USER git;'" - postgres +su -c "psql -d template1 -c 'CREATE DATABASE gitlabhq_production OWNER git;'" - postgres + +# create the gitlab ci database +su -c "psql -d template1 -c 'CREATE USER gitlab_ci;'" - postgres +su -c "psql -d template1 -c 'CREATE DATABASE gitlab_ci_production OWNER gitlab_ci;'" - postgres + +# set up git config for gitlab user +su -c "git config --global http.sslVerify false" - git +su -c "git config --global user.name 'GitLab'" - git +su -c "git config --global user.email 'gitlab@localhost'" - git +su -c "git config --global core.autocrlf input" - git + +# install gitlab shell +su -c "git clone https://gitlab.com/gitlab-org/gitlab-shell.git -b v1.9.3 ~/gitlab-shell" - git +cd /home/git/gitlab-shell +cp /usr/share/gitlab-install/gitlab-shell/config.yml ./config.yml +su -c "~/gitlab-shell/bin/install" - git + +# install gitlab +su -c "git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 6-8-stable ~/gitlab" - git +cd /home/git/gitlab +su -c "cp config/database.yml.postgresql config/database.yml" git +su -c "cp -r /usr/share/gitlab-install/gitlab/config/* config/" git + +su -c "chmod -R u+rwX log/" git +su -c "chmod -R u+rwX tmp/" git +su -c "chmod o-rwx config/database.yml" git + +su -c "/usr/bin/redis-server" - git & +su -c "bundle install --deployment --without development test mysql aws" git +su -c "export force='yes'; bundle exec rake gitlab:setup RAILS_ENV=production" git +su -c "bundle exec rake assets:precompile RAILS_ENV=production" git + +# set up git config for gitlab_ci user +su -c "git config --global http.sslVerify false" - gitlab_ci +su -c "git config --global user.name 'GitLab CI'" - gitlab_ci +su -c "git config --global user.email 'gitlab_ci@localhost'" - gitlab_ci +su -c "git config --global core.autocrlf input" - gitlab_ci + +# install gitlab ci +su -c "git clone https://gitlab.com/gitlab-org/gitlab-ci.git -b 5-0-stable" - gitlab_ci +cd /home/gitlab_ci/gitlab-ci +su -c "cp config/database.yml.postgresql config/database.yml" gitlab_ci +su -c "cp -r /usr/share/gitlab-install/gitlab-ci/config/* config/" gitlab_ci + +su -c "mkdir -p tmp/sockets" gitlab_ci +su -c "mkdir -p tmp/pids" gitlab_ci +su -c "chmod -R u+rwx tmp/sockets" gitlab_ci +su -c "chmod -R u+rwx tmp/pids" gitlab_ci + +su -c "bundle install --without development test mysql --deployment" gitlab_ci +su -c "bundle exec rake setup RAILS_ENV=production" gitlab_ci +su -c "bundle exec whenever -w RAILS_ENV=production" gitlab_ci + +# configure nginx +addgroup nobody +mkdir -p /var/log/nginx +cp /usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab /home/git/gitlab/lib/support/nginx/ +cp /usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci /home/gitlab_ci/gitlab-ci/lib/support/nginx/ +cp /usr/share/gitlab-install/nginx.conf /etc/nginx/nginx.conf + +# make systemd units to start gitlab and required stuff on boot +cd /etc/systemd/system +cp /usr/share/gitlab-install/systemd-units/* . +systemctl enable redis.service nginx.service postgres.service gitlab.target gitlab-unicorn.service gitlab-sidekiq.service gitlab-ci-sidekiq.service gitlab-ci-unicorn.service +reboot -- cgit v1.2.1