delta/gitlab/gitlab-ce.git/lib/support/nginx/gitlab-ssl, branch use-queue_namespace gitlab.com: gitlab-org/gitlab-ce.git Filter sensitive query string parameters from NGINX access logs 2017-08-10T11:28:04+00:00 Nick Thomas nick@gitlab.com 2017-08-10T11:28:04+00:00 603b68186a62063802986477c15f5b46694c0100 






Merge branch '3kami3/gitlab-ce-real_ip'
2017-03-20T07:40:02+00:00

Rémy Coutable
remy@rymai.me

2017-03-20T07:40:02+00:00

691402fb2b361ba19db3b8bdf77b75e513883423

See merge request !9623.

Signed-off-by: Rémy Coutable <remy@rymai.me>





See merge request !9623.

Signed-off-by: Rémy Coutable <remy@rymai.me>







https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9623#note_24573655
2017-03-03T13:20:29+00:00

3kami3
github@yumimix.org

2017-03-03T13:20:29+00:00

79c3ace80b690c9ccc2d6190fcf1f14f735f566c

Fixed issues pointed out.





Fixed issues pointed out.







Stop setting Strict-Transport-Securty header from within the app
2017-03-03T11:05:24+00:00

Paweł Chojnacki
pawel@chojnacki.ws

2017-03-03T11:05:24+00:00

76e96878aad0a281f8c32ef98a276b499e2581ad












Add real_ip setting to nginx example.
2017-03-01T14:16:38+00:00

3kami3
github@yumimix.org

2017-03-01T14:16:38+00:00

1bc5dab7b4f2650b5afb7c0e4c70e5ac9f66eba0

ref)
https://docs.gitlab.com/omnibus/settings/nginx.html#configuring-gitlab-trusted_proxies-and-the-nginx-real_ip-module





ref)
https://docs.gitlab.com/omnibus/settings/nginx.html#configuring-gitlab-trusted_proxies-and-the-nginx-real_ip-module







Upgrade NGINX configuration files to add websocket support
2016-12-12T12:58:42+00:00

Nick Thomas
nick@gitlab.com

2016-12-12T12:58:42+00:00

eb09395b2b5527e271c8e155ff6403953f72fef6












Revert "Defend against 'Host' header injection"
2016-08-08T11:02:44+00:00

Jacob Vosmaer
jacob@gitlab.com

2016-08-08T11:02:44+00:00

427c9f0b5b5f6f0c242e75a98dca2434a27945d8

This reverts commit 47b5b441395921e9f8e9982bb3f560e5db5a67bc.

See https://gitlab.com/gitlab-org/gitlab-ce/issues/17877#note_13488047





This reverts commit 47b5b441395921e9f8e9982bb3f560e5db5a67bc.

See https://gitlab.com/gitlab-org/gitlab-ce/issues/17877#note_13488047







Defend against 'Host' header injection
2016-07-12T17:50:20+00:00

Jacob Vosmaer
jacob@gitlab.com

2016-07-12T15:22:10+00:00

47b5b441395921e9f8e9982bb3f560e5db5a67bc

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17877 .

This change adds 'defense in depth' against 'Host' HTTP header
injection. It affects normal users in the following way. Suppose your
GitLab server has IP address 1.2.3.4 and hostname gitlab.example.com.
Currently, if you enter 1.2.3.4 in your browser, you get redirected to
1.2.3.4/users/sign_in. After this change, you get redirected from
1.2.3.4 to gitlab.example.com/users/sign_in. This is because the
address you typed in the address bar of your browser ('1.2.3.4'),
which gets stored in the 'Host' header, is now being overwritten to
'gitlab.example.com' in NGINX.

In this change we also make NGINX clear the 'X-Forwarded-Host' header
because Ruby on Rails also uses that header the same wayas the 'Host'
header.

We think that for most GitLab servers this is the right behavior, and
if not then administrators can change this behavior themselves at the
NGINX level.





Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17877 .

This change adds 'defense in depth' against 'Host' HTTP header
injection. It affects normal users in the following way. Suppose your
GitLab server has IP address 1.2.3.4 and hostname gitlab.example.com.
Currently, if you enter 1.2.3.4 in your browser, you get redirected to
1.2.3.4/users/sign_in. After this change, you get redirected from
1.2.3.4 to gitlab.example.com/users/sign_in. This is because the
address you typed in the address bar of your browser ('1.2.3.4'),
which gets stored in the 'Host' header, is now being overwritten to
'gitlab.example.com' in NGINX.

In this change we also make NGINX clear the 'X-Forwarded-Host' header
because Ruby on Rails also uses that header the same wayas the 'Host'
header.

We think that for most GitLab servers this is the right behavior, and
if not then administrators can change this behavior themselves at the
NGINX level.







Add a branded 503 static error page
2016-04-22T20:26:42+00:00

Robert Speicher
rspeicher@gmail.com

2016-04-22T20:26:18+00:00

d85f65ef4e07fc0c58d51b2e943ad2acb87ef461

[ci skip]

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15398





[ci skip]

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15398







Do not serve anything via nginx as we have workhorse
2016-03-11T14:04:04+00:00

Artem Sidorenko
artem@posteo.de

2016-02-27T08:28:00+00:00

fb5c2147a9f2b3acc6ad5297c737da0f5546c247

Otherwise this might 'hide' problems
https://github.com/gitlabhq/gitlabhq/issues/10053#issuecomment-188919319





Otherwise this might 'hide' problems
https://github.com/gitlabhq/gitlabhq/issues/10053#issuecomment-188919319