summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config/gitlab.yml.example12
-rw-r--r--doc/install/installation.md53
-rw-r--r--doc/update/6.0-to-7.2.md3
-rw-r--r--doc/update/6.9-to-7.0.md3
-rw-r--r--doc/update/7.1-to-7.2.md3
-rw-r--r--doc/update/7.2-to-7.3.md10
-rw-r--r--lib/support/nginx/gitlab-ssl13
7 files changed, 58 insertions, 39 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 0a0d9241e27..8e85634d054 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -3,9 +3,11 @@
# # # # # # # # # # # # # # # # # #
#
# How to use:
-# 1. copy file as gitlab.yml
-# 2. Replace gitlab -> host with your domain
-# 3. Replace gitlab -> email_from
+# 1. Copy file as gitlab.yml
+# 2. Update gitlab -> host with your fully qualified domain name
+# 3. Update gitlab -> email_from
+# 4. If you installed Git from source, change git -> bin_path to /usr/local/bin/git
+# 5. Review this configuration file for other settings you may want to adjust
production: &base
#
@@ -16,8 +18,8 @@ production: &base
gitlab:
## Web server settings (note: host is the FQDN, do not include http://)
host: localhost
- port: 80
- https: false
+ port: 80 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
+ https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
# Uncommment this line below if your ssh host is different from HTTP/HTTPS one
# (you'd obviously need to replace ssh.host_example.com with your own host).
diff --git a/doc/install/installation.md b/doc/install/installation.md
index 423a5f0cb19..a3a456659e7 100644
--- a/doc/install/installation.md
+++ b/doc/install/installation.md
@@ -76,7 +76,7 @@ Is the system packaged Git too old? Remove it and compile from source.
# Install into /usr/local/bin
sudo make prefix=/usr/local install
- # When editing config/gitlab.yml (Step 5), change the git bin_path to /usr/local/bin/git
+ # When editing config/gitlab.yml (Step 5), change the git -> bin_path to /usr/local/bin/git
**Note:** In order to receive mail notifications, make sure to install a mail server. By default, Debian is shipped with exim4 but this [has problems](https://github.com/gitlabhq/gitlabhq/issues/4866#issuecomment-32726573) while Ubuntu does not ship with one. The recommended mail server is postfix and you can install it with:
@@ -153,12 +153,7 @@ We recommend using a PostgreSQL database. For MySQL check [MySQL setup guide](da
# Copy the example GitLab config
sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
- # Make sure to change "localhost" to the fully-qualified domain name of your
- # host serving GitLab where necessary
- #
- # If you want to use https make sure that you set `https` to `true`. See #using-https for all necessary details.
- #
- # If you installed Git from source, change the git bin_path to /usr/local/bin/git
+ # Update GitLab config file, follow the directions at top of file
sudo -u git -H editor config/gitlab.yml
# Make sure GitLab can write to the log/ and tmp/ directories
@@ -196,6 +191,8 @@ We recommend using a PostgreSQL database. For MySQL check [MySQL setup guide](da
**Important Note:** Make sure to edit both `gitlab.yml` and `unicorn.rb` to match your setup.
+**Note:** If you want to use HTTPS, see [Using HTTPS](#using-https) for the additional steps.
+
### Configure GitLab DB Settings
# PostgreSQL only:
@@ -233,16 +230,11 @@ GitLab Shell is an SSH access and repository management software developed speci
# Run the installation task for gitlab-shell (replace `REDIS_URL` if needed):
sudo -u git -H bundle exec rake gitlab:shell:install[v1.9.7] REDIS_URL=redis://localhost:6379 RAILS_ENV=production
- # By default, the gitlab-shell config is generated from your main gitlab config.
- #
- # Note: When using GitLab with HTTPS please change the following:
- # - Provide paths to the certificates under `ca_file` and `ca_path` options.
- # - The `gitlab_url` option must point to the https endpoint of GitLab.
- # - In case you are using self signed certificate set `self_signed_cert` to `true`.
- # See #using-https for all necessary details.
- #
+ # By default, the gitlab-shell config is generated from your main GitLab config.
# You can review (and modify) the gitlab-shell config as follows:
sudo -u git -H editor /home/git/gitlab-shell/config.yml
+
+**Note:** If you want to use HTTPS, see [Using HTTPS](#using-https) for the additional steps.
### Initialize Database and Activate Advanced Features
@@ -309,7 +301,7 @@ Make sure to edit the config file to match your setup:
# domain name of your host serving GitLab.
sudo editor /etc/nginx/sites-available/gitlab
-**Note:** If you want to use HTTPS, replace the `gitlab` Nginx config with `gitlab-ssl`. See [Using HTTPS](#using-https) for all necessary details.
+**Note:** If you want to use HTTPS, replace the `gitlab` Nginx config with `gitlab-ssl`. See [Using HTTPS](#using-https) for HTTPS configuration details.
### Test Configuration
@@ -350,11 +342,30 @@ Visit YOUR_SERVER in your web browser for your first GitLab login. The setup has
### Using HTTPS
-To recapitulate what is needed to use GitLab with HTTPS:
-
-1. In `gitlab.yml` set the `https` option to `true`
-1. In the `config.yml` of gitlab-shell set the relevant options (see the [install GitLab Shell section](#install-gitlab-shell) of this document).
-1. Use the `gitlab-ssl` nginx example config instead of the `gitlab` config.
+To use GitLab with HTTPS:
+
+1. In `gitlab.yml`:
+ 1. Set the `port` option in section 1 to `443`.
+ 1. Set the `https` option in section 1 to `true`.
+1. In the `config.yml` of gitlab-shell:
+ 1. Set `gitlab_url` option to the HTTPS endpoint of GitLab (e.g. `https://git.example.com`).
+ 1. Set the certificates using either the `ca_file` or `ca_path` option.
+1. Use the `gitlab-ssl` Nginx example config instead of the `gitlab` config.
+ 1. Update `YOUR_SERVER_FQDN`.
+ 1. Update `ssl_certificate` and `ssl_certificate_key`.
+ 1. Review the configuration file and consider applying other security and performance enhancing features.
+
+Using a self-signed certificate is discouraged but if you must use it follow the normal directions then:
+ 1. Generate a self-signed SSL certificate:
+
+ ```
+ mkdir -p /etc/nginx/ssl/
+ cd /etc/nginx/ssl/
+ sudo openssl req -newkey rsa:2048 -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key
+ sudo chmod o-r gitlab.key
+ ```
+
+ 1. In the `config.yml` of gitlab-shell set `self_signed_cert` to `true`.
### Additional Markup Styles
diff --git a/doc/update/6.0-to-7.2.md b/doc/update/6.0-to-7.2.md
index 770519a46e0..8dfcbcdd056 100644
--- a/doc/update/6.0-to-7.2.md
+++ b/doc/update/6.0-to-7.2.md
@@ -135,7 +135,8 @@ git diff 6-0-stable:config/gitlab.yml.example 7-2-stable:config/gitlab.yml.examp
* Make `/home/git/gitlab/config/gitlab.yml` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-2-stable/config/gitlab.yml.example but with your settings.
* Make `/home/git/gitlab/config/unicorn.rb` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-2-stable/config/unicorn.rb.example but with your settings.
* Make `/home/git/gitlab-shell/config.yml` the same as https://gitlab.com/gitlab-org/gitlab-shell/blob/v1.9.7/config.yml.example but with your settings.
-* Make `/etc/nginx/sites-available/nginx` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-2-stable/lib/support/nginx/gitlab but with your settings.
+* HTTP setups: Make `/etc/nginx/sites-available/nginx` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-2-stable/lib/support/nginx/gitlab but with your settings.
+* HTTPS setups: Make `/etc/nginx/sites-available/nginx-ssl` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-2-stable/lib/support/nginx/gitlab-ssl but with your settings.
* Copy rack attack middleware config
```bash
diff --git a/doc/update/6.9-to-7.0.md b/doc/update/6.9-to-7.0.md
index bbb3b2617a7..1f3421a799b 100644
--- a/doc/update/6.9-to-7.0.md
+++ b/doc/update/6.9-to-7.0.md
@@ -105,6 +105,9 @@ There are new configuration options available for gitlab.yml. View them with the
git diff origin/6-9-stable:config/gitlab.yml.example origin/7-0-stable:config/gitlab.yml.example
```
+* HTTP setups: Make `/etc/nginx/sites-available/nginx` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-0-stable/lib/support/nginx/gitlab but with your settings.
+* HTTPS setups: Make `/etc/nginx/sites-available/nginx-ssl` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-0-stable/lib/support/nginx/gitlab-ssl but with your setting
+
### 7. Start application
sudo service gitlab start
diff --git a/doc/update/7.1-to-7.2.md b/doc/update/7.1-to-7.2.md
index b06f62aeb03..ff5574114a8 100644
--- a/doc/update/7.1-to-7.2.md
+++ b/doc/update/7.1-to-7.2.md
@@ -89,6 +89,9 @@ There are new configuration options available for gitlab.yml. View them with the
git diff 7-1-stable:config/gitlab.yml.example 7-2-stable:config/gitlab.yml.example
```
+* HTTP setups: Make `/etc/nginx/sites-available/nginx` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-0-stable/lib/support/nginx/gitlab but with your settings.
+* HTTPS setups: Make `/etc/nginx/sites-available/nginx-ssl` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-0-stable/lib/support/nginx/gitlab-ssl but with your setting
+
Update rack attack middleware config
```
diff --git a/doc/update/7.2-to-7.3.md b/doc/update/7.2-to-7.3.md
new file mode 100644
index 00000000000..7cc8f8e2ede
--- /dev/null
+++ b/doc/update/7.2-to-7.3.md
@@ -0,0 +1,10 @@
+# From 7.2 to 7.3
+
+# GitLab 7.3 has not been released yet!
+
+This document currently just serves as a place to keep track of updates that will be needed for the 7.3 update.
+
+### Update config files
+
+* HTTP setups: Make `/etc/nginx/sites-available/nginx` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-0-stable/lib/support/nginx/gitlab but with your settings.
+* HTTPS setups: Make `/etc/nginx/sites-available/nginx-ssl` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-0-stable/lib/support/nginx/gitlab-ssl but with your setting \ No newline at end of file
diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl
index 9ab228b46d7..9f7e1e220c7 100644
--- a/lib/support/nginx/gitlab-ssl
+++ b/lib/support/nginx/gitlab-ssl
@@ -26,23 +26,12 @@
## [1] https://github.com/agentzh/chunkin-nginx-module#status
## [2] https://github.com/agentzh/chunkin-nginx-module
##
-###################################
-## SSL file editing ##
-###################################
-##
-## Edit `gitlab-shell/config.yml`:
-## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com`
-## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt`
-## 3) Set "self_signed_cert" to `true`
-## Edit `gitlab/config/gitlab.yml`:
-## 1) Define port for http "port: 443"
-## 2) Enable https "https: true"
-## 3) Update ssl for gravatar "ssl_url: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm"
##
###################################
## SSL configuration ##
###################################
##
+## See installation.md#using-https for additional HTTPS configuration details.
upstream gitlab {
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;