diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/application.rb | 27 | ||||
| -rw-r--r-- | config/database.yml.mysql | 2 | ||||
| -rw-r--r-- | config/environments/development.rb | 9 | ||||
| -rw-r--r-- | config/environments/production.rb | 5 | ||||
| -rw-r--r-- | config/environments/test.rb | 5 | ||||
| -rw-r--r-- | config/gitlab.yml.example | 22 | ||||
| -rw-r--r-- | config/initializers/1_settings.rb | 27 | ||||
| -rw-r--r-- | config/initializers/carrierwave.rb | 2 | ||||
| -rw-r--r-- | config/initializers/devise.rb | 7 | ||||
| -rw-r--r-- | config/initializers/gemoji.rb | 1 | ||||
| -rw-r--r-- | config/initializers/rack_attack.rb.example | 20 | ||||
| -rw-r--r-- | config/initializers/secret_token.rb | 1 | ||||
| -rw-r--r-- | config/initializers/session_store.rb | 3 | ||||
| -rw-r--r-- | config/routes.rb | 39 | ||||
| -rw-r--r-- | config/unicorn.rb.example | 6 |
15 files changed, 119 insertions, 57 deletions
diff --git a/config/application.rb b/config/application.rb index d85bcab7885..1c91134f524 100644 --- a/config/application.rb +++ b/config/application.rb @@ -1,13 +1,9 @@ require File.expand_path('../boot', __FILE__) require 'rails/all' +require 'devise' -if defined?(Bundler) - # If you precompile assets before deploying to production, use this line - # Bundler.require(*Rails.groups(assets: %w(development test))) - # If you want your assets lazily compiled in production, use this line - Bundler.require(:default, :assets, Rails.env) -end +Bundler.require(:default, Rails.env) module Gitlab class Application < Rails::Application @@ -16,7 +12,7 @@ module Gitlab # -- all .rb files in that directory are automatically loaded. # Custom directories with classes and modules you want to be autoloadable. - config.autoload_paths += %W(#{config.root}/lib #{config.root}/app/models/concerns) + config.autoload_paths += %W(#{config.root}/lib #{config.root}/app/models/concerns #{config.root}/app/models/project_services) # Only load the plugins named here, in the order given (default is alphabetical). # :all can be used as a placeholder for all plugins not explicitly named. @@ -70,15 +66,24 @@ module Gitlab config.assets.version = '1.0' # Uncomment and customize the last line to run in a non-root path - # WARNING: This feature is known to work, but unsupported - # Note that three settings need to be changed for this to work. + # WARNING: We recommend creating a FQDN to host GitLab in a root path instead of this. + # Note that four settings need to be changed for this to work. # 1) In your application.rb file: config.relative_url_root = "/gitlab" # 2) In your gitlab.yml file: relative_url_root: /gitlab # 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" + # 4) In ../gitlab-shell/config.yml: gitlab_url: "http://127.0.0.1/gitlab" + # To update the path, run: sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production # # config.relative_url_root = "/gitlab" - # Uncomment to enable rack attack middleware - # config.middleware.use Rack::Attack + config.middleware.use Rack::Attack + + # Allow access to GitLab API from other domains + config.middleware.use Rack::Cors do + allow do + origins '*' + resource '/api/*', headers: :any, methods: [:get, :post, :options, :put, :delete] + end + end end end diff --git a/config/database.yml.mysql b/config/database.yml.mysql index e7a9227e41e..55ac088bc1d 100644 --- a/config/database.yml.mysql +++ b/config/database.yml.mysql @@ -7,7 +7,7 @@ production: reconnect: false database: gitlabhq_production pool: 10 - username: gitlab + username: git password: "secure password" # host: localhost # socket: /tmp/mysql.sock diff --git a/config/environments/development.rb b/config/environments/development.rb index 6cba17f6ea2..e4c7649fda0 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -6,9 +6,6 @@ Gitlab::Application.configure do # since you don't have to restart the web server when you make code changes. config.cache_classes = false - # Log error messages when you accidentally call methods on nil. - config.whiny_nils = true - # Show full error reports and disable caching config.consider_all_requests_local = true config.action_controller.perform_caching = false @@ -25,10 +22,6 @@ Gitlab::Application.configure do # Raise exception on mass assignment protection for Active Record models config.active_record.mass_assignment_sanitizer = :strict - # Log the query plan for queries taking more than this (works - # with SQLite, MySQL, and PostgreSQL) - config.active_record.auto_explain_threshold_in_seconds = 0.5 - # Do not compress assets config.assets.compress = false @@ -39,4 +32,6 @@ Gitlab::Application.configure do config.action_mailer.default_url_options = { host: 'localhost', port: 3000 } # Open sent mails in browser config.action_mailer.delivery_method = :letter_opener + + config.eager_load = false end diff --git a/config/environments/production.rb b/config/environments/production.rb index e3476be8fba..9ac4622abc2 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -80,4 +80,9 @@ Gitlab::Application.configure do # # } config.action_mailer.perform_deliveries = true config.action_mailer.raise_delivery_errors = true + + config.eager_load = true + config.assets.js_compressor = :uglifier + + config.allow_concurrency = false end diff --git a/config/environments/test.rb b/config/environments/test.rb index b626986299b..3860dc5c74c 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -11,9 +11,6 @@ Gitlab::Application.configure do config.serve_static_assets = true config.static_cache_control = "public, max-age=3600" - # Log error messages when you accidentally call methods on nil - config.whiny_nils = true - # Show full error reports and disable caching config.consider_all_requests_local = true config.action_controller.perform_caching = false @@ -34,4 +31,6 @@ Gitlab::Application.configure do # Print deprecation notices to the stderr config.active_support.deprecation = :stderr + + config.eager_load = false end diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index 163af226aaa..2bc984c9294 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -20,11 +20,13 @@ production: &base https: false # Uncomment and customize the last line to run in a non-root path - # WARNING: This feature is known to work, but unsupported - # Note that three settings need to be changed for this to work. + # WARNING: We recommend creating a FQDN to host GitLab in a root path instead of this. + # Note that four settings need to be changed for this to work. # 1) In your application.rb file: config.relative_url_root = "/gitlab" # 2) In your gitlab.yml file: relative_url_root: /gitlab # 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" + # 4) In ../gitlab-shell/config.yml: gitlab_url: "http://127.0.0.1/gitlab" + # To update the path, run: sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production # # relative_url_root: /gitlab @@ -55,11 +57,15 @@ production: &base # default: false - Account passwords are not sent via the email if signup is enabled. # signup_enabled: true + # Restrict setting visibility levels for non-admin users. + # The default is to allow all levels. + #restricted_visibility_levels: [ "public" ] + ## Automatic issue closing # If a commit message matches this regular expression, all issues referenced from the matched text will be closed. - # This happends when the commit is pushed or merged into the default branch of a project. + # This happens when the commit is pushed or merged into the default branch of a project. # When not specified the default issue_closing_pattern as specified below will be used. - # issue_closing_pattern: ([Cc]loses|[Ff]ixes) +#\d+ + # issue_closing_pattern: ([Cc]lose[sd]|[Ff]ixe[sd]) +#\d+ ## Default project features settings default_projects_features: @@ -68,7 +74,7 @@ production: &base wiki: true wall: false snippets: false - public: false + visibility_level: "private" # can be "private" | "internal" | "public" ## External issues trackers issues_tracker: @@ -110,6 +116,8 @@ production: &base # ========================== ## LDAP settings + # You can inspect the first 100 LDAP users with login access by running: + # bundle exec rake gitlab:ldap:check[100] RAILS_ENV=production ldap: enabled: false host: '_your_ldap_server' @@ -136,7 +144,7 @@ production: &base ## Auth providers # Uncomment the following lines and fill in the data of the auth provider you want to use # If your favorite auth provider is not listed you can use others: - # see https://github.com/gitlabhq/gitlabhq/wiki/Using-Custom-Omniauth-Providers + # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Working-custom-omniauth-provider-configurations # The 'app_id' and 'app_secret' parameters are always passed as the first two # arguments, followed by optional 'args' which can be either a hash or an array. providers: @@ -166,6 +174,8 @@ production: &base ## GitLab Shell settings gitlab_shell: + path: /home/git/gitlab-shell/ + # REPOS_PATH MUST NOT BE A SYMLINK!!! repos_path: /home/git/repositories/ hooks_path: /home/git/gitlab-shell/hooks/ diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 942b77ffd2e..ea391ca601c 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -30,6 +30,29 @@ class Settings < Settingslogic gitlab.relative_url_root ].join('') end + + # check that values in `current` (string or integer) is a contant in `modul`. + def verify_constant_array(modul, current, default) + values = default || [] + if !current.nil? + values = [] + current.each do |constant| + values.push(verify_constant(modul, constant, nil)) + end + values.delete_if { |value| value.nil? } + end + values + end + + # check that `current` (string or integer) is a contant in `modul`. + def verify_constant(modul, current, default) + constant = modul.constants.find{ |name| modul.const_get(name) == current } + value = constant.nil? ? default : modul.const_get(constant) + if current.is_a? String + value = modul.const_get(current.upcase) rescue default + end + value + end end end @@ -68,6 +91,7 @@ rescue ArgumentError # no user configured '/home/' + Settings.gitlab['user'] end Settings.gitlab['signup_enabled'] ||= false +Settings.gitlab['restricted_visibility_levels'] = Settings.send(:verify_constant_array, Gitlab::VisibilityLevel, Settings.gitlab['restricted_visibility_levels'], []) Settings.gitlab['username_changing_enabled'] = true if Settings.gitlab['username_changing_enabled'].nil? Settings.gitlab['issue_closing_pattern'] = '([Cc]loses|[Ff]ixes) #(\d+)' if Settings.gitlab['issue_closing_pattern'].nil? Settings.gitlab['default_projects_features'] ||= {} @@ -76,7 +100,7 @@ Settings.gitlab.default_projects_features['merge_requests'] = true if Settings.g Settings.gitlab.default_projects_features['wiki'] = true if Settings.gitlab.default_projects_features['wiki'].nil? Settings.gitlab.default_projects_features['wall'] = false if Settings.gitlab.default_projects_features['wall'].nil? Settings.gitlab.default_projects_features['snippets'] = false if Settings.gitlab.default_projects_features['snippets'].nil? -Settings.gitlab.default_projects_features['public'] = false if Settings.gitlab.default_projects_features['public'].nil? +Settings.gitlab.default_projects_features['visibility_level'] = Settings.send(:verify_constant, Gitlab::VisibilityLevel, Settings.gitlab.default_projects_features['visibility_level'], Gitlab::VisibilityLevel::PRIVATE) # # Gravatar @@ -90,6 +114,7 @@ Settings.gravatar['ssl_url'] ||= 'https://secure.gravatar.com/avatar/%{hash}? # GitLab Shell # Settings['gitlab_shell'] ||= Settingslogic.new({}) +Settings.gitlab_shell['path'] ||= Settings.gitlab['user_home'] + '/gitlab-shell/' Settings.gitlab_shell['hooks_path'] ||= Settings.gitlab['user_home'] + '/gitlab-shell/hooks/' Settings.gitlab_shell['receive_pack'] = true if Settings.gitlab_shell['receive_pack'].nil? Settings.gitlab_shell['upload_pack'] = true if Settings.gitlab_shell['upload_pack'].nil? diff --git a/config/initializers/carrierwave.rb b/config/initializers/carrierwave.rb index 45bc68f3220..6875fa74edd 100644 --- a/config/initializers/carrierwave.rb +++ b/config/initializers/carrierwave.rb @@ -15,5 +15,7 @@ if File.exists?(aws_file) config.fog_directory = AWS_CONFIG['bucket'] # required config.fog_public = false # optional, defaults to true config.fog_attributes = {'Cache-Control'=>'max-age=315576000'} # optional, defaults to {} + config.fog_authenticated_url_expiration = 1 << 29 # optional time (in seconds) that authenticated urls will be valid. + # when fog_public is false and provider is AWS or Google, defaults to 600 end end diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index b7cb808d2e5..25390978cf6 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -6,6 +6,7 @@ Devise.setup do |config| # note that it will be overwritten if you use your own mailer class with default "from" parameter. config.mailer_sender = Gitlab.config.gitlab.email_from + # Configure the class responsible to send e-mails. # config.mailer = "Devise::Mailer" @@ -74,8 +75,8 @@ Devise.setup do |config| # config.pepper = "2ef62d549c4ff98a5d3e0ba211e72cff592060247e3bbbb9f499af1222f876f53d39b39b823132affb32858168c79c1d7741d26499901b63c6030a42129924ef" # ==> Configuration for :confirmable - # The time you want to give your user to confirm his account. During this time - # he will be able to access your application without confirming. Default is 0.days + # The time you want to give a user to confirm their account. During this time + # they will be able to access your application without confirming. Default is 0.days # When confirm_within is zero, the user won't be able to sign in without confirming. # You can use this to let your user access some features of your application # without confirming the account, but blocking it after a certain period @@ -101,7 +102,7 @@ Devise.setup do |config| # ==> Configuration for :validatable # Range for password length. Default is 6..128. - config.password_length = 6..128 + config.password_length = 8..128 # Email regex used to validate email formats. It simply asserts that # an one (and only one) @ exists in the given string. This is mainly diff --git a/config/initializers/gemoji.rb b/config/initializers/gemoji.rb index 8c85aad5d3b..6cc33aced77 100644 --- a/config/initializers/gemoji.rb +++ b/config/initializers/gemoji.rb @@ -1,2 +1,3 @@ # Workaround for https://github.com/github/gemoji/pull/18 +require 'gemoji' Gitlab::Application.config.assets.paths << Emoji.images_path diff --git a/config/initializers/rack_attack.rb.example b/config/initializers/rack_attack.rb.example index 76fa7ad282e..bc3234bf0b6 100644 --- a/config/initializers/rack_attack.rb.example +++ b/config/initializers/rack_attack.rb.example @@ -1,16 +1,18 @@ -# To enable rack-attack for your GitLab instance do the following: -# 1. In config/application.rb find and uncomment the following line: -# config.middleware.use Rack::Attack -# 2. Rename this file to rack_attack.rb -# 3. Review the paths_to_be_protected and add any other path you need protecting -# 4. Restart GitLab instance +# 1. Rename this file to rack_attack.rb +# 2. Review the paths_to_be_protected and add any other path you need protecting # paths_to_be_protected = [ "#{Rails.application.config.relative_url_root}/users/password", "#{Rails.application.config.relative_url_root}/users/sign_in", - "#{Rails.application.config.relative_url_root}/users" + "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json", + "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session", + "#{Rails.application.config.relative_url_root}/users", + "#{Rails.application.config.relative_url_root}/users/confirmation" ] -Rack::Attack.throttle('protected paths', limit: 6, period: 60.seconds) do |req| - req.ip if paths_to_be_protected.include?(req.path) && req.post? + +unless Rails.env.test? + Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req| + req.ip if paths_to_be_protected.include?(req.path) && req.post? + end end diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb index 16d1d4a9fdd..98400290113 100644 --- a/config/initializers/secret_token.rb +++ b/config/initializers/secret_token.rb @@ -21,3 +21,4 @@ def find_secure_token end Gitlab::Application.config.secret_token = find_secure_token +Gitlab::Application.config.secret_key_base = find_secure_token diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 501cad4a838..f80b67a554b 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -2,8 +2,9 @@ Gitlab::Application.config.session_store( :redis_store, # Using the cookie_store would enable session replay attacks. + servers: Gitlab::Application.config.cache_store.last, # re-use the Redis config from the Rails cache store key: '_gitlab_session', - secure: Gitlab::Application.config.force_ssl, + secure: Gitlab.config.gitlab.https, httponly: true, path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root ) diff --git a/config/routes.rb b/config/routes.rb index 78f75d11835..734421ede1d 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -22,7 +22,7 @@ Gitlab::Application.routes.draw do project_root: Gitlab.config.gitlab_shell.repos_path, upload_pack: Gitlab.config.gitlab_shell.upload_pack, receive_pack: Gitlab.config.gitlab_shell.receive_pack - }), at: '/', constraints: lambda { |request| /[-\/\w\.]+\.git\//.match(request.path_info) } + }), at: '/', constraints: lambda { |request| /[-\/\w\.]+\.git\//.match(request.path_info) }, via: [:get, :post] # # Help @@ -86,9 +86,16 @@ Gitlab::Application.routes.draw do get :test end + resources :broadcast_messages, only: [:index, :create, :destroy] resource :logs, only: [:show] resource :background_jobs, controller: 'background_jobs', only: [:show] - resources :projects, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ }, only: [:index, :show] + + resources :projects, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ }, only: [:index, :show] do + member do + put :transfer + end + end + root to: "dashboard#index" end @@ -120,10 +127,11 @@ Gitlab::Application.routes.draw do delete :leave end end + resource :avatar, only: [:destroy] end end - match "/u/:username" => "users#show", as: :user, constraints: { username: /.*/ } + match "/u/:username" => "users#show", as: :user, constraints: { username: /.*/ }, via: :get @@ -162,20 +170,24 @@ Gitlab::Application.routes.draw do member do put :transfer post :fork + post :archive + post :unarchive get :autocomplete_sources end scope module: :projects do - resources :blob, only: [:show], constraints: {id: /.+/} - resources :raw, only: [:show], constraints: {id: /.+/} - resources :tree, only: [:show], constraints: {id: /.+/, format: /(html|js)/ } - resources :edit_tree, only: [:show, :update], constraints: {id: /.+/}, path: 'edit' - resources :commit, only: [:show], constraints: {id: /[[:alnum:]]{6,40}/} - resources :commits, only: [:show], constraints: {id: /(?:[^.]|\.(?!atom$))+/, format: /atom/} - resources :compare, only: [:index, :create] - resources :blame, only: [:show], constraints: {id: /.+/} + resources :blob, only: [:show, :destroy], constraints: {id: /.+/} + resources :raw, only: [:show], constraints: {id: /.+/} + resources :tree, only: [:show], constraints: {id: /.+/, format: /(html|js)/ } + resources :edit_tree, only: [:show, :update], constraints: {id: /.+/}, path: 'edit' + resources :new_tree, only: [:show, :update], constraints: {id: /.+/}, path: 'new' + resources :commit, only: [:show], constraints: {id: /[[:alnum:]]{6,40}/} + resources :commits, only: [:show], constraints: {id: /(?:[^.]|\.(?!atom$))+/, format: /atom/} + resources :compare, only: [:index, :create] + resources :blame, only: [:show], constraints: {id: /.+/} resources :network, only: [:show], constraints: {id: /(?:[^.]|\.(?!json$))+/, format: /json/} - resources :graphs, only: [:show], constraints: {id: /(?:[^.]|\.(?!json$))+/, format: /json/} + resources :graphs, only: [:show], constraints: {id: /(?:[^.]|\.(?!json$))+/, format: /json/} + match "/compare/:from...:to" => "compare#show", as: "compare", via: [:get, :post], constraints: {from: /.+/, to: /.+/} resources :snippets, constraints: {id: /\d+/} do @@ -205,7 +217,7 @@ Gitlab::Application.routes.draw do resource :repository, only: [:show] do member do get "stats" - get "archive" + get "archive", constraints: { format: Gitlab::Regex.archive_formats_regex } end end @@ -286,6 +298,7 @@ Gitlab::Application.routes.draw do resources :team_members, except: [:index, :edit], constraints: { id: /[a-zA-Z.\/0-9_\-#%+]+/ } do collection do + delete :leave # Used for import team # from another project diff --git a/config/unicorn.rb.example b/config/unicorn.rb.example index e4e13426831..ba5e5cdde0b 100644 --- a/config/unicorn.rb.example +++ b/config/unicorn.rb.example @@ -9,11 +9,13 @@ # documentation. # Uncomment and customize the last line to run in a non-root path -# WARNING: This feature is known to work, but unsupported -# Note that three settings need to be changed for this to work. +# WARNING: We recommend creating a FQDN to host GitLab in a root path instead of this. +# Note that four settings need to be changed for this to work. # 1) In your application.rb file: config.relative_url_root = "/gitlab" # 2) In your gitlab.yml file: relative_url_root: /gitlab # 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" +# 4) In ../gitlab-shell/config.yml: gitlab_url: "http://127.0.0.1/gitlab" +# To update the path, run: sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production # # ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" |