From e3098b69e7a4bc8b08bd85093204305991d8370d Mon Sep 17 00:00:00 2001 From: Hugo Osvaldo Barrera Date: Mon, 3 Nov 2014 11:25:31 -0300 Subject: Don't enable IPv4 *only* on nginx. The current configuration sample files only enable IPv4 by default, making the server inaccesible for many remote hosts (and an increasing amount every day). Enable IPv4 and IPv6 by default. Older servers with no external IPv6 connectivity will not fail since they'll have a local-link IPv6 address to bind to anyway. --- lib/support/nginx/gitlab | 3 ++- lib/support/nginx/gitlab-ssl | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'lib/support') diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab index 49a68c62293..6369c1e02ff 100644 --- a/lib/support/nginx/gitlab +++ b/lib/support/nginx/gitlab @@ -33,7 +33,8 @@ upstream gitlab { ## Normal HTTP host server { - listen *:80 default_server; + listen 0.0.0.0:80 default_server; + listen [::]:80 default_server; server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com server_tokens off; ## Don't show the nginx version number, a security best practice root /home/git/gitlab/public; diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl index cbb198086b5..e992ebaf656 100644 --- a/lib/support/nginx/gitlab-ssl +++ b/lib/support/nginx/gitlab-ssl @@ -39,7 +39,8 @@ upstream gitlab { ## Normal HTTP host server { - listen *:80 default_server; + listen 0.0.0.0:80; + listen [::]:80 default_server; server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com server_tokens off; ## Don't show the nginx version number, a security best practice @@ -50,7 +51,8 @@ server { ## HTTPS host server { - listen 443 ssl; + listen 0.0.0.0:443 ssl; + listen [::]:443 ssl default_server; server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com server_tokens off; root /home/git/gitlab/public; -- cgit v1.2.1 From 271a3520794d0d977ba3907963871da59cee554f Mon Sep 17 00:00:00 2001 From: Ben Bodenmiller Date: Sat, 8 Nov 2014 23:33:27 -0800 Subject: minor updates & formatting changes minor updates @ formatting changes to match other versions of file. Unify formatting of https://github.com/gitlabhq/gitlabhq/blob/master/lib/support/nginx/gitlab, https://github.com/gitlabhq/gitlabhq/blob/master/lib/support/nginx/gitlab-ssl, & https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb --- lib/support/nginx/gitlab | 7 +++++-- lib/support/nginx/gitlab-ssl | 24 ++++++++++-------------- 2 files changed, 15 insertions(+), 16 deletions(-) (limited to 'lib/support') diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab index 49a68c62293..eeba62c6b10 100644 --- a/lib/support/nginx/gitlab +++ b/lib/support/nginx/gitlab @@ -1,5 +1,5 @@ ## GitLab -## Maintainer: @randx +## Contributors: randx, yin8086, sashkab, orkoden, axilleas, bbodenmiller ## ## Lines starting with two hashes (##) are comments with information. ## Lines starting with one hash (#) are configuration parameters that can be uncommented. @@ -15,7 +15,7 @@ ## - installing an old version of Nginx with the chunkin module [2] compiled in, or ## - using a newer version of Nginx. ## -## At the time of writing we do not know if either of these theoretical solutions works. +## At the time of writing we do not know if either of these theoretical solutions works. ## As a workaround users can use Git over SSH to push large files. ## ## [0] https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99 @@ -26,6 +26,7 @@ ## configuration ## ################################### ## +## See installation.md#using-https for additional HTTPS configuration details. upstream gitlab { server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0; @@ -42,6 +43,8 @@ server { ## Or if you want to accept large git objects over http client_max_body_size 20m; + ## See app/controllers/application_controller.rb for headers set + ## Individual nginx logs for this GitLab vhost access_log /var/log/nginx/gitlab_access.log; error_log /var/log/nginx/gitlab_error.log; diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl index cbb198086b5..979e032a1c5 100644 --- a/lib/support/nginx/gitlab-ssl +++ b/lib/support/nginx/gitlab-ssl @@ -1,5 +1,5 @@ ## GitLab -## Contributors: randx, yin8086, sashkab, orkoden, axilleas +## Contributors: randx, yin8086, sashkab, orkoden, axilleas, bbodenmiller ## ## Modified from nginx http version ## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/ @@ -26,9 +26,8 @@ ## [1] https://github.com/agentzh/chunkin-nginx-module#status ## [2] https://github.com/agentzh/chunkin-nginx-module ## -## ################################### -## SSL configuration ## +## configuration ## ################################### ## ## See installation.md#using-https for additional HTTPS configuration details. @@ -37,22 +36,22 @@ upstream gitlab { server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0; } -## Normal HTTP host +## Redirects all HTTP traffic to the HTTPS host server { listen *:80 default_server; server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com server_tokens off; ## Don't show the nginx version number, a security best practice - - ## Redirects all traffic to the HTTPS host - root /nowhere; ## root doesn't have to be a valid path since we are redirecting - rewrite ^ https://$server_name$request_uri? permanent; + return 301 https://$server_name$request_uri; + access_log /var/log/nginx/gitlab_access.log; + error_log /var/log/nginx/gitlab_error.log; } + ## HTTPS host server { listen 443 ssl; server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com - server_tokens off; + server_tokens off; ## Don't show the nginx version number, a security best practice root /home/git/gitlab/public; ## Increase this if you want to upload large attachments @@ -70,12 +69,9 @@ server { ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; + ssl_session_timeout 5m; - ## [WARNING] The following header states that the browser should only communicate - ## with your server over a secure connection for the next 24 months. - add_header Strict-Transport-Security max-age=63072000; - add_header X-Frame-Options SAMEORIGIN; - add_header X-Content-Type-Options nosniff; + ## See app/controllers/application_controller.rb for headers set ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. ## Replace with your ssl_trusted_certificate. For more info see: -- cgit v1.2.1 From 434c4a2b5d0a6b89d050f3b7b4e4e4442ffde733 Mon Sep 17 00:00:00 2001 From: sbeh Date: Wed, 26 Nov 2014 00:31:50 +0100 Subject: Socket [::]:123 on Linux listens on IPv4 and IPv6 This will ensure nginx starts up without the following errors messages: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use) nginx: [emerg] bind() to [::]:443 failed (98: Address already in use) nginx: [emerg] bind() to [::]:443 failed (98: Address already in use) nginx: [emerg] bind() to [::]:443 failed (98: Address already in use) nginx: [emerg] bind() to [::]:443 failed (98: Address already in use) nginx: [emerg] still could not bind() Googling for them leads you to this site: https://chrisjean.com/2014/02/10/fix-nginx-emerg-bind-to-80-failed-98-address-already-in-use/ --- lib/support/nginx/gitlab-ssl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/support') diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl index 4e53d5e8b50..19af010a9f7 100644 --- a/lib/support/nginx/gitlab-ssl +++ b/lib/support/nginx/gitlab-ssl @@ -39,7 +39,7 @@ upstream gitlab { ## Redirects all HTTP traffic to the HTTPS host server { listen 0.0.0.0:80; - listen [::]:80 default_server; + listen [::]:80 ipv6only=on default_server; server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com server_tokens off; ## Don't show the nginx version number, a security best practice return 301 https://$server_name$request_uri; @@ -51,7 +51,7 @@ server { ## HTTPS host server { listen 0.0.0.0:443 ssl; - listen [::]:443 ssl default_server; + listen [::]:443 ipv6only=on ssl default_server; server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com server_tokens off; ## Don't show the nginx version number, a security best practice root /home/git/gitlab/public; -- cgit v1.2.1 From 56f211aa50246ff167894fcd050acad88d81f59e Mon Sep 17 00:00:00 2001 From: mattes Date: Fri, 5 Sep 2014 03:57:28 +0200 Subject: allow for private repositories --- lib/support/nginx/gitlab | 15 +++++++++++++++ lib/support/nginx/gitlab-ssl | 15 +++++++++++++++ 2 files changed, 30 insertions(+) (limited to 'lib/support') diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab index c8b769ace8e..ab6ca6e6260 100644 --- a/lib/support/nginx/gitlab +++ b/lib/support/nginx/gitlab @@ -56,6 +56,21 @@ server { try_files $uri $uri/index.html $uri.html @gitlab; } + ## If ``go get`` detected, return go-import meta tag. + ## This works for public and for private repositories. + ## See also http://golang.org/cmd/go/#hdr-Remote_import_paths + if ($http_user_agent ~* "Go") { + return 200 " + + + + + + + + "; + } + ## If a file, which is not found in the root folder is requested, ## then the proxy passes the request to the upsteam (gitlab unicorn). location @gitlab { diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl index 4e53d5e8b50..1903c9aa4fb 100644 --- a/lib/support/nginx/gitlab-ssl +++ b/lib/support/nginx/gitlab-ssl @@ -101,6 +101,21 @@ server { try_files $uri $uri/index.html $uri.html @gitlab; } + ## If ``go get`` detected, return go-import meta tag. + ## This works for public and for private repositories. + ## See also http://golang.org/cmd/go/#hdr-Remote_import_paths + if ($http_user_agent ~* "Go") { + return 200 " + + + + + + + + "; + } + ## If a file, which is not found in the root folder is requested, ## then the proxy passes the request to the upsteam (gitlab unicorn). location @gitlab { -- cgit v1.2.1 From 2c9b35732409c2a73150788067e1b03b91101f39 Mon Sep 17 00:00:00 2001 From: mattes Date: Fri, 5 Sep 2014 11:43:52 +0200 Subject: remove optional html tags --- lib/support/nginx/gitlab | 7 +------ lib/support/nginx/gitlab-ssl | 7 +------ 2 files changed, 2 insertions(+), 12 deletions(-) (limited to 'lib/support') diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab index ab6ca6e6260..80827150bee 100644 --- a/lib/support/nginx/gitlab +++ b/lib/support/nginx/gitlab @@ -62,12 +62,7 @@ server { if ($http_user_agent ~* "Go") { return 200 " - - - - - - + "; } diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl index 1903c9aa4fb..7fb4d568d21 100644 --- a/lib/support/nginx/gitlab-ssl +++ b/lib/support/nginx/gitlab-ssl @@ -107,12 +107,7 @@ server { if ($http_user_agent ~* "Go") { return 200 " - - - - - - + "; } -- cgit v1.2.1 From eb210f4a1876f0dbf70b8c3ae855b6a986777421 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Fri, 20 Feb 2015 12:22:53 +0100 Subject: Modify nginx config to let /uploads go through to unicorn. --- lib/support/nginx/gitlab | 41 +++++++++++++++++++++++------------------ lib/support/nginx/gitlab-ssl | 43 ++++++++++++++++++++++++------------------- 2 files changed, 47 insertions(+), 37 deletions(-) (limited to 'lib/support') diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab index c8b769ace8e..a4f0b973e3c 100644 --- a/lib/support/nginx/gitlab +++ b/lib/support/nginx/gitlab @@ -1,5 +1,5 @@ ## GitLab -## Contributors: randx, yin8086, sashkab, orkoden, axilleas, bbodenmiller +## Contributors: randx, yin8086, sashkab, orkoden, axilleas, bbodenmiller, DouweM ## ## Lines starting with two hashes (##) are comments with information. ## Lines starting with one hash (#) are configuration parameters that can be uncommented. @@ -50,31 +50,36 @@ server { access_log /var/log/nginx/gitlab_access.log; error_log /var/log/nginx/gitlab_error.log; + ## If you use HTTPS make sure you disable gzip compression + ## to be safe against BREACH attack. + # gzip off; + + ## https://github.com/gitlabhq/gitlabhq/issues/694 + ## Some requests take more than 30 seconds. + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_redirect off; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + location / { ## Serve static files from defined root folder. ## @gitlab is a named location for the upstream fallback, see below. try_files $uri $uri/index.html $uri.html @gitlab; } + ## We route uploads through GitLab to prevent XSS and enforce access control. + location /uploads/ { + proxy_pass http://gitlab; + } + ## If a file, which is not found in the root folder is requested, ## then the proxy passes the request to the upsteam (gitlab unicorn). location @gitlab { - ## If you use HTTPS make sure you disable gzip compression - ## to be safe against BREACH attack. - # gzip off; - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://gitlab; } @@ -84,7 +89,7 @@ server { ## See config/application.rb under "Relative url support" for the list of ## other files that need to be changed for relative url support location ~ ^/(assets)/ { - root /home/git/gitlab/public; + gzip on; gzip_static on; # to serve pre-gzipped version expires max; add_header Cache-Control public; diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl index 19af010a9f7..4c88107ce0e 100644 --- a/lib/support/nginx/gitlab-ssl +++ b/lib/support/nginx/gitlab-ssl @@ -1,5 +1,5 @@ ## GitLab -## Contributors: randx, yin8086, sashkab, orkoden, axilleas, bbodenmiller +## Contributors: randx, yin8086, sashkab, orkoden, axilleas, bbodenmiller, DouweM ## ## Modified from nginx http version ## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/ @@ -94,6 +94,23 @@ server { ## Individual nginx logs for this GitLab vhost access_log /var/log/nginx/gitlab_access.log; error_log /var/log/nginx/gitlab_error.log; + + ## If you use HTTPS make sure you disable gzip compression + ## to be safe against BREACH attack. + gzip off; + + ## https://github.com/gitlabhq/gitlabhq/issues/694 + ## Some requests take more than 30 seconds. + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_redirect off; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Ssl on; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; location / { ## Serve static files from defined root folder. @@ -101,26 +118,14 @@ server { try_files $uri $uri/index.html $uri.html @gitlab; } + ## We route uploads through GitLab to prevent XSS and enforce access control. + location /uploads/ { + proxy_pass http://gitlab; + } + ## If a file, which is not found in the root folder is requested, ## then the proxy passes the request to the upsteam (gitlab unicorn). location @gitlab { - ## If you use HTTPS make sure you disable gzip compression - ## to be safe against BREACH attack. - gzip off; - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Ssl on; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://gitlab; } @@ -130,7 +135,7 @@ server { ## See config/application.rb under "Relative url support" for the list of ## other files that need to be changed for relative url support location ~ ^/(assets)/ { - root /home/git/gitlab/public; + gzip on; gzip_static on; # to serve pre-gzipped version expires max; add_header Cache-Control public; -- cgit v1.2.1 From 08874d2b51e71debac61659050ea577dffd89bf8 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Fri, 20 Feb 2015 23:27:17 +0100 Subject: Make changes to nginx config less likely to break something. --- lib/support/nginx/gitlab | 49 ++++++++++++++++++++++++++--------------- lib/support/nginx/gitlab-ssl | 52 +++++++++++++++++++++++++++++--------------- 2 files changed, 66 insertions(+), 35 deletions(-) (limited to 'lib/support') diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab index a4f0b973e3c..b6889bb7d97 100644 --- a/lib/support/nginx/gitlab +++ b/lib/support/nginx/gitlab @@ -50,22 +50,6 @@ server { access_log /var/log/nginx/gitlab_access.log; error_log /var/log/nginx/gitlab_error.log; - ## If you use HTTPS make sure you disable gzip compression - ## to be safe against BREACH attack. - # gzip off; - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; - location / { ## Serve static files from defined root folder. ## @gitlab is a named location for the upstream fallback, see below. @@ -74,12 +58,44 @@ server { ## We route uploads through GitLab to prevent XSS and enforce access control. location /uploads/ { + ## If you use HTTPS make sure you disable gzip compression + ## to be safe against BREACH attack. + # gzip off; + + ## https://github.com/gitlabhq/gitlabhq/issues/694 + ## Some requests take more than 30 seconds. + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_redirect off; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_pass http://gitlab; } ## If a file, which is not found in the root folder is requested, ## then the proxy passes the request to the upsteam (gitlab unicorn). location @gitlab { + ## If you use HTTPS make sure you disable gzip compression + ## to be safe against BREACH attack. + # gzip off; + + ## https://github.com/gitlabhq/gitlabhq/issues/694 + ## Some requests take more than 30 seconds. + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_redirect off; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_pass http://gitlab; } @@ -89,7 +105,6 @@ server { ## See config/application.rb under "Relative url support" for the list of ## other files that need to be changed for relative url support location ~ ^/(assets)/ { - gzip on; gzip_static on; # to serve pre-gzipped version expires max; add_header Cache-Control public; diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl index 4c88107ce0e..73885e6c22a 100644 --- a/lib/support/nginx/gitlab-ssl +++ b/lib/support/nginx/gitlab-ssl @@ -94,23 +94,6 @@ server { ## Individual nginx logs for this GitLab vhost access_log /var/log/nginx/gitlab_access.log; error_log /var/log/nginx/gitlab_error.log; - - ## If you use HTTPS make sure you disable gzip compression - ## to be safe against BREACH attack. - gzip off; - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Ssl on; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; location / { ## Serve static files from defined root folder. @@ -120,12 +103,46 @@ server { ## We route uploads through GitLab to prevent XSS and enforce access control. location /uploads/ { + ## If you use HTTPS make sure you disable gzip compression + ## to be safe against BREACH attack. + gzip off; + + ## https://github.com/gitlabhq/gitlabhq/issues/694 + ## Some requests take more than 30 seconds. + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_redirect off; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Ssl on; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_pass http://gitlab; } ## If a file, which is not found in the root folder is requested, ## then the proxy passes the request to the upsteam (gitlab unicorn). location @gitlab { + ## If you use HTTPS make sure you disable gzip compression + ## to be safe against BREACH attack. + gzip off; + + ## https://github.com/gitlabhq/gitlabhq/issues/694 + ## Some requests take more than 30 seconds. + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_redirect off; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Ssl on; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_pass http://gitlab; } @@ -135,7 +152,6 @@ server { ## See config/application.rb under "Relative url support" for the list of ## other files that need to be changed for relative url support location ~ ^/(assets)/ { - gzip on; gzip_static on; # to serve pre-gzipped version expires max; add_header Cache-Control public; -- cgit v1.2.1 From 26d57a648c09f40bd1da3c81a0efe3661288b1af Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Fri, 20 Feb 2015 23:32:39 +0100 Subject: Restore nginx config a little more. --- lib/support/nginx/gitlab | 1 + lib/support/nginx/gitlab-ssl | 1 + 2 files changed, 2 insertions(+) (limited to 'lib/support') diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab index b6889bb7d97..62a4276536c 100644 --- a/lib/support/nginx/gitlab +++ b/lib/support/nginx/gitlab @@ -105,6 +105,7 @@ server { ## See config/application.rb under "Relative url support" for the list of ## other files that need to be changed for relative url support location ~ ^/(assets)/ { + root /home/git/gitlab/public; gzip_static on; # to serve pre-gzipped version expires max; add_header Cache-Control public; diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl index 73885e6c22a..2aefc944698 100644 --- a/lib/support/nginx/gitlab-ssl +++ b/lib/support/nginx/gitlab-ssl @@ -152,6 +152,7 @@ server { ## See config/application.rb under "Relative url support" for the list of ## other files that need to be changed for relative url support location ~ ^/(assets)/ { + root /home/git/gitlab/public; gzip_static on; # to serve pre-gzipped version expires max; add_header Cache-Control public; -- cgit v1.2.1