Commit 57adc3c07b48e5125218417052d6aab3d23b1d46
Exists in
7-2-stable-ee
Merge branch '7-2-stable' of gitlab.com:gitlab-org/omnibus-gitlab into 7-2-stable-ee
Showing
2 changed files
with
34 additions
and
2 deletions
Show diff stats
README.md
| ... | ... | @@ -214,6 +214,30 @@ git_data_dir "/mnt/nas/git-data" |
| 214 | 214 | |
| 215 | 215 | Run `sudo gitlab-ctl reconfigure` for the change to take effect. |
| 216 | 216 | |
| 217 | +If you already have existing Git repositories in `/var/opt/gitlab/git-data` you | |
| 218 | +can move them to the new location as follows: | |
| 219 | + | |
| 220 | +```shell | |
| 221 | +# Prevent users from writing to the repositories while you move them. | |
| 222 | +sudo gitlab-ctl stop | |
| 223 | + | |
| 224 | +# Only move 'repositories'; 'gitlab-satellites' will be recreated | |
| 225 | +# automatically. Note there is _no_ slash behind 'repositories', but there _is_ a | |
| 226 | +# slash behind 'git-data'. | |
| 227 | +sudo rsync -av /var/opt/gitlab/git-data/repositories /mnt/nas/git-data/ | |
| 228 | + | |
| 229 | +# Fix permissions if necessary | |
| 230 | +sudo gitlab-ctl reconfigure | |
| 231 | + | |
| 232 | +# Double-check directory layout in /mnt/nas/git-data. Expected output: | |
| 233 | +# gitlab-satellites repositories | |
| 234 | +sudo ls /mnt/nas/git-data/ | |
| 235 | + | |
| 236 | +# Done! Start GitLab and verify that you can browse through the repositories in | |
| 237 | +# the web interface. | |
| 238 | +sudo gitlab-ctl start | |
| 239 | +``` | |
| 240 | + | |
| 217 | 241 | ### Changing the name of the Git user / group |
| 218 | 242 | |
| 219 | 243 | By default, omnibus-gitlab uses the user name `git` for Git gitlab-shell login, | ... | ... |
files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb
| ... | ... | @@ -12,11 +12,19 @@ paths_to_be_protected = [ |
| 12 | 12 | "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json", |
| 13 | 13 | "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session", |
| 14 | 14 | "#{Rails.application.config.relative_url_root}/users", |
| 15 | - "#{Rails.application.config.relative_url_root}/users/confirmation" | |
| 15 | + "#{Rails.application.config.relative_url_root}/users/confirmation", | |
| 16 | + "#{Rails.application.config.relative_url_root}/unsubscribes/" | |
| 17 | + | |
| 16 | 18 | ] |
| 17 | 19 | |
| 20 | +# Create one big regular expression that matches strings starting with any of | |
| 21 | +# the paths_to_be_protected. | |
| 22 | +paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ }) | |
| 23 | + | |
| 18 | 24 | unless Rails.env.test? |
| 19 | 25 | Rack::Attack.throttle('protected paths', limit: <%= @rate_limit_requests_per_period %>, period: <%= @rate_limit_period %>.seconds) do |req| |
| 20 | - req.ip if paths_to_be_protected.include?(req.path) && req.post? | |
| 26 | + if req.post? && req.path =~ paths_regex | |
| 27 | + req.ip | |
| 28 | + end | |
| 21 | 29 | end |
| 22 | 30 | end | ... | ... |