diff --git a/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb b/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb index 7b8fe04..ae0355a 100644 --- a/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb +++ b/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb @@ -63,6 +63,10 @@ server { # if a file, which is not found in the root folder is requested, # then the proxy pass the request to the upsteam (gitlab unicorn) location @gitlab { + # If you use https make sure you disable gzip compression + # to be safe against BREACH attack + <%= 'gzip off;' if @https %> + proxy_read_timeout 300; # Some requests take more than 30 seconds. proxy_connect_timeout 300; # Some requests take more than 30 seconds. proxy_redirect off; @@ -75,5 +79,16 @@ server { proxy_pass http://gitlab; } + # Enable gzip compression as per rails guide: http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression + # WARNING: If you are using relative urls do remove the block below + # See config/application.rb under "Relative url support" for the list of + # other files that need to be changed for relative url support + location ~ ^/(assets)/ { + root /home/git/gitlab/public; + gzip_static on; # to serve pre-gzipped version + expires max; + add_header Cache-Control public; + } + error_page 502 /502.html; } -- libgit2 0.21.2