Merge branch '7-1-stable' into 7-1-stable-ee

Jacob Vosmaer
2 parents fa9ad95e f59a6d8e
Showing 1 changed file with 58 additions and 17 deletions Show diff stats
README.md
@@ -134,6 +134,30 @@ Note that you cannot use a Unicorn reload to update the Ruby runtime.
  
 ## Configuration
  
+### Backup and restore omnibus-gitlab configuration
+
+All configuration for omnibus-gitlab is stored in `/etc/gitlab`. To backup your
+configuration, just backup this directory.
+
+```shell
+# Example backup command for /etc/gitlab:
+# Create a time-stamped .tar file in the current directory.
+# The .tar file will be readable only to root.
+sudo sh -c 'umask 0077; tar -cf $(date "+etc-gitlab-%s.tar") -C / etc/gitlab'
+```
+
+You can extract the .tar file as follows.
+
+```shell
+# Rename the existing /etc/gitlab, if any
+sudo mv /etc/gitlab /etc/gitlab.$(date +%s)
+# Change the example timestamp below for your configuration backup
+sudo tar -xf etc-gitlab-1399948539.tar -C /
+```
+
+Remember to run `sudo gitlab-ctl reconfigure` after restoring a configuration
+backup.
+
 ### Configuring the external URL for GitLab
  
 In order for GitLab to display correct repository clone links to your users
@@ -206,37 +230,54 @@ Run `sudo gitlab-ctl reconfigure` for the LDAP settings to take effect.
  
 ### Enable HTTPS
  
-By default, omnibus-gitlab runs does not use HTTPS.  If you want to enable HTTPS you can add the
-following line to `/etc/gitlab/gitlab.rb`.
+By default, omnibus-gitlab does not use HTTPS. If you want to enable
+HTTPS for gitlab.example.com, first place your key and certificate in
+`/etc/gitlab/ssl/gitlab.example.com.key` and
+`/etc/gitlab/ssl/gitlab.example.com.crt`, respectively.
+
+```
+sudo mkdir -p /etc/gitlab/ssl
+sudo chmod 700 /etc/gitlab/ssl
+sudo cp gitlab.example.com.crt gitlab.example.com.key /etc/gitlab/ssl/
+```
+
+Next, add the following line to `/etc/gitlab/gitlab.rb` and run `sudo
+gitlab-ctl reconfigure`.
  
 ```ruby
 external_url "https://gitlab.example.com"
 ```
  
-Redirect `HTTP` requests to `HTTPS`.
+If you are using a firewall you may have to open port 443 to allow inbound
+HTTPS traffic.
+
+```
+# UFW example (Debian, Ubuntu)
+sudo ufw allow https
+
+# lokkit example (RedHat, CentOS)
+sudo lokkit -s https
+```
+
+#### Redirect `HTTP` requests to `HTTPS`.
+
+By default, when you specify an external_url starting with 'https', Nginx will
+no longer listen for unencrypted HTTP traffic on port 80. If you want to
+redirect all HTTP traffic to HTTPS you can use the `redirect_http_to_https`
+setting.
  
 ```ruby
 external_url "https://gitlab.example.com"
 nginx['redirect_http_to_https'] = true
 ```
  
-Change the default port and the ssl certificate locations.
+#### Change the default port and the ssl certificate locations.
+
+If you need to use an HTTPS port other than the default (443), just specify it
+as part of the external_url.
  
 ```ruby
 external_url "https://gitlab.example.com:2443"
-nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt"
-nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key"
-```
-
-Create the default ssl certifcate directory and add the files:
-
-```
-sudo mkdir -p /etc/gitlab/ssl && sudo chmod 700 /etc/gitlab/ssl
-sudo cp gitlab.example.com.crt gitlab.example.com.key /etc/gitlab/ssl/
-# run lokkit to open https on the firewall
-sudo lokkit -s https
-# if you are using a non standard https port
-sudo lokkit -p 2443:tcp
 ```
  
 Run `sudo gitlab-ctl reconfigure` for the change to take effect.
...	...	@@ -134,6 +134,30 @@ Note that you cannot use a Unicorn reload to update the Ruby runtime.
134	134
135	135	## Configuration
136	136
	137	+### Backup and restore omnibus-gitlab configuration
	138	+
	139	+All configuration for omnibus-gitlab is stored in `/etc/gitlab`. To backup your
	140	+configuration, just backup this directory.
	141	+
	142	+```shell
	143	+# Example backup command for /etc/gitlab:
	144	+# Create a time-stamped .tar file in the current directory.
	145	+# The .tar file will be readable only to root.
	146	+sudo sh -c 'umask 0077; tar -cf $(date "+etc-gitlab-%s.tar") -C / etc/gitlab'
	147	+```
	148	+
	149	+You can extract the .tar file as follows.
	150	+
	151	+```shell
	152	+# Rename the existing /etc/gitlab, if any
	153	+sudo mv /etc/gitlab /etc/gitlab.$(date +%s)
	154	+# Change the example timestamp below for your configuration backup
	155	+sudo tar -xf etc-gitlab-1399948539.tar -C /
	156	+```
	157	+
	158	+Remember to run `sudo gitlab-ctl reconfigure` after restoring a configuration
	159	+backup.
	160	+
137	161	### Configuring the external URL for GitLab
138	162
139	163	In order for GitLab to display correct repository clone links to your users
...	...	@@ -206,37 +230,54 @@ Run `sudo gitlab-ctl reconfigure` for the LDAP settings to take effect.
206	230
207	231	### Enable HTTPS
208	232
209		-By default, omnibus-gitlab runs does not use HTTPS. If you want to enable HTTPS you can add the
210		-following line to `/etc/gitlab/gitlab.rb`.
	233	+By default, omnibus-gitlab does not use HTTPS. If you want to enable
	234	+HTTPS for gitlab.example.com, first place your key and certificate in
	235	+`/etc/gitlab/ssl/gitlab.example.com.key` and
	236	+`/etc/gitlab/ssl/gitlab.example.com.crt`, respectively.
	237	+
	238	+```
	239	+sudo mkdir -p /etc/gitlab/ssl
	240	+sudo chmod 700 /etc/gitlab/ssl
	241	+sudo cp gitlab.example.com.crt gitlab.example.com.key /etc/gitlab/ssl/
	242	+```
	243	+
	244	+Next, add the following line to `/etc/gitlab/gitlab.rb` and run `sudo
	245	+gitlab-ctl reconfigure`.
211	246
212	247	```ruby
213	248	external_url "https://gitlab.example.com"
214	249	```
215	250
216		-Redirect `HTTP` requests to `HTTPS`.
	251	+If you are using a firewall you may have to open port 443 to allow inbound
	252	+HTTPS traffic.
	253	+
	254	+```
	255	+# UFW example (Debian, Ubuntu)
	256	+sudo ufw allow https
	257	+
	258	+# lokkit example (RedHat, CentOS)
	259	+sudo lokkit -s https
	260	+```
	261	+
	262	+#### Redirect `HTTP` requests to `HTTPS`.
	263	+
	264	+By default, when you specify an external_url starting with 'https', Nginx will
	265	+no longer listen for unencrypted HTTP traffic on port 80. If you want to
	266	+redirect all HTTP traffic to HTTPS you can use the `redirect_http_to_https`
	267	+setting.
217	268
218	269	```ruby
219	270	external_url "https://gitlab.example.com"
220	271	nginx['redirect_http_to_https'] = true
221	272	```
222	273
223		-Change the default port and the ssl certificate locations.
	274	+#### Change the default port and the ssl certificate locations.
	275	+
	276	+If you need to use an HTTPS port other than the default (443), just specify it
	277	+as part of the external_url.
224	278
225	279	```ruby
226	280	external_url "https://gitlab.example.com:2443"
227		-nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt"
228		-nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key"
229		-```
230		-
231		-Create the default ssl certifcate directory and add the files:
232		-
233		-```
234		-sudo mkdir -p /etc/gitlab/ssl && sudo chmod 700 /etc/gitlab/ssl
235		-sudo cp gitlab.example.com.crt gitlab.example.com.key /etc/gitlab/ssl/
236		-# run lokkit to open https on the firewall
237		-sudo lokkit -s https
238		-# if you are using a non standard https port
239		-sudo lokkit -p 2443:tcp
240	281	```
241	282
242	283	Run `sudo gitlab-ctl reconfigure` for the change to take effect.
...	...