Merge branch '7-1-stable' into 7-1-stable-ee

Jacob Vosmaer
2 parents fa9ad95e f59a6d8e
Showing 1 changed file with 58 additions and 17 deletions Show diff stats
README.md
@@ -134,6 +134,30 @@ Note that you cannot use a Unicorn reload to update the Ruby runtime.
 ## Configuration
+### Backup and restore omnibus-gitlab configuration
+
+All configuration for omnibus-gitlab is stored in `/etc/gitlab`. To backup your
+configuration, just backup this directory.
+
+```shell
+# Example backup command for /etc/gitlab:
+# Create a time-stamped .tar file in the current directory.
+# The .tar file will be readable only to root.
+sudo sh -c 'umask 0077; tar -cf $(date "+etc-gitlab-%s.tar") -C / etc/gitlab'
+```
+
+You can extract the .tar file as follows.
+
+```shell
+# Rename the existing /etc/gitlab, if any
+sudo mv /etc/gitlab /etc/gitlab.$(date +%s)
+# Change the example timestamp below for your configuration backup
+sudo tar -xf etc-gitlab-1399948539.tar -C /
+```
+
+Remember to run `sudo gitlab-ctl reconfigure` after restoring a configuration
+backup.
+
 ### Configuring the external URL for GitLab
 In order for GitLab to display correct repository clone links to your users
@@ -206,37 +230,54 @@ Run `sudo gitlab-ctl reconfigure` for the LDAP settings to take effect.
 ### Enable HTTPS
-By default, omnibus-gitlab runs does not use HTTPS.  If you want to enable HTTPS you can add the
-following line to `/etc/gitlab/gitlab.rb`.
+By default, omnibus-gitlab does not use HTTPS. If you want to enable
+HTTPS for gitlab.example.com, first place your key and certificate in
+`/etc/gitlab/ssl/gitlab.example.com.key` and
+`/etc/gitlab/ssl/gitlab.example.com.crt`, respectively.
+
+```
+sudo mkdir -p /etc/gitlab/ssl
+sudo chmod 700 /etc/gitlab/ssl
+sudo cp gitlab.example.com.crt gitlab.example.com.key /etc/gitlab/ssl/
+```
+
+Next, add the following line to `/etc/gitlab/gitlab.rb` and run `sudo
+gitlab-ctl reconfigure`.
 ```ruby
 external_url "https://gitlab.example.com"
 ```
-Redirect `HTTP` requests to `HTTPS`.
+If you are using a firewall you may have to open port 443 to allow inbound
+HTTPS traffic.
+
+```
+# UFW example (Debian, Ubuntu)
+sudo ufw allow https
+
+# lokkit example (RedHat, CentOS)
+sudo lokkit -s https
+```
+
+#### Redirect `HTTP` requests to `HTTPS`.
+
+By default, when you specify an external_url starting with 'https', Nginx will
+no longer listen for unencrypted HTTP traffic on port 80. If you want to
+redirect all HTTP traffic to HTTPS you can use the `redirect_http_to_https`
+setting.
 ```ruby
 external_url "https://gitlab.example.com"
 nginx['redirect_http_to_https'] = true
 ```
-Change the default port and the ssl certificate locations.
+#### Change the default port and the ssl certificate locations.
+
+If you need to use an HTTPS port other than the default (443), just specify it
+as part of the external_url.
 ```ruby
 external_url "https://gitlab.example.com:2443"
-nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt"
-nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key"
-```
-
-Create the default ssl certifcate directory and add the files:
-
-```
-sudo mkdir -p /etc/gitlab/ssl && sudo chmod 700 /etc/gitlab/ssl
-sudo cp gitlab.example.com.crt gitlab.example.com.key /etc/gitlab/ssl/
-# run lokkit to open https on the firewall
-sudo lokkit -s https
-# if you are using a non standard https port
-sudo lokkit -p 2443:tcp
 ```
 Run `sudo gitlab-ctl reconfigure` for the change to take effect.
	@@ -134,6 +134,30 @@ Note that you cannot use a Unicorn reload to update the Ruby runtime.		@@ -134,6 +134,30 @@ Note that you cannot use a Unicorn reload to update the Ruby runtime.
134		134
135	## Configuration	135	## Configuration
136		136
		137	+### Backup and restore omnibus-gitlab configuration
		138	+
		139	+All configuration for omnibus-gitlab is stored in `/etc/gitlab`. To backup your
		140	+configuration, just backup this directory.
		141	+
		142	+```shell
		143	+# Example backup command for /etc/gitlab:
		144	+# Create a time-stamped .tar file in the current directory.
		145	+# The .tar file will be readable only to root.
		146	+sudo sh -c 'umask 0077; tar -cf $(date "+etc-gitlab-%s.tar") -C / etc/gitlab'
		147	+```
		148	+
		149	+You can extract the .tar file as follows.
		150	+
		151	+```shell
		152	+# Rename the existing /etc/gitlab, if any
		153	+sudo mv /etc/gitlab /etc/gitlab.$(date +%s)
		154	+# Change the example timestamp below for your configuration backup
		155	+sudo tar -xf etc-gitlab-1399948539.tar -C /
		156	+```
		157	+
		158	+Remember to run `sudo gitlab-ctl reconfigure` after restoring a configuration
		159	+backup.
		160	+
137	### Configuring the external URL for GitLab	161	### Configuring the external URL for GitLab
138		162
139	In order for GitLab to display correct repository clone links to your users	163	In order for GitLab to display correct repository clone links to your users
	@@ -206,37 +230,54 @@ Run `sudo gitlab-ctl reconfigure` for the LDAP settings to take effect.		@@ -206,37 +230,54 @@ Run `sudo gitlab-ctl reconfigure` for the LDAP settings to take effect.
206		230
207	### Enable HTTPS	231	### Enable HTTPS
208		232
209	-By default, omnibus-gitlab runs does not use HTTPS. If you want to enable HTTPS you can add the
210	-following line to `/etc/gitlab/gitlab.rb`.	233	+By default, omnibus-gitlab does not use HTTPS. If you want to enable
		234	+HTTPS for gitlab.example.com, first place your key and certificate in
		235	+`/etc/gitlab/ssl/gitlab.example.com.key` and
		236	+`/etc/gitlab/ssl/gitlab.example.com.crt`, respectively.
		237	+
		238	+```
		239	+sudo mkdir -p /etc/gitlab/ssl
		240	+sudo chmod 700 /etc/gitlab/ssl
		241	+sudo cp gitlab.example.com.crt gitlab.example.com.key /etc/gitlab/ssl/
		242	+```
		243	+
		244	+Next, add the following line to `/etc/gitlab/gitlab.rb` and run `sudo
		245	+gitlab-ctl reconfigure`.
211		246
212	```ruby	247	```ruby
213	external_url "https://gitlab.example.com"	248	external_url "https://gitlab.example.com"
214	```	249	```
215		250
216	-Redirect `HTTP` requests to `HTTPS`.	251	+If you are using a firewall you may have to open port 443 to allow inbound
		252	+HTTPS traffic.
		253	+
		254	+```
		255	+# UFW example (Debian, Ubuntu)
		256	+sudo ufw allow https
		257	+
		258	+# lokkit example (RedHat, CentOS)
		259	+sudo lokkit -s https
		260	+```
		261	+
		262	+#### Redirect `HTTP` requests to `HTTPS`.
		263	+
		264	+By default, when you specify an external_url starting with 'https', Nginx will
		265	+no longer listen for unencrypted HTTP traffic on port 80. If you want to
		266	+redirect all HTTP traffic to HTTPS you can use the `redirect_http_to_https`
		267	+setting.
217		268
218	```ruby	269	```ruby
219	external_url "https://gitlab.example.com"	270	external_url "https://gitlab.example.com"
220	nginx['redirect_http_to_https'] = true	271	nginx['redirect_http_to_https'] = true
221	```	272	```
222		273
223	-Change the default port and the ssl certificate locations.	274	+#### Change the default port and the ssl certificate locations.
		275	+
		276	+If you need to use an HTTPS port other than the default (443), just specify it
		277	+as part of the external_url.
224		278
225	```ruby	279	```ruby
226	external_url "https://gitlab.example.com:2443"	280	external_url "https://gitlab.example.com:2443"
227	-nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt"
228	-nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key"
229	-```
230	-
231	-Create the default ssl certifcate directory and add the files:
232	-
233	-```
234	-sudo mkdir -p /etc/gitlab/ssl && sudo chmod 700 /etc/gitlab/ssl
235	-sudo cp gitlab.example.com.crt gitlab.example.com.key /etc/gitlab/ssl/
236	-# run lokkit to open https on the firewall
237	-sudo lokkit -s https
238	-# if you are using a non standard https port
239	-sudo lokkit -p 2443:tcp
240	```	281	```
241		282
242	Run `sudo gitlab-ctl reconfigure` for the change to take effect.	283	Run `sudo gitlab-ctl reconfigure` for the change to take effect.