Commit a3e35f619901626269e8a2fde5acad5205bda76c
Exists in
master
Merge branch 'non_bundled_server' into 'master'
Non bundled webserver support Fixes #157 See merge request !199
Showing
8 changed files
with
90 additions
and
6 deletions
Show diff stats
README.md
... | ... | @@ -333,6 +333,29 @@ external_url "https://gitlab.example.com:2443" |
333 | 333 | |
334 | 334 | Run `sudo gitlab-ctl reconfigure` for the change to take effect. |
335 | 335 | |
336 | +#### Use non-bundled web-server | |
337 | + | |
338 | +By default, omnibus-gitlab installs GitLab with bundled Nginx. | |
339 | +To use another web server like Apache or an existing Nginx installation you will | |
340 | +have to do the following steps: | |
341 | + | |
342 | +Disable bundled Nginx by specifying in `/etc/gitlab/gitlab.rb`: | |
343 | + | |
344 | +```ruby | |
345 | +nginx['enable'] = false | |
346 | +``` | |
347 | + | |
348 | +omnibus-gitlab allows webserver access through user `gitlab-www` which resides in the group with the same name. | |
349 | +To allow an external webserver access to GitLab, you will need to add the webserver user to `gitlab-www` group. | |
350 | +Let's say that webserver user is `www-data`. Adding the user to `gitlab-www` group can be done with: | |
351 | + | |
352 | +``` | |
353 | +usermod -G gitlab-www www-data | |
354 | +``` | |
355 | + | |
356 | +Run `sudo gitlab-ctl reconfigure` for the change to take effect. | |
357 | + | |
358 | + | |
336 | 359 | ### Adding ENV Vars to the Gitlab Runtime Environment |
337 | 360 | |
338 | 361 | If you need Gitlab to have access to certain environment variables, you can | ... | ... |
files/gitlab-cookbooks/gitlab/attributes/default.rb
... | ... | @@ -158,7 +158,7 @@ default['gitlab']['unicorn']['log_directory'] = "/var/log/gitlab/unicorn" |
158 | 158 | default['gitlab']['unicorn']['worker_processes'] = 2 |
159 | 159 | default['gitlab']['unicorn']['listen'] = '127.0.0.1' |
160 | 160 | default['gitlab']['unicorn']['port'] = 8080 |
161 | -default['gitlab']['unicorn']['socket'] = '/var/opt/gitlab/gitlab-rails/tmp/sockets/gitlab.socket' | |
161 | +default['gitlab']['unicorn']['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' | |
162 | 162 | default['gitlab']['unicorn']['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid' |
163 | 163 | default['gitlab']['unicorn']['tcp_nopush'] = true |
164 | 164 | default['gitlab']['unicorn']['backlog_socket'] = 64 |
... | ... | @@ -233,6 +233,15 @@ default['gitlab']['redis']['shell'] = "/bin/nologin" |
233 | 233 | default['gitlab']['redis']['home'] = "/var/opt/gitlab/redis" |
234 | 234 | default['gitlab']['redis']['port'] = 6379 |
235 | 235 | |
236 | +#### | |
237 | +# Web server | |
238 | +#### | |
239 | +# Username for the webserver user | |
240 | +default['gitlab']['web-server']['username'] = 'gitlab-www' | |
241 | +default['gitlab']['web-server']['group'] = 'gitlab-www' | |
242 | +default['gitlab']['web-server']['uid'] = nil | |
243 | +default['gitlab']['web-server']['gid'] = nil | |
244 | +default['gitlab']['web-server']['shell'] = "/bin/false" | |
236 | 245 | |
237 | 246 | #### |
238 | 247 | # Nginx | ... | ... |
files/gitlab-cookbooks/gitlab/libraries/gitlab.rb
... | ... | @@ -46,6 +46,7 @@ module Gitlab |
46 | 46 | logging Mash.new |
47 | 47 | remote_syslog Mash.new |
48 | 48 | high_availability Mash.new |
49 | + web_server Mash.new | |
49 | 50 | node nil |
50 | 51 | external_url nil |
51 | 52 | git_data_dir nil |
... | ... | @@ -170,7 +171,8 @@ module Gitlab |
170 | 171 | "logging", |
171 | 172 | "remote_syslog", |
172 | 173 | "high_availability", |
173 | - "postgresql" | |
174 | + "postgresql", | |
175 | + "web_server" | |
174 | 176 | ].each do |key| |
175 | 177 | rkey = key.gsub('_', '-') |
176 | 178 | results['gitlab'][rkey] = Gitlab[key] | ... | ... |
files/gitlab-cookbooks/gitlab/recipes/default.rb
... | ... | @@ -49,6 +49,7 @@ include_recipe "gitlab::users" |
49 | 49 | include_recipe "gitlab::gitlab-shell" |
50 | 50 | include_recipe "gitlab::gitlab-rails" |
51 | 51 | include_recipe "gitlab::selinux" |
52 | +include_recipe "gitlab::web-server" | |
52 | 53 | |
53 | 54 | # Create dummy unicorn and sidekiq services to receive notifications, in case |
54 | 55 | # the corresponding service recipe is not loaded below. | ... | ... |
files/gitlab-cookbooks/gitlab/recipes/gitlab-rails.rb
... | ... | @@ -26,12 +26,10 @@ gitlab_rails_public_uploads_dir = node['gitlab']['gitlab-rails']['uploads_direct |
26 | 26 | gitlab_rails_log_dir = node['gitlab']['gitlab-rails']['log_directory'] |
27 | 27 | |
28 | 28 | [ |
29 | - gitlab_rails_dir, | |
30 | 29 | gitlab_rails_etc_dir, |
31 | 30 | gitlab_rails_env_dir, |
32 | 31 | gitlab_rails_working_dir, |
33 | 32 | gitlab_rails_tmp_dir, |
34 | - gitlab_rails_public_uploads_dir, | |
35 | 33 | node['gitlab']['gitlab-rails']['backup_path'], |
36 | 34 | node['gitlab']['gitlab-rails']['gitlab_repository_downloads_path'], |
37 | 35 | gitlab_rails_log_dir |
... | ... | @@ -43,6 +41,19 @@ gitlab_rails_log_dir = node['gitlab']['gitlab-rails']['log_directory'] |
43 | 41 | end |
44 | 42 | end |
45 | 43 | |
44 | +directory gitlab_rails_dir do | |
45 | + owner node['gitlab']['user']['username'] | |
46 | + mode '0755' | |
47 | + recursive true | |
48 | +end | |
49 | + | |
50 | +directory gitlab_rails_public_uploads_dir do | |
51 | + owner node['gitlab']['user']['username'] | |
52 | + group node['gitlab']['web-server']['username'] | |
53 | + mode '0750' | |
54 | + recursive true | |
55 | +end | |
56 | + | |
46 | 57 | dependent_services = [] |
47 | 58 | dependent_services << "service[unicorn]" if OmnibusHelper.should_notify?("unicorn") |
48 | 59 | dependent_services << "service[sidekiq]" if OmnibusHelper.should_notify?("sidekiq") | ... | ... |
files/gitlab-cookbooks/gitlab/recipes/unicorn.rb
... | ... | @@ -27,7 +27,6 @@ unicorn_socket_dir = File.dirname(unicorn_listen_socket) |
27 | 27 | |
28 | 28 | [ |
29 | 29 | unicorn_log_dir, |
30 | - unicorn_socket_dir, | |
31 | 30 | File.dirname(unicorn_pidfile) |
32 | 31 | ].each do |dir_name| |
33 | 32 | directory dir_name do |
... | ... | @@ -37,6 +36,13 @@ unicorn_socket_dir = File.dirname(unicorn_listen_socket) |
37 | 36 | end |
38 | 37 | end |
39 | 38 | |
39 | +directory unicorn_socket_dir do | |
40 | + owner node['gitlab']['user']['username'] | |
41 | + group node['gitlab']['web-server']['username'] | |
42 | + mode '0750' | |
43 | + recursive true | |
44 | +end | |
45 | + | |
40 | 46 | unicorn_listen_tcp = node['gitlab']['unicorn']['listen'] |
41 | 47 | unicorn_listen_tcp << ":#{node['gitlab']['unicorn']['port']}" |
42 | 48 | ... | ... |
... | ... | @@ -0,0 +1,32 @@ |
1 | +# | |
2 | +# Copyright:: Copyright (c) 2014 GitLab B.V. | |
3 | +# License:: Apache License, Version 2.0 | |
4 | +# | |
5 | +# Licensed under the Apache License, Version 2.0 (the "License"); | |
6 | +# you may not use this file except in compliance with the License. | |
7 | +# You may obtain a copy of the License at | |
8 | +# | |
9 | +# http://www.apache.org/licenses/LICENSE-2.0 | |
10 | +# | |
11 | +# Unless required by applicable law or agreed to in writing, software | |
12 | +# distributed under the License is distributed on an "AS IS" BASIS, | |
13 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
14 | +# See the License for the specific language governing permissions and | |
15 | +# limitations under the License. | |
16 | +# | |
17 | + | |
18 | +webserver_username = node['gitlab']['web-server']['username'] | |
19 | +webserver_group = node['gitlab']['web-server']['group'] | |
20 | + | |
21 | +# Create the group for the GitLab user | |
22 | +group webserver_group do | |
23 | + gid node['gitlab']['web-server']['gid'] | |
24 | +end | |
25 | + | |
26 | +# Create the webserver user | |
27 | +user webserver_username do | |
28 | + shell node['gitlab']['web-server']['shell'] | |
29 | + uid node['gitlab']['web-server']['uid'] | |
30 | + gid webserver_group | |
31 | + supports manage_home: false | |
32 | +end | ... | ... |
files/gitlab-cookbooks/gitlab/templates/default/nginx.conf.erb
... | ... | @@ -2,7 +2,7 @@ |
2 | 2 | # erased! To change the contents below, edit /etc/gitlab/gitlab.rb |
3 | 3 | # and run `sudo gitlab-ctl reconfigure`. |
4 | 4 | |
5 | -user <%= node['gitlab']['user']['username'] %> <%= node['gitlab']['user']['username']%>; | |
5 | +user <%= node['gitlab']['webserver']['username'] %> <%= node['gitlab']['webserver']['username']%>; | |
6 | 6 | worker_processes <%= @worker_processes %>; |
7 | 7 | error_log /var/log/gitlab/nginx/error.log; |
8 | 8 | pid /var/opt/gitlab/nginx/nginx.pid; | ... | ... |