Commit a3e35f619901626269e8a2fde5acad5205bda76c
Exists in
master
Merge branch 'non_bundled_server' into 'master'
Non bundled webserver support Fixes #157 See merge request !199
Showing
8 changed files
with
90 additions
and
6 deletions
Show diff stats
README.md
| ... | ... | @@ -333,6 +333,29 @@ external_url "https://gitlab.example.com:2443" |
| 333 | 333 | |
| 334 | 334 | Run `sudo gitlab-ctl reconfigure` for the change to take effect. |
| 335 | 335 | |
| 336 | +#### Use non-bundled web-server | |
| 337 | + | |
| 338 | +By default, omnibus-gitlab installs GitLab with bundled Nginx. | |
| 339 | +To use another web server like Apache or an existing Nginx installation you will | |
| 340 | +have to do the following steps: | |
| 341 | + | |
| 342 | +Disable bundled Nginx by specifying in `/etc/gitlab/gitlab.rb`: | |
| 343 | + | |
| 344 | +```ruby | |
| 345 | +nginx['enable'] = false | |
| 346 | +``` | |
| 347 | + | |
| 348 | +omnibus-gitlab allows webserver access through user `gitlab-www` which resides in the group with the same name. | |
| 349 | +To allow an external webserver access to GitLab, you will need to add the webserver user to `gitlab-www` group. | |
| 350 | +Let's say that webserver user is `www-data`. Adding the user to `gitlab-www` group can be done with: | |
| 351 | + | |
| 352 | +``` | |
| 353 | +usermod -G gitlab-www www-data | |
| 354 | +``` | |
| 355 | + | |
| 356 | +Run `sudo gitlab-ctl reconfigure` for the change to take effect. | |
| 357 | + | |
| 358 | + | |
| 336 | 359 | ### Adding ENV Vars to the Gitlab Runtime Environment |
| 337 | 360 | |
| 338 | 361 | If you need Gitlab to have access to certain environment variables, you can | ... | ... |
files/gitlab-cookbooks/gitlab/attributes/default.rb
| ... | ... | @@ -158,7 +158,7 @@ default['gitlab']['unicorn']['log_directory'] = "/var/log/gitlab/unicorn" |
| 158 | 158 | default['gitlab']['unicorn']['worker_processes'] = 2 |
| 159 | 159 | default['gitlab']['unicorn']['listen'] = '127.0.0.1' |
| 160 | 160 | default['gitlab']['unicorn']['port'] = 8080 |
| 161 | -default['gitlab']['unicorn']['socket'] = '/var/opt/gitlab/gitlab-rails/tmp/sockets/gitlab.socket' | |
| 161 | +default['gitlab']['unicorn']['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' | |
| 162 | 162 | default['gitlab']['unicorn']['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid' |
| 163 | 163 | default['gitlab']['unicorn']['tcp_nopush'] = true |
| 164 | 164 | default['gitlab']['unicorn']['backlog_socket'] = 64 |
| ... | ... | @@ -233,6 +233,15 @@ default['gitlab']['redis']['shell'] = "/bin/nologin" |
| 233 | 233 | default['gitlab']['redis']['home'] = "/var/opt/gitlab/redis" |
| 234 | 234 | default['gitlab']['redis']['port'] = 6379 |
| 235 | 235 | |
| 236 | +#### | |
| 237 | +# Web server | |
| 238 | +#### | |
| 239 | +# Username for the webserver user | |
| 240 | +default['gitlab']['web-server']['username'] = 'gitlab-www' | |
| 241 | +default['gitlab']['web-server']['group'] = 'gitlab-www' | |
| 242 | +default['gitlab']['web-server']['uid'] = nil | |
| 243 | +default['gitlab']['web-server']['gid'] = nil | |
| 244 | +default['gitlab']['web-server']['shell'] = "/bin/false" | |
| 236 | 245 | |
| 237 | 246 | #### |
| 238 | 247 | # Nginx | ... | ... |
files/gitlab-cookbooks/gitlab/libraries/gitlab.rb
| ... | ... | @@ -46,6 +46,7 @@ module Gitlab |
| 46 | 46 | logging Mash.new |
| 47 | 47 | remote_syslog Mash.new |
| 48 | 48 | high_availability Mash.new |
| 49 | + web_server Mash.new | |
| 49 | 50 | node nil |
| 50 | 51 | external_url nil |
| 51 | 52 | git_data_dir nil |
| ... | ... | @@ -170,7 +171,8 @@ module Gitlab |
| 170 | 171 | "logging", |
| 171 | 172 | "remote_syslog", |
| 172 | 173 | "high_availability", |
| 173 | - "postgresql" | |
| 174 | + "postgresql", | |
| 175 | + "web_server" | |
| 174 | 176 | ].each do |key| |
| 175 | 177 | rkey = key.gsub('_', '-') |
| 176 | 178 | results['gitlab'][rkey] = Gitlab[key] | ... | ... |
files/gitlab-cookbooks/gitlab/recipes/default.rb
| ... | ... | @@ -49,6 +49,7 @@ include_recipe "gitlab::users" |
| 49 | 49 | include_recipe "gitlab::gitlab-shell" |
| 50 | 50 | include_recipe "gitlab::gitlab-rails" |
| 51 | 51 | include_recipe "gitlab::selinux" |
| 52 | +include_recipe "gitlab::web-server" | |
| 52 | 53 | |
| 53 | 54 | # Create dummy unicorn and sidekiq services to receive notifications, in case |
| 54 | 55 | # the corresponding service recipe is not loaded below. | ... | ... |
files/gitlab-cookbooks/gitlab/recipes/gitlab-rails.rb
| ... | ... | @@ -26,12 +26,10 @@ gitlab_rails_public_uploads_dir = node['gitlab']['gitlab-rails']['uploads_direct |
| 26 | 26 | gitlab_rails_log_dir = node['gitlab']['gitlab-rails']['log_directory'] |
| 27 | 27 | |
| 28 | 28 | [ |
| 29 | - gitlab_rails_dir, | |
| 30 | 29 | gitlab_rails_etc_dir, |
| 31 | 30 | gitlab_rails_env_dir, |
| 32 | 31 | gitlab_rails_working_dir, |
| 33 | 32 | gitlab_rails_tmp_dir, |
| 34 | - gitlab_rails_public_uploads_dir, | |
| 35 | 33 | node['gitlab']['gitlab-rails']['backup_path'], |
| 36 | 34 | node['gitlab']['gitlab-rails']['gitlab_repository_downloads_path'], |
| 37 | 35 | gitlab_rails_log_dir |
| ... | ... | @@ -43,6 +41,19 @@ gitlab_rails_log_dir = node['gitlab']['gitlab-rails']['log_directory'] |
| 43 | 41 | end |
| 44 | 42 | end |
| 45 | 43 | |
| 44 | +directory gitlab_rails_dir do | |
| 45 | + owner node['gitlab']['user']['username'] | |
| 46 | + mode '0755' | |
| 47 | + recursive true | |
| 48 | +end | |
| 49 | + | |
| 50 | +directory gitlab_rails_public_uploads_dir do | |
| 51 | + owner node['gitlab']['user']['username'] | |
| 52 | + group node['gitlab']['web-server']['username'] | |
| 53 | + mode '0750' | |
| 54 | + recursive true | |
| 55 | +end | |
| 56 | + | |
| 46 | 57 | dependent_services = [] |
| 47 | 58 | dependent_services << "service[unicorn]" if OmnibusHelper.should_notify?("unicorn") |
| 48 | 59 | dependent_services << "service[sidekiq]" if OmnibusHelper.should_notify?("sidekiq") | ... | ... |
files/gitlab-cookbooks/gitlab/recipes/unicorn.rb
| ... | ... | @@ -27,7 +27,6 @@ unicorn_socket_dir = File.dirname(unicorn_listen_socket) |
| 27 | 27 | |
| 28 | 28 | [ |
| 29 | 29 | unicorn_log_dir, |
| 30 | - unicorn_socket_dir, | |
| 31 | 30 | File.dirname(unicorn_pidfile) |
| 32 | 31 | ].each do |dir_name| |
| 33 | 32 | directory dir_name do |
| ... | ... | @@ -37,6 +36,13 @@ unicorn_socket_dir = File.dirname(unicorn_listen_socket) |
| 37 | 36 | end |
| 38 | 37 | end |
| 39 | 38 | |
| 39 | +directory unicorn_socket_dir do | |
| 40 | + owner node['gitlab']['user']['username'] | |
| 41 | + group node['gitlab']['web-server']['username'] | |
| 42 | + mode '0750' | |
| 43 | + recursive true | |
| 44 | +end | |
| 45 | + | |
| 40 | 46 | unicorn_listen_tcp = node['gitlab']['unicorn']['listen'] |
| 41 | 47 | unicorn_listen_tcp << ":#{node['gitlab']['unicorn']['port']}" |
| 42 | 48 | ... | ... |
| ... | ... | @@ -0,0 +1,32 @@ |
| 1 | +# | |
| 2 | +# Copyright:: Copyright (c) 2014 GitLab B.V. | |
| 3 | +# License:: Apache License, Version 2.0 | |
| 4 | +# | |
| 5 | +# Licensed under the Apache License, Version 2.0 (the "License"); | |
| 6 | +# you may not use this file except in compliance with the License. | |
| 7 | +# You may obtain a copy of the License at | |
| 8 | +# | |
| 9 | +# http://www.apache.org/licenses/LICENSE-2.0 | |
| 10 | +# | |
| 11 | +# Unless required by applicable law or agreed to in writing, software | |
| 12 | +# distributed under the License is distributed on an "AS IS" BASIS, | |
| 13 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 14 | +# See the License for the specific language governing permissions and | |
| 15 | +# limitations under the License. | |
| 16 | +# | |
| 17 | + | |
| 18 | +webserver_username = node['gitlab']['web-server']['username'] | |
| 19 | +webserver_group = node['gitlab']['web-server']['group'] | |
| 20 | + | |
| 21 | +# Create the group for the GitLab user | |
| 22 | +group webserver_group do | |
| 23 | + gid node['gitlab']['web-server']['gid'] | |
| 24 | +end | |
| 25 | + | |
| 26 | +# Create the webserver user | |
| 27 | +user webserver_username do | |
| 28 | + shell node['gitlab']['web-server']['shell'] | |
| 29 | + uid node['gitlab']['web-server']['uid'] | |
| 30 | + gid webserver_group | |
| 31 | + supports manage_home: false | |
| 32 | +end | ... | ... |
files/gitlab-cookbooks/gitlab/templates/default/nginx.conf.erb
| ... | ... | @@ -2,7 +2,7 @@ |
| 2 | 2 | # erased! To change the contents below, edit /etc/gitlab/gitlab.rb |
| 3 | 3 | # and run `sudo gitlab-ctl reconfigure`. |
| 4 | 4 | |
| 5 | -user <%= node['gitlab']['user']['username'] %> <%= node['gitlab']['user']['username']%>; | |
| 5 | +user <%= node['gitlab']['webserver']['username'] %> <%= node['gitlab']['webserver']['username']%>; | |
| 6 | 6 | worker_processes <%= @worker_processes %>; |
| 7 | 7 | error_log /var/log/gitlab/nginx/error.log; |
| 8 | 8 | pid /var/opt/gitlab/nginx/nginx.pid; | ... | ... |