Commit a3e35f619901626269e8a2fde5acad5205bda76c
Exists in
master
Merge branch 'non_bundled_server' into 'master'
Non bundled webserver support Fixes #157 See merge request !199
Showing
8 changed files
with
90 additions
and
6 deletions
Show diff stats
README.md
| @@ -333,6 +333,29 @@ external_url "https://gitlab.example.com:2443" | @@ -333,6 +333,29 @@ external_url "https://gitlab.example.com:2443" | ||
| 333 | 333 | ||
| 334 | Run `sudo gitlab-ctl reconfigure` for the change to take effect. | 334 | Run `sudo gitlab-ctl reconfigure` for the change to take effect. |
| 335 | 335 | ||
| 336 | +#### Use non-bundled web-server | ||
| 337 | + | ||
| 338 | +By default, omnibus-gitlab installs GitLab with bundled Nginx. | ||
| 339 | +To use another web server like Apache or an existing Nginx installation you will | ||
| 340 | +have to do the following steps: | ||
| 341 | + | ||
| 342 | +Disable bundled Nginx by specifying in `/etc/gitlab/gitlab.rb`: | ||
| 343 | + | ||
| 344 | +```ruby | ||
| 345 | +nginx['enable'] = false | ||
| 346 | +``` | ||
| 347 | + | ||
| 348 | +omnibus-gitlab allows webserver access through user `gitlab-www` which resides in the group with the same name. | ||
| 349 | +To allow an external webserver access to GitLab, you will need to add the webserver user to `gitlab-www` group. | ||
| 350 | +Let's say that webserver user is `www-data`. Adding the user to `gitlab-www` group can be done with: | ||
| 351 | + | ||
| 352 | +``` | ||
| 353 | +usermod -G gitlab-www www-data | ||
| 354 | +``` | ||
| 355 | + | ||
| 356 | +Run `sudo gitlab-ctl reconfigure` for the change to take effect. | ||
| 357 | + | ||
| 358 | + | ||
| 336 | ### Adding ENV Vars to the Gitlab Runtime Environment | 359 | ### Adding ENV Vars to the Gitlab Runtime Environment |
| 337 | 360 | ||
| 338 | If you need Gitlab to have access to certain environment variables, you can | 361 | If you need Gitlab to have access to certain environment variables, you can |
files/gitlab-cookbooks/gitlab/attributes/default.rb
| @@ -158,7 +158,7 @@ default['gitlab']['unicorn']['log_directory'] = "/var/log/gitlab/unicorn" | @@ -158,7 +158,7 @@ default['gitlab']['unicorn']['log_directory'] = "/var/log/gitlab/unicorn" | ||
| 158 | default['gitlab']['unicorn']['worker_processes'] = 2 | 158 | default['gitlab']['unicorn']['worker_processes'] = 2 |
| 159 | default['gitlab']['unicorn']['listen'] = '127.0.0.1' | 159 | default['gitlab']['unicorn']['listen'] = '127.0.0.1' |
| 160 | default['gitlab']['unicorn']['port'] = 8080 | 160 | default['gitlab']['unicorn']['port'] = 8080 |
| 161 | -default['gitlab']['unicorn']['socket'] = '/var/opt/gitlab/gitlab-rails/tmp/sockets/gitlab.socket' | 161 | +default['gitlab']['unicorn']['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' |
| 162 | default['gitlab']['unicorn']['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid' | 162 | default['gitlab']['unicorn']['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid' |
| 163 | default['gitlab']['unicorn']['tcp_nopush'] = true | 163 | default['gitlab']['unicorn']['tcp_nopush'] = true |
| 164 | default['gitlab']['unicorn']['backlog_socket'] = 64 | 164 | default['gitlab']['unicorn']['backlog_socket'] = 64 |
| @@ -233,6 +233,15 @@ default['gitlab']['redis']['shell'] = "/bin/nologin" | @@ -233,6 +233,15 @@ default['gitlab']['redis']['shell'] = "/bin/nologin" | ||
| 233 | default['gitlab']['redis']['home'] = "/var/opt/gitlab/redis" | 233 | default['gitlab']['redis']['home'] = "/var/opt/gitlab/redis" |
| 234 | default['gitlab']['redis']['port'] = 6379 | 234 | default['gitlab']['redis']['port'] = 6379 |
| 235 | 235 | ||
| 236 | +#### | ||
| 237 | +# Web server | ||
| 238 | +#### | ||
| 239 | +# Username for the webserver user | ||
| 240 | +default['gitlab']['web-server']['username'] = 'gitlab-www' | ||
| 241 | +default['gitlab']['web-server']['group'] = 'gitlab-www' | ||
| 242 | +default['gitlab']['web-server']['uid'] = nil | ||
| 243 | +default['gitlab']['web-server']['gid'] = nil | ||
| 244 | +default['gitlab']['web-server']['shell'] = "/bin/false" | ||
| 236 | 245 | ||
| 237 | #### | 246 | #### |
| 238 | # Nginx | 247 | # Nginx |
files/gitlab-cookbooks/gitlab/libraries/gitlab.rb
| @@ -46,6 +46,7 @@ module Gitlab | @@ -46,6 +46,7 @@ module Gitlab | ||
| 46 | logging Mash.new | 46 | logging Mash.new |
| 47 | remote_syslog Mash.new | 47 | remote_syslog Mash.new |
| 48 | high_availability Mash.new | 48 | high_availability Mash.new |
| 49 | + web_server Mash.new | ||
| 49 | node nil | 50 | node nil |
| 50 | external_url nil | 51 | external_url nil |
| 51 | git_data_dir nil | 52 | git_data_dir nil |
| @@ -170,7 +171,8 @@ module Gitlab | @@ -170,7 +171,8 @@ module Gitlab | ||
| 170 | "logging", | 171 | "logging", |
| 171 | "remote_syslog", | 172 | "remote_syslog", |
| 172 | "high_availability", | 173 | "high_availability", |
| 173 | - "postgresql" | 174 | + "postgresql", |
| 175 | + "web_server" | ||
| 174 | ].each do |key| | 176 | ].each do |key| |
| 175 | rkey = key.gsub('_', '-') | 177 | rkey = key.gsub('_', '-') |
| 176 | results['gitlab'][rkey] = Gitlab[key] | 178 | results['gitlab'][rkey] = Gitlab[key] |
files/gitlab-cookbooks/gitlab/recipes/default.rb
| @@ -49,6 +49,7 @@ include_recipe "gitlab::users" | @@ -49,6 +49,7 @@ include_recipe "gitlab::users" | ||
| 49 | include_recipe "gitlab::gitlab-shell" | 49 | include_recipe "gitlab::gitlab-shell" |
| 50 | include_recipe "gitlab::gitlab-rails" | 50 | include_recipe "gitlab::gitlab-rails" |
| 51 | include_recipe "gitlab::selinux" | 51 | include_recipe "gitlab::selinux" |
| 52 | +include_recipe "gitlab::web-server" | ||
| 52 | 53 | ||
| 53 | # Create dummy unicorn and sidekiq services to receive notifications, in case | 54 | # Create dummy unicorn and sidekiq services to receive notifications, in case |
| 54 | # the corresponding service recipe is not loaded below. | 55 | # the corresponding service recipe is not loaded below. |
files/gitlab-cookbooks/gitlab/recipes/gitlab-rails.rb
| @@ -26,12 +26,10 @@ gitlab_rails_public_uploads_dir = node['gitlab']['gitlab-rails']['uploads_direct | @@ -26,12 +26,10 @@ gitlab_rails_public_uploads_dir = node['gitlab']['gitlab-rails']['uploads_direct | ||
| 26 | gitlab_rails_log_dir = node['gitlab']['gitlab-rails']['log_directory'] | 26 | gitlab_rails_log_dir = node['gitlab']['gitlab-rails']['log_directory'] |
| 27 | 27 | ||
| 28 | [ | 28 | [ |
| 29 | - gitlab_rails_dir, | ||
| 30 | gitlab_rails_etc_dir, | 29 | gitlab_rails_etc_dir, |
| 31 | gitlab_rails_env_dir, | 30 | gitlab_rails_env_dir, |
| 32 | gitlab_rails_working_dir, | 31 | gitlab_rails_working_dir, |
| 33 | gitlab_rails_tmp_dir, | 32 | gitlab_rails_tmp_dir, |
| 34 | - gitlab_rails_public_uploads_dir, | ||
| 35 | node['gitlab']['gitlab-rails']['backup_path'], | 33 | node['gitlab']['gitlab-rails']['backup_path'], |
| 36 | node['gitlab']['gitlab-rails']['gitlab_repository_downloads_path'], | 34 | node['gitlab']['gitlab-rails']['gitlab_repository_downloads_path'], |
| 37 | gitlab_rails_log_dir | 35 | gitlab_rails_log_dir |
| @@ -43,6 +41,19 @@ gitlab_rails_log_dir = node['gitlab']['gitlab-rails']['log_directory'] | @@ -43,6 +41,19 @@ gitlab_rails_log_dir = node['gitlab']['gitlab-rails']['log_directory'] | ||
| 43 | end | 41 | end |
| 44 | end | 42 | end |
| 45 | 43 | ||
| 44 | +directory gitlab_rails_dir do | ||
| 45 | + owner node['gitlab']['user']['username'] | ||
| 46 | + mode '0755' | ||
| 47 | + recursive true | ||
| 48 | +end | ||
| 49 | + | ||
| 50 | +directory gitlab_rails_public_uploads_dir do | ||
| 51 | + owner node['gitlab']['user']['username'] | ||
| 52 | + group node['gitlab']['web-server']['username'] | ||
| 53 | + mode '0750' | ||
| 54 | + recursive true | ||
| 55 | +end | ||
| 56 | + | ||
| 46 | dependent_services = [] | 57 | dependent_services = [] |
| 47 | dependent_services << "service[unicorn]" if OmnibusHelper.should_notify?("unicorn") | 58 | dependent_services << "service[unicorn]" if OmnibusHelper.should_notify?("unicorn") |
| 48 | dependent_services << "service[sidekiq]" if OmnibusHelper.should_notify?("sidekiq") | 59 | dependent_services << "service[sidekiq]" if OmnibusHelper.should_notify?("sidekiq") |
files/gitlab-cookbooks/gitlab/recipes/unicorn.rb
| @@ -27,7 +27,6 @@ unicorn_socket_dir = File.dirname(unicorn_listen_socket) | @@ -27,7 +27,6 @@ unicorn_socket_dir = File.dirname(unicorn_listen_socket) | ||
| 27 | 27 | ||
| 28 | [ | 28 | [ |
| 29 | unicorn_log_dir, | 29 | unicorn_log_dir, |
| 30 | - unicorn_socket_dir, | ||
| 31 | File.dirname(unicorn_pidfile) | 30 | File.dirname(unicorn_pidfile) |
| 32 | ].each do |dir_name| | 31 | ].each do |dir_name| |
| 33 | directory dir_name do | 32 | directory dir_name do |
| @@ -37,6 +36,13 @@ unicorn_socket_dir = File.dirname(unicorn_listen_socket) | @@ -37,6 +36,13 @@ unicorn_socket_dir = File.dirname(unicorn_listen_socket) | ||
| 37 | end | 36 | end |
| 38 | end | 37 | end |
| 39 | 38 | ||
| 39 | +directory unicorn_socket_dir do | ||
| 40 | + owner node['gitlab']['user']['username'] | ||
| 41 | + group node['gitlab']['web-server']['username'] | ||
| 42 | + mode '0750' | ||
| 43 | + recursive true | ||
| 44 | +end | ||
| 45 | + | ||
| 40 | unicorn_listen_tcp = node['gitlab']['unicorn']['listen'] | 46 | unicorn_listen_tcp = node['gitlab']['unicorn']['listen'] |
| 41 | unicorn_listen_tcp << ":#{node['gitlab']['unicorn']['port']}" | 47 | unicorn_listen_tcp << ":#{node['gitlab']['unicorn']['port']}" |
| 42 | 48 |
| @@ -0,0 +1,32 @@ | @@ -0,0 +1,32 @@ | ||
| 1 | +# | ||
| 2 | +# Copyright:: Copyright (c) 2014 GitLab B.V. | ||
| 3 | +# License:: Apache License, Version 2.0 | ||
| 4 | +# | ||
| 5 | +# Licensed under the Apache License, Version 2.0 (the "License"); | ||
| 6 | +# you may not use this file except in compliance with the License. | ||
| 7 | +# You may obtain a copy of the License at | ||
| 8 | +# | ||
| 9 | +# http://www.apache.org/licenses/LICENSE-2.0 | ||
| 10 | +# | ||
| 11 | +# Unless required by applicable law or agreed to in writing, software | ||
| 12 | +# distributed under the License is distributed on an "AS IS" BASIS, | ||
| 13 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| 14 | +# See the License for the specific language governing permissions and | ||
| 15 | +# limitations under the License. | ||
| 16 | +# | ||
| 17 | + | ||
| 18 | +webserver_username = node['gitlab']['web-server']['username'] | ||
| 19 | +webserver_group = node['gitlab']['web-server']['group'] | ||
| 20 | + | ||
| 21 | +# Create the group for the GitLab user | ||
| 22 | +group webserver_group do | ||
| 23 | + gid node['gitlab']['web-server']['gid'] | ||
| 24 | +end | ||
| 25 | + | ||
| 26 | +# Create the webserver user | ||
| 27 | +user webserver_username do | ||
| 28 | + shell node['gitlab']['web-server']['shell'] | ||
| 29 | + uid node['gitlab']['web-server']['uid'] | ||
| 30 | + gid webserver_group | ||
| 31 | + supports manage_home: false | ||
| 32 | +end |
files/gitlab-cookbooks/gitlab/templates/default/nginx.conf.erb
| @@ -2,7 +2,7 @@ | @@ -2,7 +2,7 @@ | ||
| 2 | # erased! To change the contents below, edit /etc/gitlab/gitlab.rb | 2 | # erased! To change the contents below, edit /etc/gitlab/gitlab.rb |
| 3 | # and run `sudo gitlab-ctl reconfigure`. | 3 | # and run `sudo gitlab-ctl reconfigure`. |
| 4 | 4 | ||
| 5 | -user <%= node['gitlab']['user']['username'] %> <%= node['gitlab']['user']['username']%>; | 5 | +user <%= node['gitlab']['webserver']['username'] %> <%= node['gitlab']['webserver']['username']%>; |
| 6 | worker_processes <%= @worker_processes %>; | 6 | worker_processes <%= @worker_processes %>; |
| 7 | error_log /var/log/gitlab/nginx/error.log; | 7 | error_log /var/log/gitlab/nginx/error.log; |
| 8 | pid /var/opt/gitlab/nginx/nginx.pid; | 8 | pid /var/opt/gitlab/nginx/nginx.pid; |