Add parameter to tell nginx what IP address to bind on, default *

Marco Wessel
1 parent 74dcbdb0
Showing 3 changed files with 4 additions and 2 deletions Show diff stats
files/gitlab-cookbooks/gitlab/attributes/default.rb
files/gitlab-cookbooks/gitlab/recipes/nginx.rb
files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb
@@ -50,6 +50,7 @@ default[&#39;gitlab&#39;][&#39;gitlab-rails&#39;][&#39;rate_limit_period&#39;] = 60
  
 default['gitlab']['gitlab-rails']['gitlab_host'] = node['fqdn']
 default['gitlab']['gitlab-rails']['gitlab_port'] = 80
+default['gitlab']['gitlab-rails']['gitlab_addr'] = '*'
 default['gitlab']['gitlab-rails']['gitlab_https'] = false
 default['gitlab']['gitlab-rails']['gitlab_email_from'] = "gitlab@#{node['fqdn']}"
 default['gitlab']['gitlab-rails']['gitlab_support_email'] = "support@localhost"
@@ -48,6 +48,7 @@ template nginx_vars[:gitlab_http_config] do
       :https => node['gitlab']['gitlab-rails']['gitlab_https'],
       :socket => node['gitlab']['unicorn']['socket'],
       :port => node['gitlab']['gitlab-rails']['gitlab_port'],
+      :bind_address => node['gitlab']['gitlab-rails']['gitlab_addr'],
       :redirect_http_to_https => node['gitlab']['nginx']['redirect_http_to_https'],
       :redirect_http_to_https_port => node['gitlab']['nginx']['redirect_http_to_https_port'],
       :ssl_certificate => node['gitlab']['nginx']['ssl_certificate'],
@@ -21,7 +21,7 @@ upstream gitlab {
  
 <% if @https && @redirect_http_to_https %>
 server {
-  listen *:<%= @redirect_http_to_https_port %>;
+  listen <%= @bind_address %>:<%= @redirect_http_to_https_port %>;
   server_name <%= @fqdn %>;
   server_tokens off;
   return 301 https://<%= @fqdn %>:<%= @port %>$request_uri;
@@ -29,7 +29,7 @@ server {
 <% end %>
  
 server {
-  listen *:<%= @port %>;
+  listen <%= @bind_address %>:<%= @port %>;
   server_name <%= @fqdn %>;
   server_tokens off;     # don't show the version number, a security best practice
   root /opt/gitlab/embedded/service/gitlab-rails/public;
...	...	@@ -50,6 +50,7 @@ default['gitlab']['gitlab-rails']['rate_limit_period'] = 60
50	50
51	51	default['gitlab']['gitlab-rails']['gitlab_host'] = node['fqdn']
52	52	default['gitlab']['gitlab-rails']['gitlab_port'] = 80
	53	+default['gitlab']['gitlab-rails']['gitlab_addr'] = '*'
53	54	default['gitlab']['gitlab-rails']['gitlab_https'] = false
54	55	default['gitlab']['gitlab-rails']['gitlab_email_from'] = "gitlab@#{node['fqdn']}"
55	56	default['gitlab']['gitlab-rails']['gitlab_support_email'] = "support@localhost"
...	...
...	...	@@ -48,6 +48,7 @@ template nginx_vars[:gitlab_http_config] do
48	48	:https => node['gitlab']['gitlab-rails']['gitlab_https'],
49	49	:socket => node['gitlab']['unicorn']['socket'],
50	50	:port => node['gitlab']['gitlab-rails']['gitlab_port'],
	51	+ :bind_address => node['gitlab']['gitlab-rails']['gitlab_addr'],
51	52	:redirect_http_to_https => node['gitlab']['nginx']['redirect_http_to_https'],
52	53	:redirect_http_to_https_port => node['gitlab']['nginx']['redirect_http_to_https_port'],
53	54	:ssl_certificate => node['gitlab']['nginx']['ssl_certificate'],
...	...
...	...	@@ -21,7 +21,7 @@ upstream gitlab {
21	21
22	22	<% if @https && @redirect_http_to_https %>
23	23	server {
24		- listen *:<%= @redirect_http_to_https_port %>;
	24	+ listen <%= @bind_address %>:<%= @redirect_http_to_https_port %>;
25	25	server_name <%= @fqdn %>;
26	26	server_tokens off;
27	27	return 301 https://<%= @fqdn %>:<%= @port %>$request_uri;
...	...	@@ -29,7 +29,7 @@ server {
29	29	<% end %>
30	30
31	31	server {
32		- listen *:<%= @port %>;
	32	+ listen <%= @bind_address %>:<%= @port %>;
33	33	server_name <%= @fqdn %>;
34	34	server_tokens off; # don't show the version number, a security best practice
35	35	root /opt/gitlab/embedded/service/gitlab-rails/public;
...	...