Commit f109fa859f08f55c94f3992d6b9b8523c43d4280
1 parent
a902d7fe
Exists in
master
and in
2 other branches
Allow more than one NGINX listen address
Showing
5 changed files
with
24 additions
and
2 deletions
Show diff stats
CHANGELOG
| ... | ... | @@ -11,6 +11,7 @@ omnibus-gitlab repository. |
| 11 | 11 | - Update openssl to 1.0.1i |
| 12 | 12 | - Fix missing sidekiq.log in the GitLab admin interface |
| 13 | 13 | - Defer more gitlab.yml defaults to upstream |
| 14 | +- Allow more than one NGINX listen address | |
| 14 | 15 | |
| 15 | 16 | 7.1.0 |
| 16 | 17 | - Build: explicitly use .forward for sending notifications | ... | ... |
README.md
| ... | ... | @@ -437,6 +437,15 @@ unicorn['worker_processes'] = 3 |
| 437 | 437 | unicorn['worker_timeout'] = 60 |
| 438 | 438 | ``` |
| 439 | 439 | |
| 440 | +### Setting the NGINX listen address or addresses | |
| 441 | + | |
| 442 | +By default NGINX will accept incoming connections on all local IPv4 addresses. | |
| 443 | +You can change the list of addresses in `/etc/gitlab/gitlab.rb`. | |
| 444 | + | |
| 445 | +```ruby | |
| 446 | +nginx['listen_addresses'] = ["0.0.0.0", "[::]"] # listen on all IPv4 and IPv6 addresses | |
| 447 | +``` | |
| 448 | + | |
| 440 | 449 | ## Backups |
| 441 | 450 | |
| 442 | 451 | ### Creating an application backup | ... | ... |
files/gitlab-cookbooks/gitlab/attributes/default.rb
| ... | ... | @@ -261,7 +261,7 @@ default['gitlab']['nginx']['ssl_prefer_server_ciphers'] = "on" |
| 261 | 261 | default['gitlab']['nginx']['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" # recommended by https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html |
| 262 | 262 | default['gitlab']['nginx']['ssl_session_cache'] = "shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html |
| 263 | 263 | default['gitlab']['nginx']['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html |
| 264 | -default['gitlab']['nginx']['listen_address'] = '*' | |
| 264 | +default['gitlab']['nginx']['listen_addresses'] = ['*'] | |
| 265 | 265 | |
| 266 | 266 | ### |
| 267 | 267 | # Logging | ... | ... |
files/gitlab-cookbooks/gitlab/libraries/gitlab.rb
| ... | ... | @@ -147,6 +147,15 @@ module Gitlab |
| 147 | 147 | end |
| 148 | 148 | end |
| 149 | 149 | |
| 150 | + def parse_nginx_listen_address | |
| 151 | + return unless nginx['listen_address'] | |
| 152 | + | |
| 153 | + # The user specified a custom NGINX listen address with the legacy | |
| 154 | + # listen_address option. We have to convert it to the new | |
| 155 | + # listen_addresses setting. | |
| 156 | + nginx['listen_addresses'] = [nginx['listen_address']] | |
| 157 | + end | |
| 158 | + | |
| 150 | 159 | def generate_hash |
| 151 | 160 | results = { "gitlab" => {} } |
| 152 | 161 | [ |
| ... | ... | @@ -176,6 +185,7 @@ module Gitlab |
| 176 | 185 | parse_git_data_dir |
| 177 | 186 | parse_udp_log_shipping |
| 178 | 187 | parse_redis_settings |
| 188 | + parse_nginx_listen_address | |
| 179 | 189 | # The last step is to convert underscores to hyphens in top-level keys |
| 180 | 190 | generate_hash |
| 181 | 191 | end | ... | ... |
files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb
| ... | ... | @@ -35,7 +35,9 @@ server { |
| 35 | 35 | <% end %> |
| 36 | 36 | |
| 37 | 37 | server { |
| 38 | - listen <%= @listen_address %>:<%= @port %>; | |
| 38 | +<% @listen_addresses.each do |listen_address| %> | |
| 39 | + listen <%= listen_address %>:<%= @port %>; | |
| 40 | +<% end %> | |
| 39 | 41 | server_name <%= @fqdn %>; |
| 40 | 42 | server_tokens off; # don't show the version number, a security best practice |
| 41 | 43 | root /opt/gitlab/embedded/service/gitlab-rails/public; | ... | ... |