Commit f109fa859f08f55c94f3992d6b9b8523c43d4280
1 parent
a902d7fe
Exists in
master
and in
2 other branches
Allow more than one NGINX listen address
Showing
5 changed files
with
24 additions
and
2 deletions
Show diff stats
CHANGELOG
| @@ -11,6 +11,7 @@ omnibus-gitlab repository. | @@ -11,6 +11,7 @@ omnibus-gitlab repository. | ||
| 11 | - Update openssl to 1.0.1i | 11 | - Update openssl to 1.0.1i |
| 12 | - Fix missing sidekiq.log in the GitLab admin interface | 12 | - Fix missing sidekiq.log in the GitLab admin interface |
| 13 | - Defer more gitlab.yml defaults to upstream | 13 | - Defer more gitlab.yml defaults to upstream |
| 14 | +- Allow more than one NGINX listen address | ||
| 14 | 15 | ||
| 15 | 7.1.0 | 16 | 7.1.0 |
| 16 | - Build: explicitly use .forward for sending notifications | 17 | - Build: explicitly use .forward for sending notifications |
README.md
| @@ -437,6 +437,15 @@ unicorn['worker_processes'] = 3 | @@ -437,6 +437,15 @@ unicorn['worker_processes'] = 3 | ||
| 437 | unicorn['worker_timeout'] = 60 | 437 | unicorn['worker_timeout'] = 60 |
| 438 | ``` | 438 | ``` |
| 439 | 439 | ||
| 440 | +### Setting the NGINX listen address or addresses | ||
| 441 | + | ||
| 442 | +By default NGINX will accept incoming connections on all local IPv4 addresses. | ||
| 443 | +You can change the list of addresses in `/etc/gitlab/gitlab.rb`. | ||
| 444 | + | ||
| 445 | +```ruby | ||
| 446 | +nginx['listen_addresses'] = ["0.0.0.0", "[::]"] # listen on all IPv4 and IPv6 addresses | ||
| 447 | +``` | ||
| 448 | + | ||
| 440 | ## Backups | 449 | ## Backups |
| 441 | 450 | ||
| 442 | ### Creating an application backup | 451 | ### Creating an application backup |
files/gitlab-cookbooks/gitlab/attributes/default.rb
| @@ -261,7 +261,7 @@ default['gitlab']['nginx']['ssl_prefer_server_ciphers'] = "on" | @@ -261,7 +261,7 @@ default['gitlab']['nginx']['ssl_prefer_server_ciphers'] = "on" | ||
| 261 | default['gitlab']['nginx']['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" # recommended by https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html | 261 | default['gitlab']['nginx']['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" # recommended by https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html |
| 262 | default['gitlab']['nginx']['ssl_session_cache'] = "shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html | 262 | default['gitlab']['nginx']['ssl_session_cache'] = "shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html |
| 263 | default['gitlab']['nginx']['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html | 263 | default['gitlab']['nginx']['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html |
| 264 | -default['gitlab']['nginx']['listen_address'] = '*' | 264 | +default['gitlab']['nginx']['listen_addresses'] = ['*'] |
| 265 | 265 | ||
| 266 | ### | 266 | ### |
| 267 | # Logging | 267 | # Logging |
files/gitlab-cookbooks/gitlab/libraries/gitlab.rb
| @@ -147,6 +147,15 @@ module Gitlab | @@ -147,6 +147,15 @@ module Gitlab | ||
| 147 | end | 147 | end |
| 148 | end | 148 | end |
| 149 | 149 | ||
| 150 | + def parse_nginx_listen_address | ||
| 151 | + return unless nginx['listen_address'] | ||
| 152 | + | ||
| 153 | + # The user specified a custom NGINX listen address with the legacy | ||
| 154 | + # listen_address option. We have to convert it to the new | ||
| 155 | + # listen_addresses setting. | ||
| 156 | + nginx['listen_addresses'] = [nginx['listen_address']] | ||
| 157 | + end | ||
| 158 | + | ||
| 150 | def generate_hash | 159 | def generate_hash |
| 151 | results = { "gitlab" => {} } | 160 | results = { "gitlab" => {} } |
| 152 | [ | 161 | [ |
| @@ -176,6 +185,7 @@ module Gitlab | @@ -176,6 +185,7 @@ module Gitlab | ||
| 176 | parse_git_data_dir | 185 | parse_git_data_dir |
| 177 | parse_udp_log_shipping | 186 | parse_udp_log_shipping |
| 178 | parse_redis_settings | 187 | parse_redis_settings |
| 188 | + parse_nginx_listen_address | ||
| 179 | # The last step is to convert underscores to hyphens in top-level keys | 189 | # The last step is to convert underscores to hyphens in top-level keys |
| 180 | generate_hash | 190 | generate_hash |
| 181 | end | 191 | end |
files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb
| @@ -35,7 +35,9 @@ server { | @@ -35,7 +35,9 @@ server { | ||
| 35 | <% end %> | 35 | <% end %> |
| 36 | 36 | ||
| 37 | server { | 37 | server { |
| 38 | - listen <%= @listen_address %>:<%= @port %>; | 38 | +<% @listen_addresses.each do |listen_address| %> |
| 39 | + listen <%= listen_address %>:<%= @port %>; | ||
| 40 | +<% end %> | ||
| 39 | server_name <%= @fqdn %>; | 41 | server_name <%= @fqdn %>; |
| 40 | server_tokens off; # don't show the version number, a security best practice | 42 | server_tokens off; # don't show the version number, a security best practice |
| 41 | root /opt/gitlab/embedded/service/gitlab-rails/public; | 43 | root /opt/gitlab/embedded/service/gitlab-rails/public; |