# This file is managed by gitlab-ctl. Manual changes will be # erased! To change the contents below, edit /etc/gitlab/gitlab.rb # and run `sudo gitlab-ctl reconfigure`. # GITLAB # Maintainer: @randx # CHUNKED TRANSFER # It is a known issue that Git-over-HTTP requires chunked transfer encoding [0] which is not # supported by Nginx < 1.3.9 [1]. As a result, pushing a large object with Git (i.e. a single large file) # can lead to a 411 error. In theory you can get around this by tweaking this configuration file and either # - installing an old version of Nginx with the chunkin module [2] compiled in, or # - using a newer version of Nginx. # # At the time of writing we do not know if either of these theoretical solutions works. As a workaround # users can use Git over SSH to push large files. # # [0] https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99 # [1] https://github.com/agentzh/chunkin-nginx-module#status # [2] https://github.com/agentzh/chunkin-nginx-module upstream gitlab { server unix:<%= @socket %>; } <% if @https && @redirect_http_to_https %> server { listen <%= @listen_address %>:<%= @redirect_http_to_https_port %>; server_name <%= @fqdn %>; server_tokens off; return 301 https://<%= @fqdn %>:<%= @port %>$request_uri; access_log <%= @log_directory %>/gitlab_access.log; error_log <%= @log_directory %>/gitlab_error.log; } <% end %> server { <% @listen_addresses.each do |listen_address| %> listen <%= listen_address %>:<%= @port %>; <% end %> server_name <%= @fqdn %>; server_tokens off; # don't show the version number, a security best practice root /opt/gitlab/embedded/service/gitlab-rails/public; <% if @https %> ssl on; ssl_certificate <%= @ssl_certificate %>; ssl_certificate_key <%= @ssl_certificate_key %>; ssl_ciphers '<%= @ssl_ciphers %>'; ssl_prefer_server_ciphers <%= @ssl_prefer_server_ciphers %>; ssl_protocols <%= @ssl_protocols %>; ssl_session_cache <%= @ssl_session_cache %>; ssl_session_timeout <%= @ssl_session_timeout %>; <% end %> # Increase this if you want to upload large attachments # Or if you want to accept large git objects over http client_max_body_size <%= @client_max_body_size %>; # individual nginx logs for this gitlab vhost access_log <%= @log_directory %>/gitlab_access.log; error_log <%= @log_directory %>/gitlab_error.log; location / { # serve static files from defined root folder;. # @gitlab is a named location for the upstream fallback, see below try_files $uri $uri/index.html $uri.html @gitlab; } # if a file, which is not found in the root folder is requested, # then the proxy pass the request to the upsteam (gitlab unicorn) location @gitlab { # If you use https make sure you disable gzip compression # to be safe against BREACH attack <%= 'gzip off;' if @https %> proxy_read_timeout 300; # Some requests take more than 30 seconds. proxy_connect_timeout 300; # Some requests take more than 30 seconds. proxy_redirect off; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_pass http://gitlab; } # Enable gzip compression as per rails guide: http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression # WARNING: If you are using relative urls do remove the block below # See config/application.rb under "Relative url support" for the list of # other files that need to be changed for relative url support location ~ ^/(assets)/ { root /opt/gitlab/embedded/service/gitlab-rails/public; gzip_static on; # to serve pre-gzipped version expires max; add_header Cache-Control public; } error_page 502 /502.html; }