community/gitlab to 9.4.3-3

community/gitlab/PKGBUILD

@@ -12,7 +12,7 @@
 
 pkgname=gitlab
 pkgver=9.4.3
-pkgrel=2
+pkgrel=3
 pkgdesc="Project management and code hosting application"
 arch=('x86_64')
 url="https://gitlab.com/gitlab-org/gitlab-ce/tree/master#README"
@@ -37,14 +37,7 @@ source=("$pkgname-$pkgver.tar.gz::https://gitlab.com/gitlab-org/gitlab-ce/reposi
         gitlab-backup.timer
         gitlab.target
         gitlab.tmpfiles.d
-        gitlab.logrotate
-        apache.conf.example
-        apache-ssl.conf.example
-        apache2.2.conf.example
-        apache2.2-ssl.conf.example
-        nginx.conf.example
-        nginx-ssl.conf.example
-        lighttpd.conf.example)
+        gitlab.logrotate)
 install='gitlab.install'
 sha512sums=('1caac46183ce7a7926401a831459bb8e5fc006420e3208c637bb7cf8e13f94c7da69adf968cd911b97f82b3842e7afc3f122eeb708d68e8f8c1a750c348e5978'
             '56cce150645ef74fa42a6100c8bc7689c4012579e1f3ba237c06c367b121246b39e968044615fa21c4757bc8e9d06f37f8ac8d39aa8b808c758e716857553f66'
@@ -54,14 +47,7 @@ sha512sums=('1caac46183ce7a7926401a831459bb8e5fc006420e3208c637bb7cf8e13f94c7da6
             'c11d2c59da8325551a465227096e8d39b0e4bcd5b1db21565cf3439e431838c04bc00aa6f07f4d493f3f47fd6b4e25aeb0fe0fc1a05756064706bf5708c960ec'
             'c519a51d31300074ea12594fbcc8e9610d991ef04b1dac94d93a2b201df3465999cc7c6ac7f3896e02b117c2366d61dea1ef2f6b9cd7b18998385a7f26e5700f'
             'abacbff0d7be918337a17b56481c84e6bf3eddd9551efe78ba9fb74337179e95c9b60f41c49f275e05074a4074a616be36fa208a48fc12d5b940f0554fbd89c3'
-            '20b93eab504e82cc4401685b59e6311b4d2c0285bc594d47ce4106d3f418a3e2ba92c4f49732748c0ba913aa3e3299126166e37d2a2d5b4d327d66bae4b8abda'
-            '441585489fb992d5e893f14bf0770df04ada95ffdbfcc80bb98a44eda7db520d12c985f600d003d80a196562654d2231598f8481ff9bf664bb5889f564e897e7'
-            '99f31439d348e21f764875b6207db8663b47f3224ad6a9f35b89c8a2ed29a9e831a974aa6b9429a3882fb74c1c9d42ed5c38b2d16ae122b5d55d5873a0c57cd3'
-            '624eb1f13e0265522290faa8c22b4150e6081ca2580391c9dfd871f1ee1b9c1c745c95d3d8f7fdbf85038990060141b844c3d8097c577ab68e5506bfa2d2dddb'
-            '248d47b44fa5ed65e2a940f2b60d0482c481b3a438357ca510848221370367ffbc0d83ce046d688bebbbc75d4e321b140f6a5ce1a9d7ec0b034fafcf92dee107'
-            '53a9d6d6f87874b29e48a8fb2e207094ebc1a80af478562ec4b591926d59e135a3166c20966704aa948ca7063ba63c1ec4ac290a343832fa18025ec3d85081ba'
-            '6d3006da591acefcc534c6e3f1da8e812d0b3b21fc416bfaa8678b8e2d922be6b17d1c92b0d7164de3b8ad864139253707107ca082f78e823d23f3b65fcb5914'
-            'c78b6f46abcf603d8db6e38cf50868e14145928422ddfe17c88e2f006b5b910dddf456ec5d6d724b250994530643963809688a98f7e12ebd5b5dabf7f96f0e06')
+            '20b93eab504e82cc4401685b59e6311b4d2c0285bc594d47ce4106d3f418a3e2ba92c4f49732748c0ba913aa3e3299126166e37d2a2d5b4d327d66bae4b8abda')
 
 _datadir="/usr/share/webapps/${pkgname}"
 _etcdir="/etc/webapps/${pkgname}"
@@ -218,11 +204,6 @@ package() {
 
   install -Dm644 "${srcdir}/gitlab.tmpfiles.d" "${pkgdir}/usr/lib/tmpfiles.d/gitlab.conf"
   install -Dm644 "${srcdir}/gitlab.logrotate" "${pkgdir}/etc/logrotate.d/gitlab"
-
-  # Install webserver config templates
-  for config_file in apache apache-ssl apache2.2 apache2.2-ssl nginx nginx-ssl lighttpd; do
-    install -m644 "${srcdir}/${config_file}.conf.example" "${pkgdir}/usr/share/doc/${pkgname}"
-  done
 }
 
 # vim:set ts=2 sw=2 et:

community/gitlab/apache-ssl.conf.example

@@ -1,94 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_ssl
-# mod_proxy
-# mod_proxy_http
-# mod_headers
-
-# This section is only needed if you want to redirect http traffic to https.
-# You can live without it but clients will have to type in https:// to reach gitlab.
-<VirtualHost *:80>
-  ServerName YOUR_SERVER_FQDN
-  ServerSignature Off
-
-  RewriteEngine on
-  RewriteCond %{HTTPS} !=on
-  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
-</VirtualHost>
-
-<VirtualHost *:443>
-  SSLEngine on
-  #strong encryption ciphers only
-  #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
-  SSLProtocol all -SSLv2 -SSLv3
-  SSLHonorCipherOrder on
-#  SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
-  SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
-  Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
-  SSLCompression Off
-  SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
-  SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
-  SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
-
-  ServerName YOUR_SERVER_FQDN
-  ServerSignature Off
-
-  ProxyPreserveHost On
-
-  # Ensure that encoded slashes are not decoded but left in their encoded state.
-  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
-  AllowEncodedSlashes NoDecode
-
-  <Location />
-    # New authorization commands for apache 2.4 and up
-    # http://httpd.apache.org/docs/2.4/upgrading.html#access
-    Require all granted
-
-    #Allow forwarding to gitlab-workhorse
-    ProxyPassReverse http://127.0.0.1:8181
-    ProxyPassReverse http://YOUR_SERVER_FQDN/
-  </Location>
-
-  # Apache equivalent of nginx try files
-  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
-  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
-  RewriteEngine on
-
-  #Don't escape encoded characters in api requests
-  RewriteCond %{REQUEST_URI} ^/api/v3/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
-  #Forward all requests to gitlab-workhorse except existing files like error documents
-  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
-  RewriteCond %{REQUEST_URI} ^/uploads/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
-  RequestHeader set X_FORWARDED_PROTO 'https'
-  RequestHeader set X-Forwarded-Ssl on
-
-  # needed for downloading attachments
-  DocumentRoot /usr/share/webapps/gitlab/public
-
-  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
-  ErrorDocument 404 /404.html
-  ErrorDocument 422 /422.html
-  ErrorDocument 500 /500.html
-  ErrorDocument 503 /deploy.html
-
-  # It is assumed that the log directory is in /var/log/httpd.
-  # For Debian distributions you might want to change this to
-  # /var/log/apache2.
-  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
-  ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>

community/gitlab/apache.conf.example

@@ -1,64 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_proxy
-# mod_proxy_http
-<VirtualHost *:80>
-  ServerName YOUR_SERVER_FQDN
-  ServerSignature Off
-
-  ProxyPreserveHost On
-
-  # Ensure that encoded slashes are not decoded but left in their encoded state.
-  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
-  AllowEncodedSlashes NoDecode
-
-  <Location />
-    # New authorization commands for apache 2.4 and up
-    # http://httpd.apache.org/docs/2.4/upgrading.html#access
-    Require all granted
-
-    #Allow forwarding to gitlab-workhorse
-    ProxyPassReverse http://127.0.0.1:8181
-    ProxyPassReverse http://YOUR_SERVER_FQDN/
-  </Location>
-
-  # Apache equivalent of nginx try files
-  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
-  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
-  RewriteEngine on
-
-  #Don't escape encoded characters in api requests
-  RewriteCond %{REQUEST_URI} ^/api/v3/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
-  #Forward all requests to gitlab-workhorse except existing files like error documents
-  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
-  RewriteCond %{REQUEST_URI} ^/uploads/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
-  # needed for downloading attachments
-  DocumentRoot /usr/share/webapps/gitlab/public
-
-  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
-  ErrorDocument 404 /404.html
-  ErrorDocument 422 /422.html
-  ErrorDocument 500 /500.html
-  ErrorDocument 503 /deploy.html
-
-  # It is assumed that the log directory is in /var/log/httpd.
-  # For Debian distributions you might want to change this to
-  # /var/log/apache2.
-  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
-  ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>

community/gitlab/apache2.2-ssl.conf.example

@@ -1,93 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_ssl
-# mod_proxy
-# mod_proxy_http
-# mod_headers
-
-# This section is only needed if you want to redirect http traffic to https.
-# You can live without it but clients will have to type in https:// to reach gitlab.
-<VirtualHost *:80>
-  ServerName YOUR_SERVER_FQDN
-  ServerSignature Off
-
-  RewriteEngine on
-  RewriteCond %{HTTPS} !=on
-  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
-</VirtualHost>
-
-<VirtualHost *:443>
-  SSLEngine on
-  #strong encryption ciphers only
-  #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
-  SSLProtocol all -SSLv2 -SSLv3
-  SSLHonorCipherOrder on
-#  SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
-  SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
-  Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
-  SSLCompression Off
-  SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
-  SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
-  SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
-
-  ServerName YOUR_SERVER_FQDN
-  ServerSignature Off
-
-  ProxyPreserveHost On
-
-  # Ensure that encoded slashes are not decoded but left in their encoded state.
-  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
-  AllowEncodedSlashes NoDecode
-
-  <Location />
-    Order deny,allow
-    Allow from all
-
-    #Allow forwarding to gitlab-workhorse
-    ProxyPassReverse http://127.0.0.1:8181
-    ProxyPassReverse http://YOUR_SERVER_FQDN/
-  </Location>
-
-  # Apache equivalent of nginx try files
-  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
-  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
-  RewriteEngine on
-
-  #Don't escape encoded characters in api requests
-  RewriteCond %{REQUEST_URI} ^/api/v3/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
-  #Forward all requests to gitlab-workhorse except existing files like error documents
-  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
-  RewriteCond %{REQUEST_URI} ^/uploads/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
-  RequestHeader set X_FORWARDED_PROTO 'https'
-  RequestHeader set X-Forwarded-Ssl on
-
-  # needed for downloading attachments
-  DocumentRoot /usr/share/webapps/gitlab/public
-
-  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
-  ErrorDocument 404 /404.html
-  ErrorDocument 422 /422.html
-  ErrorDocument 500 /500.html
-  ErrorDocument 503 /deploy.html
-
-  # It is assumed that the log directory is in /var/log/httpd.
-  # For Debian distributions you might want to change this to
-  # /var/log/apache2.
-  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
-  ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>

community/gitlab/apache2.2.conf.example

@@ -1,63 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_proxy
-# mod_proxy_http
-<VirtualHost *:80>
-  ServerName YOUR_SERVER_FQDN
-  ServerSignature Off
-
-  ProxyPreserveHost On
-
-  # Ensure that encoded slashes are not decoded but left in their encoded state.
-  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
-  AllowEncodedSlashes NoDecode
-
-  <Location />
-    Order deny,allow
-    Allow from all
-
-    #Allow forwarding to gitlab-workhorse
-    ProxyPassReverse http://127.0.0.1:8181
-    ProxyPassReverse http://YOUR_SERVER_FQDN/
-  </Location>
-
-  # Apache equivalent of nginx try files
-  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
-  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
-  RewriteEngine on
-
-  #Don't escape encoded characters in api requests
-  RewriteCond %{REQUEST_URI} ^/api/v3/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
-  #Forward all requests to gitlab-workhorse except existing files like error documents
-  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
-  RewriteCond %{REQUEST_URI} ^/uploads/.*
-  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
-  # needed for downloading attachments
-  DocumentRoot /usr/share/webapps/gitlab/public
-
-  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
-  ErrorDocument 404 /404.html
-  ErrorDocument 422 /422.html
-  ErrorDocument 500 /500.html
-  ErrorDocument 503 /deploy.html
-
-  # It is assumed that the log directory is in /var/log/httpd.
-  # For Debian distributions you might want to change this to
-  # /var/log/apache2.
-  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
-  ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
-  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-</VirtualHost>

community/gitlab/nginx-ssl.conf.example

@@ -1,112 +0,0 @@
-## GitLab
-##
-## Modified from nginx http version
-## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
-## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-##
-## Lines starting with two hashes (##) are comments with information.
-## Lines starting with one hash (#) are configuration parameters that can be uncommented.
-##
-##################################
-##        CONTRIBUTING          ##
-##################################
-##
-## If you change this file in a Merge Request, please also create
-## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
-##
-###################################
-##         configuration         ##
-###################################
-##
-## See installation.md#using-https for additional HTTPS configuration details.
-
-upstream gitlab-workhorse {
-  server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
-}
-
-## Redirects all HTTP traffic to the HTTPS host
-server {
-  ## Either remove "default_server" from the listen line below,
-  ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
-  ## to be served if you visit any address that your server responds to, eg.
-  ## the ip address of the server (http://x.x.x.x/)
-  listen 0.0.0.0:80;
-  listen [::]:80 ipv6only=on default_server;
-  server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
-  server_tokens off; ## Don't show the nginx version number, a security best practice
-  return 301 https://$http_host$request_uri;
-  access_log  /var/log/nginx/gitlab_access.log;
-  error_log   /var/log/nginx/gitlab_error.log;
-}
-
-## HTTPS host
-server {
-  listen 0.0.0.0:443 ssl;
-  listen [::]:443 ipv6only=on ssl default_server;
-  server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
-  server_tokens off; ## Don't show the nginx version number, a security best practice
-
-  ## Strong SSL Security
-  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
-  ssl on;
-  ssl_certificate /etc/nginx/ssl/gitlab.crt;
-  ssl_certificate_key /etc/nginx/ssl/gitlab.key;
-
-  # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
-  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-  ssl_prefer_server_ciphers on;
-  ssl_session_cache shared:SSL:10m;
-  ssl_session_timeout 5m;
-
-  ## See app/controllers/application_controller.rb for headers set
-
-  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
-  ## Replace with your ssl_trusted_certificate. For more info see:
-  ## - https://medium.com/devops-programming/4445f4862461
-  ## - https://www.ruby-forum.com/topic/4419319
-  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
-  # ssl_stapling on;
-  # ssl_stapling_verify on;
-  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
-  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
-  # resolver_timeout 5s;
-
-  ## [Optional] Generate a stronger DHE parameter:
-  ##   sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
-  ##
-  # ssl_dhparam /etc/ssl/certs/dhparam.pem;
-
-  ## Individual nginx logs for this GitLab vhost
-  access_log  /var/log/nginx/gitlab_access.log;
-  error_log   /var/log/nginx/gitlab_error.log;
-
-  location / {
-    client_max_body_size 0;
-    gzip off;
-
-    ## https://github.com/gitlabhq/gitlabhq/issues/694
-    ## Some requests take more than 30 seconds.
-    proxy_read_timeout      300;
-    proxy_connect_timeout   300;
-    proxy_redirect          off;
-
-    proxy_http_version 1.1;
-
-    proxy_set_header    Host                $http_host;
-    proxy_set_header    X-Real-IP           $remote_addr;
-    proxy_set_header    X-Forwarded-Ssl     on;
-    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-    proxy_set_header    X-Forwarded-Proto   $scheme;
-    proxy_pass http://gitlab-workhorse;
-  }
-
-  error_page 404 /404.html;
-  error_page 422 /422.html;
-  error_page 500 /500.html;
-  error_page 502 /502.html;
-  location ~ ^/(404|422|500|502)\.html$ {
-    root /usr/share/webapps/gitlab/public;
-    internal;
-  }
-}

community/gitlab/nginx.conf.example

@@ -1,69 +0,0 @@
-## GitLab
-##
-## Lines starting with two hashes (##) are comments with information.
-## Lines starting with one hash (#) are configuration parameters that can be uncommented.
-##
-##################################
-##        CONTRIBUTING          ##
-##################################
-##
-## If you change this file in a Merge Request, please also create
-## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
-##
-###################################
-##         configuration         ##
-###################################
-##
-## See installation.md#using-https for additional HTTPS configuration details.
-
-upstream gitlab-workhorse {
-  server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
-}
-
-## Normal HTTP host
-server {
-  ## Either remove "default_server" from the listen line below,
-  ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
-  ## to be served if you visit any address that your server responds to, eg.
-  ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
-  listen 0.0.0.0:80 default_server;
-  listen [::]:80 default_server;
-  server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
-  server_tokens off; ## Don't show the nginx version number, a security best practice
-
-  ## See app/controllers/application_controller.rb for headers set
-
-  ## Individual nginx logs for this GitLab vhost
-  access_log  /var/log/nginx/gitlab_access.log;
-  error_log   /var/log/nginx/gitlab_error.log;
-
-  location / {
-    client_max_body_size 0;
-    gzip off;
-
-    ## https://github.com/gitlabhq/gitlabhq/issues/694
-    ## Some requests take more than 30 seconds.
-    proxy_read_timeout      300;
-    proxy_connect_timeout   300;
-    proxy_redirect          off;
-
-    proxy_http_version 1.1;
-
-    proxy_set_header    Host                $http_host;
-    proxy_set_header    X-Real-IP           $remote_addr;
-    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-    proxy_set_header    X-Forwarded-Proto   $scheme;
-
-    proxy_pass http://gitlab-workhorse;
-  }
-
-  error_page 404 /404.html;
-  error_page 422 /422.html;
-  error_page 500 /500.html;
-  error_page 502 /502.html;
-  location ~ ^/(404|422|500|502)\.html$ {
-    root /usr/share/webapps/gitlab/public;
-    internal;
-  }
-
-}