diff --git a/community/gitlab/PKGBUILD b/community/gitlab/PKGBUILD
index df5f0158c..072f0b131 100644
--- a/community/gitlab/PKGBUILD
+++ b/community/gitlab/PKGBUILD
@@ -12,7 +12,7 @@
pkgname=gitlab
pkgver=9.4.3
-pkgrel=2
+pkgrel=3
pkgdesc="Project management and code hosting application"
arch=('x86_64')
url="https://gitlab.com/gitlab-org/gitlab-ce/tree/master#README"
@@ -37,14 +37,7 @@ source=("$pkgname-$pkgver.tar.gz::https://gitlab.com/gitlab-org/gitlab-ce/reposi
gitlab-backup.timer
gitlab.target
gitlab.tmpfiles.d
- gitlab.logrotate
- apache.conf.example
- apache-ssl.conf.example
- apache2.2.conf.example
- apache2.2-ssl.conf.example
- nginx.conf.example
- nginx-ssl.conf.example
- lighttpd.conf.example)
+ gitlab.logrotate)
install='gitlab.install'
sha512sums=('1caac46183ce7a7926401a831459bb8e5fc006420e3208c637bb7cf8e13f94c7da69adf968cd911b97f82b3842e7afc3f122eeb708d68e8f8c1a750c348e5978'
'56cce150645ef74fa42a6100c8bc7689c4012579e1f3ba237c06c367b121246b39e968044615fa21c4757bc8e9d06f37f8ac8d39aa8b808c758e716857553f66'
@@ -54,14 +47,7 @@ sha512sums=('1caac46183ce7a7926401a831459bb8e5fc006420e3208c637bb7cf8e13f94c7da6
'c11d2c59da8325551a465227096e8d39b0e4bcd5b1db21565cf3439e431838c04bc00aa6f07f4d493f3f47fd6b4e25aeb0fe0fc1a05756064706bf5708c960ec'
'c519a51d31300074ea12594fbcc8e9610d991ef04b1dac94d93a2b201df3465999cc7c6ac7f3896e02b117c2366d61dea1ef2f6b9cd7b18998385a7f26e5700f'
'abacbff0d7be918337a17b56481c84e6bf3eddd9551efe78ba9fb74337179e95c9b60f41c49f275e05074a4074a616be36fa208a48fc12d5b940f0554fbd89c3'
- '20b93eab504e82cc4401685b59e6311b4d2c0285bc594d47ce4106d3f418a3e2ba92c4f49732748c0ba913aa3e3299126166e37d2a2d5b4d327d66bae4b8abda'
- '441585489fb992d5e893f14bf0770df04ada95ffdbfcc80bb98a44eda7db520d12c985f600d003d80a196562654d2231598f8481ff9bf664bb5889f564e897e7'
- '99f31439d348e21f764875b6207db8663b47f3224ad6a9f35b89c8a2ed29a9e831a974aa6b9429a3882fb74c1c9d42ed5c38b2d16ae122b5d55d5873a0c57cd3'
- '624eb1f13e0265522290faa8c22b4150e6081ca2580391c9dfd871f1ee1b9c1c745c95d3d8f7fdbf85038990060141b844c3d8097c577ab68e5506bfa2d2dddb'
- '248d47b44fa5ed65e2a940f2b60d0482c481b3a438357ca510848221370367ffbc0d83ce046d688bebbbc75d4e321b140f6a5ce1a9d7ec0b034fafcf92dee107'
- '53a9d6d6f87874b29e48a8fb2e207094ebc1a80af478562ec4b591926d59e135a3166c20966704aa948ca7063ba63c1ec4ac290a343832fa18025ec3d85081ba'
- '6d3006da591acefcc534c6e3f1da8e812d0b3b21fc416bfaa8678b8e2d922be6b17d1c92b0d7164de3b8ad864139253707107ca082f78e823d23f3b65fcb5914'
- 'c78b6f46abcf603d8db6e38cf50868e14145928422ddfe17c88e2f006b5b910dddf456ec5d6d724b250994530643963809688a98f7e12ebd5b5dabf7f96f0e06')
+ '20b93eab504e82cc4401685b59e6311b4d2c0285bc594d47ce4106d3f418a3e2ba92c4f49732748c0ba913aa3e3299126166e37d2a2d5b4d327d66bae4b8abda')
_datadir="/usr/share/webapps/${pkgname}"
_etcdir="/etc/webapps/${pkgname}"
@@ -218,11 +204,6 @@ package() {
install -Dm644 "${srcdir}/gitlab.tmpfiles.d" "${pkgdir}/usr/lib/tmpfiles.d/gitlab.conf"
install -Dm644 "${srcdir}/gitlab.logrotate" "${pkgdir}/etc/logrotate.d/gitlab"
-
- # Install webserver config templates
- for config_file in apache apache-ssl apache2.2 apache2.2-ssl nginx nginx-ssl lighttpd; do
- install -m644 "${srcdir}/${config_file}.conf.example" "${pkgdir}/usr/share/doc/${pkgname}"
- done
}
# vim:set ts=2 sw=2 et:
diff --git a/community/gitlab/apache-ssl.conf.example b/community/gitlab/apache-ssl.conf.example
deleted file mode 100644
index f8495644d..000000000
--- a/community/gitlab/apache-ssl.conf.example
+++ /dev/null
@@ -1,94 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_ssl
-# mod_proxy
-# mod_proxy_http
-# mod_headers
-
-# This section is only needed if you want to redirect http traffic to https.
-# You can live without it but clients will have to type in https:// to reach gitlab.
-
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- RewriteEngine on
- RewriteCond %{HTTPS} !=on
- RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
-
-
-
- SSLEngine on
- #strong encryption ciphers only
- #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
- SSLProtocol all -SSLv2 -SSLv3
- SSLHonorCipherOrder on
-# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
- SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
- Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
- SSLCompression Off
- SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
- SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
- SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
-
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- ProxyPreserveHost On
-
- # Ensure that encoded slashes are not decoded but left in their encoded state.
- # http://doc.gitlab.com/ce/api/projects.html#get-single-project
- AllowEncodedSlashes NoDecode
-
-
- # New authorization commands for apache 2.4 and up
- # http://httpd.apache.org/docs/2.4/upgrading.html#access
- Require all granted
-
- #Allow forwarding to gitlab-workhorse
- ProxyPassReverse http://127.0.0.1:8181
- ProxyPassReverse http://YOUR_SERVER_FQDN/
-
-
- # Apache equivalent of nginx try files
- # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
- # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
- RewriteEngine on
-
- #Don't escape encoded characters in api requests
- RewriteCond %{REQUEST_URI} ^/api/v3/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
- #Forward all requests to gitlab-workhorse except existing files like error documents
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
- RewriteCond %{REQUEST_URI} ^/uploads/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
- RequestHeader set X_FORWARDED_PROTO 'https'
- RequestHeader set X-Forwarded-Ssl on
-
- # needed for downloading attachments
- DocumentRoot /usr/share/webapps/gitlab/public
-
- #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
- ErrorDocument 404 /404.html
- ErrorDocument 422 /422.html
- ErrorDocument 500 /500.html
- ErrorDocument 503 /deploy.html
-
- # It is assumed that the log directory is in /var/log/httpd.
- # For Debian distributions you might want to change this to
- # /var/log/apache2.
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
- ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-
diff --git a/community/gitlab/apache.conf.example b/community/gitlab/apache.conf.example
deleted file mode 100644
index d05c52690..000000000
--- a/community/gitlab/apache.conf.example
+++ /dev/null
@@ -1,64 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_proxy
-# mod_proxy_http
-
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- ProxyPreserveHost On
-
- # Ensure that encoded slashes are not decoded but left in their encoded state.
- # http://doc.gitlab.com/ce/api/projects.html#get-single-project
- AllowEncodedSlashes NoDecode
-
-
- # New authorization commands for apache 2.4 and up
- # http://httpd.apache.org/docs/2.4/upgrading.html#access
- Require all granted
-
- #Allow forwarding to gitlab-workhorse
- ProxyPassReverse http://127.0.0.1:8181
- ProxyPassReverse http://YOUR_SERVER_FQDN/
-
-
- # Apache equivalent of nginx try files
- # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
- # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
- RewriteEngine on
-
- #Don't escape encoded characters in api requests
- RewriteCond %{REQUEST_URI} ^/api/v3/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
- #Forward all requests to gitlab-workhorse except existing files like error documents
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
- RewriteCond %{REQUEST_URI} ^/uploads/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
- # needed for downloading attachments
- DocumentRoot /usr/share/webapps/gitlab/public
-
- #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
- ErrorDocument 404 /404.html
- ErrorDocument 422 /422.html
- ErrorDocument 500 /500.html
- ErrorDocument 503 /deploy.html
-
- # It is assumed that the log directory is in /var/log/httpd.
- # For Debian distributions you might want to change this to
- # /var/log/apache2.
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
- ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-
diff --git a/community/gitlab/apache2.2-ssl.conf.example b/community/gitlab/apache2.2-ssl.conf.example
deleted file mode 100644
index 0e6ed900c..000000000
--- a/community/gitlab/apache2.2-ssl.conf.example
+++ /dev/null
@@ -1,93 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_ssl
-# mod_proxy
-# mod_proxy_http
-# mod_headers
-
-# This section is only needed if you want to redirect http traffic to https.
-# You can live without it but clients will have to type in https:// to reach gitlab.
-
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- RewriteEngine on
- RewriteCond %{HTTPS} !=on
- RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
-
-
-
- SSLEngine on
- #strong encryption ciphers only
- #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
- SSLProtocol all -SSLv2 -SSLv3
- SSLHonorCipherOrder on
-# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
- SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
- Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
- SSLCompression Off
- SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
- SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
- SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
-
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- ProxyPreserveHost On
-
- # Ensure that encoded slashes are not decoded but left in their encoded state.
- # http://doc.gitlab.com/ce/api/projects.html#get-single-project
- AllowEncodedSlashes NoDecode
-
-
- Order deny,allow
- Allow from all
-
- #Allow forwarding to gitlab-workhorse
- ProxyPassReverse http://127.0.0.1:8181
- ProxyPassReverse http://YOUR_SERVER_FQDN/
-
-
- # Apache equivalent of nginx try files
- # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
- # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
- RewriteEngine on
-
- #Don't escape encoded characters in api requests
- RewriteCond %{REQUEST_URI} ^/api/v3/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
- #Forward all requests to gitlab-workhorse except existing files like error documents
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
- RewriteCond %{REQUEST_URI} ^/uploads/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
- RequestHeader set X_FORWARDED_PROTO 'https'
- RequestHeader set X-Forwarded-Ssl on
-
- # needed for downloading attachments
- DocumentRoot /usr/share/webapps/gitlab/public
-
- #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
- ErrorDocument 404 /404.html
- ErrorDocument 422 /422.html
- ErrorDocument 500 /500.html
- ErrorDocument 503 /deploy.html
-
- # It is assumed that the log directory is in /var/log/httpd.
- # For Debian distributions you might want to change this to
- # /var/log/apache2.
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
- ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-
diff --git a/community/gitlab/apache2.2.conf.example b/community/gitlab/apache2.2.conf.example
deleted file mode 100644
index a751df013..000000000
--- a/community/gitlab/apache2.2.conf.example
+++ /dev/null
@@ -1,63 +0,0 @@
-# This configuration has been tested on GitLab 8.2
-# Note this config assumes unicorn is listening on default port 8080 and
-# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
-# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-#
-# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
-#
-#Module dependencies
-# mod_rewrite
-# mod_proxy
-# mod_proxy_http
-
- ServerName YOUR_SERVER_FQDN
- ServerSignature Off
-
- ProxyPreserveHost On
-
- # Ensure that encoded slashes are not decoded but left in their encoded state.
- # http://doc.gitlab.com/ce/api/projects.html#get-single-project
- AllowEncodedSlashes NoDecode
-
-
- Order deny,allow
- Allow from all
-
- #Allow forwarding to gitlab-workhorse
- ProxyPassReverse http://127.0.0.1:8181
- ProxyPassReverse http://YOUR_SERVER_FQDN/
-
-
- # Apache equivalent of nginx try files
- # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
- # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
- RewriteEngine on
-
- #Don't escape encoded characters in api requests
- RewriteCond %{REQUEST_URI} ^/api/v3/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
-
- #Forward all requests to gitlab-workhorse except existing files like error documents
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
- RewriteCond %{REQUEST_URI} ^/uploads/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
-
- # needed for downloading attachments
- DocumentRoot /usr/share/webapps/gitlab/public
-
- #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
- ErrorDocument 404 /404.html
- ErrorDocument 422 /422.html
- ErrorDocument 500 /500.html
- ErrorDocument 503 /deploy.html
-
- # It is assumed that the log directory is in /var/log/httpd.
- # For Debian distributions you might want to change this to
- # /var/log/apache2.
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
- ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
- CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
-
-
diff --git a/community/gitlab/nginx-ssl.conf.example b/community/gitlab/nginx-ssl.conf.example
deleted file mode 100644
index 5fcf081ba..000000000
--- a/community/gitlab/nginx-ssl.conf.example
+++ /dev/null
@@ -1,112 +0,0 @@
-## GitLab
-##
-## Modified from nginx http version
-## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
-## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-##
-## Lines starting with two hashes (##) are comments with information.
-## Lines starting with one hash (#) are configuration parameters that can be uncommented.
-##
-##################################
-## CONTRIBUTING ##
-##################################
-##
-## If you change this file in a Merge Request, please also create
-## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
-##
-###################################
-## configuration ##
-###################################
-##
-## See installation.md#using-https for additional HTTPS configuration details.
-
-upstream gitlab-workhorse {
- server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
-}
-
-## Redirects all HTTP traffic to the HTTPS host
-server {
- ## Either remove "default_server" from the listen line below,
- ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
- ## to be served if you visit any address that your server responds to, eg.
- ## the ip address of the server (http://x.x.x.x/)
- listen 0.0.0.0:80;
- listen [::]:80 ipv6only=on default_server;
- server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
- server_tokens off; ## Don't show the nginx version number, a security best practice
- return 301 https://$http_host$request_uri;
- access_log /var/log/nginx/gitlab_access.log;
- error_log /var/log/nginx/gitlab_error.log;
-}
-
-## HTTPS host
-server {
- listen 0.0.0.0:443 ssl;
- listen [::]:443 ipv6only=on ssl default_server;
- server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
- server_tokens off; ## Don't show the nginx version number, a security best practice
-
- ## Strong SSL Security
- ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
- ssl on;
- ssl_certificate /etc/nginx/ssl/gitlab.crt;
- ssl_certificate_key /etc/nginx/ssl/gitlab.key;
-
- # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
- ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m;
- ssl_session_timeout 5m;
-
- ## See app/controllers/application_controller.rb for headers set
-
- ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
- ## Replace with your ssl_trusted_certificate. For more info see:
- ## - https://medium.com/devops-programming/4445f4862461
- ## - https://www.ruby-forum.com/topic/4419319
- ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
- # ssl_stapling on;
- # ssl_stapling_verify on;
- # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
- # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
- # resolver_timeout 5s;
-
- ## [Optional] Generate a stronger DHE parameter:
- ## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
- ##
- # ssl_dhparam /etc/ssl/certs/dhparam.pem;
-
- ## Individual nginx logs for this GitLab vhost
- access_log /var/log/nginx/gitlab_access.log;
- error_log /var/log/nginx/gitlab_error.log;
-
- location / {
- client_max_body_size 0;
- gzip off;
-
- ## https://github.com/gitlabhq/gitlabhq/issues/694
- ## Some requests take more than 30 seconds.
- proxy_read_timeout 300;
- proxy_connect_timeout 300;
- proxy_redirect off;
-
- proxy_http_version 1.1;
-
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-Ssl on;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_pass http://gitlab-workhorse;
- }
-
- error_page 404 /404.html;
- error_page 422 /422.html;
- error_page 500 /500.html;
- error_page 502 /502.html;
- location ~ ^/(404|422|500|502)\.html$ {
- root /usr/share/webapps/gitlab/public;
- internal;
- }
-}
diff --git a/community/gitlab/nginx.conf.example b/community/gitlab/nginx.conf.example
deleted file mode 100644
index 26d9ae321..000000000
--- a/community/gitlab/nginx.conf.example
+++ /dev/null
@@ -1,69 +0,0 @@
-## GitLab
-##
-## Lines starting with two hashes (##) are comments with information.
-## Lines starting with one hash (#) are configuration parameters that can be uncommented.
-##
-##################################
-## CONTRIBUTING ##
-##################################
-##
-## If you change this file in a Merge Request, please also create
-## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
-##
-###################################
-## configuration ##
-###################################
-##
-## See installation.md#using-https for additional HTTPS configuration details.
-
-upstream gitlab-workhorse {
- server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
-}
-
-## Normal HTTP host
-server {
- ## Either remove "default_server" from the listen line below,
- ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
- ## to be served if you visit any address that your server responds to, eg.
- ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
- listen 0.0.0.0:80 default_server;
- listen [::]:80 default_server;
- server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
- server_tokens off; ## Don't show the nginx version number, a security best practice
-
- ## See app/controllers/application_controller.rb for headers set
-
- ## Individual nginx logs for this GitLab vhost
- access_log /var/log/nginx/gitlab_access.log;
- error_log /var/log/nginx/gitlab_error.log;
-
- location / {
- client_max_body_size 0;
- gzip off;
-
- ## https://github.com/gitlabhq/gitlabhq/issues/694
- ## Some requests take more than 30 seconds.
- proxy_read_timeout 300;
- proxy_connect_timeout 300;
- proxy_redirect off;
-
- proxy_http_version 1.1;
-
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
-
- proxy_pass http://gitlab-workhorse;
- }
-
- error_page 404 /404.html;
- error_page 422 /422.html;
- error_page 500 /500.html;
- error_page 502 /502.html;
- location ~ ^/(404|422|500|502)\.html$ {
- root /usr/share/webapps/gitlab/public;
- internal;
- }
-
-}