delta/gitlab/gitlab-ce.git/lib/support, branch fix/serialized-commit-path gitlab.com: gitlab-org/gitlab-ce.git Upgrade NGINX configuration files to add websocket support 2016-12-12T12:58:42+00:00 Nick Thomas nick@gitlab.com 2016-12-12T12:58:42+00:00 eb09395b2b5527e271c8e155ff6403953f72fef6 






Revert "Defend against 'Host' header injection"
2016-08-08T11:02:44+00:00

Jacob Vosmaer
jacob@gitlab.com

2016-08-08T11:02:44+00:00

427c9f0b5b5f6f0c242e75a98dca2434a27945d8

This reverts commit 47b5b441395921e9f8e9982bb3f560e5db5a67bc.

See https://gitlab.com/gitlab-org/gitlab-ce/issues/17877#note_13488047





This reverts commit 47b5b441395921e9f8e9982bb3f560e5db5a67bc.

See https://gitlab.com/gitlab-org/gitlab-ce/issues/17877#note_13488047







Defend against 'Host' header injection
2016-07-12T17:50:20+00:00

Jacob Vosmaer
jacob@gitlab.com

2016-07-12T15:22:10+00:00

47b5b441395921e9f8e9982bb3f560e5db5a67bc

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17877 .

This change adds 'defense in depth' against 'Host' HTTP header
injection. It affects normal users in the following way. Suppose your
GitLab server has IP address 1.2.3.4 and hostname gitlab.example.com.
Currently, if you enter 1.2.3.4 in your browser, you get redirected to
1.2.3.4/users/sign_in. After this change, you get redirected from
1.2.3.4 to gitlab.example.com/users/sign_in. This is because the
address you typed in the address bar of your browser ('1.2.3.4'),
which gets stored in the 'Host' header, is now being overwritten to
'gitlab.example.com' in NGINX.

In this change we also make NGINX clear the 'X-Forwarded-Host' header
because Ruby on Rails also uses that header the same wayas the 'Host'
header.

We think that for most GitLab servers this is the right behavior, and
if not then administrators can change this behavior themselves at the
NGINX level.





Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17877 .

This change adds 'defense in depth' against 'Host' HTTP header
injection. It affects normal users in the following way. Suppose your
GitLab server has IP address 1.2.3.4 and hostname gitlab.example.com.
Currently, if you enter 1.2.3.4 in your browser, you get redirected to
1.2.3.4/users/sign_in. After this change, you get redirected from
1.2.3.4 to gitlab.example.com/users/sign_in. This is because the
address you typed in the address bar of your browser ('1.2.3.4'),
which gets stored in the 'Host' header, is now being overwritten to
'gitlab.example.com' in NGINX.

In this change we also make NGINX clear the 'X-Forwarded-Host' header
because Ruby on Rails also uses that header the same wayas the 'Host'
header.

We think that for most GitLab servers this is the right behavior, and
if not then administrators can change this behavior themselves at the
NGINX level.







Add note about port needed in NGINX config
2016-05-23T00:20:28+00:00

Achilleas Pipinellis
axilleas@axilleas.me

2016-05-23T00:20:28+00:00

f55f62853162af86989a8343c6692c956f7ccbb0












Add NGINX config file for Registry
2016-05-22T19:54:29+00:00

Achilleas Pipinellis
axilleas@axilleas.me

2016-05-20T18:19:42+00:00

c1af75192dd281e23249a5d4eb4126dce5bc5efd












Replace gitlab-workhorse with GitLab Workhorse where appropriate
2016-04-28T14:36:50+00:00

Achilleas Pipinellis
axilleas@axilleas.me

2016-01-20T09:57:12+00:00

c73bf28143a8fb6adf7322bb301e28b20fb6bee2












Add a branded 503 static error page
2016-04-22T20:26:42+00:00

Robert Speicher
rspeicher@gmail.com

2016-04-22T20:26:18+00:00

d85f65ef4e07fc0c58d51b2e943ad2acb87ef461

[ci skip]

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15398





[ci skip]

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15398







Remove deprecated NGINX CI config
2016-04-14T17:31:19+00:00

Achilleas Pipinellis
axilleas@axilleas.me

2016-04-14T17:31:19+00:00

2165bbc7853016ea68f36b44ad0590623add7bcf












Do not serve anything via nginx as we have workhorse
2016-03-11T14:04:04+00:00

Artem Sidorenko
artem@posteo.de

2016-02-27T08:28:00+00:00

fb5c2147a9f2b3acc6ad5297c737da0f5546c247

Otherwise this might 'hide' problems
https://github.com/gitlabhq/gitlabhq/issues/10053#issuecomment-188919319





Otherwise this might 'hide' problems
https://github.com/gitlabhq/gitlabhq/issues/10053#issuecomment-188919319







Merge branch 'doc_relative_url' into 'master'

2016-02-10T10:51:18+00:00

Achilleas Pipinellis
axilleas@axilleas.me

2016-02-10T10:51:18+00:00

10aa99a30c311c59358d1547ebcbe0f6a92227a7


Add documentation on relative URL support

closes #12773

See merge request !2770





Add documentation on relative URL support

closes #12773

See merge request !2770