diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2015-11-04 15:57:48 +0100 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2015-11-04 15:57:48 +0100 |
| commit | 2b2b050618c67073ba2a345536d05874f1558f99 (patch) | |
| tree | 099496d21e97a0be451ca244192fe549474b54f8 | |
| parent | e0fdbfd3f2cadd7ad9ce524425e93cd6225c9d22 (diff) | |
| download | gitlab-ce-gitlab-pages.tar.gz | |
Put nginx configgitlab-pages
| -rw-r--r-- | lib/support/nginx/gitlab | 21 | ||||
| -rw-r--r-- | lib/support/nginx/gitlab-ssl | 34 |
2 files changed, 55 insertions, 0 deletions
diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab index f86ffc53e22..dfe6ace3286 100644 --- a/lib/support/nginx/gitlab +++ b/lib/support/nginx/gitlab @@ -206,3 +206,24 @@ server { error_page 502 /502.html; } + +## Pages serving host +server { + listen 0.0.0.0:80; + listen [::]:80 ipv6only=on; + server_name ~^(?<subdomain>.*)\.example\.gitlab\.com$; + root /home/git/gitlab/shared/pages/${subdomain}; + + ## Individual nginx logs for this GitLab vhost + access_log /var/log/nginx/gitlab_pages_access.log; + error_log /var/log/nginx/gitlab_pages_error.log; + + location / { + ## Serve static files from defined root folder. + ## @gitlab is a named location for the upstream fallback, see below. + try_files $uri $uri/index.html $uri.html; + } + + error_page 404 /404.html; + error_page 502 /502.html; +} diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl index ce097425c6c..3afa038a687 100644 --- a/lib/support/nginx/gitlab-ssl +++ b/lib/support/nginx/gitlab-ssl @@ -238,3 +238,37 @@ server { error_page 502 /502.html; } + +## Pages serving host +server { + listen 0.0.0.0:443 ssl; + listen [::]:443 ipv6only=on ssl default_server; + server_name ~^(?<subdomain>.*)\.gitlab\.com$; + root /home/git/gitlab/shared/pages/${subdomain}; + + ## Strong SSL Security + ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ + ssl on; + ssl_certificate /etc/nginx/ssl/gitlab_wildcard.crt; + ssl_certificate_key /etc/nginx/ssl/gitlab_wildcard.key; + + # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 5m; + + ## Individual nginx logs for this GitLab vhost + access_log /var/log/nginx/gitlab_pages_access.log; + error_log /var/log/nginx/gitlab_pages_error.log; + + location / { + ## Serve static files from defined root folder. + ## @gitlab is a named location for the upstream fallback, see below. + try_files $uri $uri/index.html $uri.html; + } + + error_page 404 /404.html; + error_page 502 /502.html; +} |