Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq

author: Valery Sizov <vsv2711@gmail.com> 2015-07-29 12:19:59 +0300
committer: Valery Sizov <vsv2711@gmail.com> 2015-07-29 12:19:59 +0300
commit: 8bda433734394af7e3858c0804b378a6d1313a84 (patch)
tree: 18287bcfba6fa853f49b6717baf4b8f7bd6a7217
parent: 81c71d2519cef11bd94ad570d1d4e0e6ca4d71f1 (diff)
parent: d64ae5363fc17bf5592bc1a66a53763ddb9a3acc (diff)
download: gitlab-ce-8bda433734394af7e3858c0804b378a6d1313a84.tar.gz
4 files changed, 70 insertions, 2 deletions
diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb
index 03cef30c97d..12292f614e9 100644
--- a/lib/gitlab/backend/grack_auth.rb
+++ b/lib/gitlab/backend/grack_auth.rb
@@ -26,7 +26,12 @@ module Grack
       auth!
 
       if project && authorized_request?
-        @app.call(env)
+        if ENV['GITLAB_GRACK_AUTH_ONLY'] == '1'
+          # Tell gitlab-git-http-server the request is OK, and what the GL_ID is
+          render_grack_auth_ok
+        else
+          @app.call(env)
+        end
       elsif @user.nil? && !@gitlab_ci
         unauthorized
       else
@@ -174,6 +179,10 @@ module Grack
       end
     end
 
+    def render_grack_auth_ok
+      [200, { "Content-Type" => "application/json" }, [JSON.dump({ 'GL_ID' => Gitlab::ShellEnv.gl_id(@user) })]]
+    end
+
     def render_not_found
       [404, { "Content-Type" => "text/plain" }, ["Not Found"]]
     end
diff --git a/lib/gitlab/backend/shell_env.rb b/lib/gitlab/backend/shell_env.rb
index 17ec029eed4..9f5adee594a 100644
--- a/lib/gitlab/backend/shell_env.rb
+++ b/lib/gitlab/backend/shell_env.rb
@@ -7,7 +7,7 @@ module Gitlab
     def set_env(user)
       # Set GL_ID env variable
       if user
-        ENV['GL_ID'] = "user-#{user.id}"
+        ENV['GL_ID'] = gl_id(user)
       end
     end
 
@@ -15,5 +15,14 @@ module Gitlab
       # Reset GL_ID env variable
       ENV['GL_ID'] = nil
     end
+
+    def gl_id(user)
+      if user.present?
+        "user-#{user.id}"
+      else
+        # This empty string is used in the render_grack_auth_ok method
+        ""
+      end
+    end
   end
 end
diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab
index edb987875df..efa0898900f 100644
--- a/lib/support/nginx/gitlab
+++ b/lib/support/nginx/gitlab
@@ -38,6 +38,11 @@ upstream gitlab {
   server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0;
 }
 
+## Experimental: gitlab-git-http-server
+# upstream gitlab-git-http-server {
+#   server localhost:8181;
+# }
+
 ## Normal HTTP host
 server {
   ## Either remove "default_server" from the listen line below, 
@@ -109,6 +114,26 @@ server {
     proxy_pass http://gitlab;
   }
 
+  ## Experimental: send Git HTTP traffic to gitlab-git-http-server instead of Unicorn
+  # location ~ [-\/\w\.]+\.git\/ {
+  #   ## If you use HTTPS make sure you disable gzip compression
+  #   ## to be safe against BREACH attack.
+  #   # gzip off;
+
+  #   ## https://github.com/gitlabhq/gitlabhq/issues/694
+  #   ## Some requests take more than 30 seconds.
+  #   proxy_read_timeout      300;
+  #   proxy_connect_timeout   300;
+  #   proxy_redirect          off;
+
+  #   proxy_set_header    Host                $http_host;
+  #   proxy_set_header    X-Real-IP           $remote_addr;
+  #   proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+  #   proxy_set_header    X-Forwarded-Proto   $scheme;
+
+  #   proxy_pass http://gitlab-git-http-server;
+  # }
+
   ## Enable gzip compression as per rails guide:
   ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
   ## WARNING: If you are using relative urls remove the block below
diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl
index 766559b49f6..314525518f1 100644
--- a/lib/support/nginx/gitlab-ssl
+++ b/lib/support/nginx/gitlab-ssl
@@ -42,6 +42,11 @@ upstream gitlab {
   server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0;
 }
 
+## Experimental: gitlab-git-http-server
+# upstream gitlab-git-http-server {
+#   server localhost:8181;
+# }
+
 ## Redirects all HTTP traffic to the HTTPS host
 server {
   ## Either remove "default_server" from the listen line below, 
@@ -156,6 +161,26 @@ server {
     proxy_pass http://gitlab;
   }
 
+  ## Experimental: send Git HTTP traffic to gitlab-git-http-server instead of Unicorn
+  # location ~ [-\/\w\.]+\.git\/ {
+  #   ## If you use HTTPS make sure you disable gzip compression
+  #   ## to be safe against BREACH attack.
+  #   gzip off;
+
+  #   ## https://github.com/gitlabhq/gitlabhq/issues/694
+  #   ## Some requests take more than 30 seconds.
+  #   proxy_read_timeout      300;
+  #   proxy_connect_timeout   300;
+  #   proxy_redirect          off;
+
+  #   proxy_set_header    Host                $http_host;
+  #   proxy_set_header    X-Real-IP           $remote_addr;
+  #   proxy_set_header    X-Forwarded-Ssl     on;
+  #   proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+  #   proxy_set_header    X-Forwarded-Proto   $scheme;
+  #   proxy_pass http://gitlab-git-http-server;
+  # }
+
   ## Enable gzip compression as per rails guide:
   ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
   ## WARNING: If you are using relative urls remove the block below
author	Valery Sizov <vsv2711@gmail.com>	2015-07-29 12:19:59 +0300
committer	Valery Sizov <vsv2711@gmail.com>	2015-07-29 12:19:59 +0300
commit	8bda433734394af7e3858c0804b378a6d1313a84 (patch)
tree	18287bcfba6fa853f49b6717baf4b8f7bd6a7217
parent	81c71d2519cef11bd94ad570d1d4e0e6ca4d71f1 (diff)
parent	d64ae5363fc17bf5592bc1a66a53763ddb9a3acc (diff)
download	gitlab-ce-8bda433734394af7e3858c0804b378a6d1313a84.tar.gz