Merge branch 'master' into 56937-edit-knative-domain-after-it-has-been-deployed56937-edit-knative-domain-after-it-has-been-deployed

17 files changed, 98 insertions, 44 deletions

diff --git a/doc/administration/auth/authentiq.md b/doc/administration/auth/authentiq.md
index 772e55cef07..94a8803fff1 100644
--- a/doc/administration/auth/authentiq.md
+++ b/doc/administration/auth/authentiq.md
@@ -50,7 +50,6 @@ Authentiq will generate a Client ID and the accompanying Client Secret for you t
       }
     ```
 
-
 1. The `scope` is set to request the user's name, email (required and signed), and permission to send push notifications to sign in on subsequent visits.
 See [OmniAuth Authentiq strategy](https://github.com/AuthentiqID/omniauth-authentiq/wiki/Scopes,-callback-url-configuration-and-responses) for more information on scopes and modifiers.
 
diff --git a/doc/administration/auth/ldap.md b/doc/administration/auth/ldap.md
index 0ac73c55580..37e596f198f 100644
--- a/doc/administration/auth/ldap.md
+++ b/doc/administration/auth/ldap.md
@@ -448,7 +448,6 @@ ldapsearch -H ldaps://$host:$port -D "$bind_dn" -y bind_dn_password.txt  -b "$ba
   port.
 - We are assuming the password for the bind_dn user is in bind_dn_password.txt.
 
-
 ### Invalid credentials when logging in
 
 - Make sure the user you are binding with has enough permissions to read the user's
diff --git a/doc/administration/auth/okta.md b/doc/administration/auth/okta.md
index ae38094391b..3136923fa96 100644
--- a/doc/administration/auth/okta.md
+++ b/doc/administration/auth/okta.md
@@ -140,7 +140,6 @@ Now that the Okta app is configured, it's time to enable it in GitLab.
       }
     ```
 
-
 1. [Reconfigure][reconf] or [restart] GitLab for Omnibus and installations
    from source respectively for the changes to take effect.
 
diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md
index db0b3e1270c..a1ac4a2a57c 100644
--- a/doc/administration/container_registry.md
+++ b/doc/administration/container_registry.md
@@ -542,7 +542,6 @@ Read more about the Container Registry notifications config options in the
 >**Note:**
 Multiple endpoints can be configured for the Container Registry.
 
-
 **Omnibus GitLab installations**
 
 To configure a notification endpoint in Omnibus:
@@ -587,7 +586,9 @@ notifications:
       backoff: 1000
 ```
 
-## Using self-signed certificates with Container Registry
+## Troubleshooting
+
+### Using self-signed certificates with Container Registry
 
 If you're using a self-signed certificate with your Container Registry, you
 might encounter issues during the CI jobs like the following:
@@ -599,12 +600,18 @@ Error response from daemon: Get registry.example.com/v1/users/: x509: certificat
 The Docker daemon running the command expects a cert signed by a recognized CA,
 thus the error above.
 
-While GitLab doesn't support using self-signed certificates with Container
-Registry out of the box, it is possible to make it work if you follow
-[Docker's documentation][docker-insecure-self-signed]. You may find some additional
-information in [issue 18239][ce-18239].
+While GitLab doesn't support using self-signed certificates with Container Registry out of the box, it is possible to make it work by [instructing the docker-daemon to trust the self-signed certificates][docker-insecure-self-signed], mounting the docker-daemon and setting `privileged = false` in the runner's `config.toml`. Setting `privileged = true` takes precedence over the docker-daemon.
 
-## Troubleshooting
+```
+  [runners.docker]
+    image = "ruby:2.1"
+    privileged = false
+    volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"]
+```
+
+Additional information about this: [issue 18239][ce-18239].
+
+### AWS S3 with the GitLab registry error when pushing large images
 
 When using AWS S3 with the GitLab registry, an error may occur when pushing
 large images. Look in the Registry log for the following error:
diff --git a/doc/administration/high_availability/gitlab.md b/doc/administration/high_availability/gitlab.md
index 2ca860bd763..e554c06532e 100644
--- a/doc/administration/high_availability/gitlab.md
+++ b/doc/administration/high_availability/gitlab.md
@@ -58,6 +58,7 @@ for each GitLab application server in your environment.
 
     # Disable components that will not be on the GitLab application server
     roles ['application_role']
+    nginx['enable'] = true
 
     # PostgreSQL connection details
     gitlab_rails['db_adapter'] = 'postgresql'
@@ -90,6 +91,8 @@ for each GitLab application server in your environment.
     certificates are not present, Nginx will fail to start. See
     [Nginx documentation](http://docs.gitlab.com/omnibus/settings/nginx.html#enable-https)
     for more information.
+    >
+    > **Note:** It is best to set the `uid` and `gid`s prior to the initial reconfigure of GitLab. Omnibus will not recursively `chown` directories if set after the initial reconfigure.
 
 ## First GitLab application server
 
@@ -108,8 +111,9 @@ Additional GitLab servers (servers configured **after** the first GitLab server)
 need some extra configuration.
 
 1. Configure shared secrets. These values can be obtained from the primary
-   GitLab server in `/etc/gitlab/gitlab-secrets.json`. Add these to
-   `/etc/gitlab/gitlab.rb` **prior to** running the first `reconfigure`.
+   GitLab server in `/etc/gitlab/gitlab-secrets.json`. Copy this file to the
+   secondary servers **prior to** running the first `reconfigure` in the steps
+   above.
 
     ```ruby
     gitlab_shell['secret_token'] = 'fbfb19c355066a9afb030992231c4a363357f77345edd0f2e772359e5be59b02538e1fa6cae8f93f7d23355341cea2b93600dab6d6c3edcdced558fc6d739860'
diff --git a/doc/administration/high_availability/load_balancer.md b/doc/administration/high_availability/load_balancer.md
index 359de0efadb..28b226cacd5 100644
--- a/doc/administration/high_availability/load_balancer.md
+++ b/doc/administration/high_availability/load_balancer.md
@@ -8,7 +8,53 @@ choice already. Some examples including HAProxy (open-source), F5 Big-IP LTM,
 and Citrix Net Scaler. This documentation will outline what ports and protocols
 you need to use with GitLab.
 
-## Basic ports
+## SSL
+
+How will you handle SSL in your HA environment? There are several different
+options:
+
+- Each application node terminates SSL
+- The load balancer(s) terminate SSL and communication is not secure between
+  the load balancer(s) and the application nodes
+- The load balancer(s) terminate SSL and communication is *secure* between the
+  load balancer(s) and the application nodes
+
+### Application nodes terminate SSL
+
+Configure your load balancer(s) to pass connections on port 443 as 'TCP' rather
+than 'HTTP(S)' protocol. This will pass the connection to the application nodes
+Nginx service untouched. Nginx will have the SSL certificate and listen on port 443.
+
+See [Nginx HTTPS documentation](https://docs.gitlab.com/omnibus/settings/nginx.html#enable-https)
+for details on managing SSL certificates and configuring Nginx.
+
+### Load Balancer(s) terminate SSL without backend SSL
+
+Configure your load balancer(s) to use the 'HTTP(S)' protocol rather than 'TCP'.
+The load balancer(s) will then be responsible for managing SSL certificates and
+terminating SSL.
+
+Since communication between the load balancer(s) and GitLab will not be secure,
+there is some additional configuration needed. See
+[Nginx Proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl)
+for details.
+
+### Load Balancer(s) terminate SSL with backend SSL
+
+Configure your load balancer(s) to use the 'HTTP(S)' protocol rather than 'TCP'.
+The load balancer(s) will be responsible for managing SSL certificates that
+end users will see.
+
+Traffic will also be secure between the load balancer(s) and Nginx in this
+scenario. There is no need to add configuration for proxied SSL since the
+connection will be secure all the way. However, configuration will need to be
+added to GitLab to configure SSL certificates. See
+[Nginx HTTPS documentation](https://docs.gitlab.com/omnibus/settings/nginx.html#enable-https)
+for details on managing SSL certificates and configuring Nginx.
+
+## Ports
+
+### Basic ports
 
 | LB Port | Backend Port | Protocol        |
 | ------- | ------------ | --------------- |
@@ -16,9 +62,9 @@ you need to use with GitLab.
 | 443     | 443          | TCP or HTTPS [^1] [^2] |
 | 22      | 22           | TCP             |
 
-## GitLab Pages Ports
+### GitLab Pages Ports
 
-If you're using GitLab Pages with custom domain support you will need some 
+If you're using GitLab Pages with custom domain support you will need some
 additional port configurations.
 GitLab Pages requires a separate virtual IP address. Configure DNS to point the
 `pages_external_url` from `/etc/gitlab/gitlab.rb` at the new virtual IP address. See the
@@ -29,7 +75,7 @@ GitLab Pages requires a separate virtual IP address. Configure DNS to point the
 | 80      | Varies [^3]  | HTTP     |
 | 443     | Varies [^3]  | TCP [^4] |
 
-## Alternate SSH Port
+### Alternate SSH Port
 
 Some organizations have policies against opening SSH port 22. In this case,
 it may be helpful to configure an alternate SSH hostname that allows users
diff --git a/doc/administration/high_availability/redis.md b/doc/administration/high_availability/redis.md
index 987a0b9f350..bf5d064d79d 100644
--- a/doc/administration/high_availability/redis.md
+++ b/doc/administration/high_availability/redis.md
@@ -855,7 +855,6 @@ To make sure your configuration is correct:
     You should see a different port after a few seconds delay
     (the failover/reconnect time).
 
-
 ## Changelog
 
 Changes to Redis HA over time.
diff --git a/doc/administration/index.md b/doc/administration/index.md
index 12fec2753bf..fff4538a7c9 100644
--- a/doc/administration/index.md
+++ b/doc/administration/index.md
@@ -4,24 +4,27 @@ description: 'Learn how to install, configure, update, and maintain your GitLab
 
 # Administrator documentation **[CORE ONLY]**
 
-Learn how to administer your GitLab instance (Community Edition and
-Enterprise Edition).
-Regular users don't have access to GitLab administration tools and settings.
+Learn how to administer your self-managed GitLab instance.
 
-GitLab has two product distributions: the open source
-[GitLab Community Edition (CE)](https://gitlab.com/gitlab-org/gitlab-ce),
-and the open core [GitLab Enterprise Edition (EE)](https://gitlab.com/gitlab-org/gitlab-ee),
-available through [different subscriptions](https://about.gitlab.com/pricing/).
+GitLab has two product distributions available through [different subscriptions](https://about.gitlab.com/pricing/):
 
-You can [install GitLab CE or GitLab EE](https://about.gitlab.com/installation/ce-or-ee/),
-but the features you'll have access to depend on the subscription you choose
-(Core, Starter, Premium, or Ultimate). GitLab Community Edition installations
-only have access to Core features.
+- The open source [GitLab Community Edition (CE)](https://gitlab.com/gitlab-org/gitlab-ce).
+- The open core [GitLab Enterprise Edition (EE)](https://gitlab.com/gitlab-org/gitlab-ee).
+
+You can [install either GitLab CE or GitLab EE](https://about.gitlab.com/installation/ce-or-ee/).
+However, the features you'll have access to depend on the subscription you choose
+(Core, Starter, Premium, or Ultimate).
+
+NOTE: **Note:**
+GitLab Community Edition installations only have access to Core features.
 
 GitLab.com is administered by GitLab, Inc., therefore, only GitLab team members have
 access to its admin configurations. If you're a GitLab.com user, please check the
 [user documentation](../user/index.html).
 
+NOTE: **Note:**
+Non-administrator users don’t have access to GitLab administration tools and settings.
+
 ## Installing and maintaining GitLab
 
 Learn how to install, configure, update, and maintain your GitLab instance.
@@ -127,7 +130,7 @@ Learn how to install, configure, update, and maintain your GitLab instance.
 - [Job traces](job_traces.md): Information about the job traces (logs).
 - [Register Shared and specific Runners](../ci/runners/README.md#registering-a-shared-runner): Learn how to register and configure Shared and specific Runners to your own instance.
 - [Shared Runners pipelines quota](../user/admin_area/settings/continuous_integration.md#shared-runners-pipeline-minutes-quota): Limit the usage of pipeline minutes for Shared Runners.
-- [Enable/disable Auto DevOps](../topics/autodevops/index.md#enabling-auto-devops): Enable or disable Auto DevOps for your instance.
+- [Enable/disable Auto DevOps](../topics/autodevops/index.md#enablingdisabling-auto-devops): Enable or disable Auto DevOps for your instance.
 
 ## Git configuration options
 
diff --git a/doc/administration/integration/plantuml.md b/doc/administration/integration/plantuml.md
index b61c5409a56..d383d1efe70 100644
--- a/doc/administration/integration/plantuml.md
+++ b/doc/administration/integration/plantuml.md
@@ -52,7 +52,6 @@ http://localhost:8080/plantuml
 
 you can change these defaults by editing the `/etc/tomcat7/server.xml` file.
 
-
 ## GitLab
 
 You need to enable PlantUML integration from Settings under Admin Area. To do
diff --git a/doc/administration/integration/terminal.md b/doc/administration/integration/terminal.md
index 40e03093743..25d85d1687b 100644
--- a/doc/administration/integration/terminal.md
+++ b/doc/administration/integration/terminal.md
@@ -64,8 +64,9 @@ narrower set of rules, you can restrict it to URLs ending with `/terminal.ws`
 (although this may still have a few false positives).
 
 If you installed from source, or have made any configuration changes to your
-Omnibus installation before upgrading to 8.15, you may need to make some
-changes to your configuration. See the  [8.14 to 8.15 upgrade](../../update/8.14-to-8.15.md#nginx-configuration)
+Omnibus installation before upgrading to 8.15, you may need to make some changes
+to your configuration. See the [Upgrading Community Edition and Enterprise
+Edition from source](../../update/upgrading_from_source.md#nginx-configuration)
 document for more details.
 
 If you'd like to disable web terminal support in GitLab, just stop passing
diff --git a/doc/administration/logs.md b/doc/administration/logs.md
index 698f4caab3a..36dee75bd44 100644
--- a/doc/administration/logs.md
+++ b/doc/administration/logs.md
@@ -23,12 +23,13 @@ requests from the API are logged to a separate file in `api_json.log`.
 Each line contains a JSON line that can be ingested by Elasticsearch, Splunk, etc. For example:
 
 ```json
-{"method":"GET","path":"/gitlab/gitlab-ce/issues/1234","format":"html","controller":"Projects::IssuesController","action":"show","status":200,"duration":229.03,"view":174.07,"db":13.24,"time":"2017-08-08T20:15:54.821Z","params":[{"key":"param_key","value":"param_value"}],"remote_ip":"18.245.0.1","user_id":1,"username":"admin","gitaly_calls":76}
+{"method":"GET","path":"/gitlab/gitlab-ce/issues/1234","format":"html","controller":"Projects::IssuesController","action":"show","status":200,"duration":229.03,"view":174.07,"db":13.24,"time":"2017-08-08T20:15:54.821Z","params":[{"key":"param_key","value":"param_value"}],"remote_ip":"18.245.0.1","user_id":1,"username":"admin","gitaly_calls":76,"queue_duration": 112.47}
 ```
 
 In this example, you can see this was a GET request for a specific issue. Notice each line also contains performance data:
 
-1. `duration`: the total time taken to retrieve the request
+1. `duration`: total time in milliseconds taken to retrieve the request
+1. `queue_duration`: total time in milliseconds that the request was queued inside GitLab Workhorse
 1. `view`: total time taken inside the Rails views
 1. `db`: total time to retrieve data from the database
 1. `gitaly_calls`: total number of calls made to Gitaly
@@ -91,6 +92,8 @@ This entry above shows an access to an internal endpoint to check whether an
 associated SSH key can download the project in question via a `git fetch` or
 `git clone`. In this example, we see:
 
+1. `duration`: total time in milliseconds taken to retrieve the request
+1. `queue_duration`: total time in milliseconds that the request was queued inside GitLab Workhorse
 1. `method`: The HTTP method used to make the request
 1. `path`: The relative path of the query
 1. `params`: Key-value pairs passed in a query string or HTTP body. Sensitive parameters (e.g. passwords, tokens, etc.) are filtered out.
diff --git a/doc/administration/monitoring/prometheus/gitlab_metrics.md b/doc/administration/monitoring/prometheus/gitlab_metrics.md
index 6ea0ac0d495..08cd23682d1 100644
--- a/doc/administration/monitoring/prometheus/gitlab_metrics.md
+++ b/doc/administration/monitoring/prometheus/gitlab_metrics.md
@@ -17,10 +17,7 @@ GitLab monitors its own internal service metrics, and makes them available at th
 `/-/metrics` endpoint. Unlike other [Prometheus] exporters, in order to access
 it, the client IP needs to be [included in a whitelist][whitelist].
 
-Currently the embedded Prometheus server is not automatically configured to
-collect metrics from this endpoint. We recommend setting up another Prometheus
-server, because the embedded server configuration is overwritten once every
-[reconfigure of GitLab][reconfigure]. In the future this will not be required.
+For Omnibus and Chart installations, these metrics are automatically enabled and collected as of [GitLab 9.4](https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/1702). For source installations or earlier verisons, these metrics will need to be enabled manually and collected by a Prometheus server.
 
 ## Unicorn Metrics available
 
diff --git a/doc/administration/operations/cleaning_up_redis_sessions.md b/doc/administration/operations/cleaning_up_redis_sessions.md
index 3a35aff8366..b45ca99fd80 100644
--- a/doc/administration/operations/cleaning_up_redis_sessions.md
+++ b/doc/administration/operations/cleaning_up_redis_sessions.md
@@ -20,7 +20,6 @@ configuration settings if you have used the advanced Redis
 settings outlined in
 [Configuration Files Documentation](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/README.md).
 
-
 First we define a shell function with the proper Redis connection details.
 
 ```
diff --git a/doc/administration/pages/index.md b/doc/administration/pages/index.md
index 10ae8c7dedf..5c809f25fbd 100644
--- a/doc/administration/pages/index.md
+++ b/doc/administration/pages/index.md
@@ -11,7 +11,7 @@ description: 'Learn how to administer GitLab Pages.'
 > - This guide is for Omnibus GitLab installations. If you have installed
 >   GitLab from source, follow the [Pages source installation document](source.md).
 > - To learn how to use GitLab Pages, read the [user documentation][pages-userguide].
-> - Does NOT support subgroups. See [this issue](https://gitlab.com/gitlab-org/gitlab-ce/issues/30548) for more information and status.
+> - Support for subgroup project's websites was [introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/30548) in GitLab 11.8.
 
 This document describes how to set up the _latest_ GitLab Pages feature. Make
 sure to read the [changelog](#changelog) if you are upgrading to a new GitLab
diff --git a/doc/administration/repository_storage_types.md b/doc/administration/repository_storage_types.md
index 51e1518d73f..4934aaf39f7 100644
--- a/doc/administration/repository_storage_types.md
+++ b/doc/administration/repository_storage_types.md
@@ -41,7 +41,6 @@ Registry, etc.
 
 ## Hashed Storage
 
-
 Hashed Storage is the new storage behavior we rolled out with 10.0. Instead
 of coupling project URL and the folder structure where the repository will be
 stored on disk, we are coupling a hash, based on the project's ID. This makes
diff --git a/doc/administration/restart_gitlab.md b/doc/administration/restart_gitlab.md
index b561c2f82aa..cbc3fbd9473 100644
--- a/doc/administration/restart_gitlab.md
+++ b/doc/administration/restart_gitlab.md
@@ -62,7 +62,8 @@ sudo gitlab-ctl status
 
 Notice that all services say `ok: run`.
 
-Sometimes, components time out during the restart and sometimes they get stuck.
+Sometimes, components time out (look for `timeout` in the logs) during the
+restart and sometimes they get stuck.
 In that case, you can use `gitlab-ctl kill <service>` to send the `SIGKILL`
 signal to the service, for example `sidekiq`. After that, a restart should
 perform fine.
@@ -136,7 +137,6 @@ If you are using other init systems, like systemd, you can check the
 [GitLab Recipes][gl-recipes] repository for some unofficial services. These are
 **not** officially supported so use them at your own risk.
 
-
 [omnibus-dl]: https://about.gitlab.com/downloads/ "Download the Omnibus packages"
 [install]: ../install/installation.md "Documentation to install GitLab from source"
 [mailroom]: reply_by_email.md "Used for replying by email in GitLab issues and merge requests"
diff --git a/doc/administration/uploads.md b/doc/administration/uploads.md
index 476ae8e8a76..9dfe085425f 100644
--- a/doc/administration/uploads.md
+++ b/doc/administration/uploads.md
@@ -149,7 +149,7 @@ _The uploads are stored by default in
 
 [reconfigure gitlab]: restart_gitlab.md#omnibus-gitlab-reconfigure "How to reconfigure Omnibus GitLab"
 [restart gitlab]: restart_gitlab.md#installations-from-source "How to restart GitLab"
-[eep]: https://about.gitlab.com/gitlab-ee/ "GitLab Enterprise Edition Premium"
+[eep]: https://about.gitlab.com/gitlab-ee/ "GitLab Premium"
 [ce]: https://about.gitlab.com/gitlab-ce/ "GitLab Community Edition"
 [ee-3867]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3867
 [ce-17358]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17358