diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-02 12:14:26 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-02 12:14:26 +0000 |
commit | ce459835cb32ed396fb7524fb615a5d07f8c51ef (patch) | |
tree | bc56e024828f25d53f8b713b4d8f6393b8755112 /lib | |
parent | 374f3dee7dc0fae10a34daf503b8bf3078008f4b (diff) | |
download | gitlab-ce-ce459835cb32ed396fb7524fb615a5d07f8c51ef.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/regex.rb | 2 | ||||
-rw-r--r-- | lib/support/nginx/gitlab-pages-ssl | 11 | ||||
-rw-r--r-- | lib/support/nginx/gitlab-ssl | 11 | ||||
-rw-r--r-- | lib/support/nginx/registry-ssl | 11 | ||||
-rw-r--r-- | lib/tasks/gitlab/packages/migrate.rake | 4 | ||||
-rw-r--r-- | lib/tasks/gitlab/pages.rake | 4 |
6 files changed, 17 insertions, 26 deletions
diff --git a/lib/gitlab/regex.rb b/lib/gitlab/regex.rb index 4d15ac99277..84f7338a9ce 100644 --- a/lib/gitlab/regex.rb +++ b/lib/gitlab/regex.rb @@ -265,7 +265,7 @@ module Gitlab # eg 'source/full/path' or 'destination_namespace' not 'https://example.com/destination/namespace/path' # the regex also allows for an empty string ('') to be accepted as this is allowed in # a bulk_import POST request - @bulk_import_destination_namespace_path_regex ||= %r/((\A\z)|\A([.]?)[^\W](\/?[.]?[0-9a-z][-_]*)+\z)/i + @bulk_import_destination_namespace_path_regex ||= %r/((\A\z)|\A([.]?)\w*([0-9a-z][-_]*)(\/?[.]?[0-9a-z][-_]*)+\z)/i end def bulk_import_source_full_path_regex diff --git a/lib/support/nginx/gitlab-pages-ssl b/lib/support/nginx/gitlab-pages-ssl index 900d91e0575..a883d151a96 100644 --- a/lib/support/nginx/gitlab-pages-ssl +++ b/lib/support/nginx/gitlab-pages-ssl @@ -38,8 +38,10 @@ server { ssl_session_cache shared:SSL:10m; ssl_session_tickets off; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + # These settings are in line with the modern settings from https://ssl-config.mozilla.org/ + # and are supported by all still-supported browsers since 2019. If you have specific needs + # for older settings, please consult the intermediate settings there. + ssl_protocols TLSv1.3; ssl_prefer_server_ciphers off; ## See app/controllers/application_controller.rb for headers set @@ -53,11 +55,6 @@ server { # ssl_stapling_verify on; # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt; - ## [Optional] Generate a stronger DHE parameter: - ## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096 - ## - # ssl_dhparam /etc/ssl/certs/dhparam.pem; - ## [Optional] Enable HTTP Strict Transport Security # add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl index 435b9055929..23d504736e6 100644 --- a/lib/support/nginx/gitlab-ssl +++ b/lib/support/nginx/gitlab-ssl @@ -97,8 +97,10 @@ server { ssl_session_cache shared:SSL:10m; ssl_session_tickets off; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + # These settings are in line with the modern settings from https://ssl-config.mozilla.org/ + # and are supported by all still-supported browsers since 2019. If you have specific needs + # for older settings, please consult the intermediate settings there. + ssl_protocols TLSv1.3; ssl_prefer_server_ciphers off; ## See app/controllers/application_controller.rb for headers set @@ -114,11 +116,6 @@ server { # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired # resolver_timeout 5s; - ## [Optional] Generate a stronger DHE parameter: - ## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096 - ## - # ssl_dhparam /etc/ssl/certs/dhparam.pem; - ## [Optional] Enable HTTP Strict Transport Security # add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; diff --git a/lib/support/nginx/registry-ssl b/lib/support/nginx/registry-ssl index be16037629b..50ecb855e24 100644 --- a/lib/support/nginx/registry-ssl +++ b/lib/support/nginx/registry-ssl @@ -34,15 +34,12 @@ server { ssl_session_cache shared:SSL:10m; ssl_session_tickets off; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + # These settings are in line with the modern settings from https://ssl-config.mozilla.org/ + # and are supported by all still-supported browsers since 2019. If you have specific needs + # for older settings, please consult the intermediate settings there. + ssl_protocols TLSv1.3; ssl_prefer_server_ciphers off; - ## [Optional] Generate a stronger DHE parameter: - ## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096 - ## - # ssl_dhparam /etc/ssl/certs/dhparam.pem; - ## [Optional] Enable HTTP Strict Transport Security # add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; diff --git a/lib/tasks/gitlab/packages/migrate.rake b/lib/tasks/gitlab/packages/migrate.rake index 1c28f4308a2..737788583ae 100644 --- a/lib/tasks/gitlab/packages/migrate.rake +++ b/lib/tasks/gitlab/packages/migrate.rake @@ -1,11 +1,11 @@ # frozen_string_literal: true -require 'logger' - desc "GitLab | Packages | Migrate packages files to remote storage" namespace :gitlab do namespace :packages do task migrate: :environment do + require 'logger' + logger = Logger.new($stdout) logger.info('Starting transfer of package files to object storage') diff --git a/lib/tasks/gitlab/pages.rake b/lib/tasks/gitlab/pages.rake index e6fde28e38f..ecfb163f284 100644 --- a/lib/tasks/gitlab/pages.rake +++ b/lib/tasks/gitlab/pages.rake @@ -1,11 +1,11 @@ # frozen_string_literal: true -require 'logger' - namespace :gitlab do namespace :pages do namespace :deployments do task migrate_to_object_storage: :gitlab_environment do + require 'logger' + logger = Logger.new($stdout) helper = Gitlab::LocalAndRemoteStorageMigration::PagesDeploymentMigrater.new(logger) |