handle https for gitlab

cogini · Jun 14, 2014 · caf7b4c · caf7b4c
1 parent 45b7823
commit caf7b4c
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 5 deletions.
diff --git a/gitlab/attributes/default.rb b/gitlab/attributes/default.rb
@@ -39,9 +39,16 @@
 default[:gitlab][:ssh_port] = 22
 
 default[:gitlab][:host] = "localhost"
-default[:gitlab][:port] = 80
+default[:gitlab][:enable_https] = false
 
 default[:gitlab][:satellites_path] = "/home/git/gitlab-satellites/"
 default[:gitlab][:repos_path] = "/home/git/repositories/"
 
 default[:gitlab][:worker_processes] = 2
+
+
+if node[:gitlab][:enable_https]
+    default[:gitlab][:port] = 443
+else
+    default[:gitlab][:port] = 80
+end
diff --git a/gitlab/templates/default/gitlab.yml.erb b/gitlab/templates/default/gitlab.yml.erb
@@ -17,7 +17,7 @@ production: &base
     ## Web server settings
     host: <%= node[:gitlab][:host] %>
     port: <%= node[:gitlab][:port] %>
-    https: false
+    https: <%= node[:gitlab][:enable_https] %>
 
     # Uncomment and customize the last line to run in a non-root path
     # WARNING: This feature is no longer supported

diff --git a/gitlab/templates/default/nginx-gitlab.erb b/gitlab/templates/default/nginx-gitlab.erb
@@ -2,12 +2,14 @@
 
 
 upstream gitlab {
-  server unix:<%= node[:gitlab][:dir] %>/tmp/sockets/gitlab.socket;
+  # http://unicorn.bogomips.org/Unicorn/Configurator.html#method-i-timeout
+  server unix:<%= node[:gitlab][:dir] %>/tmp/sockets/gitlab.socket fail_timeout=0;
 }
 
 
 server {
 
+  # TODO: handle enable_https
   listen      80 default_server;
   server_name <%= node[:gitlab][:server_name] %>;
 
@@ -26,7 +28,9 @@ server {
     proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
     proxy_read_timeout    300; # https://github.com/gitlabhq/gitlabhq/issues/694
 
-    proxy_set_header X-Forwarded-Proto $scheme;
+    # If there is a proxy that terminates SSL connections, the scheme should be
+    # set there. TODO: handle this automatically
+    # proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header Host              $http_host;
     proxy_set_header X-Real-IP         $remote_addr;
   }

diff --git a/gitlab/templates/default/unicorn.rb.erb b/gitlab/templates/default/unicorn.rb.erb
@@ -29,7 +29,7 @@ listen "<%= node[:gitlab][:dir] %>/tmp/sockets/gitlab.socket", :backlog => 64
 # listen 8080, :tcp_nopush => true
 
 # nuke workers after 30 seconds instead of 60 seconds (the default)
-timeout 30
+timeout 60
 
 # feel free to point this anywhere accessible on the filesystem
 pid "<%= node[:gitlab][:dir] %>/tmp/pids/unicorn.pid"