Skip to content
Snippets Groups Projects
Commit df9963c3 authored by Christian Dresen's avatar Christian Dresen
Browse files

Fixed stuff

parent 80d302b6
No related branches found
No related tags found
No related merge requests found
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
## Url on which GitLab will be reachable. ## Url on which GitLab will be reachable.
## For more details on configuring external_url see: ## For more details on configuring external_url see:
## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#configuring-the-external-url-for-gitlab ## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#configuring-the-external-url-for-gitlab
external_url 'http://gitlab.wz.dyhost.de' # default: http://hostname external_url 'http://wz.dyhost.de/gitlab/' # default: http://hostname
## Note: configuration settings below are optional. ## Note: configuration settings below are optional.
...@@ -561,7 +561,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = 2222 ...@@ -561,7 +561,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = 2222
# GitLab Mattermost # # GitLab Mattermost #
##################### #####################
mattermost_external_url 'http://mattermost.wz.dyhost.de/gitlab/mattermost' mattermost_external_url 'http://mattermost.wz.dyhost.de/'
mattermost['enable'] = true mattermost['enable'] = true
# mattermost['username'] = 'mattermost' # mattermost['username'] = 'mattermost'
...@@ -570,7 +570,7 @@ mattermost['enable'] = true ...@@ -570,7 +570,7 @@ mattermost['enable'] = true
# mattermost['database_name'] = 'mattermost_production' # mattermost['database_name'] = 'mattermost_production'
# mattermost['service_use_ssl'] = false # mattermost['service_use_ssl'] = false
mattermost['service_address'] = "127.0.0.1" mattermost['service_address'] = "0.0.0.0"
mattermost['service_port'] = "8065" mattermost['service_port'] = "8065"
# mattermost['service_maximum_login_attempts'] = 10 # mattermost['service_maximum_login_attempts'] = 10
...@@ -682,7 +682,7 @@ mattermost['service_port'] = "8065" ...@@ -682,7 +682,7 @@ mattermost['service_port'] = "8065"
# Mattermost NGINX # # Mattermost NGINX #
#################### ####################
mattermost_nginx['enable'] = true # mattermost_nginx['enable'] = false
# mattermost_nginx['client_max_body_size'] = '250m' # mattermost_nginx['client_max_body_size'] = '250m'
# mattermost_nginx['redirect_http_to_https'] = false # mattermost_nginx['redirect_http_to_https'] = false
# mattermost_nginx['redirect_http_to_https_port'] = 80 # mattermost_nginx['redirect_http_to_https_port'] = 80
...@@ -694,8 +694,8 @@ mattermost_nginx['enable'] = true ...@@ -694,8 +694,8 @@ mattermost_nginx['enable'] = true
# mattermost_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html # mattermost_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html
# mattermost_nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html # mattermost_nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html
# mattermost_nginx['ssl_dhparam'] = nil # Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem # mattermost_nginx['ssl_dhparam'] = nil # Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem
mattermost_nginx['listen_addresses'] = ['*'] #mattermost_nginx['listen_addresses'] = ['*']
mattermost_nginx['listen_port'] = 42002 # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port #mattermost_nginx['listen_port'] = 42002 # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port
# mattermost_nginx['listen_https'] = nil # override only if your reverse proxy internally communicates over HTTP: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl # mattermost_nginx['listen_https'] = nil # override only if your reverse proxy internally communicates over HTTP: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl
# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" # mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
# mattermost_nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;" # mattermost_nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
......
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
listen 443 ssl spdy;
server_name gitlab.wz.dyhost.de mattermost.wz.dyhost.de; listen [::]:443 ssl spdy;
ssl_certificate /etc/ssl/fullchain.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 5m;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "AES:!ADH:!AECDH:!MD5:!DSS";
ssl_prefer_server_ciphers on;
server_name gitlab.wz.dyhost.de;
root /var/www/html; root /var/www/html;
index index.html; index index.html;
location / { location / {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:42001/; # proxy_pass http://127.0.0.1:42001/;
proxy_pass http://mattermost.wz.dyhost.de:42001/;
proxy_redirect off; proxy_redirect off;
} }
......
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
## GitLab Mattermost
upstream gitlab_mattermost {
server 127.0.0.1:8065;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
listen 443 ssl spdy;
listen [::]:443 ssl spdy;
ssl_certificate /etc/ssl/fullchain.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 5m;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "AES:!ADH:!AECDH:!MD5:!DSS";
ssl_prefer_server_ciphers on;
server_name mattermost.wz.dyhost.de;
server_tokens off; # don't show the version number, a security best practice
client_max_body_size 0;
# access_log /var/log/gitlab/nginx/gitlab_mattermost_access.log gitlab_mattermost_access;
error_log /var/log/gitlab/nginx/gitlab_mattermost_error.log;
location / {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://gitlab_mattermost;
}
}
...@@ -35,7 +35,14 @@ ...@@ -35,7 +35,14 @@
- name: Activate gitlab config - name: Activate gitlab config
file: src=/etc/nginx/sites-available/gitlab dest=/etc/nginx/sites-enabled/gitlab state=link file: src=/etc/nginx/sites-available/gitlab dest=/etc/nginx/sites-enabled/gitlab state=link
- name: Konfig-Datei mattermost kopieren
copy: src=gitlab dest=/etc/nginx/sites-available/gitlab
notify: restart nginx
- name: Activate mattermost config
file: src=/etc/nginx/sites-available/mattermost dest=/etc/nginx/sites-enabled/mattermost state=link
- name: Cronjob für Zertifikatserneuerung - name: Cronjob für Zertifikatserneuerung
cron: name="simp_le" weekday="2" hour="20" minute="0" job="cd /etc/ssl && PATH=/usr/src/simp_le/venv/bin:/usr/sbin:/usr/bin:/sbin:/bin simp_le --email info@warpzone.ms -f account_key.json -f key.pem -f fullchain.pem -d wz.dyhost.de:/var/www/html && systemctl reload nginx" cron: name="simp_le" weekday="2" hour="20" minute="0" job="cd /etc/ssl && PATH=/usr/src/simp_le/venv/bin:/usr/sbin:/usr/bin:/sbin:/bin simp_le --email info@warpzone.ms -f account_key.json -f key.pem -f fullchain.pem -d wz.dyhost.de:/var/www/html && systemctl reload nginx"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment