Updated NGINX configs

Updated gitlab config

Updated NGINX configs
Updated gitlab config
e880b0b9 · Christian Dresen · 715b2814 · e880b0b9 · e880b0b9 · e880b0b9
Commit e880b0b9 authored 9 years ago by Christian Dresen
--- a/roles/docker_gitlab/files/gitlab.rb
+++ b/roles/docker_gitlab/files/gitlab.rb
@@ -3,7 +3,7 @@
 ## Url on which GitLab will be reachable.
 ## For more details on configuring external_url see:
 ## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#configuring-the-external-url-for-gitlab
-external_url 'http://gitlab.wz.dyhost.de/' # default: http://hostname
+external_url 'https://gitlab.wz.dyhost.de/' # default: http://hostname


 ## Note: configuration settings below are optional.
@@ -561,7 +561,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = 2222
 # GitLab Mattermost #
 #####################

-mattermost_external_url 'http://mattermost.wz.dyhost.de/'
+mattermost_external_url 'https://mattermost.wz.dyhost.de/'

 mattermost['enable'] = true
 # mattermost['username'] = 'mattermost'
@@ -592,7 +592,7 @@ mattermost['service_port'] = "8065"
 # mattermost['service_session_length_sso_in_days'] = 30
 # mattermost['service_session_cache_in_minutes'] = 10

-# mattermost['team_site_name'] = "GitLab Mattermost"
+mattermost['team_site_name'] = "Warpzone Mattermost"
 # mattermost['team_max_users_per_team'] = 150
 # mattermost['team_enable_team_creation'] = true
 # mattermost['team_enable_user_creation'] = true
@@ -603,7 +603,6 @@ mattermost['service_port'] = "8065"
 # mattermost['team_restrict_team_names'] = true
 # mattermost['team_enable_team_listing'] = false

-
 # mattermost['sql_driver_name'] = 'mysql'
 # mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
 # mattermost['sql_data_source_replicas'] = ["mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"]
@@ -618,13 +617,13 @@ mattermost['service_port'] = "8065"
 # mattermost['log_file_level'] = 'INFO'
 # mattermost['log_file_format'] = nil

-# mattermost['gitlab_enable'] = false
-# mattermost['gitlab_secret'] = "123456789"
-# mattermost['gitlab_id'] = "12345656"
-# mattermost['gitlab_scope'] = ""
-# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
-# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
-# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v3/user"
+mattermost['gitlab_enable'] = true
+mattermost['gitlab_secret'] = ""
+mattermost['gitlab_id'] = ""
+mattermost['gitlab_scope'] = ""
+mattermost['gitlab_auth_endpoint'] = "https://gitlab.wz.dyhost.de/oauth/authorize"
+mattermost['gitlab_token_endpoint'] = "https://gitlab.wz.dyhost.de/oauth/token"
+mattermost['gitlab_user_api_endpoint'] = "https://gitlab.wz.dyhost.de/api/v3/user"

 # mattermost['aws'] = {'S3AccessKeyId' => '123', 'S3SecretAccessKey' => '123', 'S3Bucket' => 'aa', 'S3Region' => 'bb'}


--- a/roles/nginx/files/gitlab
+++ b/roles/nginx/files/gitlab
 server {
 	listen 80;
 	listen [::]:80;
+
+    server_name    gitlab.wz.dyhost.de;
+    return         301 https://$server_name$request_uri;
+}
+
+server {
 	listen 443 ssl spdy;
-        listen [::]:443 ssl spdy;
-        ssl_certificate /etc/ssl/fullchain.pem;
-        ssl_certificate_key /etc/ssl/key.pem;
-        ssl_session_cache shared:SSL:5m;
-        ssl_session_timeout 5m;
-        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
-        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-        ssl_ciphers "AES:!ADH:!AECDH:!MD5:!DSS";
-        ssl_prefer_server_ciphers on;    
+    listen [::]:443 ssl spdy;
+    ssl_certificate /etc/ssl/fullchain.pem;
+    ssl_certificate_key /etc/ssl/key.pem;
+    ssl_session_cache shared:SSL:5m;
+    ssl_session_timeout 5m;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers "AES:!ADH:!AECDH:!MD5:!DSS";
+    ssl_prefer_server_ciphers on;    
 	server_name gitlab.wz.dyhost.de;
 	root /var/www/html;
 	index index.html;

--- a/roles/nginx/files/mattermost
+++ b/roles/nginx/files/mattermost
@@ -13,49 +13,50 @@ map $http_upgrade $connection_upgrade {
  ''      close;
 }

-
 server {
 	listen 80;
-        listen [::]:80;
-        listen 443 ssl spdy;
-        listen [::]:443 ssl spdy;
-        ssl_certificate /etc/ssl/fullchain.pem;
-        ssl_certificate_key /etc/ssl/key.pem;
-        ssl_session_cache shared:SSL:5m;
-        ssl_session_timeout 5m;
-        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
-        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-        ssl_ciphers "AES:!ADH:!AECDH:!MD5:!DSS";
-        ssl_prefer_server_ciphers on;
-	server_name mattermost.wz.dyhost.de;
-  server_tokens off;     # don't show the version number, a security best practice
-  client_max_body_size 0;
-
-
-#  access_log  /var/log/gitlab/nginx/gitlab_mattermost_access.log gitlab_mattermost_access;
-  error_log   /var/log/gitlab/nginx/gitlab_mattermost_error.log;
-
-  location / {
-    ## If you use HTTPS make sure you disable gzip compression
-    ## to be safe against BREACH attack.
-
-
-    proxy_read_timeout      300;
-    proxy_connect_timeout   300;
-    proxy_redirect          off;
-
-    proxy_set_header   X-Forwarded-Proto http;
-    proxy_set_header   Host              $http_host;
-    proxy_set_header   X-Real-IP         $remote_addr;
-    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
-    proxy_set_header   X-Frame-Options   SAMEORIGIN;
-
-
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection $connection_upgrade;
-
-    proxy_pass http://gitlab_mattermost;
-  }
+	listen [::]:80;
+
+    server_name    mattermost.wz.dyhost.de;
+    return         301 https://$server_name$request_uri;
+}
+server {
+    listen 443 ssl spdy;
+    listen [::]:443 ssl spdy;
+
+    server_name mattermost.wz.dyhost.de;
+        
+    ssl_certificate /etc/ssl/fullchain.pem;
+    ssl_certificate_key /etc/ssl/key.pem;
+    ssl_session_cache shared:SSL:5m;
+    ssl_session_timeout 5m;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers "AES:!ADH:!AECDH:!MD5:!DSS";
+    ssl_prefer_server_ciphers on;
+
+    server_tokens off;     # don't show the version number, a security best practice
+    client_max_body_size 0;
+
+    #  access_log  /var/log/gitlab/nginx/gitlab_mattermost_access.log gitlab_mattermost_access;
+    error_log   /var/log/gitlab/nginx/gitlab_mattermost_error.log;
+
+    location / {
+        proxy_read_timeout      300;
+        proxy_connect_timeout   300;
+        proxy_redirect          off;
+
+        proxy_set_header   X-Forwarded-Proto http;
+        proxy_set_header   Host              $http_host;
+        proxy_set_header   X-Real-IP         $remote_addr;
+        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Frame-Options   SAMEORIGIN;
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+
+        proxy_pass http://gitlab_mattermost;
+    }


 }