Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17877 .
This change adds 'defense in depth' against 'Host' HTTP header
injection. It affects normal users in the following way. Suppose your
GitLab server has IP address 1.2.3.4 and hostname gitlab.example.com.
Currently, if you enter 1.2.3.4 in your browser, you get redirected to
1.2.3.4/users/sign_in. After this change, you get redirected from
1.2.3.4 to gitlab.example.com/users/sign_in. This is because the
address you typed in the address bar of your browser ('1.2.3.4'),
which gets stored in the 'Host' header, is now being overwritten to
'gitlab.example.com' in NGINX.
In this change we also make NGINX clear the 'X-Forwarded-Host' header
because Ruby on Rails also uses that header the same wayas the 'Host'
header.
We think that for most GitLab servers this is the right behavior, and
if not then administrators can change this behavior themselves at the
NGINX level.
Fixed init.d script not working on OS X
-s flag of su doesn't work correctly on OS X, logging in as the user
and not running the requested command. By moving the bash shell init
inside the su command we avoid the issue
Fixes Issue #3309
See merge request !1728
-s flag of su doesn't work correctly on some systems, loging in the user
and not running the requested command. By moving the bash shell init
inside the su command we avoid the issue
- Offloads uploading to GitLab Workhorse
- Use /authorize request for fast uploading
- Added backup recipes for artifacts
- Support download acceleration using X-Sendfile
Before this change NGINX would convert a chunked HTTP POST (e.g.
git push) into a HTTP 1.0 single large POST. This creates an
unnecessary delay, and it creates unnecessary memory pressure on
gitlab-git-http-server.
For the response ('proxy_buffering') I am less sure that NGINX 's
buffering behavior is harmful, but it still makes more sense to me
not to interfere with gitlab-git-http-server (and the Golang net/http
server).
https://gitlab.com/gitlab-org/gitlab-git-http-server
This change introduces the GITLAB_GRACK_AUTH_ONLY environment
variable. When set, Grack requests to GitLab will only respond with
the user's GL_ID (if the request is OK) or an error. This allows
gitlab-git-http-server to use the main GitLab application as an
authentication and authorization backend.
If we like how this works we should drop the GITLAB_GRACK_AUTH_ONLY
variable at some point in the future.
Close#178 Nginx conf default_host documentation
This closes#178
We're just making it clear that some nginx installs such as by default on recent Ubuntu's, the /etc/nginx/sites-enabled/default file will conflict the listen line of the gitlab nginx conf's due to the default_server directive.
changed installation.md to identify the issue to a user
added notes to both nginx configs for gitlab and gitlab-ssl
[ci-skip
See merge request !225
Jacob Vosmaer
Achilleas Pipinellis
Robert Speicher
Artem Sidorenko
Rémy Coutable
ritave
Harald Spaethe
fbretel
Jacob Vosmaer
cafuego
Vyacheslav Stetskevych
Stan Hu
Robert Speicher
Drew Blessing
Marin Jankovski
Kamil Trzcinski
Douwe Maan
Dmitriy Zaporozhets
Antonio Huete Jimenez