· 7 years ago · Dec 21, 2018, 06:24 PM
1## GitLab configuration settings
2##! This file is generated during initial installation and **is not** modified
3##! during upgrades.
4##! Check out the latest version of this file to know about the different
5##! settings that can be configured by this file, which may be found at:
6##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template
7
8
9## GitLab URL
10##! URL on which GitLab will be reachable.
11##! For more details on configuring external_url see:
12##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
13external_url 'http://git.prexordev.de:8081'
14
15## Roles for multi-instance GitLab
16##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.
17##! Options:
18##! redis_sentinel_role redis_master_role redis_slave_role geo_primary_role geo_secondary_role
19##! For more details on each role, see:
20##! https://docs.gitlab.com/omnibus/roles/README.html#roles
21##!
22# roles ['redis_sentinel_role', 'redis_master_role']
23
24## Legend
25##! The following notations at the beginning of each line may be used to
26##! differentiate between components of this file and to easily select them using
27##! a regex.
28##! ## Titles, subtitles etc
29##! ##! More information - Description, Docs, Links, Issues etc.
30##! Configuration settings have a single # followed by a single space at the
31##! beginning; Remove them to enable the setting.
32
33##! **Configuration settings below are optional.**
34##! **The values currently assigned are only examples and ARE NOT the default
35##! values.**
36
37
38gitlab_rails['internal_api_url'] = 'http://git.prexordev.de'
39
40
41################################################################################
42################################################################################
43## Configuration Settings for GitLab CE and EE ##
44################################################################################
45################################################################################
46
47################################################################################
48## gitlab.yml configuration
49##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
50################################################################################
51# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
52# gitlab_rails['time_zone'] = 'UTC'
53
54### Email Settings
55# gitlab_rails['gitlab_email_enabled'] = true
56# gitlab_rails['gitlab_email_from'] = 'example@example.com'
57# gitlab_rails['gitlab_email_display_name'] = 'Example'
58# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
59# gitlab_rails['gitlab_email_subject_suffix'] = ''
60
61### GitLab user privileges
62# gitlab_rails['gitlab_default_can_create_group'] = true
63# gitlab_rails['gitlab_username_changing_enabled'] = true
64
65### Default Theme
66# gitlab_rails['gitlab_default_theme'] = 2
67
68### Default project feature settings
69# gitlab_rails['gitlab_default_projects_features_issues'] = true
70# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
71# gitlab_rails['gitlab_default_projects_features_wiki'] = true
72# gitlab_rails['gitlab_default_projects_features_snippets'] = true
73# gitlab_rails['gitlab_default_projects_features_builds'] = true
74# gitlab_rails['gitlab_default_projects_features_container_registry'] = true
75
76### Automatic issue closing
77###! See https://docs.gitlab.com/ce/customization/issue_closing.html for more
78###! information about this pattern.
79# gitlab_rails['gitlab_issue_closing_pattern'] = "\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"
80
81### Download location
82###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file
83###! is created in the following directory.
84###! Should not be the same path, or a sub directory of any of the `git_data_dirs`
85# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'
86
87### Gravatar Settings
88# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
89# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
90
91### Auxiliary jobs
92###! Periodically executed jobs, to self-heal Gitlab, do external
93###! synchronizations, etc.
94###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
95###! https://docs.gitlab.com/ce/ci/yaml/README.html#artifacts:expire_in
96# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"
97# gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *"
98# gitlab_rails['pipeline_schedule_worker_cron'] = "41 * * * *"
99# gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"
100# gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
101# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
102# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"
103# gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *"
104
105### Webhook Settings
106###! Number of seconds to wait for HTTP response after sending webhook HTTP POST
107###! request (default: 10)
108# gitlab_rails['webhook_timeout'] = 10
109
110### Trusted proxies
111###! Customize if you have GitLab behind a reverse proxy which is running on a
112###! different machine.
113###! **Add the IP address for your reverse proxy to the list, otherwise users
114###! will appear signed in from that address.**
115# gitlab_rails['trusted_proxies'] = []
116
117### Monitoring settings
118###! IP whitelist controlling access to monitoring endpoints
119# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']
120###! Time between sampling of unicorn socket metrics, in seconds
121# gitlab_rails['monitoring_unicorn_sampler_interval'] = 10
122
123### Reply by email
124###! Allow users to comment on issues and merge requests by replying to
125###! notification emails.
126###! Docs: https://docs.gitlab.com/ce/administration/reply_by_email.html
127# gitlab_rails['incoming_email_enabled'] = true
128
129#### Incoming Email Address
130####! The email address including the `%{key}` placeholder that will be replaced
131####! to reference the item being replied to.
132####! **The placeholder can be omitted but if present, it must appear in the
133####! "user" part of the address (before the `@`).**
134# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"
135
136#### Email account username
137####! **With third party providers, this is usually the full email address.**
138####! **With self-hosted email servers, this is usually the user part of the
139####! email address.**
140# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"
141
142#### Email account password
143# gitlab_rails['incoming_email_password'] = "[REDACTED]"
144
145#### IMAP Settings
146# gitlab_rails['incoming_email_host'] = "imap.gmail.com"
147# gitlab_rails['incoming_email_port'] = 993
148# gitlab_rails['incoming_email_ssl'] = true
149# gitlab_rails['incoming_email_start_tls'] = false
150
151#### Incoming Mailbox Settings
152####! The mailbox where incoming mail will end up. Usually "inbox".
153# gitlab_rails['incoming_email_mailbox_name'] = "inbox"
154####! The IDLE command timeout.
155# gitlab_rails['incoming_email_idle_timeout'] = 60
156
157### Job Artifacts
158# gitlab_rails['artifacts_enabled'] = true
159# gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts"
160####! Job artifacts Object Store
161####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage
162# gitlab_rails['artifacts_object_store_enabled'] = false
163# gitlab_rails['artifacts_object_store_direct_upload'] = false
164# gitlab_rails['artifacts_object_store_background_upload'] = true
165# gitlab_rails['artifacts_object_store_proxy_download'] = false
166# gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
167# gitlab_rails['artifacts_object_store_connection'] = {
168# 'provider' => 'AWS',
169# 'region' => 'eu-west-1',
170# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
171# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
172# # # The below options configure an S3 compatible host instead of AWS
173# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
174# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
175# # 'host' => 's3.amazonaws.com',
176# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
177# }
178
179### Git LFS
180# gitlab_rails['lfs_enabled'] = true
181# gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"
182# gitlab_rails['lfs_object_store_enabled'] = false
183# gitlab_rails['lfs_object_store_direct_upload'] = false
184# gitlab_rails['lfs_object_store_background_upload'] = true
185# gitlab_rails['lfs_object_store_proxy_download'] = false
186# gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects"
187# gitlab_rails['lfs_object_store_connection'] = {
188# 'provider' => 'AWS',
189# 'region' => 'eu-west-1',
190# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
191# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
192# # # The below options configure an S3 compatible host instead of AWS
193# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
194# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
195# # 'host' => 's3.amazonaws.com',
196# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
197# }
198
199### GitLab uploads
200###! Docs: https://docs.gitlab.com/ee/administration/uploads.html
201# gitlab_rails['uploads_storage_path'] = "/var/opt/gitlab/gitlab-rails/public"
202# gitlab_rails['uploads_base_dir'] = "uploads/-/system"
203# gitlab_rails['uploads_object_store_enabled'] = false
204# gitlab_rails['uploads_object_store_direct_upload'] = false
205# gitlab_rails['uploads_object_store_background_upload'] = true
206# gitlab_rails['uploads_object_store_proxy_download'] = false
207# gitlab_rails['uploads_object_store_remote_directory'] = "uploads"
208# gitlab_rails['uploads_object_store_connection'] = {
209# 'provider' => 'AWS',
210# 'region' => 'eu-west-1',
211# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
212# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
213# # # The below options configure an S3 compatible host instead of AWS
214# # 'host' => 's3.amazonaws.com',
215# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
216# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
217# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
218# }
219
220### Usage Statistics
221# gitlab_rails['usage_ping_enabled'] = true
222
223### GitLab Mattermost
224###! These settings are void if Mattermost is installed on the same omnibus
225###! install
226# gitlab_rails['mattermost_host'] = "https://mattermost.example.com"
227
228### LDAP Settings
229###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html
230###! **Be careful not to break the indentation in the ldap_servers block. It is
231###! in yaml format and the spaces must be retained. Using tabs will not work.**
232
233# gitlab_rails['ldap_enabled'] = false
234
235###! **remember to close this block with 'EOS' below**
236# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
237# main: # 'main' is the GitLab 'provider ID' of this LDAP server
238# label: 'LDAP'
239# host: '_your_ldap_server'
240# port: 389
241# uid: 'sAMAccountName'
242# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
243# password: '_the_password_of_the_bind_user'
244# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
245# verify_certificates: true
246# active_directory: true
247# allow_username_or_email_login: false
248# lowercase_usernames: false
249# block_auto_created_users: false
250# base: ''
251# user_filter: ''
252# ## EE only
253# group_base: ''
254# admin_group: ''
255# sync_ssh_keys: false
256#
257# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
258# label: 'LDAP'
259# host: '_your_ldap_server'
260# port: 389
261# uid: 'sAMAccountName'
262# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
263# password: '_the_password_of_the_bind_user'
264# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
265# verify_certificates: true
266# active_directory: true
267# allow_username_or_email_login: false
268# lowercase_usernames: false
269# block_auto_created_users: false
270# base: ''
271# user_filter: ''
272# ## EE only
273# group_base: ''
274# admin_group: ''
275# sync_ssh_keys: false
276# EOS
277
278### OmniAuth Settings
279###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html
280# gitlab_rails['omniauth_enabled'] = nil
281# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
282# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
283# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
284# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
285# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
286# gitlab_rails['omniauth_block_auto_created_users'] = true
287# gitlab_rails['omniauth_auto_link_ldap_user'] = false
288# gitlab_rails['omniauth_auto_link_saml_user'] = false
289# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
290# gitlab_rails['omniauth_providers'] = [
291# {
292# "name" => "google_oauth2",
293# "app_id" => "YOUR APP ID",
294# "app_secret" => "YOUR APP SECRET",
295# "args" => { "access_type" => "offline", "approval_prompt" => "" }
296# }
297# ]
298
299### Backup Settings
300###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
301
302# gitlab_rails['manage_backup_path'] = true
303# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
304
305###! Docs: https://docs.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions
306# gitlab_rails['backup_archive_permissions'] = 0644
307
308# gitlab_rails['backup_pg_schema'] = 'public'
309
310###! The duration in seconds to keep backups before they are allowed to be deleted
311# gitlab_rails['backup_keep_time'] = 604800
312
313# gitlab_rails['backup_upload_connection'] = {
314# 'provider' => 'AWS',
315# 'region' => 'eu-west-1',
316# 'aws_access_key_id' => 'AKIAKIAKI',
317# 'aws_secret_access_key' => 'secret123'
318# }
319# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
320# gitlab_rails['backup_multipart_chunk_size'] = 104857600
321
322###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
323###! backups**
324# gitlab_rails['backup_encryption'] = 'AES256'
325
326###! **Specifies Amazon S3 storage class to use for backups. Valid values
327###! include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**
328# gitlab_rails['backup_storage_class'] = 'STANDARD'
329
330
331### Pseudonymizer Settings
332# gitlab_rails['pseudonymizer_manifest'] = 'config/pseudonymizer.yml'
333# gitlab_rails['pseudonymizer_upload_remote_directory'] = 'gitlab-elt'
334# gitlab_rails['pseudonymizer_upload_connection'] = {
335# 'provider' => 'AWS',
336# 'region' => 'eu-west-1',
337# 'aws_access_key_id' => 'AKIAKIAKI',
338# 'aws_secret_access_key' => 'secret123'
339# }
340
341
342### For setting up different data storing directory
343###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory
344###! **If you want to use a single non-default directory to store git data use a
345###! path that doesn't contain symlinks.**
346# git_data_dirs({
347# "default" => {
348# "path" => "/mnt/nfs-01/git-data"
349# }
350# })
351
352### Gitaly settings
353# gitlab_rails['gitaly_token'] = 'secret token'
354
355### For storing GitLab application uploads, eg. LFS objects, build artifacts
356###! Docs: https://docs.gitlab.com/ce/development/shared_files.html
357# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'
358
359### Wait for file system to be mounted
360###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-filesystem-is-mounted
361# high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]
362
363### GitLab Shell settings for GitLab
364# gitlab_rails['gitlab_shell_ssh_port'] = 22
365# gitlab_rails['gitlab_shell_git_timeout'] = 800
366
367### Extra customization
368# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
369# gitlab_rails['extra_piwik_url'] = '_your_piwik_url'
370# gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id'
371
372##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html
373# gitlab_rails['env'] = {
374# 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
375# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
376# }
377
378# gitlab_rails['rack_attack_git_basic_auth'] = {
379# 'enabled' => false,
380# 'ip_whitelist' => ["127.0.0.1"],
381# 'maxretry' => 10,
382# 'findtime' => 60,
383# 'bantime' => 3600
384# }
385
386# gitlab_rails['rack_attack_protected_paths'] = [
387# '/users/password',
388# '/users/sign_in',
389# '/api/#{API::API.version}/session.json',
390# '/api/#{API::API.version}/session',
391# '/users',
392# '/users/confirmation',
393# '/unsubscribes/',
394# '/import/github/personal_access_token'
395# ]
396
397###! **We do not recommend changing these directories.**
398# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
399# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
400
401### GitLab application settings
402# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
403# gitlab_rails['rate_limit_requests_per_period'] = 10
404# gitlab_rails['rate_limit_period'] = 60
405
406#### Change the initial default admin password and shared runner registration tokens.
407####! **Only applicable on initial setup, changing these settings after database
408####! is created and seeded won't yield any change.**
409# gitlab_rails['initial_root_password'] = "password"
410# gitlab_rails['initial_shared_runners_registration_token'] = "token"
411
412#### Enable or disable automatic database migrations
413# gitlab_rails['auto_migrate'] = true
414
415#### This is advanced feature used by large gitlab deployments where loading
416#### whole RAILS env takes a lot of time.
417# gitlab_rails['rake_cache_clear'] = true
418
419### GitLab database settings
420###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
421###! **Only needed if you use an external database.**
422# gitlab_rails['db_adapter'] = "postgresql"
423# gitlab_rails['db_encoding'] = "unicode"
424# gitlab_rails['db_collation'] = nil
425# gitlab_rails['db_database'] = "gitlabhq_production"
426# gitlab_rails['db_pool'] = 10
427# gitlab_rails['db_username'] = "gitlab"
428# gitlab_rails['db_password'] = nil
429# gitlab_rails['db_host'] = nil
430# gitlab_rails['db_port'] = 5432
431# gitlab_rails['db_socket'] = nil
432# gitlab_rails['db_sslmode'] = nil
433# gitlab_rails['db_sslcompression'] = 0
434# gitlab_rails['db_sslrootcert'] = nil
435# gitlab_rails['db_prepared_statements'] = false
436# gitlab_rails['db_statements_limit'] = 1000
437
438
439### GitLab Redis settings
440###! Connect to your own Redis instance
441###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
442
443#### Redis TCP connection
444# gitlab_rails['redis_host'] = "127.0.0.1"
445# gitlab_rails['redis_port'] = 6379
446# gitlab_rails['redis_password'] = nil
447# gitlab_rails['redis_database'] = 0
448
449#### Redis local UNIX socket (will be disabled if TCP method is used)
450# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
451
452#### Sentinel support
453####! To have Sentinel working, you must enable Redis TCP connection support
454####! above and define a few Sentinel hosts below (to get a reliable setup
455####! at least 3 hosts).
456####! **You don't need to list every sentinel host, but the ones not listed will
457####! not be used in a fail-over situation to query for the new master.**
458# gitlab_rails['redis_sentinels'] = [
459# {'host' => '127.0.0.1', 'port' => 26379},
460# ]
461
462#### Separate instances support
463###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances
464# gitlab_rails['redis_cache_instance'] = nil
465# gitlab_rails['redis_cache_sentinels'] = nil
466# gitlab_rails['redis_queues_instance'] = nil
467# gitlab_rails['redis_queues_sentinels'] = nil
468# gitlab_rails['redis_shared_state_instance'] = nil
469# gitlab_rails['redis_shared_sentinels'] = nil
470
471### GitLab email server settings
472###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
473###! **Use smtp instead of sendmail/postfix.**
474
475# gitlab_rails['smtp_enable'] = true
476# gitlab_rails['smtp_address'] = "smtp.server"
477# gitlab_rails['smtp_port'] = 465
478# gitlab_rails['smtp_user_name'] = "smtp user"
479# gitlab_rails['smtp_password'] = "smtp password"
480# gitlab_rails['smtp_domain'] = "example.com"
481# gitlab_rails['smtp_authentication'] = "login"
482# gitlab_rails['smtp_enable_starttls_auto'] = true
483# gitlab_rails['smtp_tls'] = false
484
485###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
486###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
487# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
488
489# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
490# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
491
492################################################################################
493## Container Registry settings
494##! Docs: https://docs.gitlab.com/ce/administration/container_registry.html
495################################################################################
496
497# registry_external_url 'https://registry.gitlab.example.com'
498
499### Settings used by GitLab application
500# gitlab_rails['registry_enabled'] = true
501# gitlab_rails['registry_host'] = "registry.gitlab.example.com"
502# gitlab_rails['registry_port'] = "5005"
503# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
504
505###! **Do not change the following 3 settings unless you know what you are
506###! doing**
507# gitlab_rails['registry_api_url'] = "http://localhost:5000"
508# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
509# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
510
511### Settings used by Registry application
512# registry['enable'] = true
513# registry['username'] = "registry"
514# registry['group'] = "registry"
515# registry['uid'] = nil
516# registry['gid'] = nil
517# registry['dir'] = "/var/opt/gitlab/registry"
518# registry['registry_http_addr'] = "localhost:5000"
519# registry['debug_addr'] = "localhost:5001"
520# registry['log_directory'] = "/var/log/gitlab/registry"
521# registry['env_directory'] = "/opt/gitlab/etc/registry/env"
522# registry['env'] = {
523# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
524# }
525# registry['log_level'] = "info"
526# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
527# registry['health_storagedriver_enabled'] = true
528# registry['storage_delete_enabled'] = true
529
530### Registry backend storage
531###! Docs: https://docs.gitlab.com/ce/administration/container_registry.html#container-registry-storage-driver
532# registry['storage'] = {
533# 's3' => {
534# 'accesskey' => 'AKIAKIAKI',
535# 'secretkey' => 'secret123',
536# 'bucket' => 'gitlab-registry-bucket-AKIAKIAKI'
537# }
538# }
539
540### Registry notifications endpoints
541# registry['notifications'] = [
542# {
543# 'name' => 'test_endpoint',
544# 'url' => 'https://gitlab.example.com/notify2',
545# 'timeout' => '500ms',
546# 'threshold' => 5,
547# 'backoff' => '1s',
548# 'headers' => {
549# "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
550# }
551# }
552# ]
553### Default registry notifications
554# registry['default_notifications_timeout'] = "500ms"
555# registry['default_notifications_threshold'] = 5
556# registry['default_notifications_backoff'] = "1s"
557# registry['default_notifications_headers'] = {}
558
559
560
561################################################################################
562## GitLab Workhorse
563##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md
564################################################################################
565
566# gitlab_workhorse['enable'] = true
567# gitlab_workhorse['ha'] = false
568# gitlab_workhorse['listen_network'] = "unix"
569# gitlab_workhorse['listen_umask'] = 000
570# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/socket"
571# gitlab_workhorse['auth_backend'] = "http://localhost:8080"
572
573##! the empty string is the default in gitlab-workhorse option parser
574# gitlab_workhorse['auth_socket'] = "''"
575
576##! put an empty string on the command line
577# gitlab_workhorse['pprof_listen_addr'] = "''"
578
579# gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229"
580
581# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"
582# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
583# gitlab_workhorse['proxy_headers_timeout'] = "1m0s"
584
585##! limit number of concurrent API requests, defaults to 0 which is unlimited
586# gitlab_workhorse['api_limit'] = 0
587
588##! limit number of API requests allowed to be queued, defaults to 0 which
589##! disables queuing
590# gitlab_workhorse['api_queue_limit'] = 0
591
592##! duration after which we timeout requests if they sit too long in the queue
593# gitlab_workhorse['api_queue_duration'] = "30s"
594
595##! Long polling duration for job requesting for runners
596# gitlab_workhorse['api_ci_long_polling_duration'] = "60s"
597
598##! Log format: default is text, can also be json or none.
599# gitlab_workhorse['log_format'] = "json"
600
601# gitlab_workhorse['env'] = {
602# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
603# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
604# }
605
606################################################################################
607## GitLab User Settings
608##! Modify default git user.
609##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group
610################################################################################
611
612# user['username'] = "git"
613# user['group'] = "git"
614# user['uid'] = nil
615# user['gid'] = nil
616
617##! The shell for the git user
618# user['shell'] = "/bin/sh"
619
620##! The home directory for the git user
621# user['home'] = "/var/opt/gitlab"
622
623# user['git_user_name'] = "GitLab"
624# user['git_user_email'] = "gitlab@#{node['fqdn']}"
625
626################################################################################
627## GitLab Unicorn
628##! Tweak unicorn settings.
629##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html
630################################################################################
631
632unicorn['enable'] = false
633# unicorn['worker_timeout'] = 60
634###! Minimum worker_processes is 2 at this moment
635###! See https://gitlab.com/gitlab-org/gitlab-ce/issues/18771
636# unicorn['worker_processes'] = 2
637
638### Advanced settings
639# unicorn['listen'] = 'localhost'
640# unicorn['port'] = 8080
641# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
642# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid'
643# unicorn['tcp_nopush'] = true
644# unicorn['backlog_socket'] = 1024
645
646###! **Make sure somaxconn is equal or higher then backlog_socket**
647# unicorn['somaxconn'] = 1024
648
649###! **We do not recommend changing this setting**
650# unicorn['log_directory'] = "/var/log/gitlab/unicorn"
651
652### **Only change these settings if you understand well what they mean**
653###! Docs: https://about.gitlab.com/2015/06/05/how-gitlab-uses-unicorn-and-unicorn-worker-killer/
654###! https://github.com/kzk/unicorn-worker-killer
655# unicorn['worker_memory_limit_min'] = "400 * 1 << 20"
656# unicorn['worker_memory_limit_max'] = "650 * 1 << 20"
657
658################################################################################
659## GitLab Puma
660##! Tweak puma settings. You should only use Unicorn or Puma, not both.
661##! Docs: https://docs.gitlab.com/omnibus/settings/puma.html
662################################################################################
663
664# puma['enable'] = false
665# puma['ha'] = false
666# puma['worker_timeout'] = 60
667# puma['worker_processes'] = 2
668# puma['min_threads'] = 1
669# puma['max_threads'] = 16
670
671### Advanced settings
672# puma['listen'] = '127.0.0.1'
673# puma['port'] = 8080
674# puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
675# puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid'
676# puma['state_path'] = '/opt/gitlab/var/puma/puma.state'
677
678###! **We do not recommend changing this setting**
679# puma['log_directory'] = "/var/log/gitlab/puma"
680
681### **Only change these settings if you understand well what they mean**
682###! Docs: https://github.com/schneems/puma_worker_killer
683# puma['per_worker_max_memory_mb'] = 650
684
685################################################################################
686## GitLab Sidekiq
687################################################################################
688
689# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
690# sidekiq['log_format'] = "default"
691# sidekiq['shutdown_timeout'] = 4
692# sidekiq['concurrency'] = 25
693# sidekiq['metrics_enabled'] = true
694# sidekiq['listen_address'] = "localhost"
695# sidekiq['listen_port'] = 8082
696
697################################################################################
698## gitlab-shell
699################################################################################
700
701# gitlab_shell['audit_usernames'] = false
702# gitlab_shell['log_level'] = 'INFO'
703# gitlab_shell['log_format'] = 'json'
704# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false}
705# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"
706# gitlab_shell['custom_hooks_dir'] = "/opt/gitlab/embedded/service/gitlab-shell/hooks"
707
708# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
709
710### Git trace log file.
711###! If set, git commands receive GIT_TRACE* environment variables
712###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging
713###! An absolute path starting with / – the trace output will be appended to
714###! that file. It needs to exist so we can check permissions and avoid
715###! throwing warnings to the users.
716# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log"
717
718##! **We do not recommend changing this directory.**
719# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell"
720
721################################################################
722## GitLab PostgreSQL
723################################################################
724
725###! Changing any of these settings requires a restart of postgresql.
726###! By default, reconfigure reloads postgresql if it is running. If you
727###! change any of these settings, be sure to run `gitlab-ctl restart postgresql`
728###! after reconfigure in order for the changes to take effect.
729# postgresql['enable'] = true
730# postgresql['listen_address'] = nil
731# postgresql['port'] = 5432
732# postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data"
733
734##! **recommend value is 1/4 of total RAM, up to 14GB.**
735# postgresql['shared_buffers'] = "256MB"
736
737### Advanced settings
738# postgresql['ha'] = false
739# postgresql['dir'] = "/var/opt/gitlab/postgresql"
740# postgresql['log_directory'] = "/var/log/gitlab/postgresql"
741# postgresql['username'] = "gitlab-psql"
742# postgresql['group'] = "gitlab-psql"
743##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
744# postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
745# postgresql['uid'] = nil
746# postgresql['gid'] = nil
747# postgresql['shell'] = "/bin/sh"
748# postgresql['home'] = "/var/opt/gitlab/postgresql"
749# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
750# postgresql['sql_user'] = "gitlab"
751# postgresql['max_connections'] = 200
752# postgresql['md5_auth_cidr_addresses'] = []
753# postgresql['trust_auth_cidr_addresses'] = []
754# postgresql['wal_buffers'] = "-1"
755# postgresql['autovacuum_max_workers'] = "3"
756# postgresql['autovacuum_freeze_max_age'] = "200000000"
757# postgresql['log_statement'] = nil
758# postgresql['track_activity_query_size'] = "1024"
759# postgresql['shared_preload_libraries'] = nil
760# postgresql['dynamic_shared_memory_type'] = nil
761# postgresql['hot_standby'] = "off"
762
763### SSL settings
764# See https://www.postgresql.org/docs/9.6/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details
765# postgresql['ssl'] = 'on'
766# postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1'
767# postgresql['ssl_cert_file'] = 'server.crt'
768# postgresql['ssl_key_file'] = 'server.key'
769# postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
770# postgresql['ssl_crl_file'] = nil
771
772### Replication settings
773###! Note, some replication settings do not require a full restart. They are documented below.
774# postgresql['wal_level'] = "hot_standby"
775# postgresql['max_wal_senders'] = 5
776# postgresql['max_replication_slots'] = 0
777# postgresql['max_locks_per_transaction'] = 128
778
779# Backup/Archive settings
780# postgresql['archive_mode'] = "off"
781
782###! Changing any of these settings only requires a reload of postgresql. You do not need to
783###! restart postgresql if you change any of these and run reconfigure.
784# postgresql['work_mem'] = "16MB"
785# postgresql['maintenance_work_mem'] = "16MB"
786# postgresql['checkpoint_segments'] = 10
787# postgresql['checkpoint_timeout'] = "5min"
788# postgresql['checkpoint_completion_target'] = 0.9
789# postgresql['effective_io_concurrency'] = 1
790# postgresql['checkpoint_warning'] = "30s"
791# postgresql['effective_cache_size'] = "1MB"
792# postgresql['shmmax'] = 17179869184 # or 4294967295
793# postgresql['shmall'] = 4194304 # or 1048575
794# postgresql['autovacuum'] = "on"
795# postgresql['log_autovacuum_min_duration'] = "-1"
796# postgresql['autovacuum_naptime'] = "1min"
797# postgresql['autovacuum_vacuum_threshold'] = "50"
798# postgresql['autovacuum_analyze_threshold'] = "50"
799# postgresql['autovacuum_vacuum_scale_factor'] = "0.02"
800# postgresql['autovacuum_analyze_scale_factor'] = "0.01"
801# postgresql['autovacuum_vacuum_cost_delay'] = "20ms"
802# postgresql['autovacuum_vacuum_cost_limit'] = "-1"
803# postgresql['statement_timeout'] = "60000"
804# postgresql['idle_in_transaction_session_timeout'] = "60000"
805# postgresql['log_line_prefix'] = "%a"
806# postgresql['max_worker_processes'] = 8
807# postgresql['max_parallel_workers_per_gather'] = 0
808# postgresql['log_lock_waits'] = 1
809# postgresql['deadlock_timeout'] = '5s'
810# postgresql['track_io_timing'] = 0
811# postgresql['default_statistics_target'] = 1000
812
813### Available in PostgreSQL 9.6 and later
814# postgresql['min_wal_size'] = 80MB
815# postgresql['max_wal_size'] = 1GB
816
817# Backup/Archive settings
818# postgresql['archive_command'] = nil
819# postgresql['archive_timeout'] = "0"
820
821### Replication settings
822# postgresql['sql_replication_user'] = "gitlab_replicator"
823# postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with `gitlab-ctl pg-password-md5 <dbuser>`
824# postgresql['wal_keep_segments'] = 10
825# postgresql['max_standby_archive_delay'] = "30s"
826# postgresql['max_standby_streaming_delay'] = "30s"
827# postgresql['synchronous_commit'] = on
828# postgresql['synchronous_standby_names'] = ''
829# postgresql['hot_standby_feedback'] = 'off'
830# postgresql['random_page_cost'] = 2.0
831# postgresql['log_temp_files'] = -1
832# postgresql['log_checkpoints'] = 'off'
833# To add custom entries to pg_hba.conf use the following
834# postgresql['custom_pg_hba_entries'] = {
835# APPLICATION: [ # APPLICATION should identify what the settings are used for
836# {
837# type: example,
838# database: example,
839# user: example,
840# cidr: example,
841# method: example,
842# option: example
843# }
844# ]
845# }
846# See https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html for an explanation
847# of the values
848
849
850################################################################################
851## GitLab Redis
852##! **Can be disabled if you are using your own Redis instance.**
853##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
854################################################################################
855
856# redis['enable'] = true
857# redis['ha'] = false
858# redis['hz'] = 10
859# redis['dir'] = "/var/opt/gitlab/redis"
860# redis['log_directory'] = "/var/log/gitlab/redis"
861# redis['username'] = "gitlab-redis"
862# redis['group'] = "gitlab-redis"
863# redis['maxclients'] = "10000"
864# redis['maxmemory'] = "0"
865# redis['maxmemory_policy'] = "noeviction"
866# redis['maxmemory_samples'] = "5"
867# redis['tcp_backlog'] = 511
868# redis['tcp_timeout'] = "60"
869# redis['tcp_keepalive'] = "300"
870# redis['uid'] = nil
871# redis['gid'] = nil
872
873###! **To enable only Redis service in this machine, uncomment
874###! one of the lines below (choose master or slave instance types).**
875###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
876###! https://docs.gitlab.com/ce/administration/high_availability/redis.html
877# redis_master_role['enable'] = true
878# redis_slave_role['enable'] = true
879
880### Redis TCP support (will disable UNIX socket transport)
881# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one
882# redis['port'] = 6379
883# redis['password'] = 'redis-password-goes-here'
884
885### Redis Sentinel support
886###! **You need a master slave Redis replication to be able to do failover**
887###! **Please read the documentation before enabling it to understand the
888###! caveats:**
889###! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html
890
891### Replication support
892#### Slave Redis instance
893# redis['master'] = false # by default this is true
894
895#### Slave and Sentinel shared configuration
896####! **Both need to point to the master Redis instance to get replication and
897####! heartbeat monitoring**
898# redis['master_name'] = 'gitlab-redis'
899# redis['master_ip'] = nil
900# redis['master_port'] = 6379
901
902#### Support to run redis slaves in a Docker or NAT environment
903####! Docs: https://redis.io/topics/replication#configuring-replication-in-docker-and-nat
904# redis['announce_ip'] = nil
905# redis['announce_port'] = nil
906
907####! **Master password should have the same value defined in
908####! redis['password'] to enable the instance to transition to/from
909####! master/slave in a failover event.**
910# redis['master_password'] = 'redis-password-goes-here'
911
912####! Increase these values when your slaves can't catch up with master
913# redis['client_output_buffer_limit_normal'] = '0 0 0'
914# redis['client_output_buffer_limit_slave'] = '256mb 64mb 60'
915# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'
916
917#####! Redis snapshotting frequency
918#####! Set to [] to disable
919#####! Set to [''] to clear previously set values
920# redis['save'] = [ '900 1', '300 10', '60 10000' ]
921
922################################################################################
923## GitLab Web server
924##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
925################################################################################
926
927##! When bundled nginx is disabled we need to add the external webserver user to
928##! the GitLab webserver group.
929web_server['external_users'] = ['www-data']
930# web_server['username'] = 'gitlab-www'
931# web_server['group'] = 'gitlab-www'
932# web_server['uid'] = nil
933# web_server['gid'] = nil
934# web_server['shell'] = '/bin/false'
935# web_server['home'] = '/var/opt/gitlab/nginx'
936
937################################################################################
938## GitLab NGINX
939##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
940################################################################################
941
942nginx['enable'] = false
943# nginx['client_max_body_size'] = '250m'
944# nginx['redirect_http_to_https'] = false
945# nginx['redirect_http_to_https_port'] = 80
946
947
948
949##! Most root CA's are included by default
950# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
951
952##! enable/disable 2-way SSL client authentication
953# nginx['ssl_verify_client'] = "off"
954
955##! if ssl_verify_client on, verification depth in the client certificates chain
956# nginx['ssl_verify_depth'] = "1"
957
958# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
959# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
960# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
961# nginx['ssl_prefer_server_ciphers'] = "on"
962
963##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
964##! https://cipherli.st/**
965# nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2"
966
967##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
968# nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
969
970##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
971# nginx['ssl_session_timeout'] = "5m"
972
973# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
974# nginx['listen_addresses'] = ['*', '[::]']
975
976##! **Defaults to forcing web browsers to always communicate using only HTTPS**
977##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security
978# nginx['hsts_max_age'] = 31536000
979# nginx['hsts_include_subdomains'] = false
980
981##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html**
982# nginx['gzip_enabled'] = true
983
984##! **Override only if you use a reverse proxy**
985##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
986# nginx['listen_port'] = nil
987
988##! **Override only if your reverse proxy internally communicates over HTTP**
989##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
990# nginx['listen_https'] = nil
991
992# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
993# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
994# nginx['proxy_read_timeout'] = 3600
995# nginx['proxy_connect_timeout'] = 300
996# nginx['proxy_set_headers'] = {
997# "Host" => "$http_host_with_default",
998# "X-Real-IP" => "$remote_addr",
999# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
1000# "X-Forwarded-Proto" => "https",
1001# "X-Forwarded-Ssl" => "on",
1002# "Upgrade" => "$http_upgrade",
1003# "Connection" => "$connection_upgrade"
1004# }
1005# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
1006# nginx['proxy_cache'] = 'gitlab'
1007# nginx['http2_enabled'] = true
1008# nginx['real_ip_trusted_addresses'] = []
1009# nginx['real_ip_header'] = nil
1010# nginx['real_ip_recursive'] = nil
1011# nginx['custom_error_pages'] = {
1012# '404' => {
1013# 'title' => 'Example title',
1014# 'header' => 'Example header',
1015# 'message' => 'Example message'
1016# }
1017# }
1018
1019### Advanced settings
1020# nginx['dir'] = "/var/opt/gitlab/nginx"
1021# nginx['log_directory'] = "/var/log/gitlab/nginx"
1022# nginx['worker_processes'] = 4
1023# nginx['worker_connections'] = 10240
1024# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
1025# nginx['sendfile'] = 'on'
1026# nginx['tcp_nopush'] = 'on'
1027# nginx['tcp_nodelay'] = 'on'
1028# nginx['gzip'] = "on"
1029# nginx['gzip_http_version'] = "1.0"
1030# nginx['gzip_comp_level'] = "2"
1031# nginx['gzip_proxied'] = "any"
1032# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
1033# nginx['keepalive_timeout'] = 65
1034# nginx['cache_max_size'] = '5000m'
1035# nginx['server_names_hash_bucket_size'] = 64
1036
1037### Nginx status
1038# nginx['status'] = {
1039# "enable" => true,
1040# "listen_addresses" => ["127.0.0.1"],
1041# "fqdn" => "dev.example.com",
1042# "port" => 9999,
1043# "vts_enable" => true,
1044# "options" => {
1045# "stub_status" => "on", # Turn on stats
1046# "server_tokens" => "off", # Don't show the version of NGINX
1047# "access_log" => "off", # Disable logs for stats
1048# "allow" => "127.0.0.1", # Only allow access from localhost
1049# "deny" => "all" # Deny access to anyone else
1050# }
1051# }
1052
1053################################################################################
1054## GitLab Logging
1055##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html
1056################################################################################
1057
1058# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
1059# logging['svlogd_num'] = 30 # keep 30 rotated log files
1060# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
1061# logging['svlogd_filter'] = "gzip" # compress logs with gzip
1062# logging['svlogd_udp'] = nil # transmit log messages via UDP
1063# logging['svlogd_prefix'] = nil # custom prefix for log messages
1064# logging['logrotate_frequency'] = "daily" # rotate logs daily
1065# logging['logrotate_size'] = nil # do not rotate by size by default
1066# logging['logrotate_rotate'] = 30 # keep 30 rotated logs
1067# logging['logrotate_compress'] = "compress" # see 'man logrotate'
1068# logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
1069# logging['logrotate_postrotate'] = nil # no postrotate command by default
1070# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz
1071
1072### UDP log forwarding
1073##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding
1074
1075##! remote host to ship log messages to via UDP
1076# logging['udp_log_shipping_host'] = nil
1077
1078##! override the hostname used when logs are shipped via UDP,
1079## by default the system hostname will be used.
1080# logging['udp_log_shipping_hostname'] = nil
1081
1082##! remote port to ship log messages to via UDP
1083# logging['udp_log_shipping_port'] = 514
1084
1085################################################################################
1086## Logrotate
1087##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate
1088##! You can disable built in logrotate feature.
1089################################################################################
1090# logrotate['enable'] = true
1091
1092################################################################################
1093## Users and groups accounts
1094##! Disable management of users and groups accounts.
1095##! **Set only if creating accounts manually**
1096##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management
1097################################################################################
1098
1099# manage_accounts['enable'] = false
1100
1101################################################################################
1102## Storage directories
1103##! Disable managing storage directories
1104##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management
1105################################################################################
1106
1107##! **Set only if the select directories are created manually**
1108# manage_storage_directories['enable'] = false
1109# manage_storage_directories['manage_etc'] = false
1110
1111################################################################################
1112## Runtime directory
1113##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory
1114################################################################################
1115
1116# runtime_dir '/run'
1117
1118################################################################################
1119## Git
1120##! Advanced setting for configuring git system settings for omnibus-gitlab
1121##! internal git
1122################################################################################
1123
1124##! For multiple options under one header use array of comma separated values,
1125##! eg.:
1126##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] }
1127
1128# omnibus_gitconfig['system'] = {
1129# "pack" => ["threads = 1"],
1130# "receive" => ["fsckObjects = true", "advertisePushOptions = true"],
1131# "repack" => ["writeBitmaps = true"],
1132# "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/"],
1133# }
1134
1135################################################################################
1136## GitLab Pages
1137##! Docs: https://docs.gitlab.com/ce/pages/administration.html
1138################################################################################
1139
1140##! Define to enable GitLab Pages
1141# pages_external_url "http://pages.example.com/"
1142# gitlab_pages['enable'] = false
1143
1144##! Configure to expose GitLab Pages on external IP address, serving the HTTP
1145# gitlab_pages['external_http'] = []
1146
1147##! Configure to expose GitLab Pages on external IP address, serving the HTTPS
1148# gitlab_pages['external_https'] = []
1149
1150##! Configure to enable health check endpoint on GitLab Pages
1151# gitlab_pages['status_uri'] = "/@status"
1152
1153##! Tune the maximum number of concurrent connections GitLab Pages will handle.
1154##! This should be in the range 1 - 10000, defaulting to 5000.
1155# gitlab_pages['max_connections'] = 5000
1156
1157##! Configure to use JSON structured logging in GitLab Pages
1158# gitlab_pages['log_format'] = "json"
1159
1160##! Configure verbose logging for GitLab Pages
1161# gitlab_pages['log_verbose'] = false
1162
1163##! Listen for requests forwarded by reverse proxy
1164# gitlab_pages['listen_proxy'] = "localhost:8090"
1165
1166# gitlab_pages['redirect_http'] = true
1167# gitlab_pages['use_http2'] = true
1168# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages"
1169# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages"
1170
1171# gitlab_pages['artifacts_server'] = true
1172# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
1173# gitlab_pages['artifacts_server_timeout'] = 10
1174
1175##! Environments that do not support bind-mounting should set this parameter to
1176##! true. This is incompatible with the artifacts server
1177# gitlab_pages['inplace_chroot'] = false
1178
1179##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics
1180# gitlab_pages['metrics_address'] = ":9235"
1181
1182##! Configure the pages admin API
1183# gitlab_pages['admin_secret_token'] = 'custom secret'
1184# gitlab_pages['admin_https_listener'] = '0.0.0.0:5678'
1185# gitlab_pages['admin_https_cert'] = '/etc/gitlab/pages-admin.crt'
1186# gitlab_pages['admin_https_key'] = '/etc/gitlab/pages-admin.key'
1187
1188##! Client side configuration for gitlab-pages admin API, in case pages runs on a different host
1189# gitlab_rails['pages_admin_address'] = 'pages.gitlab.example.com:5678'
1190# gitlab_rails['pages_admin_certificate'] = '/etc/gitlab/pages-admin.crt'
1191
1192##! Pages access control
1193# gitlab_pages['access_control'] = false
1194# gitlab_pages['gitlab_id'] = nil # Automatically generated if not present
1195# gitlab_pages['gitlab_secret'] = nil # Generated if not present
1196# gitlab_pages['auth_redirect_uri'] = nil # Defaults to projects subdomain of pages_external_url and + '/auth'
1197# gitlab_pages['auth_server'] = nil # Defaults to external_url
1198# gitlab_pages['auth_secret'] = nil # Generated if not present
1199
1200################################################################################
1201## GitLab Pages NGINX
1202################################################################################
1203
1204# All the settings defined in the "GitLab Nginx" section are also available in this "GitLab Pages NGINX" section
1205# You just have to change the key "nginx['some_settings']" with "pages_nginx['some_settings']"
1206
1207# Below you can find settings that are exclusive to "GitLab Pages NGINX"
1208# pages_nginx['enable'] = false
1209
1210# gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
1211
1212################################################################################
1213## GitLab CI
1214##! Docs: https://docs.gitlab.com/ce/ci/quick_start/README.html
1215################################################################################
1216
1217# gitlab_ci['gitlab_ci_all_broken_builds'] = true
1218# gitlab_ci['gitlab_ci_add_pusher'] = true
1219# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'
1220
1221################################################################################
1222## GitLab Mattermost
1223##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost
1224################################################################################
1225
1226# mattermost_external_url 'http://mattermost.example.com'
1227
1228# mattermost['enable'] = false
1229# mattermost['username'] = 'mattermost'
1230# mattermost['group'] = 'mattermost'
1231# mattermost['uid'] = nil
1232# mattermost['gid'] = nil
1233# mattermost['home'] = '/var/opt/gitlab/mattermost'
1234# mattermost['database_name'] = 'mattermost_production'
1235# mattermost['env'] = {
1236# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1237# }
1238# mattermost['service_address'] = "127.0.0.1"
1239# mattermost['service_port'] = "8065"
1240# mattermost['service_site_url'] = nil
1241# mattermost['service_allowed_untrusted_internal_connections'] = ""
1242# mattermost['service_enable_api_team_deletion'] = true
1243# mattermost['team_site_name'] = "GitLab Mattermost"
1244# mattermost['sql_driver_name'] = 'mysql'
1245# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
1246# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/'
1247# mattermost['gitlab_enable'] = false
1248# mattermost['gitlab_id'] = "12345656"
1249# mattermost['gitlab_secret'] = "123456789"
1250# mattermost['gitlab_scope'] = ""
1251# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
1252# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
1253# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"
1254# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data"
1255# mattermost['plugin_directory'] = "/var/opt/gitlab/mattermost/plugins"
1256# mattermost['plugin_client_directory'] = "/var/opt/gitlab/mattermost/client-plugins"
1257
1258################################################################################
1259## Mattermost NGINX
1260################################################################################
1261
1262# All the settings defined in the "GitLab NGINX" section are also available in this "Mattermost NGINX" section
1263# You just have to change the key "nginx['some_settings']" with "mattermost_nginx['some_settings']"
1264
1265# Below you can find settings that are exclusive to "Mattermost NGINX"
1266# mattermost_nginx['enable'] = false
1267
1268# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
1269# mattermost_nginx['proxy_set_headers'] = {
1270# "Host" => "$http_host",
1271# "X-Real-IP" => "$remote_addr",
1272# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
1273# "X-Frame-Options" => "SAMEORIGIN",
1274# "X-Forwarded-Proto" => "https",
1275# "X-Forwarded-Ssl" => "on",
1276# "Upgrade" => "$http_upgrade",
1277# "Connection" => "$connection_upgrade"
1278# }
1279
1280
1281################################################################################
1282## Registry NGINX
1283################################################################################
1284
1285# All the settings defined in the "GitLab NGINX" section are also available in this "Registry NGINX" section
1286# You just have to change the key "nginx['some_settings']" with "registry_nginx['some_settings']"
1287
1288# Below you can find settings that are exclusive to "Registry NGINX"
1289# registry_nginx['enable'] = false
1290
1291# registry_nginx['proxy_set_headers'] = {
1292# "Host" => "$http_host",
1293# "X-Real-IP" => "$remote_addr",
1294# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
1295# "X-Forwarded-Proto" => "https",
1296# "X-Forwarded-Ssl" => "on"
1297# }
1298
1299################################################################################
1300## Prometheus
1301##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/
1302################################################################################
1303
1304# prometheus['enable'] = true
1305# prometheus['monitor_kubernetes'] = true
1306# prometheus['username'] = 'gitlab-prometheus'
1307# prometheus['group'] = 'gitlab-prometheus'
1308# prometheus['uid'] = nil
1309# prometheus['gid'] = nil
1310# prometheus['shell'] = '/bin/sh'
1311# prometheus['home'] = '/var/opt/gitlab/prometheus'
1312# prometheus['log_directory'] = '/var/log/gitlab/prometheus'
1313# prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules']
1314# prometheus['scrape_interval'] = 15
1315# prometheus['scrape_timeout'] = 15
1316# prometheus['chunk_encoding_version'] = 2
1317# prometheus['env_directory'] = '/opt/gitlab/etc/prometheus'
1318# prometheus['env'] = {
1319# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1320# }
1321#
1322### Custom scrape configs
1323#
1324# Prometheus can scrape additional jobs via scrape_configs. The default automatically
1325# includes all of the exporters supported by the omnibus config.
1326#
1327# See: https://prometheus.io/docs/operating/configuration/#<scrape_config>
1328#
1329# Example:
1330#
1331# prometheus['scrape_configs'] = [
1332# {
1333# 'job_name': 'example',
1334# 'static_configs' => [
1335# 'targets' => ['hostname:port'],
1336# ],
1337# },
1338# ]
1339#
1340### Prometheus Memory Management
1341#
1342# Prometheus needs to be configured for how much memory is used.
1343# * This sets the target heap size.
1344# * This value accounts for approximately 2/3 of the memory used by the server.
1345# * The recommended memory is 4kb per unique metrics time-series.
1346# See: https://prometheus.io/docs/operating/storage/#memory-usage
1347#
1348# prometheus['target_heap_size'] = (
1349# # Use 25mb + 2% of total memory for Prometheus memory.
1350# 26_214_400 + (node['memory']['total'].to_i * 1024 * 0.02 )
1351# ).to_i
1352#
1353# prometheus['flags'] = {
1354# 'storage.local.path' => "#{node['gitlab']['prometheus']['home']}/data",
1355# 'storage.local.chunk-encoding-version' => user_config['chunk-encoding-version'],
1356# 'storage.local.target-heap-size' => node['gitlab']['prometheus']['target-heap-size'],
1357# 'config.file' => "#{node['gitlab']['prometheus']['home']}/prometheus.yml"
1358# }
1359
1360##! Advanced settings. Should be changed only if absolutely needed.
1361# prometheus['listen_address'] = 'localhost:9090'
1362
1363################################################################################
1364## Prometheus Alertmanager
1365##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/alertmanager.html
1366################################################################################
1367
1368# alertmanager['enable'] = true
1369# alertmanager['home'] = '/var/opt/gitlab/alertmanager'
1370# alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'
1371# alertmanager['admin_email'] = 'admin@example.com'
1372# alertmanager['flags'] = {
1373# 'web.listen-address' => "#{node['gitlab']['alertmanager']['listen_address']}"
1374# 'storage.path' => "#{node['gitlab']['alertmanager']['home']}/data"
1375# 'config.file' => "#{node['gitlab']['alertmanager']['home']}/alertmanager.yml"
1376# }
1377# alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager'
1378# alertmanager['env'] = {
1379# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1380# }
1381
1382##! Advanced settings. Should be changed only if absolutely needed.
1383# alertmanager['listen_address'] = 'localhost:9093'
1384
1385################################################################################
1386## Prometheus Node Exporter
1387##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/node_exporter.html
1388################################################################################
1389
1390# node_exporter['enable'] = true
1391# node_exporter['home'] = '/var/opt/gitlab/node-exporter'
1392# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
1393# node_exporter['flags'] = {
1394# 'collector.textfile.directory' => "#{node['gitlab']['node-exporter']['home']}/textfile_collector"
1395# }
1396# node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter'
1397# node_exporter['env'] = {
1398# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1399# }
1400
1401##! Advanced settings. Should be changed only if absolutely needed.
1402# node_exporter['listen_address'] = 'localhost:9100'
1403
1404################################################################################
1405## Prometheus Redis exporter
1406##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/redis_exporter.html
1407################################################################################
1408
1409# redis_exporter['enable'] = true
1410# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
1411# redis_exporter['flags'] = {
1412# 'redis.addr' => "unix://#{node['gitlab']['gitlab-rails']['redis_socket']}",
1413# }
1414# redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter'
1415# redis_exporter['env'] = {
1416# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1417# }
1418
1419##! Advanced settings. Should be changed only if absolutely needed.
1420# redis_exporter['listen_address'] = 'localhost:9121'
1421
1422################################################################################
1423## Prometheus Postgres exporter
1424##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/postgres_exporter.html
1425################################################################################
1426
1427# postgres_exporter['enable'] = true
1428# postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter'
1429# postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter'
1430# postgres_exporter['flags'] = {}
1431# postgres_exporter['listen_address'] = 'localhost:9187'
1432# postgres_exporter['env_directory'] = '/opt/gitlab/etc/postgres-exporter'
1433# postgres_exporter['env'] = {
1434# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1435# }
1436
1437################################################################################
1438## Prometheus PgBouncer exporter (EE only)
1439##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html
1440################################################################################
1441
1442# pgbouncer_exporter['enable'] = false
1443# pgbouncer_exporter['log_directory'] = "/var/log/gitlab/pgbouncer-exporter"
1444# pgbouncer_exporter['listen_address'] = 'localhost:9188'
1445# pgbouncer_exporter['env_directory'] = '/opt/gitlab/etc/pgbouncer-exporter'
1446# pgbouncer_exporter['env'] = {
1447# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1448# }
1449
1450################################################################################
1451## Prometheus Gitlab monitor
1452##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/gitlab_monitor_exporter.html
1453################################################################################
1454
1455
1456# gitlab_monitor['enable'] = true
1457# gitlab_monitor['log_directory'] = "/var/log/gitlab/gitlab-monitor"
1458# gitlab_monitor['home'] = "/var/opt/gitlab/gitlab-monitor"
1459
1460##! Advanced settings. Should be changed only if absolutely needed.
1461# gitlab_monitor['listen_address'] = 'localhost'
1462# gitlab_monitor['listen_port'] = '9168'
1463
1464# To completely disable prometheus, and all of it's exporters, set to false
1465# prometheus_monitoring['enable'] = true
1466
1467################################################################################
1468## Gitaly
1469##! Docs:
1470################################################################################
1471
1472# The gitaly['enable'] option exists for the purpose of cluster
1473# deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html .
1474# gitaly['enable'] = true
1475# gitaly['dir'] = "/var/opt/gitlab/gitaly"
1476# gitaly['log_directory'] = "/var/log/gitlab/gitaly"
1477# gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly"
1478# gitaly['env_directory'] = "/opt/gitlab/etc/gitaly"
1479# gitaly['env'] = {
1480# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
1481# 'HOME' => '/var/opt/gitlab'
1482# }
1483# gitaly['socket_path'] = "/var/opt/gitlab/gitaly/gitaly.socket"
1484# gitaly['listen_addr'] = "localhost:8075"
1485# gitaly['prometheus_listen_addr'] = "localhost:9236"
1486# gitaly['logging_level'] = "warn"
1487# gitaly['logging_format'] = "json"
1488# gitaly['logging_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
1489# gitaly['logging_ruby_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
1490# gitaly['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]"
1491# gitaly['auth_token'] = '<secret>'
1492# gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced
1493# gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart
1494# gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests
1495# gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby
1496# gitaly['ruby_num_workers'] = 3 # Number of gitaly-ruby worker processes. Minimum 2, default 2.
1497# gitaly['storage'] = [
1498# {
1499# 'name' => 'default',
1500# 'path' => '/mnt/nfs-01/git-data/repositories'
1501# },
1502# {
1503# 'name' => 'secondary',
1504# 'path' => '/mnt/nfs-02/git-data/repositories'
1505# }
1506# ]
1507# gitaly['concurrency'] = [
1508# {
1509# 'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
1510# 'max_per_repo' => 20
1511# }, {
1512# 'rpc' => "/gitaly.SSHService/SSHUploadPack",
1513# 'max_per_repo' => 5
1514# }
1515# ]
1516
1517################################################################################
1518# Storage check
1519################################################################################
1520# storage_check['enable'] = false
1521# storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
1522# storage_check['log_directory'] = '/var/log/gitlab/storage-check'
1523
1524################################################################################
1525# Let's Encrypt integration
1526################################################################################
1527# letsencrypt['enable'] = nil
1528# letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts
1529# letsencrypt['group'] = 'root'
1530# letsencrypt['key_size'] = 2048
1531# letsencrypt['owner'] = 'root'
1532# letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'
1533# See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings
1534# letsencrypt['auto_renew'] = true
1535# letsencrypt['auto_renew_hour'] = 0
1536# letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.
1537# letsencrypt['auto_renew_day_of_month'] = "*/4"
1538
1539################################################################################
1540################################################################################
1541## Configuration Settings for GitLab EE only ##
1542################################################################################
1543################################################################################
1544
1545
1546################################################################################
1547## Auxiliary cron jobs applicable to GitLab EE only
1548################################################################################
1549#
1550# gitlab_rails['geo_file_download_dispatch_worker_cron'] = "*/10 * * * *"
1551# gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *"
1552# gitlab_rails['geo_prune_event_log_worker_cron'] = "*/5 * * * *"
1553# gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = "*/5 * * * *"
1554# gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = "*/5 * * * *"
1555# gitlab_rails['geo_migrated_local_files_clean_up_worker_cron'] = "15 */6 * * *"
1556# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *"
1557# gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *"
1558# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *"
1559# gitlab_rails['pseudonymizer_worker_cron'] = "0 23 * * *"
1560
1561################################################################################
1562## Kerberos (EE Only)
1563##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access
1564################################################################################
1565
1566# gitlab_rails['kerberos_enabled'] = true
1567# gitlab_rails['kerberos_keytab'] = /etc/http.keytab
1568# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
1569# gitlab_rails['kerberos_use_dedicated_port'] = true
1570# gitlab_rails['kerberos_port'] = 8443
1571# gitlab_rails['kerberos_https'] = true
1572
1573################################################################################
1574## Package repository (EE Only)
1575##! Docs: https://docs.gitlab.com/ee/administration/maven_packages.md
1576################################################################################
1577
1578# gitlab_rails['packages_enabled'] = true
1579# gitlab_rails['packages_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/packages"
1580# gitlab_rails['packages_object_store_enabled'] = false
1581# gitlab_rails['packages_object_store_direct_upload'] = false
1582# gitlab_rails['packages_object_store_background_upload'] = true
1583# gitlab_rails['packages_object_store_proxy_download'] = false
1584# gitlab_rails['packages_object_store_remote_directory'] = "packages"
1585# gitlab_rails['packages_object_store_connection'] = {
1586# 'provider' => 'AWS',
1587# 'region' => 'eu-west-1',
1588# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
1589# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
1590# # # The below options configure an S3 compatible host instead of AWS
1591# # 'host' => 's3.amazonaws.com',
1592# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
1593# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
1594# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
1595# }
1596
1597################################################################################
1598## GitLab Sentinel (EE Only)
1599##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel
1600################################################################################
1601
1602##! **Make sure you configured all redis['master_*'] keys above before
1603##! continuing.**
1604
1605##! To enable Sentinel and disable all other services in this machine,
1606##! uncomment the line below (if you've enabled Redis role, it will keep it).
1607##! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html
1608# redis_sentinel_role['enable'] = true
1609
1610# sentinel['enable'] = true
1611
1612##! Bind to all interfaces, uncomment to specify an IP and bind to a single one
1613# sentinel['bind'] = '0.0.0.0'
1614
1615##! Uncomment to change default port
1616# sentinel['port'] = 26379
1617
1618#### Support to run sentinels in a Docker or NAT environment
1619#####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues
1620# In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel
1621# Only define these values if it is needed to announce for Sentinel a differen IP service than Redis
1622# sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present
1623# sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present
1624
1625##! Quorum must reflect the amount of voting sentinels it take to start a
1626##! failover.
1627##! **Value must NOT be greater then the amount of sentinels.**
1628##! The quorum can be used to tune Sentinel in two ways:
1629##! 1. If a the quorum is set to a value smaller than the majority of Sentinels
1630##! we deploy, we are basically making Sentinel more sensible to master
1631##! failures, triggering a failover as soon as even just a minority of
1632##! Sentinels is no longer able to talk with the master.
1633##! 2. If a quorum is set to a value greater than the majority of Sentinels, we
1634##! are making Sentinel able to failover only when there are a very large
1635##! number (larger than majority) of well connected Sentinels which agree
1636##! about the master being down.
1637# sentinel['quorum'] = 1
1638
1639### Consider unresponsive server down after x amount of ms.
1640# sentinel['down_after_milliseconds'] = 10000
1641
1642### Specifies the failover timeout in milliseconds.
1643##! It is used in many ways:
1644##!
1645##! - The time needed to re-start a failover after a previous failover was
1646##! already tried against the same master by a given Sentinel, is two
1647##! times the failover timeout.
1648##!
1649##! - The time needed for a slave replicating to a wrong master according
1650##! to a Sentinel current configuration, to be forced to replicate
1651##! with the right master, is exactly the failover timeout (counting since
1652##! the moment a Sentinel detected the misconfiguration).
1653##!
1654##! - The time needed to cancel a failover that is already in progress but
1655##! did not produced any configuration change (SLAVEOF NO ONE yet not
1656##! acknowledged by the promoted slave).
1657##!
1658##! - The maximum time a failover in progress waits for all the slaves to be
1659##! reconfigured as slaves of the new master. However even after this time
1660##! the slaves will be reconfigured by the Sentinels anyway, but not with
1661##! the exact parallel-syncs progression as specified.
1662# sentinel['failover_timeout'] = 60000
1663
1664################################################################################
1665## GitLab Sidekiq Cluster (EE only)
1666################################################################################
1667
1668##! GitLab Enterprise Edition allows one to start an extra set of Sidekiq processes
1669##! besides the default one. These processes can be used to consume a dedicated set
1670##! of queues. This can be used to ensure certain queues always have dedicated
1671##! workers, no matter the amount of jobs that need to be processed.
1672
1673# sidekiq_cluster['enable'] = false
1674# sidekiq_cluster['ha'] = false
1675# sidekiq_cluster['log_directory'] = "/var/log/gitlab/sidekiq-cluster"
1676# sidekiq_cluster['interval'] = 5 # The number of seconds to wait between worker checks
1677# sidekiq_cluster['max_concurrency'] = 50 # The maximum number of threads each Sidekiq process should run
1678
1679##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a
1680##! Sidekiq process. Multiple queues can be processed by the same process by
1681##! separating them with a comma within the group entry
1682
1683# sidekiq_cluster['queue_groups'] = [
1684# "process_commit,post_receive",
1685# "gitlab_shell"
1686# ]
1687#
1688
1689##! If negate is enabled then sidekiq-cluster will process all the queues that
1690##! don't match those in queue_groups.
1691
1692# sidekiq_cluster['negate'] = false
1693
1694################################################################################
1695## Additional Database Settings (EE only)
1696##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html
1697################################################################################
1698# gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] }
1699
1700################################################################################
1701## GitLab Geo
1702##! Docs: https://docs.gitlab.com/ee/gitlab-geo
1703################################################################################
1704# geo_primary_role['enable'] = false
1705# geo_secondary_role['enable'] = false
1706
1707################################################################################
1708## GitLab Geo Secondary (EE only)
1709################################################################################
1710# geo_secondary['auto_migrate'] = true
1711# geo_secondary['db_adapter'] = "postgresql"
1712# geo_secondary['db_encoding'] = "unicode"
1713# geo_secondary['db_collation'] = nil
1714# geo_secondary['db_database'] = "gitlabhq_geo_production"
1715# geo_secondary['db_pool'] = 10
1716# geo_secondary['db_username'] = "gitlab_geo"
1717# geo_secondary['db_password'] = nil
1718# geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql"
1719# geo_secondary['db_port'] = 5431
1720# geo_secondary['db_socket'] = nil
1721# geo_secondary['db_sslmode'] = nil
1722# geo_secondary['db_sslcompression'] = 0
1723# geo_secondary['db_sslrootcert'] = nil
1724# geo_secondary['db_sslca'] = nil
1725# geo_secondary['db_fdw'] = true
1726
1727################################################################################
1728## GitLab Geo Secondary Tracking Database (EE only)
1729################################################################################
1730
1731# geo_postgresql['enable'] = false
1732# geo_postgresql['ha'] = false
1733# geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql'
1734# geo_postgresql['data_dir'] = '/var/opt/gitlab/geo-postgresql/data'
1735# geo_postgresql['pgbouncer_user'] = nil
1736# geo_postgresql['pgbouncer_user_password'] = nil
1737
1738################################################################################
1739# Pgbouncer (EE only)
1740# See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only)
1741# See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details
1742################################################################################
1743# pgbouncer['enable'] = false
1744# pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer'
1745# pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer'
1746# pgbouncer['env_directory'] = '/opt/gitlab/etc/pgbouncer'
1747# pgbouncer['env'] = {
1748# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1749# }
1750# pgbouncer['listen_addr'] = '0.0.0.0'
1751# pgbouncer['listen_port'] = '6432'
1752# pgbouncer['pool_mode'] = 'transaction'
1753# pgbouncer['server_reset_query'] = 'DISCARD ALL'
1754# pgbouncer['application_name_add_host'] = '1'
1755# pgbouncer['max_client_conn'] = '2048'
1756# pgbouncer['default_pool_size'] = '100'
1757# pgbouncer['min_pool_size'] = '0'
1758# pgbouncer['reserve_pool_size'] = '5'
1759# pgbouncer['reserve_pool_timeout'] = '5.0'
1760# pgbouncer['server_round_robin'] = '0'
1761# pgbouncer['log_connections'] = '0'
1762# pgbouncer['server_idle_timeout'] = '30'
1763# pgbouncer['dns_max_ttl'] = '15.0'
1764# pgbouncer['dns_zone_check_period'] = '0'
1765# pgbouncer['dns_nxdomain_ttl'] = '15.0'
1766# pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer)
1767# pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer)
1768# pgbouncer['ignore_startup_parameters'] = 'extra_float_digits'
1769# pgbouncer['databases'] = {
1770# DATABASE_NAME: {
1771# host: HOSTNAME,
1772# port: PORT
1773# user: USERNAME,
1774# password: PASSWORD
1775###! generate this with `echo -n '$password + $username' | md5sum`
1776# }
1777# ...
1778# }
1779# pgbouncer['logfile'] = nil
1780# pgbouncer['unix_socket_dir'] = nil
1781# pgbouncer['unix_socket_mode'] = '0777'
1782# pgbouncer['unix_socket_group'] = nil
1783# pgbouncer['auth_type'] = 'md5'
1784# pgbouncer['auth_hba_file'] = nil
1785# pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)'
1786# pgbouncer['users'] = {
1787# {
1788# name: USERNAME,
1789# password: MD5_PASSWORD_HASH
1790# }
1791# }
1792# postgresql['pgbouncer_user'] = nil
1793# postgresql['pgbouncer_user_password'] = nil
1794# pgbouncer['server_reset_query_always'] = 0
1795# pgbouncer['server_check_query'] = 'select 1'
1796# pgbouncer['server_check_delay'] = 30
1797# pgbouncer['max_db_connections'] = nil
1798# pgbouncer['max_user_connections'] = nil
1799# pgbouncer['syslog'] = 0
1800# pgbouncer['syslog_facility'] = 'daemon'
1801# pgbouncer['syslog_ident'] = 'pgbouncer'
1802# pgbouncer['log_disconnections'] = 1
1803# pgbouncer['log_pooler_errors'] = 1
1804# pgbouncer['stats_period'] = 60
1805# pgbouncer['verbose'] = 0
1806# pgbouncer['server_lifetime'] = 3600
1807# pgbouncer['server_connect_timeout'] = 15
1808# pgbouncer['server_login_retry'] = 15
1809# pgbouncer['query_timeout'] = 0
1810# pgbouncer['query_wait_timeout'] = 120
1811# pgbouncer['client_idle_timeout'] = 0
1812# pgbouncer['client_login_timeout'] = 60
1813# pgbouncer['autodb_idle_timeout'] = 3600
1814# pgbouncer['suspend_timeout'] = 10
1815# pgbouncer['idle_transaction_timeout'] = 0
1816# pgbouncer['pkt_buf'] = 4096
1817# pgbouncer['listen_backlog'] = 128
1818# pgbouncer['sbuf_loopcnt'] = 5
1819# pgbouncer['max_packet_size'] = 2147483647
1820# pgbouncer['tcp_defer_accept'] = 0
1821# pgbouncer['tcp_socket_buffer'] = 0
1822# pgbouncer['tcp_keepalive'] = 1
1823# pgbouncer['tcp_keepcnt'] = 0
1824# pgbouncer['tcp_keepidle'] = 0
1825# pgbouncer['tcp_keepintvl'] = 0
1826# pgbouncer['disable_pqexec'] = 0
1827
1828## Pgbouncer client TLS options
1829# pgbouncer['client_tls_sslmode'] = 'disable'
1830# pgbouncer['client_tls_ca_file'] = nil
1831# pgbouncer['client_tls_key_file'] = nil
1832# pgbouncer['client_tls_cert_file'] = nil
1833# pgbouncer['client_tls_protocols'] = 'all'
1834# pgbouncer['client_tls_dheparams'] = 'auto'
1835# pgbouncer['client_tls_ecdhcurve'] = 'auto'
1836#
1837## Pgbouncer server TLS options
1838# pgbouncer['server_tls_sslmode'] = 'disable'
1839# pgbouncer['server_tls_ca_file'] = nil
1840# pgbouncer['server_tls_key_file'] = nil
1841# pgbouncer['server_tls_cert_file'] = nil
1842# pgbouncer['server_tls_protocols'] = 'all'
1843# pgbouncer['server_tls_ciphers'] = 'fast'
1844
1845################################################################################
1846# Repmgr (EE only)
1847################################################################################
1848# repmgr['enable'] = false
1849# repmgr['cluster'] = 'gitlab_cluster'
1850# repmgr['database'] = 'gitlab_repmgr'
1851# repmgr['host'] = nil
1852# repmgr['node_number'] = nil
1853# repmgr['port'] = 5432
1854# repmgr['trust_auth_cidr_addresses'] = []
1855# repmgr['user'] = 'gitlab_repmgr'
1856# repmgr['sslmode'] = 'prefer'
1857# repmgr['sslcompression'] = 0
1858# repmgr['failover'] = 'automatic'
1859# repmgr['log_directory'] = '/var/log/gitlab/repmgrd'
1860# repmgr['node_name'] = nil
1861# repmgr['pg_bindir'] = '/opt/gitlab/embedded/bin'
1862# repmgr['service_start_command'] = '/opt/gitlab/bin/gitlab-ctl start postgresql'
1863# repmgr['service_stop_command'] = '/opt/gitlab/bin/gitlab-ctl stop postgresql'
1864# repmgr['service_reload_command'] = '/opt/gitlab/bin/gitlab-ctl hup postgresql'
1865# repmgr['service_restart_command'] = '/opt/gitlab/bin/gitlab-ctl restart postgresql'
1866# repmgr['service_promote_command'] = nil
1867# repmgr['promote_command'] = '/opt/gitlab/embedded/bin/repmgr standby promote -f /var/opt/gitlab/postgresql/repmgr.conf'
1868# repmgr['follow_command'] = '/opt/gitlab/embedded/bin/repmgr standby follow -f /var/opt/gitlab/postgresql/repmgr.conf'
1869
1870# repmgr['upstream_node'] = nil
1871# repmgr['use_replication_slots'] = false
1872# repmgr['loglevel'] = 'INFO'
1873# repmgr['logfacility'] = 'STDERR'
1874# repmgr['logfile'] = nil
1875
1876# repmgr['event_notification_command'] = nil
1877# repmgr['event_notifications'] = nil
1878
1879# repmgr['rsync_options'] = nil
1880# repmgr['ssh_options'] = nil
1881# repmgr['priority'] = nil
1882#
1883# HA setting to specify if a node should attempt to be master on initialization
1884# repmgr['master_on_initialization'] = true
1885
1886# repmgr['retry_promote_interval_secs'] = 300
1887# repmgr['witness_repl_nodes_sync_interval_secs'] = 15
1888# repmgr['reconnect_attempts'] = 6
1889# repmgr['reconnect_interval'] = 10
1890# repmgr['monitor_interval_secs'] = 2
1891# repmgr['master_response_timeout'] = 60
1892# repmgr['daemon'] = true
1893# repmgrd['enable'] = true
1894
1895################################################################################
1896# Consul (EEP only)
1897################################################################################
1898# consul['enable'] = false
1899# consul['dir'] = '/var/opt/gitlab/consul'
1900# consul['user'] = 'gitlab-consul'
1901# consul['group'] = 'gitlab-consul'
1902# consul['config_file'] = '/var/opt/gitlab/consul/config.json'
1903# consul['config_dir'] = '/var/opt/gitlab/consul/config.d'
1904# consul['data_dir'] = '/var/opt/gitlab/consul/data'
1905# consul['log_directory'] = '/var/log/gitlab/consul'
1906# consul['env_directory'] = '/opt/gitlab/etc/consul'
1907# consul['env'] = {
1908# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1909# }
1910# consul['node_name'] = nil
1911# consul['script_directory'] = '/var/opt/gitlab/consul/scripts'
1912# consul['configuration'] = {
1913# 'client_addr' => nil,
1914# 'datacenter' => 'gitlab_consul',
1915# 'enable_script_checks' => true,
1916# 'server' => false
1917# }
1918# consul['services'] = []
1919# consul['service_config'] = {
1920# 'postgresql' => {
1921# 'service' => {
1922# 'name' => "postgresql",
1923# 'address' => '',
1924# 'port' => 5432,
1925# 'checks' => [
1926# {
1927# 'script' => "/var/opt/gitlab/consul/scripts/check_postgresql",
1928# 'interval' => "10s"
1929# }
1930# ]
1931# }
1932# }
1933# }
1934# consul['watchers'] = {
1935# 'postgresql' => {
1936# enable: false,
1937# handler: 'failover_pgbouncer'
1938# }
1939# }