· 6 years ago · Mar 11, 2019, 11:18 AM
1## GitLab configuration settings
2##! This file is generated during initial installation and **is not** modified
3##! during upgrades.
4##! Check out the latest version of this file to know about the different
5##! settings that can be configured by this file, which may be found at:
6##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template
7
8
9## GitLab URL
10##! URL on which GitLab will be reachable.
11##! For more details on configuring external_url see:
12##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
13external_url 'http://git.site.com.ua'
14
15## Roles for multi-instance GitLab
16##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.
17##! Options:
18##! redis_sentinel_role redis_master_role redis_slave_role geo_primary_role geo_secondary_role
19##! For more details on each role, see:
20##! https://docs.gitlab.com/omnibus/roles/README.html#roles
21##!
22# roles ['redis_sentinel_role', 'redis_master_role']
23
24## Legend
25##! The following notations at the beginning of each line may be used to
26##! differentiate between components of this file and to easily select them using
27##! a regex.
28##! ## Titles, subtitles etc
29##! ##! More information - Description, Docs, Links, Issues etc.
30##! Configuration settings have a single # followed by a single space at the
31##! beginning; Remove them to enable the setting.
32
33##! **Configuration settings below are optional.**
34##! **The values currently assigned are only examples and ARE NOT the default
35##! values.**
36
37
38################################################################################
39################################################################################
40## Configuration Settings for GitLab CE and EE ##
41################################################################################
42################################################################################
43
44################################################################################
45## gitlab.yml configuration
46##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
47################################################################################
48# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
49# gitlab_rails['time_zone'] = 'UTC'
50
51### Email Settings
52# gitlab_rails['gitlab_email_enabled'] = true
53# gitlab_rails['gitlab_email_from'] = 'example@example.com'
54# gitlab_rails['gitlab_email_display_name'] = 'Example'
55# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
56# gitlab_rails['gitlab_email_subject_suffix'] = ''
57
58### GitLab user privileges
59# gitlab_rails['gitlab_default_can_create_group'] = true
60# gitlab_rails['gitlab_username_changing_enabled'] = true
61
62### Default Theme
63# gitlab_rails['gitlab_default_theme'] = 2
64
65### Default project feature settings
66# gitlab_rails['gitlab_default_projects_features_issues'] = true
67# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
68# gitlab_rails['gitlab_default_projects_features_wiki'] = true
69# gitlab_rails['gitlab_default_projects_features_snippets'] = true
70# gitlab_rails['gitlab_default_projects_features_builds'] = true
71# gitlab_rails['gitlab_default_projects_features_container_registry'] = true
72
73### Automatic issue closing
74###! See https://docs.gitlab.com/ce/customization/issue_closing.html for more
75###! information about this pattern.
76# gitlab_rails['gitlab_issue_closing_pattern'] = "\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"
77
78### Download location
79###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file
80###! is created in the following directory.
81###! Should not be the same path, or a sub directory of any of the `git_data_dirs`
82# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'
83
84### Gravatar Settings
85# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
86# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
87
88### Auxiliary jobs
89###! Periodically executed jobs, to self-heal Gitlab, do external
90###! synchronizations, etc.
91###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
92###! https://docs.gitlab.com/ce/ci/yaml/README.html#artifacts:expire_in
93# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"
94# gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *"
95# gitlab_rails['pipeline_schedule_worker_cron'] = "41 * * * *"
96# gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"
97# gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
98# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
99# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"
100# gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *"
101
102### Webhook Settings
103###! Number of seconds to wait for HTTP response after sending webhook HTTP POST
104###! request (default: 10)
105# gitlab_rails['webhook_timeout'] = 10
106
107### Trusted proxies
108###! Customize if you have GitLab behind a reverse proxy which is running on a
109###! different machine.
110###! **Add the IP address for your reverse proxy to the list, otherwise users
111###! will appear signed in from that address.**
112# gitlab_rails['trusted_proxies'] = []
113
114### Monitoring settings
115###! IP whitelist controlling access to monitoring endpoints
116# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']
117###! Time between sampling of unicorn socket metrics, in seconds
118# gitlab_rails['monitoring_unicorn_sampler_interval'] = 10
119
120### Reply by email
121###! Allow users to comment on issues and merge requests by replying to
122###! notification emails.
123###! Docs: https://docs.gitlab.com/ce/administration/reply_by_email.html
124# gitlab_rails['incoming_email_enabled'] = true
125
126#### Incoming Email Address
127####! The email address including the `%{key}` placeholder that will be replaced
128####! to reference the item being replied to.
129####! **The placeholder can be omitted but if present, it must appear in the
130####! "user" part of the address (before the `@`).**
131# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"
132
133#### Email account username
134####! **With third party providers, this is usually the full email address.**
135####! **With self-hosted email servers, this is usually the user part of the
136####! email address.**
137# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"
138
139#### Email account password
140# gitlab_rails['incoming_email_password'] = "[REDACTED]"
141
142#### IMAP Settings
143# gitlab_rails['incoming_email_host'] = "imap.gmail.com"
144# gitlab_rails['incoming_email_port'] = 993
145# gitlab_rails['incoming_email_ssl'] = true
146# gitlab_rails['incoming_email_start_tls'] = false
147
148#### Incoming Mailbox Settings
149####! The mailbox where incoming mail will end up. Usually "inbox".
150# gitlab_rails['incoming_email_mailbox_name'] = "inbox"
151####! The IDLE command timeout.
152# gitlab_rails['incoming_email_idle_timeout'] = 60
153
154### Job Artifacts
155# gitlab_rails['artifacts_enabled'] = true
156# gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts"
157####! Job artifacts Object Store
158####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage
159# gitlab_rails['artifacts_object_store_enabled'] = false
160# gitlab_rails['artifacts_object_store_direct_upload'] = false
161# gitlab_rails['artifacts_object_store_background_upload'] = true
162# gitlab_rails['artifacts_object_store_proxy_download'] = false
163# gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
164# gitlab_rails['artifacts_object_store_connection'] = {
165# 'provider' => 'AWS',
166# 'region' => 'eu-west-1',
167# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
168# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
169# # # The below options configure an S3 compatible host instead of AWS
170# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
171# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
172# # 'host' => 's3.amazonaws.com',
173# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
174# }
175
176### External merge request diffs
177# gitlab_rails['external_diffs_enabled'] = false
178# gitlab_rails['external_diffs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/external-diffs"
179# gitlab_rails['external_diffs_object_store_enabled'] = false
180# gitlab_rails['external_diffs_object_store_direct_upload'] = false
181# gitlab_rails['external_diffs_object_store_background_upload'] = false
182# gitlab_rails['external_diffs_object_store_proxy_download'] = false
183# gitlab_rails['external_diffs_object_store_remote_directory'] = "external-diffs"
184# gitlab_rails['external_diffs_object_store_connection'] = {
185# 'provider' => 'AWS',
186# 'region' => 'eu-west-1',
187# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
188# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
189# # # The below options configure an S3 compatible host instead of AWS
190# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
191# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
192# # 'host' => 's3.amazonaws.com',
193# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
194# }
195
196### Git LFS
197# gitlab_rails['lfs_enabled'] = true
198# gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"
199# gitlab_rails['lfs_object_store_enabled'] = false
200# gitlab_rails['lfs_object_store_direct_upload'] = false
201# gitlab_rails['lfs_object_store_background_upload'] = true
202# gitlab_rails['lfs_object_store_proxy_download'] = false
203# gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects"
204# gitlab_rails['lfs_object_store_connection'] = {
205# 'provider' => 'AWS',
206# 'region' => 'eu-west-1',
207# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
208# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
209# # # The below options configure an S3 compatible host instead of AWS
210# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
211# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
212# # 'host' => 's3.amazonaws.com',
213# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
214# }
215
216### GitLab uploads
217###! Docs: https://docs.gitlab.com/ee/administration/uploads.html
218# gitlab_rails['uploads_storage_path'] = "/var/opt/gitlab/gitlab-rails/public"
219# gitlab_rails['uploads_base_dir'] = "uploads/-/system"
220# gitlab_rails['uploads_object_store_enabled'] = false
221# gitlab_rails['uploads_object_store_direct_upload'] = false
222# gitlab_rails['uploads_object_store_background_upload'] = true
223# gitlab_rails['uploads_object_store_proxy_download'] = false
224# gitlab_rails['uploads_object_store_remote_directory'] = "uploads"
225# gitlab_rails['uploads_object_store_connection'] = {
226# 'provider' => 'AWS',
227# 'region' => 'eu-west-1',
228# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
229# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
230# # # The below options configure an S3 compatible host instead of AWS
231# # 'host' => 's3.amazonaws.com',
232# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
233# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
234# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
235# }
236
237### Impersonation settings
238# gitlab_rails['impersonation_enabled'] = true
239
240### Usage Statistics
241# gitlab_rails['usage_ping_enabled'] = true
242
243### GitLab Mattermost
244###! These settings are void if Mattermost is installed on the same omnibus
245###! install
246# gitlab_rails['mattermost_host'] = "https://mattermost.example.com"
247
248### LDAP Settings
249###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html
250###! **Be careful not to break the indentation in the ldap_servers block. It is
251###! in yaml format and the spaces must be retained. Using tabs will not work.**
252
253# gitlab_rails['ldap_enabled'] = false
254
255###! **remember to close this block with 'EOS' below**
256# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
257# main: # 'main' is the GitLab 'provider ID' of this LDAP server
258# label: 'LDAP'
259# host: '_your_ldap_server'
260# port: 389
261# uid: 'sAMAccountName'
262# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
263# password: '_the_password_of_the_bind_user'
264# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
265# verify_certificates: true
266# smartcard_auth: false
267# active_directory: true
268# allow_username_or_email_login: false
269# lowercase_usernames: false
270# block_auto_created_users: false
271# base: ''
272# user_filter: ''
273# ## EE only
274# group_base: ''
275# admin_group: ''
276# sync_ssh_keys: false
277#
278# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
279# label: 'LDAP'
280# host: '_your_ldap_server'
281# port: 389
282# uid: 'sAMAccountName'
283# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
284# password: '_the_password_of_the_bind_user'
285# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
286# verify_certificates: true
287# smartcard_auth: false
288# active_directory: true
289# allow_username_or_email_login: false
290# lowercase_usernames: false
291# block_auto_created_users: false
292# base: ''
293# user_filter: ''
294# ## EE only
295# group_base: ''
296# admin_group: ''
297# sync_ssh_keys: false
298# EOS
299
300### Smartcard authentication settings
301###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html
302# gitlab_rails['smartcard_enabled'] = false
303# gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem"
304# gitlab_rails['smartcard_client_certificate_required_port'] = 3444
305
306### OmniAuth Settings
307###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html
308# gitlab_rails['omniauth_enabled'] = nil
309# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
310# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
311# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
312# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
313# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
314# gitlab_rails['omniauth_block_auto_created_users'] = true
315# gitlab_rails['omniauth_auto_link_ldap_user'] = false
316# gitlab_rails['omniauth_auto_link_saml_user'] = false
317# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
318# gitlab_rails['omniauth_providers'] = [
319# {
320# "name" => "google_oauth2",
321# "app_id" => "YOUR APP ID",
322# "app_secret" => "YOUR APP SECRET",
323# "args" => { "access_type" => "offline", "approval_prompt" => "" }
324# }
325# ]
326
327### Backup Settings
328###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
329
330# gitlab_rails['manage_backup_path'] = true
331# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
332
333###! Docs: https://docs.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions
334# gitlab_rails['backup_archive_permissions'] = 0644
335
336# gitlab_rails['backup_pg_schema'] = 'public'
337
338###! The duration in seconds to keep backups before they are allowed to be deleted
339# gitlab_rails['backup_keep_time'] = 604800
340
341# gitlab_rails['backup_upload_connection'] = {
342# 'provider' => 'AWS',
343# 'region' => 'eu-west-1',
344# 'aws_access_key_id' => 'AKIAKIAKI',
345# 'aws_secret_access_key' => 'secret123'
346# }
347# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
348# gitlab_rails['backup_multipart_chunk_size'] = 104857600
349
350###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
351###! backups**
352# gitlab_rails['backup_encryption'] = 'AES256'
353###! The encryption key to use with AWS Server-Side Encryption.
354###! Setting this value will enable Server-Side Encryption with customer provided keys;
355###! otherwise S3-managed keys are used.
356# gitlab_rails['backup_encryption_key'] = '<base64-encoded encryption key>'
357
358###! **Specifies Amazon S3 storage class to use for backups. Valid values
359###! include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**
360# gitlab_rails['backup_storage_class'] = 'STANDARD'
361
362
363### Pseudonymizer Settings
364# gitlab_rails['pseudonymizer_manifest'] = 'config/pseudonymizer.yml'
365# gitlab_rails['pseudonymizer_upload_remote_directory'] = 'gitlab-elt'
366# gitlab_rails['pseudonymizer_upload_connection'] = {
367# 'provider' => 'AWS',
368# 'region' => 'eu-west-1',
369# 'aws_access_key_id' => 'AKIAKIAKI',
370# 'aws_secret_access_key' => 'secret123'
371# }
372
373
374### For setting up different data storing directory
375###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory
376###! **If you want to use a single non-default directory to store git data use a
377###! path that doesn't contain symlinks.**
378# git_data_dirs({
379# "default" => {
380# "path" => "/mnt/nfs-01/git-data"
381# }
382# })
383
384### Gitaly settings
385# gitlab_rails['gitaly_token'] = 'secret token'
386
387### For storing GitLab application uploads, eg. LFS objects, build artifacts
388###! Docs: https://docs.gitlab.com/ce/development/shared_files.html
389# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'
390
391### Wait for file system to be mounted
392###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-filesystem-is-mounted
393# high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]
394
395### GitLab Shell settings for GitLab
396# gitlab_rails['gitlab_shell_ssh_port'] = 22
397# gitlab_rails['gitlab_shell_git_timeout'] = 800
398
399### Extra customization
400# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
401# gitlab_rails['extra_piwik_url'] = '_your_piwik_url'
402# gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id'
403
404##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html
405# gitlab_rails['env'] = {
406# 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
407# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
408# }
409
410# gitlab_rails['rack_attack_git_basic_auth'] = {
411# 'enabled' => false,
412# 'ip_whitelist' => ["127.0.0.1"],
413# 'maxretry' => 10,
414# 'findtime' => 60,
415# 'bantime' => 3600
416# }
417
418# gitlab_rails['rack_attack_protected_paths'] = [
419# '/users/password',
420# '/users/sign_in',
421# '/api/#{API::API.version}/session.json',
422# '/api/#{API::API.version}/session',
423# '/users',
424# '/users/confirmation',
425# '/unsubscribes/',
426# '/import/github/personal_access_token'
427# ]
428
429###! **We do not recommend changing these directories.**
430# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
431# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
432
433### GitLab application settings
434# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
435# gitlab_rails['rate_limit_requests_per_period'] = 10
436# gitlab_rails['rate_limit_period'] = 60
437
438#### Change the initial default admin password and shared runner registration tokens.
439####! **Only applicable on initial setup, changing these settings after database
440####! is created and seeded won't yield any change.**
441# gitlab_rails['initial_root_password'] = "password"
442# gitlab_rails['initial_shared_runners_registration_token'] = "token"
443
444#### Enable or disable automatic database migrations
445# gitlab_rails['auto_migrate'] = true
446
447#### This is advanced feature used by large gitlab deployments where loading
448#### whole RAILS env takes a lot of time.
449# gitlab_rails['rake_cache_clear'] = true
450
451### GitLab database settings
452###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
453###! **Only needed if you use an external database.**
454# gitlab_rails['db_adapter'] = "postgresql"
455# gitlab_rails['db_encoding'] = "unicode"
456# gitlab_rails['db_collation'] = nil
457# gitlab_rails['db_database'] = "gitlabhq_production"
458# gitlab_rails['db_pool'] = 10
459# gitlab_rails['db_username'] = "gitlab"
460# gitlab_rails['db_password'] = nil
461# gitlab_rails['db_host'] = nil
462# gitlab_rails['db_port'] = 5432
463# gitlab_rails['db_socket'] = nil
464# gitlab_rails['db_sslmode'] = nil
465# gitlab_rails['db_sslcompression'] = 0
466# gitlab_rails['db_sslrootcert'] = nil
467# gitlab_rails['db_prepared_statements'] = false
468# gitlab_rails['db_statements_limit'] = 1000
469
470
471### GitLab Redis settings
472###! Connect to your own Redis instance
473###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
474
475#### Redis TCP connection
476# gitlab_rails['redis_host'] = "127.0.0.1"
477# gitlab_rails['redis_port'] = 6379
478# gitlab_rails['redis_ssl'] = false
479# gitlab_rails['redis_password'] = nil
480# gitlab_rails['redis_database'] = 0
481
482#### Redis local UNIX socket (will be disabled if TCP method is used)
483# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
484
485#### Sentinel support
486####! To have Sentinel working, you must enable Redis TCP connection support
487####! above and define a few Sentinel hosts below (to get a reliable setup
488####! at least 3 hosts).
489####! **You don't need to list every sentinel host, but the ones not listed will
490####! not be used in a fail-over situation to query for the new master.**
491# gitlab_rails['redis_sentinels'] = [
492# {'host' => '127.0.0.1', 'port' => 26379},
493# ]
494
495#### Separate instances support
496###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances
497# gitlab_rails['redis_cache_instance'] = nil
498# gitlab_rails['redis_cache_sentinels'] = nil
499# gitlab_rails['redis_queues_instance'] = nil
500# gitlab_rails['redis_queues_sentinels'] = nil
501# gitlab_rails['redis_shared_state_instance'] = nil
502# gitlab_rails['redis_shared_sentinels'] = nil
503
504### GitLab email server settings
505###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
506###! **Use smtp instead of sendmail/postfix.**
507
508# gitlab_rails['smtp_enable'] = true
509# gitlab_rails['smtp_address'] = "smtp.server"
510# gitlab_rails['smtp_port'] = 465
511# gitlab_rails['smtp_user_name'] = "smtp user"
512# gitlab_rails['smtp_password'] = "smtp password"
513# gitlab_rails['smtp_domain'] = "example.com"
514# gitlab_rails['smtp_authentication'] = "login"
515# gitlab_rails['smtp_enable_starttls_auto'] = true
516# gitlab_rails['smtp_tls'] = false
517
518###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
519###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
520# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
521
522# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
523# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
524
525################################################################################
526## Container Registry settings
527##! Docs: https://docs.gitlab.com/ce/administration/container_registry.html
528################################################################################
529
530# registry_external_url 'https://registry.gitlab.example.com'
531
532### Settings used by GitLab application
533# gitlab_rails['registry_enabled'] = true
534# gitlab_rails['registry_host'] = "registry.gitlab.example.com"
535# gitlab_rails['registry_port'] = "5005"
536# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
537
538###! **Do not change the following 3 settings unless you know what you are
539###! doing**
540# gitlab_rails['registry_api_url'] = "http://localhost:5000"
541# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
542# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
543
544### Settings used by Registry application
545# registry['enable'] = true
546# registry['username'] = "registry"
547# registry['group'] = "registry"
548# registry['uid'] = nil
549# registry['gid'] = nil
550# registry['dir'] = "/var/opt/gitlab/registry"
551# registry['registry_http_addr'] = "localhost:5000"
552# registry['debug_addr'] = "localhost:5001"
553# registry['log_directory'] = "/var/log/gitlab/registry"
554# registry['env_directory'] = "/opt/gitlab/etc/registry/env"
555# registry['env'] = {
556# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
557# }
558# registry['log_level'] = "info"
559# registry['log_formatter'] = "text"
560# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
561# registry['health_storagedriver_enabled'] = true
562# registry['storage_delete_enabled'] = true
563# registry['validation_enabled'] = false
564# registry['autoredirect'] = false
565
566### Registry backend storage
567###! Docs: https://docs.gitlab.com/ce/administration/container_registry.html#container-registry-storage-driver
568# registry['storage'] = {
569# 's3' => {
570# 'accesskey' => 'AKIAKIAKI',
571# 'secretkey' => 'secret123',
572# 'bucket' => 'gitlab-registry-bucket-AKIAKIAKI'
573# }
574# }
575
576### Registry notifications endpoints
577# registry['notifications'] = [
578# {
579# 'name' => 'test_endpoint',
580# 'url' => 'https://gitlab.example.com/notify2',
581# 'timeout' => '500ms',
582# 'threshold' => 5,
583# 'backoff' => '1s',
584# 'headers' => {
585# "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
586# }
587# }
588# ]
589### Default registry notifications
590# registry['default_notifications_timeout'] = "500ms"
591# registry['default_notifications_threshold'] = 5
592# registry['default_notifications_backoff'] = "1s"
593# registry['default_notifications_headers'] = {}
594
595
596
597################################################################################
598## GitLab Workhorse
599##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md
600################################################################################
601
602# gitlab_workhorse['enable'] = true
603# gitlab_workhorse['ha'] = false
604# gitlab_workhorse['listen_network'] = "unix"
605# gitlab_workhorse['listen_umask'] = 000
606# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/socket"
607# gitlab_workhorse['auth_backend'] = "http://localhost:8080"
608
609##! the empty string is the default in gitlab-workhorse option parser
610# gitlab_workhorse['auth_socket'] = "''"
611
612##! put an empty string on the command line
613# gitlab_workhorse['pprof_listen_addr'] = "''"
614
615# gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229"
616
617# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"
618# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
619# gitlab_workhorse['proxy_headers_timeout'] = "1m0s"
620
621##! limit number of concurrent API requests, defaults to 0 which is unlimited
622# gitlab_workhorse['api_limit'] = 0
623
624##! limit number of API requests allowed to be queued, defaults to 0 which
625##! disables queuing
626# gitlab_workhorse['api_queue_limit'] = 0
627
628##! duration after which we timeout requests if they sit too long in the queue
629# gitlab_workhorse['api_queue_duration'] = "30s"
630
631##! Long polling duration for job requesting for runners
632# gitlab_workhorse['api_ci_long_polling_duration'] = "60s"
633
634##! Log format: default is text, can also be json or none.
635# gitlab_workhorse['log_format'] = "json"
636
637# gitlab_workhorse['env_directory'] = "/opt/gitlab/etc/gitlab-workhorse/env"
638# gitlab_workhorse['env'] = {
639# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
640# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
641# }
642
643################################################################################
644## GitLab User Settings
645##! Modify default git user.
646##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group
647################################################################################
648
649# user['username'] = "git"
650# user['group'] = "git"
651# user['uid'] = nil
652# user['gid'] = nil
653
654##! The shell for the git user
655# user['shell'] = "/bin/sh"
656
657##! The home directory for the git user
658# user['home'] = "/var/opt/gitlab"
659
660# user['git_user_name'] = "GitLab"
661# user['git_user_email'] = "gitlab@#{node['fqdn']}"
662
663################################################################################
664## GitLab Unicorn
665##! Tweak unicorn settings.
666##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html
667################################################################################
668
669 unicorn['enable'] = false
670# unicorn['worker_timeout'] = 60
671###! Minimum worker_processes is 2 at this moment
672###! See https://gitlab.com/gitlab-org/gitlab-ce/issues/18771
673# unicorn['worker_processes'] = 2
674
675### Advanced settings
676# unicorn['listen'] = 'localhost'
677# unicorn['port'] = 8080
678# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
679# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid'
680# unicorn['tcp_nopush'] = true
681# unicorn['backlog_socket'] = 1024
682
683###! **Make sure somaxconn is equal or higher then backlog_socket**
684# unicorn['somaxconn'] = 1024
685
686###! **We do not recommend changing this setting**
687# unicorn['log_directory'] = "/var/log/gitlab/unicorn"
688
689### **Only change these settings if you understand well what they mean**
690###! Docs: https://about.gitlab.com/2015/06/05/how-gitlab-uses-unicorn-and-unicorn-worker-killer/
691###! https://github.com/kzk/unicorn-worker-killer
692# unicorn['worker_memory_limit_min'] = "400 * 1 << 20"
693# unicorn['worker_memory_limit_max'] = "650 * 1 << 20"
694
695################################################################################
696## GitLab Puma
697##! Tweak puma settings. You should only use Unicorn or Puma, not both.
698##! Docs: https://docs.gitlab.com/omnibus/settings/puma.html
699################################################################################
700
701# puma['enable'] = false
702# puma['ha'] = false
703# puma['worker_timeout'] = 60
704# puma['worker_processes'] = 2
705# puma['min_threads'] = 1
706# puma['max_threads'] = 16
707
708### Advanced settings
709# puma['listen'] = '127.0.0.1'
710# puma['port'] = 8080
711# puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
712# puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid'
713# puma['state_path'] = '/opt/gitlab/var/puma/puma.state'
714
715###! **We do not recommend changing this setting**
716# puma['log_directory'] = "/var/log/gitlab/puma"
717
718### **Only change these settings if you understand well what they mean**
719###! Docs: https://github.com/schneems/puma_worker_killer
720# puma['per_worker_max_memory_mb'] = 650
721
722################################################################################
723## GitLab Sidekiq
724################################################################################
725
726# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
727# sidekiq['log_format'] = "default"
728# sidekiq['shutdown_timeout'] = 4
729# sidekiq['concurrency'] = 25
730# sidekiq['metrics_enabled'] = true
731# sidekiq['listen_address'] = "localhost"
732# sidekiq['listen_port'] = 8082
733
734################################################################################
735## gitlab-shell
736################################################################################
737
738# gitlab_shell['audit_usernames'] = false
739# gitlab_shell['log_level'] = 'INFO'
740# gitlab_shell['log_format'] = 'json'
741# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false}
742# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"
743# gitlab_shell['custom_hooks_dir'] = "/opt/gitlab/embedded/service/gitlab-shell/hooks"
744
745# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
746
747### Git trace log file.
748###! If set, git commands receive GIT_TRACE* environment variables
749###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging
750###! An absolute path starting with / – the trace output will be appended to
751###! that file. It needs to exist so we can check permissions and avoid
752###! throwing warnings to the users.
753# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log"
754
755##! **We do not recommend changing this directory.**
756# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell"
757
758################################################################
759## GitLab PostgreSQL
760################################################################
761
762###! Changing any of these settings requires a restart of postgresql.
763###! By default, reconfigure reloads postgresql if it is running. If you
764###! change any of these settings, be sure to run `gitlab-ctl restart postgresql`
765###! after reconfigure in order for the changes to take effect.
766# postgresql['enable'] = true
767# postgresql['listen_address'] = nil
768# postgresql['port'] = 5432
769# postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data"
770
771##! **recommend value is 1/4 of total RAM, up to 14GB.**
772# postgresql['shared_buffers'] = "256MB"
773
774### Advanced settings
775# postgresql['ha'] = false
776# postgresql['dir'] = "/var/opt/gitlab/postgresql"
777# postgresql['log_directory'] = "/var/log/gitlab/postgresql"
778# postgresql['username'] = "gitlab-psql"
779# postgresql['group'] = "gitlab-psql"
780##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
781# postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
782# postgresql['uid'] = nil
783# postgresql['gid'] = nil
784# postgresql['shell'] = "/bin/sh"
785# postgresql['home'] = "/var/opt/gitlab/postgresql"
786# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
787# postgresql['sql_user'] = "gitlab"
788# postgresql['max_connections'] = 200
789# postgresql['md5_auth_cidr_addresses'] = []
790# postgresql['trust_auth_cidr_addresses'] = []
791# postgresql['wal_buffers'] = "-1"
792# postgresql['autovacuum_max_workers'] = "3"
793# postgresql['autovacuum_freeze_max_age'] = "200000000"
794# postgresql['log_statement'] = nil
795# postgresql['track_activity_query_size'] = "1024"
796# postgresql['shared_preload_libraries'] = nil
797# postgresql['dynamic_shared_memory_type'] = nil
798# postgresql['hot_standby'] = "off"
799
800### SSL settings
801# See https://www.postgresql.org/docs/9.6/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details
802# postgresql['ssl'] = 'on'
803# postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1'
804# postgresql['ssl_cert_file'] = 'server.crt'
805# postgresql['ssl_key_file'] = 'server.key'
806# postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
807# postgresql['ssl_crl_file'] = nil
808
809### Replication settings
810###! Note, some replication settings do not require a full restart. They are documented below.
811# postgresql['wal_level'] = "hot_standby"
812# postgresql['max_wal_senders'] = 5
813# postgresql['max_replication_slots'] = 0
814# postgresql['max_locks_per_transaction'] = 128
815
816# Backup/Archive settings
817# postgresql['archive_mode'] = "off"
818
819###! Changing any of these settings only requires a reload of postgresql. You do not need to
820###! restart postgresql if you change any of these and run reconfigure.
821# postgresql['work_mem'] = "16MB"
822# postgresql['maintenance_work_mem'] = "16MB"
823# postgresql['checkpoint_segments'] = 10
824# postgresql['checkpoint_timeout'] = "5min"
825# postgresql['checkpoint_completion_target'] = 0.9
826# postgresql['effective_io_concurrency'] = 1
827# postgresql['checkpoint_warning'] = "30s"
828# postgresql['effective_cache_size'] = "1MB"
829# postgresql['shmmax'] = 17179869184 # or 4294967295
830# postgresql['shmall'] = 4194304 # or 1048575
831# postgresql['autovacuum'] = "on"
832# postgresql['log_autovacuum_min_duration'] = "-1"
833# postgresql['autovacuum_naptime'] = "1min"
834# postgresql['autovacuum_vacuum_threshold'] = "50"
835# postgresql['autovacuum_analyze_threshold'] = "50"
836# postgresql['autovacuum_vacuum_scale_factor'] = "0.02"
837# postgresql['autovacuum_analyze_scale_factor'] = "0.01"
838# postgresql['autovacuum_vacuum_cost_delay'] = "20ms"
839# postgresql['autovacuum_vacuum_cost_limit'] = "-1"
840# postgresql['statement_timeout'] = "60000"
841# postgresql['idle_in_transaction_session_timeout'] = "60000"
842# postgresql['log_line_prefix'] = "%a"
843# postgresql['max_worker_processes'] = 8
844# postgresql['max_parallel_workers_per_gather'] = 0
845# postgresql['log_lock_waits'] = 1
846# postgresql['deadlock_timeout'] = '5s'
847# postgresql['track_io_timing'] = 0
848# postgresql['default_statistics_target'] = 1000
849
850### Available in PostgreSQL 9.6 and later
851# postgresql['min_wal_size'] = 80MB
852# postgresql['max_wal_size'] = 1GB
853
854# Backup/Archive settings
855# postgresql['archive_command'] = nil
856# postgresql['archive_timeout'] = "0"
857
858### Replication settings
859# postgresql['sql_replication_user'] = "gitlab_replicator"
860# postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with `gitlab-ctl pg-password-md5 <dbuser>`
861# postgresql['wal_keep_segments'] = 10
862# postgresql['max_standby_archive_delay'] = "30s"
863# postgresql['max_standby_streaming_delay'] = "30s"
864# postgresql['synchronous_commit'] = on
865# postgresql['synchronous_standby_names'] = ''
866# postgresql['hot_standby_feedback'] = 'off'
867# postgresql['random_page_cost'] = 2.0
868# postgresql['log_temp_files'] = -1
869# postgresql['log_checkpoints'] = 'off'
870# To add custom entries to pg_hba.conf use the following
871# postgresql['custom_pg_hba_entries'] = {
872# APPLICATION: [ # APPLICATION should identify what the settings are used for
873# {
874# type: example,
875# database: example,
876# user: example,
877# cidr: example,
878# method: example,
879# option: example
880# }
881# ]
882# }
883# See https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html for an explanation
884# of the values
885
886
887################################################################################
888## GitLab Redis
889##! **Can be disabled if you are using your own Redis instance.**
890##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
891################################################################################
892
893# redis['enable'] = true
894# redis['ha'] = false
895# redis['hz'] = 10
896# redis['dir'] = "/var/opt/gitlab/redis"
897# redis['log_directory'] = "/var/log/gitlab/redis"
898# redis['username'] = "gitlab-redis"
899# redis['group'] = "gitlab-redis"
900# redis['maxclients'] = "10000"
901# redis['maxmemory'] = "0"
902# redis['maxmemory_policy'] = "noeviction"
903# redis['maxmemory_samples'] = "5"
904# redis['tcp_backlog'] = 511
905# redis['tcp_timeout'] = "60"
906# redis['tcp_keepalive'] = "300"
907# redis['uid'] = nil
908# redis['gid'] = nil
909
910###! **To enable only Redis service in this machine, uncomment
911###! one of the lines below (choose master or slave instance types).**
912###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
913###! https://docs.gitlab.com/ce/administration/high_availability/redis.html
914# redis_master_role['enable'] = true
915# redis_slave_role['enable'] = true
916
917### Redis TCP support (will disable UNIX socket transport)
918# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one
919# redis['port'] = 6379
920# redis['password'] = 'redis-password-goes-here'
921
922### Redis Sentinel support
923###! **You need a master slave Redis replication to be able to do failover**
924###! **Please read the documentation before enabling it to understand the
925###! caveats:**
926###! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html
927
928### Replication support
929#### Slave Redis instance
930# redis['master'] = false # by default this is true
931
932#### Slave and Sentinel shared configuration
933####! **Both need to point to the master Redis instance to get replication and
934####! heartbeat monitoring**
935# redis['master_name'] = 'gitlab-redis'
936# redis['master_ip'] = nil
937# redis['master_port'] = 6379
938
939#### Support to run redis slaves in a Docker or NAT environment
940####! Docs: https://redis.io/topics/replication#configuring-replication-in-docker-and-nat
941# redis['announce_ip'] = nil
942# redis['announce_port'] = nil
943
944####! **Master password should have the same value defined in
945####! redis['password'] to enable the instance to transition to/from
946####! master/slave in a failover event.**
947# redis['master_password'] = 'redis-password-goes-here'
948
949####! Increase these values when your slaves can't catch up with master
950# redis['client_output_buffer_limit_normal'] = '0 0 0'
951# redis['client_output_buffer_limit_slave'] = '256mb 64mb 60'
952# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'
953
954#####! Redis snapshotting frequency
955#####! Set to [] to disable
956#####! Set to [''] to clear previously set values
957# redis['save'] = [ '900 1', '300 10', '60 10000' ]
958
959################################################################################
960## GitLab Web server
961##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
962################################################################################
963
964##! When bundled nginx is disabled we need to add the external webserver user to
965##! the GitLab webserver group.
966 web_server['external_users'] = ['www-data']
967# web_server['username'] = 'gitlab-www'
968# web_server['group'] = 'gitlab-www'
969# web_server['uid'] = nil
970# web_server['gid'] = nil
971# web_server['shell'] = '/bin/false'
972# web_server['home'] = '/var/opt/gitlab/nginx'
973
974################################################################################
975## GitLab NGINX
976##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
977################################################################################
978
979 nginx['enable'] = false
980# nginx['client_max_body_size'] = '250m'
981# nginx['redirect_http_to_https'] = false
982# nginx['redirect_http_to_https_port'] = 80
983
984##! Most root CA's are included by default
985# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
986
987##! enable/disable 2-way SSL client authentication
988# nginx['ssl_verify_client'] = "off"
989
990##! if ssl_verify_client on, verification depth in the client certificates chain
991# nginx['ssl_verify_depth'] = "1"
992
993# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
994# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
995# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
996# nginx['ssl_prefer_server_ciphers'] = "on"
997
998##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
999##! https://cipherli.st/**
1000# nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2"
1001
1002##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
1003# nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
1004
1005##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
1006# nginx['ssl_session_timeout'] = "5m"
1007
1008# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
1009# nginx['listen_addresses'] = ['*', '[::]']
1010
1011##! **Defaults to forcing web browsers to always communicate using only HTTPS**
1012##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security
1013# nginx['hsts_max_age'] = 31536000
1014# nginx['hsts_include_subdomains'] = false
1015
1016##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html**
1017# nginx['gzip_enabled'] = true
1018
1019##! **Override only if you use a reverse proxy**
1020##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
1021# nginx['listen_port'] = nil
1022
1023##! **Override only if your reverse proxy internally communicates over HTTP**
1024##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
1025# nginx['listen_https'] = nil
1026
1027# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
1028# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
1029# nginx['proxy_read_timeout'] = 3600
1030# nginx['proxy_connect_timeout'] = 300
1031# nginx['proxy_set_headers'] = {
1032# "Host" => "$http_host_with_default",
1033# "X-Real-IP" => "$remote_addr",
1034# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
1035# "X-Forwarded-Proto" => "https",
1036# "X-Forwarded-Ssl" => "on",
1037# "Upgrade" => "$http_upgrade",
1038# "Connection" => "$connection_upgrade"
1039# }
1040# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
1041# nginx['proxy_cache'] = 'gitlab'
1042# nginx['http2_enabled'] = true
1043# nginx['real_ip_trusted_addresses'] = []
1044# nginx['real_ip_header'] = nil
1045# nginx['real_ip_recursive'] = nil
1046# nginx['custom_error_pages'] = {
1047# '404' => {
1048# 'title' => 'Example title',
1049# 'header' => 'Example header',
1050# 'message' => 'Example message'
1051# }
1052# }
1053
1054### Advanced settings
1055# nginx['dir'] = "/var/opt/gitlab/nginx"
1056# nginx['log_directory'] = "/var/log/gitlab/nginx"
1057# nginx['worker_processes'] = 4
1058# nginx['worker_connections'] = 10240
1059# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
1060# nginx['sendfile'] = 'on'
1061# nginx['tcp_nopush'] = 'on'
1062# nginx['tcp_nodelay'] = 'on'
1063# nginx['gzip'] = "on"
1064# nginx['gzip_http_version'] = "1.0"
1065# nginx['gzip_comp_level'] = "2"
1066# nginx['gzip_proxied'] = "any"
1067# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
1068# nginx['keepalive_timeout'] = 65
1069# nginx['cache_max_size'] = '5000m'
1070# nginx['server_names_hash_bucket_size'] = 64
1071##! These paths have proxy_request_buffering disabled
1072# nginx['request_buffering_off_path_regex'] = "\.git/git-receive-pack$|\.git/info/refs?service=git-receive-pack$|\.git/gitlab-lfs/objects|\.git/info/lfs/objects/batch$"
1073
1074### Nginx status
1075# nginx['status'] = {
1076# "enable" => true,
1077# "listen_addresses" => ["127.0.0.1"],
1078# "fqdn" => "dev.example.com",
1079# "port" => 9999,
1080# "vts_enable" => true,
1081# "options" => {
1082# "stub_status" => "on", # Turn on stats
1083# "server_tokens" => "off", # Don't show the version of NGINX
1084# "access_log" => "off", # Disable logs for stats
1085# "allow" => "127.0.0.1", # Only allow access from localhost
1086# "deny" => "all" # Deny access to anyone else
1087# }
1088# }
1089
1090################################################################################
1091## GitLab Logging
1092##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html
1093################################################################################
1094
1095# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
1096# logging['svlogd_num'] = 30 # keep 30 rotated log files
1097# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
1098# logging['svlogd_filter'] = "gzip" # compress logs with gzip
1099# logging['svlogd_udp'] = nil # transmit log messages via UDP
1100# logging['svlogd_prefix'] = nil # custom prefix for log messages
1101# logging['logrotate_frequency'] = "daily" # rotate logs daily
1102# logging['logrotate_size'] = nil # do not rotate by size by default
1103# logging['logrotate_rotate'] = 30 # keep 30 rotated logs
1104# logging['logrotate_compress'] = "compress" # see 'man logrotate'
1105# logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
1106# logging['logrotate_postrotate'] = nil # no postrotate command by default
1107# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz
1108
1109### UDP log forwarding
1110##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding
1111
1112##! remote host to ship log messages to via UDP
1113# logging['udp_log_shipping_host'] = nil
1114
1115##! override the hostname used when logs are shipped via UDP,
1116## by default the system hostname will be used.
1117# logging['udp_log_shipping_hostname'] = nil
1118
1119##! remote port to ship log messages to via UDP
1120# logging['udp_log_shipping_port'] = 514
1121
1122################################################################################
1123## Logrotate
1124##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate
1125##! You can disable built in logrotate feature.
1126################################################################################
1127# logrotate['enable'] = true
1128
1129################################################################################
1130## Users and groups accounts
1131##! Disable management of users and groups accounts.
1132##! **Set only if creating accounts manually**
1133##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management
1134################################################################################
1135
1136# manage_accounts['enable'] = false
1137
1138################################################################################
1139## Storage directories
1140##! Disable managing storage directories
1141##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management
1142################################################################################
1143
1144##! **Set only if the select directories are created manually**
1145# manage_storage_directories['enable'] = false
1146# manage_storage_directories['manage_etc'] = false
1147
1148################################################################################
1149## Runtime directory
1150##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory
1151################################################################################
1152
1153# runtime_dir '/run'
1154
1155################################################################################
1156## Git
1157##! Advanced setting for configuring git system settings for omnibus-gitlab
1158##! internal git
1159################################################################################
1160
1161##! For multiple options under one header use array of comma separated values,
1162##! eg.:
1163##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] }
1164
1165# omnibus_gitconfig['system'] = {
1166# "pack" => ["threads = 1"],
1167# "receive" => ["fsckObjects = true", "advertisePushOptions = true"],
1168# "repack" => ["writeBitmaps = true"],
1169# "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/", "hideRefs=^refs/remotes/"],
1170# }
1171
1172################################################################################
1173## GitLab Pages
1174##! Docs: https://docs.gitlab.com/ce/pages/administration.html
1175################################################################################
1176
1177##! Define to enable GitLab Pages
1178# pages_external_url "http://pages.example.com/"
1179# gitlab_pages['enable'] = false
1180
1181##! Configure to expose GitLab Pages on external IP address, serving the HTTP
1182# gitlab_pages['external_http'] = []
1183
1184##! Configure to expose GitLab Pages on external IP address, serving the HTTPS
1185# gitlab_pages['external_https'] = []
1186
1187##! Configure to enable health check endpoint on GitLab Pages
1188# gitlab_pages['status_uri'] = "/@status"
1189
1190##! Tune the maximum number of concurrent connections GitLab Pages will handle.
1191##! This should be in the range 1 - 10000, defaulting to 5000.
1192# gitlab_pages['max_connections'] = 5000
1193
1194##! Configure to use JSON structured logging in GitLab Pages
1195# gitlab_pages['log_format'] = "json"
1196
1197##! Configure verbose logging for GitLab Pages
1198# gitlab_pages['log_verbose'] = false
1199
1200##! Listen for requests forwarded by reverse proxy
1201# gitlab_pages['listen_proxy'] = "localhost:8090"
1202
1203# gitlab_pages['redirect_http'] = true
1204# gitlab_pages['use_http2'] = true
1205# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages"
1206# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages"
1207
1208# gitlab_pages['artifacts_server'] = true
1209# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
1210# gitlab_pages['artifacts_server_timeout'] = 10
1211
1212##! Environments that do not support bind-mounting should set this parameter to
1213##! true. This is incompatible with the artifacts server
1214# gitlab_pages['inplace_chroot'] = false
1215
1216##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics
1217# gitlab_pages['metrics_address'] = ":9235"
1218
1219##! Configure the pages admin API
1220# gitlab_pages['admin_secret_token'] = 'custom secret'
1221# gitlab_pages['admin_https_listener'] = '0.0.0.0:5678'
1222# gitlab_pages['admin_https_cert'] = '/etc/gitlab/pages-admin.crt'
1223# gitlab_pages['admin_https_key'] = '/etc/gitlab/pages-admin.key'
1224gitlab_rails['internal_api_url'] = 'http://site.com.ua'
1225##! Client side configuration for gitlab-pages admin API, in case pages runs on a different host
1226# gitlab_rails['pages_admin_address'] = 'pages.gitlab.example.com:5678'
1227# gitlab_rails['pages_admin_certificate'] = '/etc/gitlab/pages-admin.crt'
1228
1229##! Pages access control
1230# gitlab_pages['access_control'] = false
1231# gitlab_pages['gitlab_id'] = nil # Automatically generated if not present
1232# gitlab_pages['gitlab_secret'] = nil # Generated if not present
1233# gitlab_pages['auth_redirect_uri'] = nil # Defaults to projects subdomain of pages_external_url and + '/auth'
1234# gitlab_pages['auth_server'] = nil # Defaults to external_url
1235# gitlab_pages['auth_secret'] = nil # Generated if not present
1236
1237################################################################################
1238## GitLab Pages NGINX
1239################################################################################
1240
1241# All the settings defined in the "GitLab Nginx" section are also available in
1242# this "GitLab Pages NGINX" section, using the key `pages_nginx`. However,
1243# those settings should be explicitly set. That is, settings given as
1244# `nginx['some_setting']` WILL NOT be automatically replicated as
1245# `pages_nginx['some_setting']` and should be set separately.
1246
1247# Below you can find settings that are exclusive to "GitLab Pages NGINX"
1248# pages_nginx['enable'] = false
1249
1250# gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
1251
1252################################################################################
1253## GitLab CI
1254##! Docs: https://docs.gitlab.com/ce/ci/quick_start/README.html
1255################################################################################
1256
1257# gitlab_ci['gitlab_ci_all_broken_builds'] = true
1258# gitlab_ci['gitlab_ci_add_pusher'] = true
1259# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'
1260
1261################################################################################
1262## GitLab Mattermost
1263##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost
1264################################################################################
1265
1266# mattermost_external_url 'http://mattermost.example.com'
1267
1268# mattermost['enable'] = false
1269# mattermost['username'] = 'mattermost'
1270# mattermost['group'] = 'mattermost'
1271# mattermost['uid'] = nil
1272# mattermost['gid'] = nil
1273# mattermost['home'] = '/var/opt/gitlab/mattermost'
1274# mattermost['database_name'] = 'mattermost_production'
1275# mattermost['env'] = {
1276# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1277# }
1278# mattermost['service_address'] = "127.0.0.1"
1279# mattermost['service_port'] = "8065"
1280# mattermost['service_site_url'] = nil
1281# mattermost['service_allowed_untrusted_internal_connections'] = ""
1282# mattermost['service_enable_api_team_deletion'] = true
1283# mattermost['team_site_name'] = "GitLab Mattermost"
1284# mattermost['sql_driver_name'] = 'mysql'
1285# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
1286# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/'
1287# mattermost['gitlab_enable'] = false
1288# mattermost['gitlab_id'] = "12345656"
1289# mattermost['gitlab_secret'] = "123456789"
1290# mattermost['gitlab_scope'] = ""
1291# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
1292# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
1293# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"
1294# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data"
1295# mattermost['plugin_directory'] = "/var/opt/gitlab/mattermost/plugins"
1296# mattermost['plugin_client_directory'] = "/var/opt/gitlab/mattermost/client-plugins"
1297
1298################################################################################
1299## Mattermost NGINX
1300################################################################################
1301
1302# All the settings defined in the "GitLab Nginx" section are also available in
1303# this "Mattermost NGINX" section, using the key `mattermost_nginx`. However,
1304# those settings should be explicitly set. That is, settings given as
1305# `nginx['some_setting']` WILL NOT be automatically replicated as
1306# `mattermost_nginx['some_setting']` and should be set separately.
1307
1308# Below you can find settings that are exclusive to "Mattermost NGINX"
1309# mattermost_nginx['enable'] = false
1310
1311# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
1312# mattermost_nginx['proxy_set_headers'] = {
1313# "Host" => "$http_host",
1314# "X-Real-IP" => "$remote_addr",
1315# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
1316# "X-Frame-Options" => "SAMEORIGIN",
1317# "X-Forwarded-Proto" => "https",
1318# "X-Forwarded-Ssl" => "on",
1319# "Upgrade" => "$http_upgrade",
1320# "Connection" => "$connection_upgrade"
1321# }
1322
1323
1324################################################################################
1325## Registry NGINX
1326################################################################################
1327
1328# All the settings defined in the "GitLab Nginx" section are also available in
1329# this "Registry NGINX" section, using the key `registry_nginx`. However, those
1330# settings should be explicitly set. That is, settings given as
1331# `nginx['some_setting']` WILL NOT be automatically replicated as
1332# `registry_nginx['some_setting']` and should be set separately.
1333
1334# Below you can find settings that are exclusive to "Registry NGINX"
1335# registry_nginx['enable'] = false
1336
1337# registry_nginx['proxy_set_headers'] = {
1338# "Host" => "$http_host",
1339# "X-Real-IP" => "$remote_addr",
1340# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
1341# "X-Forwarded-Proto" => "https",
1342# "X-Forwarded-Ssl" => "on"
1343# }
1344
1345################################################################################
1346## Prometheus
1347##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/
1348################################################################################
1349
1350# prometheus['enable'] = true
1351# prometheus['monitor_kubernetes'] = true
1352# prometheus['username'] = 'gitlab-prometheus'
1353# prometheus['group'] = 'gitlab-prometheus'
1354# prometheus['uid'] = nil
1355# prometheus['gid'] = nil
1356# prometheus['shell'] = '/bin/sh'
1357# prometheus['home'] = '/var/opt/gitlab/prometheus'
1358# prometheus['log_directory'] = '/var/log/gitlab/prometheus'
1359# prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules']
1360# prometheus['scrape_interval'] = 15
1361# prometheus['scrape_timeout'] = 15
1362# prometheus['chunk_encoding_version'] = 2
1363# prometheus['env_directory'] = '/opt/gitlab/etc/prometheus/env'
1364# prometheus['env'] = {
1365# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1366# }
1367#
1368### Custom scrape configs
1369#
1370# Prometheus can scrape additional jobs via scrape_configs. The default automatically
1371# includes all of the exporters supported by the omnibus config.
1372#
1373# See: https://prometheus.io/docs/operating/configuration/#<scrape_config>
1374#
1375# Example:
1376#
1377# prometheus['scrape_configs'] = [
1378# {
1379# 'job_name': 'example',
1380# 'static_configs' => [
1381# 'targets' => ['hostname:port'],
1382# ],
1383# },
1384# ]
1385#
1386### Prometheus Memory Management
1387#
1388# Prometheus needs to be configured for how much memory is used.
1389# * This sets the target heap size.
1390# * This value accounts for approximately 2/3 of the memory used by the server.
1391# * The recommended memory is 4kb per unique metrics time-series.
1392# See: https://prometheus.io/docs/operating/storage/#memory-usage
1393#
1394# prometheus['target_heap_size'] = (
1395# # Use 25mb + 2% of total memory for Prometheus memory.
1396# 26_214_400 + (node['memory']['total'].to_i * 1024 * 0.02 )
1397# ).to_i
1398#
1399# prometheus['flags'] = {
1400# 'storage.local.path' => "#{node['gitlab']['prometheus']['home']}/data",
1401# 'storage.local.chunk-encoding-version' => user_config['chunk-encoding-version'],
1402# 'storage.local.target-heap-size' => node['gitlab']['prometheus']['target-heap-size'],
1403# 'config.file' => "#{node['gitlab']['prometheus']['home']}/prometheus.yml"
1404# }
1405
1406##! Advanced settings. Should be changed only if absolutely needed.
1407# prometheus['listen_address'] = 'localhost:9090'
1408
1409################################################################################
1410## Prometheus Alertmanager
1411##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/alertmanager.html
1412################################################################################
1413
1414# alertmanager['enable'] = true
1415# alertmanager['home'] = '/var/opt/gitlab/alertmanager'
1416# alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'
1417# alertmanager['admin_email'] = 'admin@example.com'
1418# alertmanager['flags'] = {
1419# 'web.listen-address' => "#{node['gitlab']['alertmanager']['listen_address']}"
1420# 'storage.path' => "#{node['gitlab']['alertmanager']['home']}/data"
1421# 'config.file' => "#{node['gitlab']['alertmanager']['home']}/alertmanager.yml"
1422# }
1423# alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env'
1424# alertmanager['env'] = {
1425# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1426# }
1427
1428##! Advanced settings. Should be changed only if absolutely needed.
1429# alertmanager['listen_address'] = 'localhost:9093'
1430
1431################################################################################
1432## Prometheus Node Exporter
1433##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/node_exporter.html
1434################################################################################
1435
1436# node_exporter['enable'] = true
1437# node_exporter['home'] = '/var/opt/gitlab/node-exporter'
1438# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
1439# node_exporter['flags'] = {
1440# 'collector.textfile.directory' => "#{node['gitlab']['node-exporter']['home']}/textfile_collector"
1441# }
1442# node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env'
1443# node_exporter['env'] = {
1444# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1445# }
1446
1447##! Advanced settings. Should be changed only if absolutely needed.
1448# node_exporter['listen_address'] = 'localhost:9100'
1449
1450################################################################################
1451## Prometheus Redis exporter
1452##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/redis_exporter.html
1453################################################################################
1454
1455# redis_exporter['enable'] = true
1456# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
1457# redis_exporter['flags'] = {
1458# 'redis.addr' => "unix://#{node['gitlab']['gitlab-rails']['redis_socket']}",
1459# }
1460# redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env'
1461# redis_exporter['env'] = {
1462# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1463# }
1464
1465##! Advanced settings. Should be changed only if absolutely needed.
1466# redis_exporter['listen_address'] = 'localhost:9121'
1467
1468################################################################################
1469## Prometheus Postgres exporter
1470##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/postgres_exporter.html
1471################################################################################
1472
1473# postgres_exporter['enable'] = true
1474# postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter'
1475# postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter'
1476# postgres_exporter['flags'] = {}
1477# postgres_exporter['listen_address'] = 'localhost:9187'
1478# postgres_exporter['env_directory'] = '/opt/gitlab/etc/postgres-exporter/env'
1479# postgres_exporter['env'] = {
1480# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1481# }
1482
1483################################################################################
1484## Prometheus PgBouncer exporter (EE only)
1485##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html
1486################################################################################
1487
1488# pgbouncer_exporter['enable'] = false
1489# pgbouncer_exporter['log_directory'] = "/var/log/gitlab/pgbouncer-exporter"
1490# pgbouncer_exporter['listen_address'] = 'localhost:9188'
1491# pgbouncer_exporter['env_directory'] = '/opt/gitlab/etc/pgbouncer-exporter/env'
1492# pgbouncer_exporter['env'] = {
1493# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1494# }
1495
1496################################################################################
1497## Prometheus Gitlab monitor
1498##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/gitlab_monitor_exporter.html
1499################################################################################
1500
1501
1502# gitlab_monitor['enable'] = true
1503# gitlab_monitor['log_directory'] = "/var/log/gitlab/gitlab-monitor"
1504# gitlab_monitor['home'] = "/var/opt/gitlab/gitlab-monitor"
1505
1506##! Advanced settings. Should be changed only if absolutely needed.
1507# gitlab_monitor['listen_address'] = 'localhost'
1508# gitlab_monitor['listen_port'] = '9168'
1509
1510##! Manage gitlab-monitor sidekiq probes. false by default when Sentinels are
1511##! found.
1512# gitlab_monitor['probe_sidekiq'] = true
1513
1514# To completely disable prometheus, and all of it's exporters, set to false
1515# prometheus_monitoring['enable'] = true
1516
1517################################################################################
1518## Gitaly
1519##! Docs:
1520################################################################################
1521
1522# The gitaly['enable'] option exists for the purpose of cluster
1523# deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html .
1524# gitaly['enable'] = true
1525# gitaly['dir'] = "/var/opt/gitlab/gitaly"
1526# gitaly['log_directory'] = "/var/log/gitlab/gitaly"
1527# gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly"
1528# gitaly['env_directory'] = "/opt/gitlab/etc/gitaly/env"
1529# gitaly['env'] = {
1530# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
1531# 'HOME' => '/var/opt/gitlab'
1532# }
1533# gitaly['socket_path'] = "/var/opt/gitlab/gitaly/gitaly.socket"
1534# gitaly['listen_addr'] = "localhost:8075"
1535# gitaly['tls_listen_addr] = "localhost:9075"
1536# gitaly['certificate_path'] = "/var/opt/gitlab/gitaly/certificate.pem'
1537# gitaly['key_path'] = "/var/opt/gitlab/gitaly/key.pem"
1538# gitaly['prometheus_listen_addr'] = "localhost:9236"
1539# gitaly['logging_level'] = "warn"
1540# gitaly['logging_format'] = "json"
1541# gitaly['logging_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
1542# gitaly['logging_ruby_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
1543# gitaly['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]"
1544# gitaly['auth_token'] = '<secret>'
1545# gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced
1546# gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart
1547# gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests
1548# gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby
1549# gitaly['ruby_num_workers'] = 3 # Number of gitaly-ruby worker processes. Minimum 2, default 2.
1550# gitaly['storage'] = [
1551# {
1552# 'name' => 'default',
1553# 'path' => '/mnt/nfs-01/git-data/repositories'
1554# },
1555# {
1556# 'name' => 'secondary',
1557# 'path' => '/mnt/nfs-02/git-data/repositories'
1558# }
1559# ]
1560# gitaly['concurrency'] = [
1561# {
1562# 'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
1563# 'max_per_repo' => 20
1564# }, {
1565# 'rpc' => "/gitaly.SSHService/SSHUploadPack",
1566# 'max_per_repo' => 5
1567# }
1568# ]
1569
1570################################################################################
1571# Storage check
1572################################################################################
1573# storage_check['enable'] = false
1574# storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
1575# storage_check['log_directory'] = '/var/log/gitlab/storage-check'
1576
1577################################################################################
1578# Let's Encrypt integration
1579################################################################################
1580# letsencrypt['enable'] = nil
1581# letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts
1582# letsencrypt['group'] = 'root'
1583# letsencrypt['key_size'] = 2048
1584# letsencrypt['owner'] = 'root'
1585# letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'
1586# See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings
1587# letsencrypt['auto_renew'] = true
1588# letsencrypt['auto_renew_hour'] = 0
1589# letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.
1590# letsencrypt['auto_renew_day_of_month'] = "*/4"
1591
1592################################################################################
1593################################################################################
1594## Configuration Settings for GitLab EE only ##
1595################################################################################
1596################################################################################
1597
1598
1599################################################################################
1600## Auxiliary cron jobs applicable to GitLab EE only
1601################################################################################
1602#
1603# gitlab_rails['geo_file_download_dispatch_worker_cron'] = "*/10 * * * *"
1604# gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *"
1605# gitlab_rails['geo_prune_event_log_worker_cron'] = "*/5 * * * *"
1606# gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = "*/5 * * * *"
1607# gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = "*/5 * * * *"
1608# gitlab_rails['geo_migrated_local_files_clean_up_worker_cron'] = "15 */6 * * *"
1609# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *"
1610# gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *"
1611# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *"
1612# gitlab_rails['pseudonymizer_worker_cron'] = "0 23 * * *"
1613
1614################################################################################
1615## Kerberos (EE Only)
1616##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access
1617################################################################################
1618
1619# gitlab_rails['kerberos_enabled'] = true
1620# gitlab_rails['kerberos_keytab'] = /etc/http.keytab
1621# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
1622# gitlab_rails['kerberos_use_dedicated_port'] = true
1623# gitlab_rails['kerberos_port'] = 8443
1624# gitlab_rails['kerberos_https'] = true
1625
1626################################################################################
1627## Package repository (EE Only)
1628##! Docs: https://docs.gitlab.com/ee/administration/maven_packages.md
1629################################################################################
1630
1631# gitlab_rails['packages_enabled'] = true
1632# gitlab_rails['packages_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/packages"
1633# gitlab_rails['packages_object_store_enabled'] = false
1634# gitlab_rails['packages_object_store_direct_upload'] = false
1635# gitlab_rails['packages_object_store_background_upload'] = true
1636# gitlab_rails['packages_object_store_proxy_download'] = false
1637# gitlab_rails['packages_object_store_remote_directory'] = "packages"
1638# gitlab_rails['packages_object_store_connection'] = {
1639# 'provider' => 'AWS',
1640# 'region' => 'eu-west-1',
1641# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
1642# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
1643# # # The below options configure an S3 compatible host instead of AWS
1644# # 'host' => 's3.amazonaws.com',
1645# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
1646# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
1647# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
1648# }
1649
1650################################################################################
1651## GitLab Sentinel (EE Only)
1652##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel
1653################################################################################
1654
1655##! **Make sure you configured all redis['master_*'] keys above before
1656##! continuing.**
1657
1658##! To enable Sentinel and disable all other services in this machine,
1659##! uncomment the line below (if you've enabled Redis role, it will keep it).
1660##! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html
1661# redis_sentinel_role['enable'] = true
1662
1663# sentinel['enable'] = true
1664
1665##! Bind to all interfaces, uncomment to specify an IP and bind to a single one
1666# sentinel['bind'] = '0.0.0.0'
1667
1668##! Uncomment to change default port
1669# sentinel['port'] = 26379
1670
1671#### Support to run sentinels in a Docker or NAT environment
1672#####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues
1673# In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel
1674# Only define these values if it is needed to announce for Sentinel a differen IP service than Redis
1675# sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present
1676# sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present
1677
1678##! Quorum must reflect the amount of voting sentinels it take to start a
1679##! failover.
1680##! **Value must NOT be greater then the amount of sentinels.**
1681##! The quorum can be used to tune Sentinel in two ways:
1682##! 1. If a the quorum is set to a value smaller than the majority of Sentinels
1683##! we deploy, we are basically making Sentinel more sensible to master
1684##! failures, triggering a failover as soon as even just a minority of
1685##! Sentinels is no longer able to talk with the master.
1686##! 2. If a quorum is set to a value greater than the majority of Sentinels, we
1687##! are making Sentinel able to failover only when there are a very large
1688##! number (larger than majority) of well connected Sentinels which agree
1689##! about the master being down.
1690# sentinel['quorum'] = 1
1691
1692### Consider unresponsive server down after x amount of ms.
1693# sentinel['down_after_milliseconds'] = 10000
1694
1695### Specifies the failover timeout in milliseconds.
1696##! It is used in many ways:
1697##!
1698##! - The time needed to re-start a failover after a previous failover was
1699##! already tried against the same master by a given Sentinel, is two
1700##! times the failover timeout.
1701##!
1702##! - The time needed for a slave replicating to a wrong master according
1703##! to a Sentinel current configuration, to be forced to replicate
1704##! with the right master, is exactly the failover timeout (counting since
1705##! the moment a Sentinel detected the misconfiguration).
1706##!
1707##! - The time needed to cancel a failover that is already in progress but
1708##! did not produced any configuration change (SLAVEOF NO ONE yet not
1709##! acknowledged by the promoted slave).
1710##!
1711##! - The maximum time a failover in progress waits for all the slaves to be
1712##! reconfigured as slaves of the new master. However even after this time
1713##! the slaves will be reconfigured by the Sentinels anyway, but not with
1714##! the exact parallel-syncs progression as specified.
1715# sentinel['failover_timeout'] = 60000
1716
1717################################################################################
1718## GitLab Sidekiq Cluster (EE only)
1719################################################################################
1720
1721##! GitLab Enterprise Edition allows one to start an extra set of Sidekiq processes
1722##! besides the default one. These processes can be used to consume a dedicated set
1723##! of queues. This can be used to ensure certain queues always have dedicated
1724##! workers, no matter the amount of jobs that need to be processed.
1725
1726# sidekiq_cluster['enable'] = false
1727# sidekiq_cluster['ha'] = false
1728# sidekiq_cluster['log_directory'] = "/var/log/gitlab/sidekiq-cluster"
1729# sidekiq_cluster['interval'] = 5 # The number of seconds to wait between worker checks
1730# sidekiq_cluster['max_concurrency'] = 50 # The maximum number of threads each Sidekiq process should run
1731
1732##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a
1733##! Sidekiq process. Multiple queues can be processed by the same process by
1734##! separating them with a comma within the group entry
1735
1736# sidekiq_cluster['queue_groups'] = [
1737# "process_commit,post_receive",
1738# "gitlab_shell"
1739# ]
1740#
1741
1742##! If negate is enabled then sidekiq-cluster will process all the queues that
1743##! don't match those in queue_groups.
1744
1745# sidekiq_cluster['negate'] = false
1746
1747################################################################################
1748## Additional Database Settings (EE only)
1749##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html
1750################################################################################
1751# gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] }
1752
1753################################################################################
1754## GitLab Geo
1755##! Docs: https://docs.gitlab.com/ee/gitlab-geo
1756################################################################################
1757# geo_primary_role['enable'] = false
1758# geo_secondary_role['enable'] = false
1759
1760################################################################################
1761## GitLab Geo Secondary (EE only)
1762################################################################################
1763# geo_secondary['auto_migrate'] = true
1764# geo_secondary['db_adapter'] = "postgresql"
1765# geo_secondary['db_encoding'] = "unicode"
1766# geo_secondary['db_collation'] = nil
1767# geo_secondary['db_database'] = "gitlabhq_geo_production"
1768# geo_secondary['db_pool'] = 10
1769# geo_secondary['db_username'] = "gitlab_geo"
1770# geo_secondary['db_password'] = nil
1771# geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql"
1772# geo_secondary['db_port'] = 5431
1773# geo_secondary['db_socket'] = nil
1774# geo_secondary['db_sslmode'] = nil
1775# geo_secondary['db_sslcompression'] = 0
1776# geo_secondary['db_sslrootcert'] = nil
1777# geo_secondary['db_sslca'] = nil
1778# geo_secondary['db_fdw'] = true
1779
1780################################################################################
1781## GitLab Geo Secondary Tracking Database (EE only)
1782################################################################################
1783
1784# geo_postgresql['enable'] = false
1785# geo_postgresql['ha'] = false
1786# geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql'
1787# geo_postgresql['data_dir'] = '/var/opt/gitlab/geo-postgresql/data'
1788# geo_postgresql['pgbouncer_user'] = nil
1789# geo_postgresql['pgbouncer_user_password'] = nil
1790
1791################################################################################
1792# Pgbouncer (EE only)
1793# See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only)
1794# See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details
1795################################################################################
1796# pgbouncer['enable'] = false
1797# pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer'
1798# pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer'
1799# pgbouncer['env_directory'] = '/opt/gitlab/etc/pgbouncer/env'
1800# pgbouncer['env'] = {
1801# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1802# }
1803# pgbouncer['listen_addr'] = '0.0.0.0'
1804# pgbouncer['listen_port'] = '6432'
1805# pgbouncer['pool_mode'] = 'transaction'
1806# pgbouncer['server_reset_query'] = 'DISCARD ALL'
1807# pgbouncer['application_name_add_host'] = '1'
1808# pgbouncer['max_client_conn'] = '2048'
1809# pgbouncer['default_pool_size'] = '100'
1810# pgbouncer['min_pool_size'] = '0'
1811# pgbouncer['reserve_pool_size'] = '5'
1812# pgbouncer['reserve_pool_timeout'] = '5.0'
1813# pgbouncer['server_round_robin'] = '0'
1814# pgbouncer['log_connections'] = '0'
1815# pgbouncer['server_idle_timeout'] = '30'
1816# pgbouncer['dns_max_ttl'] = '15.0'
1817# pgbouncer['dns_zone_check_period'] = '0'
1818# pgbouncer['dns_nxdomain_ttl'] = '15.0'
1819# pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer)
1820# pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer)
1821# pgbouncer['ignore_startup_parameters'] = 'extra_float_digits'
1822# pgbouncer['databases'] = {
1823# DATABASE_NAME: {
1824# host: HOSTNAME,
1825# port: PORT
1826# user: USERNAME,
1827# password: PASSWORD
1828###! generate this with `echo -n '$password + $username' | md5sum`
1829# }
1830# ...
1831# }
1832# pgbouncer['logfile'] = nil
1833# pgbouncer['unix_socket_dir'] = nil
1834# pgbouncer['unix_socket_mode'] = '0777'
1835# pgbouncer['unix_socket_group'] = nil
1836# pgbouncer['auth_type'] = 'md5'
1837# pgbouncer['auth_hba_file'] = nil
1838# pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)'
1839# pgbouncer['users'] = {
1840# {
1841# name: USERNAME,
1842# password: MD5_PASSWORD_HASH
1843# }
1844# }
1845# postgresql['pgbouncer_user'] = nil
1846# postgresql['pgbouncer_user_password'] = nil
1847# pgbouncer['server_reset_query_always'] = 0
1848# pgbouncer['server_check_query'] = 'select 1'
1849# pgbouncer['server_check_delay'] = 30
1850# pgbouncer['max_db_connections'] = nil
1851# pgbouncer['max_user_connections'] = nil
1852# pgbouncer['syslog'] = 0
1853# pgbouncer['syslog_facility'] = 'daemon'
1854# pgbouncer['syslog_ident'] = 'pgbouncer'
1855# pgbouncer['log_disconnections'] = 1
1856# pgbouncer['log_pooler_errors'] = 1
1857# pgbouncer['stats_period'] = 60
1858# pgbouncer['verbose'] = 0
1859# pgbouncer['server_lifetime'] = 3600
1860# pgbouncer['server_connect_timeout'] = 15
1861# pgbouncer['server_login_retry'] = 15
1862# pgbouncer['query_timeout'] = 0
1863# pgbouncer['query_wait_timeout'] = 120
1864# pgbouncer['client_idle_timeout'] = 0
1865# pgbouncer['client_login_timeout'] = 60
1866# pgbouncer['autodb_idle_timeout'] = 3600
1867# pgbouncer['suspend_timeout'] = 10
1868# pgbouncer['idle_transaction_timeout'] = 0
1869# pgbouncer['pkt_buf'] = 4096
1870# pgbouncer['listen_backlog'] = 128
1871# pgbouncer['sbuf_loopcnt'] = 5
1872# pgbouncer['max_packet_size'] = 2147483647
1873# pgbouncer['tcp_defer_accept'] = 0
1874# pgbouncer['tcp_socket_buffer'] = 0
1875# pgbouncer['tcp_keepalive'] = 1
1876# pgbouncer['tcp_keepcnt'] = 0
1877# pgbouncer['tcp_keepidle'] = 0
1878# pgbouncer['tcp_keepintvl'] = 0
1879# pgbouncer['disable_pqexec'] = 0
1880
1881## Pgbouncer client TLS options
1882# pgbouncer['client_tls_sslmode'] = 'disable'
1883# pgbouncer['client_tls_ca_file'] = nil
1884# pgbouncer['client_tls_key_file'] = nil
1885# pgbouncer['client_tls_cert_file'] = nil
1886# pgbouncer['client_tls_protocols'] = 'all'
1887# pgbouncer['client_tls_dheparams'] = 'auto'
1888# pgbouncer['client_tls_ecdhcurve'] = 'auto'
1889#
1890## Pgbouncer server TLS options
1891# pgbouncer['server_tls_sslmode'] = 'disable'
1892# pgbouncer['server_tls_ca_file'] = nil
1893# pgbouncer['server_tls_key_file'] = nil
1894# pgbouncer['server_tls_cert_file'] = nil
1895# pgbouncer['server_tls_protocols'] = 'all'
1896# pgbouncer['server_tls_ciphers'] = 'fast'
1897
1898################################################################################
1899# Repmgr (EE only)
1900################################################################################
1901# repmgr['enable'] = false
1902# repmgr['cluster'] = 'gitlab_cluster'
1903# repmgr['database'] = 'gitlab_repmgr'
1904# repmgr['host'] = nil
1905# repmgr['node_number'] = nil
1906# repmgr['port'] = 5432
1907# repmgr['trust_auth_cidr_addresses'] = []
1908# repmgr['user'] = 'gitlab_repmgr'
1909# repmgr['sslmode'] = 'prefer'
1910# repmgr['sslcompression'] = 0
1911# repmgr['failover'] = 'automatic'
1912# repmgr['log_directory'] = '/var/log/gitlab/repmgrd'
1913# repmgr['node_name'] = nil
1914# repmgr['pg_bindir'] = '/opt/gitlab/embedded/bin'
1915# repmgr['service_start_command'] = '/opt/gitlab/bin/gitlab-ctl start postgresql'
1916# repmgr['service_stop_command'] = '/opt/gitlab/bin/gitlab-ctl stop postgresql'
1917# repmgr['service_reload_command'] = '/opt/gitlab/bin/gitlab-ctl hup postgresql'
1918# repmgr['service_restart_command'] = '/opt/gitlab/bin/gitlab-ctl restart postgresql'
1919# repmgr['service_promote_command'] = nil
1920# repmgr['promote_command'] = '/opt/gitlab/embedded/bin/repmgr standby promote -f /var/opt/gitlab/postgresql/repmgr.conf'
1921# repmgr['follow_command'] = '/opt/gitlab/embedded/bin/repmgr standby follow -f /var/opt/gitlab/postgresql/repmgr.conf'
1922
1923# repmgr['upstream_node'] = nil
1924# repmgr['use_replication_slots'] = false
1925# repmgr['loglevel'] = 'INFO'
1926# repmgr['logfacility'] = 'STDERR'
1927# repmgr['logfile'] = nil
1928
1929# repmgr['event_notification_command'] = nil
1930# repmgr['event_notifications'] = nil
1931
1932# repmgr['rsync_options'] = nil
1933# repmgr['ssh_options'] = nil
1934# repmgr['priority'] = nil
1935#
1936# HA setting to specify if a node should attempt to be master on initialization
1937# repmgr['master_on_initialization'] = true
1938
1939# repmgr['retry_promote_interval_secs'] = 300
1940# repmgr['witness_repl_nodes_sync_interval_secs'] = 15
1941# repmgr['reconnect_attempts'] = 6
1942# repmgr['reconnect_interval'] = 10
1943# repmgr['monitor_interval_secs'] = 2
1944# repmgr['master_response_timeout'] = 60
1945# repmgr['daemon'] = true
1946# repmgrd['enable'] = true
1947
1948################################################################################
1949# Consul (EEP only)
1950################################################################################
1951# consul['enable'] = false
1952# consul['dir'] = '/var/opt/gitlab/consul'
1953# consul['user'] = 'gitlab-consul'
1954# consul['group'] = 'gitlab-consul'
1955# consul['config_file'] = '/var/opt/gitlab/consul/config.json'
1956# consul['config_dir'] = '/var/opt/gitlab/consul/config.d'
1957# consul['data_dir'] = '/var/opt/gitlab/consul/data'
1958# consul['log_directory'] = '/var/log/gitlab/consul'
1959# consul['env_directory'] = '/opt/gitlab/etc/consul/env'
1960# consul['env'] = {
1961# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1962# }
1963# consul['node_name'] = nil
1964# consul['script_directory'] = '/var/opt/gitlab/consul/scripts'
1965# consul['configuration'] = {
1966# 'client_addr' => nil,
1967# 'datacenter' => 'gitlab_consul',
1968# 'enable_script_checks' => true,
1969# 'server' => false
1970# }
1971# consul['services'] = []
1972# consul['service_config'] = {
1973# 'postgresql' => {
1974# 'service' => {
1975# 'name' => "postgresql",
1976# 'address' => '',
1977# 'port' => 5432,
1978# 'checks' => [
1979# {
1980# 'script' => "/var/opt/gitlab/consul/scripts/check_postgresql",
1981# 'interval' => "10s"
1982# }
1983# ]
1984# }
1985# }
1986# }
1987# consul['watchers'] = {
1988# 'postgresql' => {
1989# enable: false,
1990# handler: 'failover_pgbouncer'
1991# }
1992# }