debops.gitlab default variables

GitLab version configuration

These variables define what GitLab release branch will be used to install GitLab. The gitlab_version variable is used to enable/disable specific features dependent on the GitLab version, but does not correspond to the actual specific version number.

Both of these variables should be kept in sync.

gitlab__release_map

This is the dictionary that keeps track of supported GitLab releases per OS distribution/release. Older OS releases might not have the required environment support, for example old Ruby or Go version.

gitlab__release_map:

  # OS releases with Ruby 2.1
  'wheezy': '8-17-stable'
  'jessie': '8-17-stable'
  'trusty': '8-17-stable'

  # OS releases with Ruby 2.3
  'stretch': '10-8-stable'
  'xenial':  '10-8-stable'

  'buster':  '11-3-stable'
  'bionic':  '11-3-stable'
gitlab__distribution_release

Specify the OS release which is used to select the version of GitLab to install and APT package names.

gitlab__distribution_release: '{{ ansible_local.core.distribution_release
                                  if (ansible_local|d() and ansible_local.core|d() and
                                      ansible_local.core.distribution_release|d())
                                  else ansible_distribution_release }}'
gitlab__release

Specify the GitLab release to install or manage. The role checks what release is currently installed and can perform automatic upgrade if the installed release is older than the specified. Downgrades are not supported.

gitlab__release: '{{ gitlab__release_map[gitlab__distribution_release] }}'
gitlab_version

Specify the GitLab version to install or manage. The role checks what version is currently installed and can perform automatic upgrade if the installed version is older than the specified. Downgrades are not supported.

gitlab_version: '{{ gitlab__release | replace("-stable","") | replace("-",".") }}'

Application features

gitlab__database

What database to use for GitLab instance? Supported options:

  • postgresql: use PostgreSQL database

The role expects the selected database server to be configured. See the documentation of the debops.postgresql_server role for information about its features.

gitlab__database: '{{ ansible_local.gitlab.database
                      if (ansible_local|d() and ansible_local.gitlab|d() and
                          ansible_local.gitlab.database|d())
                      else ("postgresql"
                            if (ansible_local|d() and ansible_local.postgresql is defined)
                            else ("mariadb-is-deprecated"
                                  if (ansible_local|d() and ansible_local.mariadb is defined)
                                  else "no-database-detected")) }}'
gitlab_use_systemd

Enable or disable use of the systemd units instead of the upstream init script provided by GitLab. By default the init script will be used on non-systemd hosts.

gitlab_use_systemd: '{{ (ansible_local.gitlab.systemd_services
                         if (ansible_local|d() and ansible_local.gitlab|d() and
                             ansible_local.gitlab.systemd_services|d())
                         else (False
                               if (ansible_local|d() and ansible_local.gitlab|d() and
                                   ansible_local.gitlab.installed|d())
                               else (True if ansible_service_mgr == "systemd" else False))) }}'
gitlab_enable_pages

Whether to enable gitlab-pages. Available in Gitlab 8.17 and newer.

gitlab_enable_pages: '{{ gitlab_version is version_compare("8.17",
                         operator="ge", strict=True) and gitlab_pages_domain != "" }}'

Application FQDN and DNS addresses

gitlab__fqdn

The Fully Qualified Domain Name of the GitLab application. This address is used to configure the webserver frontend.

gitlab__fqdn: 'code.{{ gitlab_domain }}'
gitlab_domain

Domain which will be used for nginx server and gitlab-shell access GitLab will be configured with HTTPS enabled by default

gitlab_domain: '{{ ansible_local.core.domain
                   if (ansible_local|d() and ansible_local.core|d() and
                       ansible_local.core.domain|d())
                   else (ansible_domain if ansible_domain else ansible_hostname) }}'

APT packages

gitlab__base_packages

List of base APT packages required by GitLab.

gitlab__base_packages: [ 'build-essential', 'cmake', 'git', 'pkg-config', 'python-docutils',
                         'unzip', 'acl',
                         'libgdbm-dev', 'libreadline-dev', 'libncurses5-dev', 'libffi-dev',
                         'libxml2-dev', 'libxslt1-dev', 'libcurl4-openssl-dev', 'libkrb5-dev',
                         'libicu-dev', 'zlib1g-dev', 'libyaml-dev' ]
gitlab__release_packages

List of base APT packages required by GitLab depending on the distribution release.

gitlab__release_packages:
  jessie:  [ 'libssl-dev' ]
  stretch: [ 'libssl1.0-dev', 'libre2-dev' ]
  precise: [ 'libssl-dev' ]
  trusty:  [ 'libssl-dev' ]
  xenial:  [ 'libssl-dev', 'libre2-dev' ]
  bionic:  [ 'libssl-dev', 'libre2-dev' ]
gitlab__database_packages

YAML dictionary which contains list of APT packages required by a particular database server.

gitlab__database_packages:
  jessie:
    postgresql: [ 'libpq-dev', 'ruby-pg' ]
  stretch:
    postgresql: [ 'libpq-dev', 'ruby-pg' ]
  precise:
    postgresql: [ 'libpq-dev', 'ruby-pg' ]
  trusty:
    postgresql: [ 'libpq-dev', 'ruby-pg' ]
  xenial:
    postgresql: [ 'libpq-dev', 'ruby-pg' ]
  bionic:
    postgresql: [ 'libpq-dev', 'ruby-pg' ]

GitLab Pages configuration

gitlab_pages_domain

The main domain served by Gitlab Pages. Set this to your domain to enable Gitlab Pages.

This should be a different one than gitlab_domain to prevent cross domain cookie attacks.

gitlab_pages_domain: ''
gitlab_pages_port

Port the gitlab-pages HTTP server listens to.

gitlab_pages_port: '8090'

nginx webserver options

gitlab_nginx_auth_realm

Webserver authentication realm.

gitlab_nginx_auth_realm: 'GitLab access is restricted'
gitlab_nginx_access_policy

Name of webserver access policy to enable. Refer to debops.nginx for details.

gitlab_nginx_access_policy: ''
gitlab_nginx_client_max_body_size

nginx client_max_body_size value.

gitlab_nginx_client_max_body_size: '0'
gitlab_nginx_proxy_timeout

nginx - gitlab proxy timeout in seconds

gitlab_nginx_proxy_timeout: '300'

E-mail configuration

gitlab_email_display_name

E-mail sender name used by GitLab

gitlab_email_display_name: 'GitLab'
gitlab_email_from

E-mail address used by GitLab application.

gitlab_email_from: 'git@{{ gitlab__fqdn }}'
gitlab_email_reply_to

E-mail Reply-To address added to GitLab mails.

gitlab_email_reply_to: 'admin+gitlab@{{ ansible_domain }}'
gitlab_admin_email

Default admin account e-mail address.

gitlab_admin_email: 'admin@{{ ansible_domain }}'
gitlab_admin_password

Default admin account password.

gitlab_admin_password: '{{ lookup("password", secret
                           + "/credentials/" + ansible_fqdn
                           + "/gitlab/admin/password chars=ascii,numbers") }}'

New user configuration

gitlab_default_can_create_group

Should new users be able to create groups?

gitlab_default_can_create_group: 'true'
gitlab_username_changing_enabled

Can users change their own username?

gitlab_username_changing_enabled: 'false'
gitlab_default_theme

Default GitLab theme to use

gitlab_default_theme: '2'

Database configuration

gitlab_database_server

FQDN of the database server. It will be configured by the debops.postgresql role.

gitlab_database_server: '{{ ansible_local[gitlab__database].server }}'
gitlab_database_port

Port the database is listening on.

gitlab_database_port: '{{ ansible_local[gitlab__database].port }}'
gitlab_database_user

Name of the database account to use for the GitLab application.

gitlab_database_user: 'gitlab'
gitlab_database_name

Name of the database to use for the GitLab data.

gitlab_database_name: 'gitlabhq_production'
gitlab_database_password_path

Path to database password file located on the Ansible Controller. See the debops.secret role for more details.

gitlab_database_password_path: '{{ secret + "/" + gitlab__database + "/" +
                                   ansible_local[gitlab__database].delegate_to }}{%
                                     if gitlab__database=="postgresql" %}/{{ ansible_local[gitlab__database].port }}{% endif
                                   %}{{ "/credentials/" + gitlab_database_user +
                                   "/password" }}'
gitlab_database_password

Database password for GitLab.

gitlab_database_password: "{{ lookup('password', gitlab_database_password_path
                              + ' length=48 chars=ascii_letters,digits,.:-_') }}"
gitlab_postgresql_database_connection

Connection type for PostgreSQL database (choices: socket, port) FIXME: not supported yet

gitlab_postgresql_database_connection: 'socket'

GitLab backup options

gitlab_backup_frequency

Backup frequency (daily, weekly, monthly)

gitlab_backup_frequency: 'daily'
gitlab_backup_keep_time

How long to store backups for, in seconds

gitlab_backup_keep_time: '{{ (60 * 60 * 24 * 7) }}'

Redis configuration

gitlab_redis_host

Define hostname of redis server to use.

gitlab_redis_host: '{{ ansible_local.redis_server.host
                       if (ansible_local|d() and ansible_local.redis_server|d() and
                           ansible_local.redis_server.host|d())
                       else "localhost" }}'
gitlab_redis_port

Define port of redis server to use.

gitlab_redis_port: '{{ ansible_local.redis_server.port
                       if (ansible_local|d() and ansible_local.redis_server|d() and
                           ansible_local.redis_server.port|d())
                       else "6379" }}'
gitlab_redis_password

Define the Redis authentication password to use

gitlab_redis_password: '{{ ansible_local.redis_server.password
                           if (ansible_local|d() and ansible_local.redis_server|d() and
                               ansible_local.redis_server.password|d())
                           else "" }}'
gitlab_redis_resque

Connection string used in the configuration file.

gitlab_redis_resque: 'redis://{{ ((":" + gitlab_redis_password + "@")
                                  if gitlab_redis_password else "") +
                      gitlab_redis_host + ":" + gitlab_redis_port }}'
gitlab_redis_database

Specify which Redis database to use for GitLab

gitlab_redis_database: '0'

GitLab directory layout

gitlab_home

Home directory

gitlab_home: '{{ (ansible_local.root.home
                  if (ansible_local|d() and ansible_local.root|d() and
                      ansible_local.root.home|d())
                  else "/var/local") + "/" + gitlab_user }}'
gitlab_app_root_path

Application installation directory

gitlab_app_root_path: '{{ (ansible_local.root.app
                           if (ansible_local|d() and ansible_local.root|d() and
                               ansible_local.root.app|d())
                           else "/var/local") + "/" + gitlab_user }}'
gitlab_repositories_path

GitLab repositories

gitlab_repositories_path: '{{ (ansible_local.root.data
                               if (ansible_local|d() and ansible_local.root|d() and
                                   ansible_local.root.data|d())
                               else "/srv") + "/gitlab/repositories" }}'
gitlab_satellites_path

GitLab satellites

gitlab_satellites_path: '{{ (ansible_local.root.data
                             if (ansible_local|d() and ansible_local.root|d() and
                                 ansible_local.root.data|d())
                             else "/srv") + "/gitlab/satellites" }}'
gitlab_backup_path

Backup path

gitlab_backup_path: '{{ (ansible_local.root.backup
                         if (ansible_local|d() and ansible_local.root|d() and
                             ansible_local.root.backup|d())
                         else "/var/backups") + "/gitlab" }}'
gitlab_src_path

GitLab sources root path

gitlab_src_path: '{{ (ansible_local.root.src
                      if (ansible_local|d() and ansible_local.root|d() and
                          ansible_local.root.src|d())
                      else "/usr/local/src") + "/gitlab" }}'
gitlab_lfs_path

Gitlab path for lfs objects

gitlab_lfs_path: '{{ (ansible_local.root.data
                      if (ansible_local|d() and ansible_local.root|d() and
                          ansible_local.root.data|d())
                      else "/srv") + "/gitlab/shared/lfs-objects" }}'
gitlab_shared_path

Gitlab path for shared files

gitlab_shared_path: '{{ (ansible_local.root.data
                         if (ansible_local|d() and ansible_local.root|d() and
                             ansible_local.root.data|d())
                         else "/srv") + "/gitlab/shared" }}'
gitlab_artifacts_path

Gitlab path for artifacts files

gitlab_artifacts_path: '{{ (ansible_local.root.data
                            if (ansible_local|d() and ansible_local.root|d() and
                                ansible_local.root.data|d())
                            else "/srv") + "/gitlab/shared/artifacts" }}'
gitlab_pages_path

Path where GitLab Pages are stored in the filesystem.

gitlab_pages_path: '{{ (ansible_local.root.data
                        if (ansible_local|d() and ansible_local.root|d() and
                            ansible_local.root.data|d())
                        else "/srv") + "/gitlab/shared/pages" }}'

System user, group, additional groups

gitlab_user

System UNIX account used by the GitLab application. It will be visible in the git+ssh remote URLs.

gitlab_user: 'git'
gitlab_group

System UNIX group used by the Gitlab application.

gitlab_group: 'git'
gitlab_user_append_groups

List of additional system groups to add to the GitLab user account. The sshusers UNIX group is used in DebOps to limit SSH access. See the debops.system_groups role for more details.

gitlab_user_append_groups: [ 'sshusers' ]
gitlab__shell

The default shell used by the GitLab UNIX account.

gitlab__shell: '/bin/bash'

Internal application options

gitlab_time_zone

The timezone used by GitLab.

gitlab_time_zone: 'UTC'
gitlab_git_max_size

Max git upload size in bytes.

gitlab_git_max_size: '{{ (1024 * 1024 * 20) }}'
gitlab_git_timeout

The git connection timeout in seconds.

gitlab_git_timeout: '10'
gitlab_unicorn_port

Unicorn port on localhost interface.

gitlab_unicorn_port: '18082'
gitlab_unicorn_timeout

Unicorn connection timeout in seconds.

gitlab_unicorn_timeout: '60'
gitlab_passenger_options

Additional options for Phusion Passenger as text block.

gitlab_passenger_options: ''
gitlab_shell_ssh_port

SSH port for GitLab Shell (does not affect sshd port setting).

gitlab_shell_ssh_port: '22'

Compatibility workarounds

gitlab_support_filesystem_acl

Enable or disable ACL configuration for the webserver

gitlab_support_filesystem_acl: True

gitlab-shell source code

gitlab_shell_git_repo

URL of the gitlab-shell repository.

gitlab_shell_git_repo: 'https://gitlab.com/gitlab-org/gitlab-shell.git'
gitlab_shell_git_dest

Path where the gitlab-shell source code will be cloned into a bare repository.

gitlab_shell_git_dest: '{{ gitlab_src_path + "/" + gitlab_shell_git_repo.split("://")[1] }}'
gitlab_shell_git_checkout

Path where the gitlab-shell source code will be checked out.

gitlab_shell_git_checkout: '{{ gitlab_app_root_path + "/gitlab-shell" }}'

GitLab CE source code

gitlab_ce_git_repo

URL of the GitLab CE repository.

gitlab_ce_git_repo: 'https://gitlab.com/gitlab-org/gitlab-ce.git'
gitlab_ce_git_dest

Path where the GitLab CE source code will be cloned into a bare repository.

gitlab_ce_git_dest: '{{ gitlab_src_path + "/" + gitlab_ce_git_repo.split("://")[1] }}'
gitlab_ce_git_checkout

Path where the GitLab CE source code will be checked out.

gitlab_ce_git_checkout: '{{ gitlab_app_root_path + "/gitlab" }}'

GitLab git HTTP server source code

gitlab_git_http_server_repo

URL of the git HTTP server repository.

gitlab_git_http_server_repo: 'https://gitlab.com/gitlab-org/gitlab-git-http-server.git'
gitlab_git_http_server_dest

Path where the git HTTP server source code will be cloned into a bare repository.

gitlab_git_http_server_dest: '{{ gitlab_src_path + "/" + gitlab_git_http_server_repo.split("://")[1] }}'
gitlab_git_http_server_checkout

Path where the git HTTP server source code will be checked out.

gitlab_git_http_server_checkout: '{{ gitlab_app_root_path + "/gitlab-git-http-server" }}'

GitLab Workhorse source code

gitlab_workhorse_repo

URL of the GitLab Workhorse repository.

gitlab_workhorse_repo: 'https://gitlab.com/gitlab-org/gitlab-workhorse.git'
gitlab_workhorse_dest

Path where the GitLab Workhorse source code will be cloned into a bare repository.

gitlab_workhorse_dest: '{{ gitlab_src_path + "/" + gitlab_workhorse_repo.split("://")[1] }}'
gitlab_workhorse_checkout

Path where the GitLab Workhorse source code will be checked out.

gitlab_workhorse_checkout: '{{ gitlab_app_root_path + "/gitlab-workhorse" }}'

GitLab Pages source code

gitlab_pages_repo

URL of the GitLab Pages repository.

gitlab_pages_repo: 'https://gitlab.com/gitlab-org/gitlab-pages.git'
gitlab_pages_dest

Path where the GitLab Pages source code will be cloned into a bare repository.

gitlab_pages_dest: '{{ gitlab_src_path + "/" + gitlab_pages_repo.split("://")[1] }}'
gitlab_pages_checkout

Path where the GitLab Pages source code will be checked out.

gitlab_pages_checkout: '{{ gitlab_app_root_path + "/gitlab-pages" }}'

Gitaly source code

gitlab__gitaly_repo

URL of the Gitaly repository.

gitlab__gitaly_repo: 'https://gitlab.com/gitlab-org/gitaly.git'
gitlab__gitaly_dest

Path where the Gitaly source code will be cloned into a bare repository.

gitlab__gitaly_dest: '{{ gitlab_src_path + "/" + gitlab__gitaly_repo.split("://")[1] }}'
gitlab__gitaly_checkout

Path where the Gitaly source code will be checked out.

gitlab__gitaly_checkout: '{{ gitlab_app_root_path + "/gitaly" }}'

Build and deployment commands Different versions of GitLab might require different command parameters to build and deploy the service. The variables below define the commands according to the selected version or feature.

gitlab_assets_clean

Rake task which cleans GitLab static assets during upgrades.

gitlab_assets_clean: '{{ "gitlab:assets:clean"
                         if (gitlab_version is version_compare("8.17", operator="ge", strict=True))
                         else "assets:clean" }}'
gitlab_assets_compile

Rake task which builds or rebuilds GitLab assets during installation or upgrades.

gitlab_assets_compile: '{{ "gitlab:assets:compile"
                           if (gitlab_version is version_compare("8.17", operator="ge", strict=True))
                           else "assets:precompile" }}'
gitlab_ce_bundle_install_without

YAML dictionary which maps Bundler parameters to the selected database backend.

gitlab_ce_bundle_install_without:
  'postgresql': 'development test aws mysql'

LDAP Authentication configuration

More information about LDAP support in GitLab can be found at https://gitlab.com/help/administration/auth/ldap.md

gitlab_ldap_enable

Enable or disable LDAP support.

gitlab_ldap_enable: False
gitlab_ldap_manage

If enabled, the role will try to create/manage the relevant entries on the LDAP server. If disabled, only the configuration file entries will be created, you will need to configure the LDAP server yourself.

gitlab_ldap_manage: True
gitlab_ldap_domain

The base DNS domain used to generate LDAP configuration parameters.

gitlab_ldap_domain: '{{ ansible_domain }}'
gitlab_ldap_label

Specify the name of the LDAP server displayed on the login page.

gitlab_ldap_label: '{{ gitlab_ldap_domain }}'
gitlab_ldap_host

FQDN address of the LDAP server to connect to.

gitlab_ldap_host: 'ldap.{{ ansible_domain }}'
gitlab_ldap_port

The LDAP service port to use for connections.

gitlab_ldap_port: '389'
gitlab_ldap_method

The connection method that should be used to connect to the LDAP server. Available methods: tls, ssl, plain.

gitlab_ldap_method: 'tls'
gitlab_ldap_basedn

The LDAP BaseDN string used to connect to the LDAP server.

gitlab_ldap_basedn: '{{ "dc=" + gitlab_ldap_domain.split(".") | join(",dc=") }}'
gitlab_ldap_binddn

The GitLab user account on the LDAP server, used to bind to the LDAP server.

gitlab_ldap_binddn: '{{ "cn=gitlab," + secret_ldap_services_dn }}'
gitlab_ldap_password_file

Path to the LDAP bind account password file on the Ansible Controller. See the debops.secret role for more details.

gitlab_ldap_password_file: '{{ secret + "/credentials/" + gitlab_ldap_host
                               + "/slapd/" + gitlab_ldap_basedn + "/"
                               + gitlab_ldap_binddn + ".password" }}'
gitlab_ldap_password

The password of the LDAP bind account.

gitlab_ldap_password: '{{ lookup("password", gitlab_ldap_password_file) }}'
gitlab_ldap_activedirectory

Enable or disable support for ActiveDirectory servers.

gitlab_ldap_activedirectory: False
gitlab_ldap_uid

Name of the LDAP attribute to use for account lookups. On plain LDAP servers it's usually uid, on older ActiveDirectory installations it could be sAMAccountName.

gitlab_ldap_uid: 'uid'

Piwik configuration

gitlab__piwik_url

The URL (ex.: analytics.example.com) on which Piwik analytics responds (default to disabled). Please note that the visit requests from GitLab to the Piwik URL will be pushed with the same http scheme that the GitLab is hosted with. So, the URL variable must not contain the http scheme, but may contain a port or subdirectories.

gitlab__piwik_url: ''
gitlab__piwik_site_id

The ID of the GitLab website in Piwik analytics.

gitlab__piwik_site_id: '0'

Configuration for other Ansible roles

gitlab__etc_services__dependent_list

List of custom /etc/services to configure for the debops.etc_services Ansible role.

gitlab__etc_services__dependent_list:

  - name: 'gitlab'
    port: '{{ gitlab_unicorn_port }}'
    comment: 'GitLab'

  - name: 'gitlab-pages'
    port: '{{ gitlab_pages_port }}'
    comment: 'GitLab Pages'
gitlab__apt_preferences__dependent_list

Configuration for the debops.apt_preferences role.

gitlab__apt_preferences__dependent_list:

  - package: 'git git-*'
    backports: [ 'jessie' ]
    reason:  'Meet version requirement of GitLab 8.17 (Git version >= 2.7.3) on Debian Jessie.'
    by_role: 'debops.gitlab'
gitlab__logrotate__dependent_config

Configuration for the debops.logrotate Ansible role.

gitlab__logrotate__dependent_config:

  - filename: 'gitlab'
    sections:

      - log: '{{ gitlab_home }}/gitlab/log/*.log'
        comment: |
          GitLab logrotate settings
          based on: https://stackoverflow.com/a/4883967
        options: |
          daily
          missingok
          rotate 90
          compress
          notifempty
          copytruncate
        state: 'present'

      - log: '{{ gitlab_home }}/gitlab-shell/gitlab-shell.log'
        options: |
          daily
          missingok
          rotate 90
          compress
          notifempty
          copytruncate
        state: 'present'
gitlab__postgresql__dependent_roles

Configuration of PostgreSQL roles for debops.postgresql Ansible role.

gitlab__postgresql__dependent_roles:

  # Owner of the ``gitlabhq_production`` database
  - name: '{{ gitlab_database_name }}'
    flags: [ 'NOLOGIN' ]

  # GitLab user account role
  - name: '{{ gitlab_database_user }}'
    password: '{{ gitlab_database_password }}'
gitlab__postgresql__dependent_databases

Configuration of PostgreSQL databases for the debops.postgresql Ansible role.

gitlab__postgresql__dependent_databases:

  - name:  '{{ gitlab_database_name }}'
    owner: '{{ gitlab_database_name }}'
gitlab__postgresql__dependent_groups

Configuration of PostgreSQL groups for the debops.postgresql Ansible role.

gitlab__postgresql__dependent_groups:

  - roles:  [ '{{ gitlab_database_user }}' ]
    groups: [ '{{ gitlab_database_name }}' ]
    database: '{{ gitlab_database_name }}'
gitlab__postgresql__dependent_extensions

Configuration of PostgreSQL extensions for the debops.postgresql Ansible role.

gitlab__postgresql__dependent_extensions:

  - database: '{{ gitlab_database_name }}'
    extension: 'pg_trgm'
gitlab__postgresql__dependent_pgpass

The ~/.pgpass configuration for debops.postgresql Ansible role.

gitlab__postgresql__dependent_pgpass:

  - owner: '{{ gitlab_user }}'
    home: '{{ gitlab_home }}'
    database: '{{ gitlab_database_name }}'
    role: '{{ gitlab_database_user }}'
gitlab__nginx__dependent_upstreams

List of nginx upstreams for the debops.nginx Ansible role.

gitlab__nginx__dependent_upstreams:

  # Upstream configuration for the ``gitlab-workhorse`` used in GitLab 8.2+
  - name: 'gitlab-workhorse'
    server: 'unix:{{ gitlab_ce_git_checkout }}/tmp/sockets/gitlab-workhorse.socket'
gitlab__nginx__dependent_servers

List of nginx servers for the debops.nginx Ansible role.

gitlab__nginx__dependent_servers:

  - '{{ gitlab__nginx_server }}'
  - '{{ gitlab__nginx_pages_server }}'
gitlab__nginx_server

Configuration of the GitLab nginx proxy for the debops.nginx Ansible role.

gitlab__nginx_server:
  by_role: 'debops.gitlab'
  enabled: True
  type: 'rails'
  name: '{{ gitlab__fqdn }}'
  root: '{{ gitlab_ce_git_checkout }}/public'

  deny_hidden: False

  access_policy: '{{ gitlab_nginx_access_policy }}'
  auth_basic_realm: '{{ gitlab_nginx_auth_realm }}'

  error_pages:
    '404': '/404.html'
    '422': '/422.html'
    '500': '/500.html'
    '502': '/502.html'

  # Phusion Passenger options
  passenger_user: '{{ gitlab_user }}'
  passenger_group: '{{ gitlab_group }}'
  passenger_options: '{{ gitlab_passenger_options }}'

  options: |
    client_max_body_size {{ gitlab_nginx_client_max_body_size }};

  location_list:
    - pattern: '/'
      options: |
        client_max_body_size 0;
        gzip off;

        ## https://github.com/gitlabhq/gitlabhq/issues/694
        ## Some requests take more than 30 seconds.
        proxy_read_timeout      300;
        proxy_connect_timeout   300;
        proxy_redirect          off;

        proxy_http_version 1.1;

        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto   $scheme;

        proxy_pass http://gitlab-workhorse;
gitlab__nginx_pages_server

Configuration of the GitLab Pages nginx proxy for the debops.nginx role.

gitlab__nginx_pages_server:
  by_role: 'debops.gitlab'
  enabled: '{{ gitlab_enable_pages }}'
  type: 'proxy'
  name: [ '{{ gitlab_pages_domain }}', '*.{{ gitlab_pages_domain }}' ]
  filename: 'gitlab-pages'
  proxy_pass: 'http://localhost:{{ gitlab_pages_port }}'