Skip to content

Question: inserting custom nginx config with nginx['custom_gitlab_server_config'] in omnibus installation

Summary:

I'm trying to add CORS support to my 9.0.2 omnibus installation by adding custom nginx code to the gitlab server config.

Based on the docs I can do so using the nginx['custom_gitlab_server_config'] key.

Trying to add custom nginx config to the root:

nginx['custom_gitlab_server_config'] = "location ^~ / {\ninclude /etc/gitlab/nginx_cors_mixin.conf;\n}\n"

causes gitlab-ctl reconfigure to fail (can't start nginx) and this error appears in /var/log/gitlab/nginx/error.log:

[emerg] 10097#0: duplicate location "/" in /var/opt/gitlab/nginx/conf/gitlab-http.conf:106

Trying A Specific Location

Alternatively, if I do set a not-already-defined location, then everything under that location simply fails to load with a 404 error. For example:

nginx['custom_gitlab_server_config'] = "location ^~ /dummy-namespace {\ninclude /etc/gitlab/nginx_cors_mixin.conf;\n}\n"

causes http://gitlab.my.company/dummy-namespace to load OK, but http://gitlab.my.company/dummy-namespace/proj1 and http://gitlab.my.company/dummy-namespace/proj2 to return 404.

Other thoughts:

  • I have verified that the nginx config injection works by checking /var/opt/gitlab/nginx/conf/gitlab-http.conf.

nginx_cors_mixin.conf

#
# Enable CORS header support
#
# Taken without shame from
# https://gist.github.com/Stanback/7145487
#

# For testing, we'll only allow CORS from:
#   + 192.168.11.30

set $cors '';
if ($http_origin ~ '^http://192\.168\.11\.30$') {
        set $cors 'true';
}

if ($cors = 'true') {
        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;

        # required to be able to read Authorization header in frontend
        #add_header 'Allow-Control-Expose-Headers' 'Authorization' always;
}

if ($request_method = 'OPTIONS') {
        # Tell the client that this pre-flight info is valid for 20 days
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
}