1. 21 Sep, 2018 1 commit
  2. 31 May, 2018 1 commit
  3. 25 Jan, 2018 1 commit
  4. 10 Aug, 2017 1 commit
  5. 03 Mar, 2017 2 commits
  6. 01 Mar, 2017 1 commit
  7. 12 Dec, 2016 1 commit
  8. 08 Aug, 2016 1 commit
  9. 12 Jul, 2016 1 commit
    • Jacob Vosmaer's avatar
      Defend against 'Host' header injection · 47b5b441
      Jacob Vosmaer authored
      Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17877 .
      
      This change adds 'defense in depth' against 'Host' HTTP header
      injection. It affects normal users in the following way. Suppose your
      GitLab server has IP address 1.2.3.4 and hostname gitlab.example.com.
      Currently, if you enter 1.2.3.4 in your browser, you get redirected to
      1.2.3.4/users/sign_in. After this change, you get redirected from
      1.2.3.4 to gitlab.example.com/users/sign_in. This is because the
      address you typed in the address bar of your browser ('1.2.3.4'),
      which gets stored in the 'Host' header, is now being overwritten to
      'gitlab.example.com' in NGINX.
      
      In this change we also make NGINX clear the 'X-Forwarded-Host' header
      because Ruby on Rails also uses that header the same wayas the 'Host'
      header.
      
      We think that for most GitLab servers this is the right behavior, and
      if not then administrators can change this behavior themselves at the
      NGINX level.
      47b5b441
  10. 22 Apr, 2016 1 commit
  11. 11 Mar, 2016 1 commit
  12. 11 Dec, 2015 1 commit
  13. 06 Dec, 2015 1 commit
  14. 27 Nov, 2015 2 commits
  15. 19 Nov, 2015 1 commit
  16. 18 Nov, 2015 1 commit
  17. 16 Nov, 2015 1 commit
  18. 10 Nov, 2015 2 commits
  19. 29 Oct, 2015 1 commit
  20. 14 Oct, 2015 1 commit
  21. 08 Oct, 2015 1 commit
  22. 07 Sep, 2015 2 commits
    • Jacob Vosmaer's avatar
      The good stuff needs NGINX 1.7.11 · 783791fd
      Jacob Vosmaer authored
      783791fd
    • Jacob Vosmaer's avatar
      Do not let NGINX buffer Git HTTP requests · 8d59b1ac
      Jacob Vosmaer authored
      Before this change NGINX would convert a chunked HTTP POST (e.g.
      git push) into a HTTP 1.0 single large POST. This creates an
      unnecessary delay, and it creates unnecessary memory pressure on
      gitlab-git-http-server.
      
      For the response ('proxy_buffering') I am less sure that NGINX 's
      buffering behavior is harmful, but it still makes more sense to me
      not to interfere with gitlab-git-http-server (and the Golang net/http
      server).
      8d59b1ac
  23. 31 Aug, 2015 1 commit
  24. 28 Jul, 2015 1 commit
    • Jacob Vosmaer's avatar
      Experimental support for gitlab-git-http-server · d3305df7
      Jacob Vosmaer authored
      https://gitlab.com/gitlab-org/gitlab-git-http-server
      
      This change introduces the GITLAB_GRACK_AUTH_ONLY environment
      variable. When set, Grack requests to GitLab will only respond with
      the user's GL_ID (if the request is OK) or an error. This allows
      gitlab-git-http-server to use the main GitLab application as an
      authentication and authorization backend.
      
      If we like how this works we should drop the GITLAB_GRACK_AUTH_ONLY
      variable at some point in the future.
      d3305df7
  25. 15 Jun, 2015 1 commit
  26. 11 Jun, 2015 1 commit
  27. 03 Mar, 2015 1 commit
  28. 20 Feb, 2015 3 commits
  29. 01 Jan, 2015 2 commits
  30. 03 Dec, 2014 1 commit
  31. 25 Nov, 2014 1 commit
  32. 09 Nov, 2014 1 commit
  33. 03 Nov, 2014 1 commit
    • Hugo Osvaldo Barrera's avatar
      Don't enable IPv4 *only* on nginx. · e3098b69
      Hugo Osvaldo Barrera authored
      The current configuration sample files only enable IPv4 by default, making the
      server inaccesible for many remote hosts (and an increasing amount every day).
      
      Enable IPv4 and IPv6 by default. Older servers with no external IPv6
      connectivity will not fail since they'll have a local-link IPv6 address to bind
      to anyway.
      e3098b69