gitlab.rb.template 134 KB
Newer Older
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
1
## GitLab configuration settings
2
3
##! This file is generated during initial installation and **is not** modified
##! during upgrades.
Marin Jankovski's avatar
Marin Jankovski committed
4
##! Check out the latest version of this file to know about the different
5
6
7
8
9
##! settings that can be configured, when they were introduced and why:
##! https://gitlab.com/gitlab-org/omnibus-gitlab/blame/master/files/gitlab-config-template/gitlab.rb.template

##! Locally, the complete template corresponding to the installed version can be found at:
##! /opt/gitlab/etc/gitlab.rb.template
10

11
12
13
14
15
16
17
18
19
20
##! You can run `gitlab-ctl diff-config` to compare the contents of the current gitlab.rb with
##! the gitlab.rb.template from the currently running version.

##! You can run `gitlab-ctl show-config` to display the configuration that will be generated by
##! running `gitlab-ctl reconfigure`

##! In general, the values specified here should reflect what the default value of the attribute will be.
##! There are instances where this behavior is not possible or desired. For example, when providing passwords,
##! or connecting to third party services.
##! In those instances, we endeavour to provide an example configuration.
Marin Jankovski's avatar
Marin Jankovski committed
21

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
22
23
24
25
## GitLab URL
##! URL on which GitLab will be reachable.
##! For more details on configuring external_url see:
##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
26
27
28
29
30
31
##!
##! Note: During installation/upgrades, the value of the environment variable
##! EXTERNAL_URL will be used to populate/replace this value.
##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP
##! address from AWS. For more details, see:
##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
32
external_url 'GENERATED_EXTERNAL_URL'
33

34
## Roles for multi-instance GitLab
35
36
##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.
##! Options:
37
##!   redis_sentinel_role redis_master_role redis_replica_role geo_primary_role geo_secondary_role
38
##!   postgres_role consul_role application_role monitoring_role
Sascha Szott's avatar
Sascha Szott committed
39
##! For more details on each role, see:
40
##! https://docs.gitlab.com/omnibus/roles/README.html#roles
41
##!
42
# roles ['redis_sentinel_role', 'redis_master_role']
43

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
## Legend
##! The following notations at the beginning of each line may be used to
##! differentiate between components of this file and to easily select them using
##! a regex.
##! ## Titles, subtitles etc
##! ##! More information - Description, Docs, Links, Issues etc.
##! Configuration settings have a single # followed by a single space at the
##! beginning; Remove them to enable the setting.

##! **Configuration settings below are optional.**


################################################################################
################################################################################
##                Configuration Settings for GitLab CE and EE                 ##
################################################################################
################################################################################

################################################################################
## gitlab.yml configuration
##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
################################################################################
66
# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
67
# gitlab_rails['gitlab_ssh_user'] = ''
68
# gitlab_rails['time_zone'] = 'UTC'
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
69

70
71
72
73
74
### Rails asset / CDN host
###! Defines a url for a host/cdn to use for the Rails assets
###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#set-a-content-delivery-network-url
# gitlab_rails['cdn_host'] = 'https://mycdnsubdomain.fictional-cdn.com'

75
76
### Request duration
###! Tells the rails application how long it has to complete a request
77
###! This value needs to be lower than the worker timeout set in puma.
78
###! By default, we'll allow 95% of the the worker timeout
79
# gitlab_rails['max_request_duration_seconds'] = 57
80

81
82
83
84
85
86
87
88
89
90
91
92
93
### GitLab email server settings
###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
###! **Use smtp instead of sendmail/postfix.**

# gitlab_rails['smtp_enable'] = true
# gitlab_rails['smtp_address'] = "smtp.server"
# gitlab_rails['smtp_port'] = 465
# gitlab_rails['smtp_user_name'] = "smtp user"
# gitlab_rails['smtp_password'] = "smtp password"
# gitlab_rails['smtp_domain'] = "example.com"
# gitlab_rails['smtp_authentication'] = "login"
# gitlab_rails['smtp_enable_starttls_auto'] = true
# gitlab_rails['smtp_tls'] = false
94
# gitlab_rails['smtp_pool'] = false
95

96
97
98
99
100
101
102
###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
# gitlab_rails['smtp_openssl_verify_mode'] = 'none'

# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
103
### Email Settings
104

105
# gitlab_rails['gitlab_email_enabled'] = true
106
107
108

##! If your SMTP server does not like the default 'From: gitlab@gitlab.example.com'
##! can change the 'From' with this setting.
109
# gitlab_rails['gitlab_email_from'] = 'example@example.com'
110
# gitlab_rails['gitlab_email_display_name'] = 'Example'
Stan Hu's avatar
Stan Hu committed
111
# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
112
# gitlab_rails['gitlab_email_subject_suffix'] = ''
Diego Louzán's avatar
Diego Louzán committed
113
114
115
# gitlab_rails['gitlab_email_smime_enabled'] = false
# gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'
# gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
116
# gitlab_rails['gitlab_email_smime_ca_certs_file'] = '/etc/gitlab/ssl/gitlab_smime_cas.crt'
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
117

nerro's avatar
nerro committed
118
### GitLab user privileges
119
120
# gitlab_rails['gitlab_default_can_create_group'] = true
# gitlab_rails['gitlab_username_changing_enabled'] = true
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
121
122

### Default Theme
123
124
125
126
127
128
129
130
131
132
133
### Available values:
##! `1`  for Indigo
##! `2`  for Dark
##! `3`  for Light
##! `4`  for Blue
##! `5`  for Green
##! `6`  for Light Indigo
##! `7`  for Light Blue
##! `8`  for Light Green
##! `9`  for Red
##! `10` for Light Red
134
# gitlab_rails['gitlab_default_theme'] = 2
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
135
136

### Default project feature settings
137
138
139
# gitlab_rails['gitlab_default_projects_features_issues'] = true
# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
# gitlab_rails['gitlab_default_projects_features_wiki'] = true
140
# gitlab_rails['gitlab_default_projects_features_snippets'] = true
141
# gitlab_rails['gitlab_default_projects_features_builds'] = true
142
# gitlab_rails['gitlab_default_projects_features_container_registry'] = true
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
143
144

### Automatic issue closing
145
###! See https://docs.gitlab.com/ee/customization/issue_closing.html for more
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
146
###! information about this pattern.
147
# gitlab_rails['gitlab_issue_closing_pattern'] = "\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
148
149
150
151

### Download location
###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file
###! is created in the following directory.
152
###! Should not be the same path, or a sub directory of any of the `git_data_dirs`
153
# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
154
155

### Gravatar Settings
156
157
# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
158

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
159
160
161
162
### Auxiliary jobs
###! Periodically executed jobs, to self-heal Gitlab, do external
###! synchronizations, etc.
###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
163
###!       https://docs.gitlab.com/ee/ci/yaml/README.html#artifactsexpire_in
164
# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"
165
# gitlab_rails['expire_build_artifacts_worker_cron'] = "*/7 * * * *"
166
# gitlab_rails['environments_auto_stop_cron_worker_cron'] = "24 * * * *"
167
# gitlab_rails['pipeline_schedule_worker_cron'] = "19 * * * *"
168
# gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"
169
170
# gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
171
# gitlab_rails['personal_access_tokens_expiring_worker_cron'] = "0 1 * * *"
172
# gitlab_rails['personal_access_tokens_expired_notification_worker_cron'] = "0 2 * * *"
173
# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"
174
# gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *"
175
# gitlab_rails['pages_domain_ssl_renewal_cron_worker'] = "*/10 * * * *"
176
# gitlab_rails['pages_domain_removal_cron_worker'] = "47 0 * * *"
177
# gitlab_rails['remove_unaccepted_member_invites_cron_worker'] = "10 15 * * *"
178
# gitlab_rails['schedule_migrate_external_diffs_worker_cron'] = "15 * * * *"
179
# gitlab_rails['ci_platform_metrics_update_cron_worker'] = '47 9 * * *'
180
# gitlab_rails['analytics_usage_trends_count_job_trigger_worker_cron'] = "50 23 */1 * *"
181
# gitlab_rails['member_invitation_reminder_emails_worker_cron'] = "0 0 * * *"
182
# gitlab_rails['user_status_cleanup_batch_worker_cron'] = "* * * * *"
183
# gitlab_rails['namespaces_in_product_marketing_emails_worker_cron'] = "0 9 * * *"
184
185
# gitlab_rails['ssh_keys_expired_notification_worker_cron'] = "0 2 * * *"
# gitlab_rails['ssh_keys_expiring_soon_notification_worker_cron'] = "0 1 * * *"
186
# gitlab_rails['loose_foreign_keys_cleanup_worker_cron'] = "*/5 * * * *"
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
187
188
189
190

### Webhook Settings
###! Number of seconds to wait for HTTP response after sending webhook HTTP POST
###! request (default: 10)
191
# gitlab_rails['webhook_timeout'] = 10
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
192

193
194
195
### GraphQL Settings
###! Tells the rails application how long it has to complete a GraphQL request.
###! We suggest this value to be higher than the database timeout value
196
###! and lower than the worker timeout set in puma. (default: 30)
197
198
# gitlab_rails['graphql_timeout'] = 30

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
199
200
201
202
203
### Trusted proxies
###! Customize if you have GitLab behind a reverse proxy which is running on a
###! different machine.
###! **Add the IP address for your reverse proxy to the list, otherwise users
###!   will appear signed in from that address.**
204
# gitlab_rails['trusted_proxies'] = []
205

206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
### Content Security Policy
####! Customize if you want to enable the Content-Security-Policy header, which
####! can help thwart JavaScript cross-site scripting (XSS) attacks.
####! See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# gitlab_rails['content_security_policy'] = {
#  'enabled' => false,
#  'report_only' => false,
#  # Each directive is a String (e.g. "'self'").
#  'directives' => {
#    'base_uri' => nil,
#    'child_src' => nil,
#    'connect_src' => nil,
#    'default_src' => nil,
#    'font_src' => nil,
#    'form_action' => nil,
#    'frame_ancestors' => nil,
#    'frame_src' => nil,
#    'img_src' => nil,
#    'manifest_src' => nil,
#    'media_src' => nil,
#    'object_src' => nil,
#    'script_src' => nil,
#    'style_src' => nil,
#    'worker_src' => nil,
#    'report_uri' => nil,
#  }
# }

234
235
236
237
238
### Allowed hosts
###! Customize the `host` headers that should be catered by the Rails
###! application. By default, everything is allowed.
# gitlab_rails['allowed_hosts'] = []

239
240
### Monitoring settings
###! IP whitelist controlling access to monitoring endpoints
Ben Kochie's avatar
Ben Kochie committed
241
# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']
242

243
244
245
246
247
### Shutdown settings
###! Defines an interval to block healthcheck,
###! but continue accepting application requests.
# gitlab_rails['shutdown_blackout_seconds'] = 10

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
248
249
250
### Reply by email
###! Allow users to comment on issues and merge requests by replying to
###! notification emails.
251
###! Docs: https://docs.gitlab.com/ee/administration/reply_by_email.html
252
# gitlab_rails['incoming_email_enabled'] = true
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
253
254
255
256
257
258

#### Incoming Email Address
####! The email address including the `%{key}` placeholder that will be replaced
####! to reference the item being replied to.
####! **The placeholder can be omitted but if present, it must appear in the
####!   "user" part of the address (before the `@`).**
259
# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
260
261
262
263
264

#### Email account username
####! **With third party providers, this is usually the full email address.**
####! **With self-hosted email servers, this is usually the user part of the
####!   email address.**
265
# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
266
267

#### Email account password
268
# gitlab_rails['incoming_email_password'] = "[REDACTED]"
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
269
270

#### IMAP Settings
271
272
273
274
# gitlab_rails['incoming_email_host'] = "imap.gmail.com"
# gitlab_rails['incoming_email_port'] = 993
# gitlab_rails['incoming_email_ssl'] = true
# gitlab_rails['incoming_email_start_tls'] = false
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
275

charlie ablett's avatar
charlie ablett committed
276
#### Incoming Mailbox Settings (via `mail_room`)
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
277
####! The mailbox where incoming mail will end up. Usually "inbox".
278
# gitlab_rails['incoming_email_mailbox_name'] = "inbox"
279
280
####! The IDLE command timeout.
# gitlab_rails['incoming_email_idle_timeout'] = 60
281
####! The file name for internal `mail_room` JSON logfile
charlie ablett's avatar
charlie ablett committed
282
# gitlab_rails['incoming_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"
283
####! Permanently remove messages from the mailbox when they are marked as deleted after delivery
284
# gitlab_rails['incoming_email_expunge_deleted'] = false
285

286
287
#### Inbox options (for Microsoft Graph)
# gitlab_rails['incoming_email_inbox_method'] = 'microsoft_graph'
288
# gitlab_rails['incoming_email_inbox_options'] = {
289
290
291
292
293
294
#    'tenant_id': 'YOUR-TENANT-ID',
#    'client_id': 'YOUR-CLIENT-ID',
#    'client_secret': 'YOUR-CLIENT-SECRET',
#    'poll_interval': 60  # Optional
# }

295
296
297
298
299
300
301
302
#### How incoming emails are delivered to Rails process. Accept either sidekiq
#### or webhook. The default config is sidekiq.
# gitlab_rails['incoming_email_delivery_method'] = "sidekiq"

#### Token to authenticate webhook requests. The token must be exactly 32 bytes,
#### encoded with base64
# gitlab_rails['incoming_email_auth_token'] = nil

303
304
305
####! The format of mail_room crash logs
# mailroom['exit_log_format'] = "plain"

306
307
308
309
310
311
312
313
314
315
316
317
318
### Consolidated (simplified) object storage configuration
###! This uses a single credential for object storage with multiple buckets.
###! It also enables Workhorse to upload files directly with its own S3 client
###! instead of using pre-signed URLs.
###!
###! This configuration will only take effect if the object_store
###! sections are not defined within the types. For example, enabling
###! gitlab_rails['artifacts_object_store_enabled'] or
###! gitlab_rails['lfs_object_store_enabled'] will prevent the
###! consolidated settings from being used.
###!
###! Be sure to use different buckets for each type of object.
###! Docs: https://docs.gitlab.com/ee/administration/object_storage.html
319
320
321
322
323
324
325
326
327
328
329
# gitlab_rails['object_store']['enabled'] = false
# gitlab_rails['object_store']['connection'] = {}
# gitlab_rails['object_store']['storage_options'] = {}
# gitlab_rails['object_store']['proxy_download'] = false
# gitlab_rails['object_store']['objects']['artifacts']['bucket'] = nil
# gitlab_rails['object_store']['objects']['external_diffs']['bucket'] = nil
# gitlab_rails['object_store']['objects']['lfs']['bucket'] = nil
# gitlab_rails['object_store']['objects']['uploads']['bucket'] = nil
# gitlab_rails['object_store']['objects']['packages']['bucket'] = nil
# gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = nil
# gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = nil
Darby Frey's avatar
Darby Frey committed
330
# gitlab_rails['object_store']['objects']['ci_secure_files']['bucket'] = nil
331

332
### Job Artifacts
333
# gitlab_rails['artifacts_enabled'] = true
334
# gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts"
335
336
337
####! Job artifacts Object Store
####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage
# gitlab_rails['artifacts_object_store_enabled'] = false
338
# gitlab_rails['artifacts_object_store_proxy_download'] = false
339
340
# gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
# gitlab_rails['artifacts_object_store_connection'] = {
341
342
343
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
344
345
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
346
347
348
349
350
351
352
353
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'host' => 's3.amazonaws.com',
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

### External merge request diffs
# gitlab_rails['external_diffs_enabled'] = false
354
# gitlab_rails['external_diffs_when'] = nil
355
356
357
358
359
360
361
362
363
# gitlab_rails['external_diffs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/external-diffs"
# gitlab_rails['external_diffs_object_store_enabled'] = false
# gitlab_rails['external_diffs_object_store_proxy_download'] = false
# gitlab_rails['external_diffs_object_store_remote_directory'] = "external-diffs"
# gitlab_rails['external_diffs_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
364
#   # # The below options configure an S3 compatible host instead of AWS
365
366
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
367
368
#   # 'host' => 's3.amazonaws.com',
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
369
# }
370

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
371
### Git LFS
372
# gitlab_rails['lfs_enabled'] = true
373
# gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"
Mike Kozono's avatar
Mike Kozono committed
374
# gitlab_rails['lfs_object_store_enabled'] = false
375
# gitlab_rails['lfs_object_store_proxy_download'] = false
376
377
378
379
380
381
382
# gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects"
# gitlab_rails['lfs_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
383
384
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
385
386
387
#   # 'host' => 's3.amazonaws.com',
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }
388

Micaël Bergeron's avatar
Micaël Bergeron committed
389
### GitLab uploads
390
###! Docs: https://docs.gitlab.com/ee/administration/uploads.html
391
# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
392
# gitlab_rails['uploads_storage_path'] = "/opt/gitlab/embedded/service/gitlab-rails/public"
393
# gitlab_rails['uploads_base_dir'] = "uploads/-/system"
Mike Kozono's avatar
Mike Kozono committed
394
# gitlab_rails['uploads_object_store_enabled'] = false
395
# gitlab_rails['uploads_object_store_proxy_download'] = false
396
397
398
399
400
401
402
# gitlab_rails['uploads_object_store_remote_directory'] = "uploads"
# gitlab_rails['uploads_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
403
#   # 'host' => 's3.amazonaws.com',
404
405
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
406
407
408
409
410
411
412
413
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

### Terraform state
###! Docs: https://docs.gitlab.com/ee/administration/terraform_state
# gitlab_rails['terraform_state_enabled'] = true
# gitlab_rails['terraform_state_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/terraform_state"
# gitlab_rails['terraform_state_object_store_enabled'] = false
414
# gitlab_rails['terraform_state_object_store_remote_directory'] = "terraform"
415
416
417
418
419
420
421
# gitlab_rails['terraform_state_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'host' => 's3.amazonaws.com',
422
423
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
424
425
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }
426

Darby Frey's avatar
Darby Frey committed
427
### CI Secure Files
428
# gitlab_rails['ci_secure_files_enabled'] = false
Darby Frey's avatar
Darby Frey committed
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
# gitlab_rails['ci_secure_files_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/ci_secure_files"
# gitlab_rails['ci_secure_files_object_store_enabled'] = false
# gitlab_rails['ci_secure_files_object_store_remote_directory'] = "ci-secure-files"
# gitlab_rails['ci_secure_files_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'host' => 's3.amazonaws.com',
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

444
445
446
447
448
449
450
451
452
453
454
455
456
457
### GitLab Pages
# gitlab_rails['pages_object_store_enabled'] = false
# gitlab_rails['pages_object_store_remote_directory'] = "pages"
# gitlab_rails['pages_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'host' => 's3.amazonaws.com',
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }
458
459
# gitlab_rails['pages_local_store_enabled'] = true
# gitlab_rails['pages_local_store_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
460

461
462
463
### Impersonation settings
# gitlab_rails['impersonation_enabled'] = true

464
465
466
### Application settings cache expiry in seconds. (default: 60)
# gitlab_rails['application_settings_cache_seconds'] = 60

467
468
469
### Usage Statistics
# gitlab_rails['usage_ping_enabled'] = true

470
471
472
473
474
### GitLab Mattermost
###! These settings are void if Mattermost is installed on the same omnibus
###! install
# gitlab_rails['mattermost_host'] = "https://mattermost.example.com"

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
475
476
477
478
### LDAP Settings
###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html
###! **Be careful not to break the indentation in the ldap_servers block. It is
###!   in yaml format and the spaces must be retained. Using tabs will not work.**
479
480

# gitlab_rails['ldap_enabled'] = false
481
# gitlab_rails['prevent_ldap_sign_in'] = false
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
482
483
484

###! **remember to close this block with 'EOS' below**
# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
485
486
487
#   main: # 'main' is the GitLab 'provider ID' of this LDAP server
#     label: 'LDAP'
#     host: '_your_ldap_server'
488
#     port: 389
489
490
491
#     uid: 'sAMAccountName'
#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
#     password: '_the_password_of_the_bind_user'
Mike Kozono's avatar
Mike Kozono committed
492
493
#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
#     verify_certificates: true
494
#     smartcard_auth: false
495
496
#     active_directory: true
#     allow_username_or_email_login: false
497
#     lowercase_usernames: false
498
#     block_auto_created_users: false
499
500
501
502
503
504
505
506
507
508
#     base: ''
#     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
#
#   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
#     label: 'LDAP'
#     host: '_your_ldap_server'
509
#     port: 389
510
511
512
#     uid: 'sAMAccountName'
#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
#     password: '_the_password_of_the_bind_user'
Mike Kozono's avatar
Mike Kozono committed
513
514
#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
#     verify_certificates: true
515
#     smartcard_auth: false
516
517
#     active_directory: true
#     allow_username_or_email_login: false
518
#     lowercase_usernames: false
519
#     block_auto_created_users: false
520
521
522
523
524
525
#     base: ''
#     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
526
527
# EOS

528
529
530
531
### Smartcard authentication settings
###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html
# gitlab_rails['smartcard_enabled'] = false
# gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem"
532
# gitlab_rails['smartcard_client_certificate_required_host'] = 'smartcard.gitlab.example.com'
533
# gitlab_rails['smartcard_client_certificate_required_port'] = 3444
534
# gitlab_rails['smartcard_required_for_git_access'] = false
535
# gitlab_rails['smartcard_san_extensions'] = false
536

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
537
### OmniAuth Settings
538
###! Docs: https://docs.gitlab.com/ee/integration/omniauth.html
Nick Thomas's avatar
Nick Thomas committed
539
# gitlab_rails['omniauth_enabled'] = nil
540
# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
541
# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
542
543
# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
544
# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
545
# gitlab_rails['omniauth_block_auto_created_users'] = true
546
# gitlab_rails['omniauth_auto_link_ldap_user'] = false
547
# gitlab_rails['omniauth_auto_link_saml_user'] = false
548
# gitlab_rails['omniauth_auto_link_user'] = ['saml']
549
# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
550
# gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']
551
552
553
554
555
556
557
558
# gitlab_rails['omniauth_providers'] = [
#   {
#     "name" => "google_oauth2",
#     "app_id" => "YOUR APP ID",
#     "app_secret" => "YOUR APP SECRET",
#     "args" => { "access_type" => "offline", "approval_prompt" => "" }
#   }
# ]
559
# gitlab_rails['omniauth_cas3_session_duration'] = 28800
560
# gitlab_rails['omniauth_saml_message_max_byte_size'] = 250000
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
561

562
563
564
565
566
567
568
### FortiAuthenticator authentication settings
# gitlab_rails['forti_authenticator_enabled'] = false
# gitlab_rails['forti_authenticator_host'] = 'forti_authenticator.example.com'
# gitlab_rails['forti_authenticator_port'] = 443
# gitlab_rails['forti_authenticator_username'] = 'admin'
# gitlab_rails['forti_authenticator_access_token'] = 's3cr3t'

569
570
571
572
573
### FortiToken Cloud authentication settings
# gitlab_rails['forti_token_cloud_enabled'] = false
# gitlab_rails['forti_token_cloud_client_id'] = 'forti_token_cloud_client_id'
# gitlab_rails['forti_token_cloud_client_secret'] = 's3cr3t'

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
574
575
### Backup Settings
###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
576

Marin Jankovski's avatar
Marin Jankovski committed
577
# gitlab_rails['manage_backup_path'] = true
578
# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
579
# gitlab_rails['backup_gitaly_backup_path'] = "/opt/gitlab/embedded/bin/gitaly-backup"
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
580

581
###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
582
583
# gitlab_rails['backup_archive_permissions'] = 0644

584
# gitlab_rails['backup_pg_schema'] = 'public'
585
586

###! The duration in seconds to keep backups before they are allowed to be deleted
587
# gitlab_rails['backup_keep_time'] = 604800
588

589
590
591
592
# gitlab_rails['backup_upload_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AKIAKIAKI',
593
594
595
#   'aws_secret_access_key' => 'secret123',
#   # # If IAM profile use is enabled, remove aws_access_key_id and aws_secret_access_key
#   'use_iam_profile' => false
596
597
# }
# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
598
# gitlab_rails['backup_multipart_chunk_size'] = 104857600
599

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
600
601
602
###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
###!   backups**
# gitlab_rails['backup_encryption'] = 'AES256'
603
604
605
606
###! The encryption key to use with AWS Server-Side Encryption.
###! Setting this value will enable Server-Side Encryption with customer provided keys;
###!   otherwise S3-managed keys are used.
# gitlab_rails['backup_encryption_key'] = '<base64-encoded encryption key>'
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
607

Stan Hu's avatar
Stan Hu committed
608
609
610
611
612
613
###! **Turns on AWS Server-Side Encryption with Amazon SSE-KMS (AWS managed but customer-master key)
# gitlab_rails['backup_upload_storage_options'] = {
#  'server_side_encryption' => 'aws:kms',
#  'server_side_encryption_kms_key_id' => 'arn:aws:kms:YOUR-KEY-ID-HERE'
# }

614
###! **Specifies Amazon S3 storage class to use for backups. Valid values
615
###!   include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**
616
617
# gitlab_rails['backup_storage_class'] = 'STANDARD'

618
###! Skip parts of the backup. Comma separated.
619
620
621
622
###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
#gitlab_rails['env'] = {
#    "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"
#}
623

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
624
### For setting up different data storing directory
625
###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#store-git-data-in-an-alternative-directory
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
626
627
###! **If you want to use a single non-default directory to store git data use a
###!   path that doesn't contain symlinks.**
628
629
# git_data_dirs({
#   "default" => {
630
#     "path" => "/mnt/nfs-01/git-data"
631
632
#    }
# })
Marin Jankovski's avatar
Marin Jankovski committed
633
634

### Gitaly settings
635
# gitlab_rails['gitaly_token'] = 'secret token'
636

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
637
### For storing GitLab application uploads, eg. LFS objects, build artifacts
638
###! Docs: https://docs.gitlab.com/ee/development/shared_files.html
639
640
# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'

641
642
643
644
### For storing encrypted configuration files
###! Docs: https://docs.gitlab.com/ee/administration/encrypted_configuration.html
# gitlab_rails['encrypted_settings_path'] = '/var/opt/gitlab/gitlab-rails/shared/encrypted_settings'

645
### Wait for file system to be mounted
646
###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-file-system-is-mounted
647
648
# high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
649
### GitLab Shell settings for GitLab
650
# gitlab_rails['gitlab_shell_ssh_port'] = 22
651
# gitlab_rails['gitlab_shell_git_timeout'] = 800
652

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
653
### Extra customization
654
# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
655
# gitlab_rails['extra_google_tag_manager_id'] = '_your_tracking_id'
Axel García's avatar
Axel García committed
656
# gitlab_rails['extra_one_trust_id'] = '_your_one_trust_id'
657
# gitlab_rails['extra_google_tag_manager_nonce_id'] = '_your_google_tag_manager_id'
Lauren Barker's avatar
Lauren Barker committed
658
# gitlab_rails['extra_bizible'] = false
Katrin Leinweber's avatar
Katrin Leinweber committed
659
660
# gitlab_rails['extra_matomo_url'] = '_your_matomo_url'
# gitlab_rails['extra_matomo_site_id'] = '_your_matomo_site_id'
661
# gitlab_rails['extra_matomo_disable_cookies'] = false
662

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
663
##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html
664
665
666
667
# gitlab_rails['env'] = {
#   'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
#   'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
# }
668

669
# gitlab_rails['rack_attack_git_basic_auth'] = {
670
#   'enabled' => false,
671
672
673
674
675
676
#   'ip_whitelist' => ["127.0.0.1"],
#   'maxretry' => 10,
#   'findtime' => 60,
#   'bantime' => 3600
# }

677
678
679
# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"

680
#### Change the initial default admin password and shared runner registration tokens.
681
####! **Only applicable on initial setup, changing these settings after database
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
682
####!   is created and seeded won't yield any change.**
683
# gitlab_rails['initial_root_password'] = "password"
684
# gitlab_rails['initial_shared_runners_registration_token'] = "token"
685

686
687
688
#### Toggle if root password should be printed to STDOUT during initialization
# gitlab_rails['display_initial_root_password'] = false

689
690
691
#### Toggle if initial root password should be written to /etc/gitlab/initial_root_password
# gitlab_rails['store_initial_root_password'] = true

692
693
694
#### Set path to an initial license to be used while bootstrapping GitLab.
####! **Only applicable on initial setup, future license updations need to be done via UI.
####! Updating the file specified in this path won't yield any change after the first reconfigure run.
DJ Mountney's avatar
DJ Mountney committed
695
# gitlab_rails['initial_license_file'] = '/etc/gitlab/company.gitlab-license'
696

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
697
#### Enable or disable automatic database migrations
698
699
# gitlab_rails['auto_migrate'] = true

700
701
702
703
#### This is advanced feature used by large gitlab deployments where loading
#### whole RAILS env takes a lot of time.
# gitlab_rails['rake_cache_clear'] = true

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
704
705
706
### GitLab database settings
###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
###! **Only needed if you use an external database.**
707
708
# gitlab_rails['db_adapter'] = "postgresql"
# gitlab_rails['db_encoding'] = "unicode"
Ben Bodenmiller's avatar
Ben Bodenmiller committed
709
# gitlab_rails['db_collation'] = nil
710
711
712
713
714
715
# gitlab_rails['db_database'] = "gitlabhq_production"
# gitlab_rails['db_username'] = "gitlab"
# gitlab_rails['db_password'] = nil
# gitlab_rails['db_host'] = nil
# gitlab_rails['db_port'] = 5432
# gitlab_rails['db_socket'] = nil
Marin Jankovski's avatar
Marin Jankovski committed
716
# gitlab_rails['db_sslmode'] = nil
717
# gitlab_rails['db_sslcompression'] = 0
Marin Jankovski's avatar
Marin Jankovski committed
718
# gitlab_rails['db_sslrootcert'] = nil
719
720
# gitlab_rails['db_sslcert'] = nil
# gitlab_rails['db_sslkey'] = nil
721
# gitlab_rails['db_prepared_statements'] = false
722
# gitlab_rails['db_statements_limit'] = 1000
723
# gitlab_rails['db_connect_timeout'] = nil
724
725
726
727
728
# gitlab_rails['db_keepalives'] = nil
# gitlab_rails['db_keepalives_idle'] = nil
# gitlab_rails['db_keepalives_interval'] = nil
# gitlab_rails['db_keepalives_count'] = nil
# gitlab_rails['db_tcp_user_timeout'] = nil
729
# gitlab_rails['db_application_name'] = nil
730
# gitlab_rails['db_database_tasks'] = true
731

732

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
733
734
735
### GitLab Redis settings
###! Connect to your own Redis instance
###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
736

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
737
#### Redis TCP connection
738
# gitlab_rails['redis_host'] = "127.0.0.1"
739
# gitlab_rails['redis_port'] = 6379
740
# gitlab_rails['redis_ssl'] = false
741
# gitlab_rails['redis_password'] = nil
742
# gitlab_rails['redis_database'] = 0
743
# gitlab_rails['redis_enable_client'] = true
744

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
745
#### Redis local UNIX socket (will be disabled if TCP method is used)
746
# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
747

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
748
749
750
751
752
753
#### Sentinel support
####! To have Sentinel working, you must enable Redis TCP connection support
####! above and define a few Sentinel hosts below (to get a reliable setup
####! at least 3 hosts).
####! **You don't need to list every sentinel host, but the ones not listed will
####!   not be used in a fail-over situation to query for the new master.**
754
# gitlab_rails['redis_sentinels'] = [
755
756
757
#   {'host' => '127.0.0.1', 'port' => 26379},
# ]

758
759
760
#### Separate instances support
###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances
# gitlab_rails['redis_cache_instance'] = nil
761
# gitlab_rails['redis_cache_sentinels'] = nil
762
# gitlab_rails['redis_queues_instance'] = nil
763
# gitlab_rails['redis_queues_sentinels'] = nil
764
# gitlab_rails['redis_shared_state_instance'] = nil
765
766
767
# gitlab_rails['redis_shared_state_sentinels'] = nil
# gitlab_rails['redis_trace_chunks_instance'] = nil
# gitlab_rails['redis_trace_chunks_sentinels'] = nil
768
769
# gitlab_rails['redis_actioncable_instance'] = nil
# gitlab_rails['redis_actioncable_sentinels'] = nil
770
771
# gitlab_rails['redis_rate_limiting_instance'] = nil
# gitlab_rails['redis_rate_limiting_sentinels'] = nil
772
773
# gitlab_rails['redis_sessions_instance'] = nil
# gitlab_rails['redis_sessions_sentinels'] = nil
774

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
775
776
################################################################################
## Container Registry settings
Khakhana Timachai's avatar
Khakhana Timachai committed
777
##! Docs: https://docs.gitlab.com/ee/administration/packages/container_registry.html
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
778
################################################################################
779

780
# registry_external_url 'https://registry.example.com'
781

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
782
### Settings used by GitLab application
783
784
# gitlab_rails['registry_enabled'] = true
# gitlab_rails['registry_host'] = "registry.gitlab.example.com"
785
# gitlab_rails['registry_port'] = "5005"
786
# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
787

788
789
790
791
792
# Notification secret, it's used to authenticate notification requests to GitLab application
# You only need to change this when you use external Registry service, otherwise
# it will be taken directly from notification settings of your Registry
# gitlab_rails['registry_notification_secret'] = nil

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
793
794
###! **Do not change the following 3 settings unless you know what you are
###!   doing**
Simon Street's avatar
Simon Street committed
795
# gitlab_rails['registry_api_url'] = "http://127.0.0.1:5000"
796
797
798
# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
799
### Settings used by Registry application
800
801
802
803
804
805
# registry['enable'] = true
# registry['username'] = "registry"
# registry['group'] = "registry"
# registry['uid'] = nil
# registry['gid'] = nil
# registry['dir'] = "/var/opt/gitlab/registry"
Simon Street's avatar
Simon Street committed
806
# registry['registry_http_addr'] = "127.0.0.1:5000"
807
# registry['debug_addr'] = "localhost:5001"
808
# registry['log_directory'] = "/var/log/gitlab/registry"
809
# registry['env_directory'] = "/opt/gitlab/etc/registry/env"
810
811
812
# registry['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }
813
# registry['log_level'] = "info"
814
# registry['log_formatter'] = "text"
815
# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
816
# registry['health_storagedriver_enabled'] = true
817
# registry['middleware'] = nil
818
# registry['storage_delete_enabled'] = true
819
# registry['validation_enabled'] = false
820
# registry['autoredirect'] = false
821
# registry['compatibility_schema1_enabled'] = false
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
822
823

### Registry backend storage
824
###! Docs: https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-storage-for-the-container-registry
825
826
# registry['storage'] = {
#   's3' => {
827
828
829
830
831
832
833
834
#     'accesskey' => 's3-access-key',
#     'secretkey' => 's3-secret-key-for-access-key',
#     'bucket' => 'your-s3-bucket',
#     'region' => 'your-s3-region',
#     'regionendpoint' => 'your-s3-regionendpoint'
#   },
#   'redirect' => {
#     'disable' => false
835
836
#   }
# }
837

838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
### Registry notifications endpoints
# registry['notifications'] = [
#   {
#     'name' => 'test_endpoint',
#     'url' => 'https://gitlab.example.com/notify2',
#     'timeout' => '500ms',
#     'threshold' => 5,
#     'backoff' => '1s',
#     'headers' => {
#       "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
#     }
#   }
# ]
### Default registry notifications
# registry['default_notifications_timeout'] = "500ms"
# registry['default_notifications_threshold'] = 5
# registry['default_notifications_backoff'] = "1s"
# registry['default_notifications_headers'] = {}

857
858
859
860
861
################################################################################
## Error Reporting and Logging with Sentry
################################################################################
# gitlab_rails['sentry_enabled'] = false
# gitlab_rails['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
862
# gitlab_rails['sentry_clientside_dsn'] = 'https://<key>@sentry.io/<project>'
863
# gitlab_rails['sentry_environment'] = 'production'
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
864

865
866
867
868
869
870
################################################################################
## CI_JOB_JWT
################################################################################
##! RSA private key used to sign CI_JOB_JWT
# gitlab_rails['ci_jwt_signing_key'] = nil # Will be generated if not set.

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
871
872
################################################################################
## GitLab Workhorse
873
##! Docs: https://gitlab.com/gitlab-org/gitlab/-/blob/master/workhorse/README.md
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
874
################################################################################
875
876
877

# gitlab_workhorse['enable'] = true
# gitlab_workhorse['ha'] = false
878
# gitlab_workhorse['alt_document_root'] = nil
879
880
881
882
883
884
885
886

##! Duration to wait for all requests to finish (e.g. "10s" for 10
##! seconds). By default this is disabled to preserve the existing
##! behavior of fast shutdown. This should not be set higher than 30
##! seconds, since gitlab-ctl will wait up to 30 seconds (as defined by
##! the SVWAIT variable) and report a timeout error if the process has
##! not shut down.
# gitlab_workhorse['shutdown_timeout'] = nil
887
888
# gitlab_workhorse['listen_network'] = "unix"
# gitlab_workhorse['listen_umask'] = 000
889
# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/sockets/socket"
890
# gitlab_workhorse['auth_backend'] = "http://localhost:8080"
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
891

Natan Hoppe's avatar
Natan Hoppe committed
892
893
894
##! Enable Redis keywatcher, if this setting is not present it defaults to true
# gitlab_workhorse['workhorse_keywatcher'] = true

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
895
896
897
898
##! the empty string is the default in gitlab-workhorse option parser
# gitlab_workhorse['auth_socket'] = "''"

##! put an empty string on the command line
899
# gitlab_workhorse['pprof_listen_addr'] = "''"
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
900

901
# gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229"
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
902

903
# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"
Jeroen Nijhof's avatar
Jeroen Nijhof committed
904
# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
905
# gitlab_workhorse['proxy_headers_timeout'] = "1m0s"
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
906
907
908
909
910
911
912
913
914
915
916

##! limit number of concurrent API requests, defaults to 0 which is unlimited
# gitlab_workhorse['api_limit'] = 0

##! limit number of API requests allowed to be queued, defaults to 0 which
##! disables queuing
# gitlab_workhorse['api_queue_limit'] = 0

##! duration after which we timeout requests if they sit too long in the queue
# gitlab_workhorse['api_queue_duration'] = "30s"

917
918
919
##! Long polling duration for job requesting for runners
# gitlab_workhorse['api_ci_long_polling_duration'] = "60s"

920
921
922
##! Propagate X-Request-Id if available. Workhorse will generate a random value otherwise.
# gitlab_workhorse['propagate_correlation_id'] = false

923
924
925
926
927
928
929
930
931
932
933
934
##! A list of CIDR blocks to allow for propagation of correlation ID.
##! propagate_correlation_id should also be set to true.
##! For example: %w(127.0.0.1/32 192.168.0.1/32)
# gitlab_workhorse['trusted_cidrs_for_propagation'] = nil

##! A list of CIDR blocks that must match remote IP addresses to use
##! X-Forwarded-For HTTP header for the actual client IP. Used in
##! conjuction with propagate_correlation_id and
##! trusted_cidrs_for_propagation.
##! For example: %w(127.0.0.1/32 192.168.0.1/32)
# gitlab_workhorse['trusted_cidrs_for_x_forwarded_for'] = nil

935
##! Log format: default is json, can also be text or none.
936
937
# gitlab_workhorse['log_format'] = "json"

938
# gitlab_workhorse['env_directory'] = "/opt/gitlab/etc/gitlab-workhorse/env"
939
# gitlab_workhorse['env'] = {
940
941
#   'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
942
# }
943

944
945
946
947
948
949
950
951
952
953
##! Resource limitations for the dynamic image scaler.
##! Exceeding these thresholds will cause Workhorse to serve images in their original size.
##!
##! Maximum number of scaler processes that are allowed to execute concurrently.
##! It is recommended for this not to exceed the number of CPUs available.
# gitlab_workhorse['image_scaler_max_procs'] = 4
##!
##! Maximum file size in bytes for an image to be considered eligible for rescaling
# gitlab_workhorse['image_scaler_max_filesize'] = 250000

954
955
##! Service name used to register GitLab Workhorse as a Consul service
# gitlab_workhorse['consul_service_name'] = 'workhorse'
956
957
##! Semantic metadata used when registering GitLab Workhorse as a Consul service
# gitlab_workhorse['consul_service_meta'] = {}
958

Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
959
960
961
962
963
################################################################################
## GitLab User Settings
##! Modify default git user.
##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group
################################################################################
964

965
966
967
968
# user['username'] = "git"
# user['group'] = "git"
# user['uid'] = nil
# user['gid'] = nil
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
969
970

##! The shell for the git user
971
# user['shell'] = "/bin/sh"
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
972
973

##! The home directory for the git user
974
# user['home'] = "/var/opt/gitlab"
Balasankar 'Balu' C's avatar
Balasankar 'Balu' C committed
975

976
977
# user['git_user_name'] = "GitLab"
# user['git_user_email'] = "gitlab@#{node['fqdn']}"
978

Stan Hu's avatar
Stan Hu committed
979
980
################################################################################
## GitLab Puma
981
982
##! Tweak puma settings.
##! Docs: https://docs.gitlab.com/ee/administration/operations/puma.html
Stan Hu's avatar
Stan Hu committed
983
984
################################################################################

985
# puma['enable'] = true
Stan Hu's avatar
Stan Hu committed
986
987
988
# puma['ha'] = false
# puma['worker_timeout'] = 60
# puma['worker_processes'] = 2
Ben Kochie's avatar
Ben Kochie committed
989
990
# puma['min_threads'] = 4
# puma['max_threads'] = 4
Stan Hu's avatar
Stan Hu committed
991
992
993
994
995

### Advanced settings
# puma['listen'] = '127.0.0.1'
# puma['port'] = 8080
# puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
996
997
# puma['somaxconn'] = 1024

Stan Hu's avatar
Stan Hu committed
998
999
1000
1001
1002
1003
1004
1005
1006
### SSL settings
# puma['ssl_listen'] = nil
# puma['ssl_port'] = nil
# puma['ssl_certificate'] = nil
# puma['ssl_certificate_key'] = nil
# puma['ssl_client_certificate'] = nil
# puma['ssl_cipher_filter'] = nil
# puma['ssl_verify_mode'] = 'none'

Stan Hu's avatar
Stan Hu committed
1007
1008
1009
1010
1011
1012
1013
1014
# puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid'
# puma['state_path'] = '/opt/gitlab/var/puma/puma.state'

###! **We do not recommend changing this setting**
# puma['log_directory'] = "/var/log/gitlab/puma"

### **Only change these settings if you understand well what they mean**
###! Docs: https://github.com/schneems/puma_worker_killer
John Long's avatar
John Long committed
1015
# puma['per_worker_max_memory_mb'] = 1024
Stan Hu's avatar
Stan Hu committed
1016

1017
1018
1019
1020
# puma['exporter_enabled'] = false
# puma['exporter_address'] = "127.0.0.1"
# puma['exporter_port'] = 8083

1021
1022
##! Service name used to register Puma as a Consul service
# puma['consul_service_name'] = 'rails'
1023
1024
##! Semantic metadata used when registering Puma as a Consul service
# puma['consul_service_meta'] = {}