Allow nginx insertion to the root location

Description

Being able to insert custom nginx config into the GitLab server block and the general nginx config is pretty awesome.

However, if a user wants to insert custom config into either of the pre-defined locations (/, /assets, and ^/(404|422|500|502)(-custom)?\.html$), they can't do so because nginx returns a "duplication location" error.

A typical usage case for this would be to allow CORS for the entire site.

Proposal

Add another line to gitlab.rb akin to nginx[custom_gitlab_root_config] that inserts strings into the root / location block of /var/opt/gitlab/nginx/conf/gitlab-http.conf.

For example:

nginx['custom_gitlab_root_config'] = "  include /etc/gitlab/nginx_cors_mixin.conf;\n"

would result in gitlab-http.conf having:

location / {
  proxy_cache off;
  proxy_pass  http://gitlab-workhorse;
  include /etc/gitlab/nginx_cors_mixin.conf;
}

Question: How should the other pre-defined locations (/assets and the error pages) be handled? It's possible to make separate gitlab.rb config keys for each of them, but that would not scale well if more pre-defined locations are added.

Links / references

• gitlab-ce#30619
• !1463 (merged)

Documentation blurb

Inserting custom NGINX settings into the GitLab root / location block

If you need to add custom settings into the NGINX root / block for GitLab, you can use the following setting:

# Example: include a nginx config file
nginx['custom_gitlab_root_config'] = "include /etc/gitlab/my_custom_nginx_config.conf;\n"

Run sudo gitlab-ctl reconfigure to rewrite the NGINX config and restart NGINX.

Example: Adding CORS to your entire gitlab server

1. Create a NGINX configuration mixin file. Let's call it /etc/gitlab/nginx_cors_mixin.conf:

   # nginx_cors_mixin.conf
   # modified from https://gist.github.com/Stanback/7145487
   set $cors '';
   if ($http_origin ! '^https?://your-website-regex$') {
     set $cors 'true';
   }
   if ($cors = 'true') {
       add_header 'Access-Control-Allow-Origin' "$http_origin" always;
       add_header 'Access-Control-Allow-Credentials' 'true' always;
       # Note: you'll probably want to edit this next line for security reasons.
       add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
       add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
   }
   if ($request_method = 'OPTIONS') {
       # Tell the client that this pre-flight info is valid for 20 days
       add_header 'Access-Control-Max-Age' 1728000;
       add_header 'Content-Type' 'text/plain charset=UTF-8';
       add_header 'Content-Length' 0;
       return 204;
   }

2. Update your gitlab.rb file:

   nginx['custom_gitlab_root_config'] = "include /etc/gitlab/nginx_cors_mixin.conf;\n"

3. Reconfigure gitlab: sudo gitlab-ctl reconfigure.