Documenting how to setup CORS with an Example for ease of use (follow-up to gitlab-foss 50125) (#5425) · Issues · GitLab.org / omnibus-gitlab

Documenting how to setup CORS with an Example for ease of use (follow-up to gitlab-foss 50125)

This is a follow-up to gitlab-foss#50125 (closed)

We need to enable CORS on a self-managed GitLab instance.

In the aforelinked issue, @adornala recommended to edit application.rb but I don't have this file in /etc/gitlab -- there are over a dozen application.rb files in my OmniBus installation -- is it /opt/gitlab/embedded/service/gitlab-rails/config/application.rb ? What is that file and is it okay for us to edit it directly?

We tried adding the following to /etc/gitlab/gitlab.rb:

nginx['custom_gitlab_server_config'] = "location / {\n add_header 'Access-Control-Allow-Origin' '^https?://(localhost|example\.com)' always;\n}\n"

but after reconfiguring GitLab, nginx would not start, it logged this error:

2020/06/04 21:20:10 [emerg] 22983#0: duplicate location "/" in /var/opt/gitlab/nginx/conf/gitlab-http.conf:157

Which is, of course, what https://docs.gitlab.com/omnibus/settings/nginx.html#notes says would happen:

You cannot add the root / location or the /assets location as those already exist in gitlab-http.conf

So how do we allow CORS? Could you please provide a simple example?

(I've replaced our actual domain with example.com in the gitlab.rb config snippet above.)

@idododu provided a temp workaround in #2198 (comment 36030108) but @balasankarc said in #2198 (comment 111301380) that heavy customizations of nginx config are better done in an external nginx instance.

I would like to be able to handle enabling CORS within gitlab.rb as administering an external nginx instance would increase complexity. Can the temp workaround @idododu offered adversely affect other services?

This is a follow-up to https://gitlab.com/gitlab-org/gitlab-foss/-/issues/50125

We need to enable CORS on a self-managed GitLab instance.

In the aforelinked issue, @adornala recommended to edit `application.rb` but I don't have this file in `/etc/gitlab` -- there are over a dozen `application.rb` files in my OmniBus installation -- is it `/opt/gitlab/embedded/service/gitlab-rails/config/application.rb` ?   What is that file and is it okay for us to edit it directly?

We tried adding the following to `/etc/gitlab/gitlab.rb`:

```
nginx['custom_gitlab_server_config'] = "location / {\n add_header 'Access-Control-Allow-Origin' '^https?://(localhost|example\.com)' always;\n}\n" 
```

but after reconfiguring GitLab, nginx would not start, it logged this error:

```
2020/06/04 21:20:10 [emerg] 22983#0: duplicate location "/" in /var/opt/gitlab/nginx/conf/gitlab-http.conf:157
```

Which is, of course, what https://docs.gitlab.com/omnibus/settings/nginx.html#notes says would happen:

> You cannot add the root `/` location or the `/assets` location as those already exist in `gitlab-http.conf`

So how do we allow CORS?  Could you please provide a simple example?

(I've replaced our actual domain with `example.com` in the `gitlab.rb` config snippet above.)

@idododu provided a temp workaround in https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/2198#note_36030108 but @balasankarc said in https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/2198#note_111301380 that heavy customizations of nginx config are better done in an external nginx instance.

I would like to be able to handle enabling CORS within `gitlab.rb` as administering an external nginx instance would increase complexity. Can the temp workaround @idododu offered adversely affect other services?

Edited Jun 05, 2020 by Aleksey Tsalolikhin