Skip to content
GitLab
Next
    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    Projects Groups Snippets
  • Register
  • Sign in
  • omnibus-gitlab omnibus-gitlab
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 1,106
    • Issues 1,106
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 75
    • Merge requests 75
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Code review
    • Insights
    • Issue
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • GitLab.orgGitLab.org
  • omnibus-gitlabomnibus-gitlab
  • Issues
  • #5425
Closed
Open
Issue created Jun 05, 2020 by Aleksey Tsalolikhin@atsaloli

Documenting how to setup CORS with an Example for ease of use (follow-up to gitlab-foss 50125)

This is a follow-up to gitlab-foss#50125 (closed)

We need to enable CORS on a self-managed GitLab instance.

In the aforelinked issue, @adornala recommended to edit application.rb but I don't have this file in /etc/gitlab -- there are over a dozen application.rb files in my OmniBus installation -- is it /opt/gitlab/embedded/service/gitlab-rails/config/application.rb ? What is that file and is it okay for us to edit it directly?

We tried adding the following to /etc/gitlab/gitlab.rb:

nginx['custom_gitlab_server_config'] = "location / {\n add_header 'Access-Control-Allow-Origin' '^https?://(localhost|example\.com)' always;\n}\n" 

but after reconfiguring GitLab, nginx would not start, it logged this error:

2020/06/04 21:20:10 [emerg] 22983#0: duplicate location "/" in /var/opt/gitlab/nginx/conf/gitlab-http.conf:157

Which is, of course, what https://docs.gitlab.com/omnibus/settings/nginx.html#notes says would happen:

You cannot add the root / location or the /assets location as those already exist in gitlab-http.conf

So how do we allow CORS? Could you please provide a simple example?

(I've replaced our actual domain with example.com in the gitlab.rb config snippet above.)

@idododu provided a temp workaround in #2198 (comment 36030108) but @balasankarc said in #2198 (comment 111301380) that heavy customizations of nginx config are better done in an external nginx instance.

I would like to be able to handle enabling CORS within gitlab.rb as administering an external nginx instance would increase complexity. Can the temp workaround @idododu offered adversely affect other services?

Edited Jun 05, 2020 by Aleksey Tsalolikhin
Assignee
Assign to
Time tracking