add nginx proxy_protocol option
What does this MR do?
Add a nginx proxy_protocol option in /etc/gitlab/gitlab.rb that allow to enable the proxy protocol in the nginx frontends gitlab-http, gitlab-registry, gitlab-pages and gitlab-mattermost by adding the proxy_protocol keyword to the listen setting. This is needed when you run a reverse proxy like haproxy with proxy protocol enabled to ensure that nginx and gitlab get passed the right client address.
To get the setup working the admin need also to set nginx['real_ip_trusted_addresses'] as mentioned in the new doc section for Configuring proxy protocol and
nginx['real_ip_header'] = 'proxy_protocol'
nginx['proxy_set_headers'] = {
"X-Real-IP" => "$proxy_protocol_addr",
"X-Forwarded-For" => "$proxy_protocol_addr",
}that will be automated set when proxy_protocol has been enabled.
Add also the missing nginx http2 setting for gitlab-registry that exist already in the other three nginx configs.
Related issues
- Closes Proxy protocol support. (#3379 - closed)
- Closes HTTP2 is not enabled for registry service (#3807 - closed)
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
Pipeline is green on dev.gitlab.org if the change is touching anything besides documentation or internal cookbooks -
trigger-packagehas a green pipeline running against latest commit
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for the GitLab Chart opened