diff --git a/CHANGELOG.md b/CHANGELOG.md index a2a6d50459985970d7331fa91e8eb7bc6495ef69..a5afb607d5b5032f045a38a0891b8a780f8aa67c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,10 @@ omnibus-gitlab repository. - Upgrade krb5 lib to 1.14.2 - Create logrotate folders and configs even when the service is disabled +8.10.4 + +- Revert Host and X-Forwarded-Host headers in NGINX 9ac08 + 8.10.3 - No changes @@ -27,7 +31,6 @@ omnibus-gitlab repository. - Updated Chef version to 12.10.24 6e0c66 - Disable nodejs Snapshot feature on ARM platforms f9a7b4bf - Update the trusted certs recipe to copy in certs that were linked in from external folders -- Overwrite Host and X-Forwarded-Host headers in NGINX 9ac08 - Use gitlab:db:configure to seed and migrate the database 047cfd - Update Mattermost to 3.2 28cf3 - Lower expiry date of registry internal certificate b269b4 @@ -63,6 +66,7 @@ omnibus-gitlab repository. - Make default IMAP incoming mailbox "inbox" in case user omits this setting d3c187 - Make NGINX server_names_hash_bucket_size configurable and default it to 64 bytes 7cb488 +- Use gitlab:db:configure to seed and migrate the database - Add log prefix for pages and registry services 48e29b - Add configuration option for the Container Registry storage driver - Change the autovacuum configuration defaults f5ac85 diff --git a/files/gitlab-cookbooks/gitlab/attributes/default.rb b/files/gitlab-cookbooks/gitlab/attributes/default.rb index 80dc349894365e9413c5575f719bfe6a6c6e4d4f..232946287bcde659afc2326b52115af74bc34c39 100644 --- a/files/gitlab-cookbooks/gitlab/attributes/default.rb +++ b/files/gitlab-cookbooks/gitlab/attributes/default.rb @@ -514,8 +514,7 @@ default['gitlab']['nginx']['custom_nginx_config'] = nil default['gitlab']['nginx']['proxy_read_timeout'] = 3600 default['gitlab']['nginx']['proxy_connect_timeout'] = 300 default['gitlab']['nginx']['proxy_set_headers'] = { - "Host" => node['fqdn'], - "X-Forwarded-Host" => '""', + "Host" => "$http_host", "X-Real-IP" => "$remote_addr", "X-Forwarded-For" => "$proxy_add_x_forwarded_for" } @@ -840,8 +839,7 @@ default['gitlab']['registry-nginx'] = default['gitlab']['nginx'].dup default['gitlab']['registry-nginx']['enable'] = true default['gitlab']['registry_nginx']['https'] = false default['gitlab']['registry_nginx']['proxy_set_headers'] = { - "Host" => node['fqdn'], - "X-Forwarded-Host" => '""', + "Host" => "$http_host", "X-Real-IP" => "$remote_addr", "X-Forwarded-For" => "$proxy_add_x_forwarded_for", "X-Forwarded-Proto" => "$scheme" diff --git a/files/gitlab-cookbooks/gitlab/libraries/gitlab_rails.rb b/files/gitlab-cookbooks/gitlab/libraries/gitlab_rails.rb index d7689e9fdfeef45e096db12ff53604f48bbd644d..9335658629d5700b27f955dfd822648ce8478490 100644 --- a/files/gitlab-cookbooks/gitlab/libraries/gitlab_rails.rb +++ b/files/gitlab-cookbooks/gitlab/libraries/gitlab_rails.rb @@ -44,8 +44,6 @@ module GitlabRails Gitlab['user']['git_user_email'] ||= "gitlab@#{uri.host}" Gitlab['gitlab_rails']['gitlab_host'] = uri.host Gitlab['gitlab_rails']['gitlab_email_from'] ||= "gitlab@#{uri.host}" - Gitlab['nginx']['proxy_set_headers'] ||= Hash.new - Gitlab['nginx']['proxy_set_headers']['Host'] ||= Nginx.generate_host_header(uri) case uri.scheme when "http" diff --git a/files/gitlab-cookbooks/gitlab/libraries/nginx.rb b/files/gitlab-cookbooks/gitlab/libraries/nginx.rb index 0413b8100d2240126444c0830f53ca260f312f50..d3c13ec0cb56b727ac296c38a668794423de338a 100644 --- a/files/gitlab-cookbooks/gitlab/libraries/nginx.rb +++ b/files/gitlab-cookbooks/gitlab/libraries/nginx.rb @@ -76,18 +76,5 @@ module Nginx Gitlab[app]['proxy_set_headers'] = default_from_attributes end - - def generate_host_header(uri) - header = uri.host.dup - - case uri.scheme - when "http" - header << ":#{uri.port}" unless uri.port == 80 - when "https" - header << ":#{uri.port}" unless uri.port == 443 - end - - header - end end end diff --git a/files/gitlab-cookbooks/gitlab/libraries/registry.rb b/files/gitlab-cookbooks/gitlab/libraries/registry.rb index ea1dbbe63f1164a028e399a3cc21a45febe83e53..d47fbc5ea31ea4ea506c8eab9cba500e2f66bffb 100644 --- a/files/gitlab-cookbooks/gitlab/libraries/registry.rb +++ b/files/gitlab-cookbooks/gitlab/libraries/registry.rb @@ -44,8 +44,6 @@ module Registry Gitlab['registry']['token_realm'] ||= Gitlab['external_url'] Gitlab['gitlab_rails']['registry_host'] = uri.host Gitlab['registry_nginx']['listen_port'] ||= uri.port - Gitlab['registry_nginx']['proxy_set_headers'] ||= Hash.new - Gitlab['registry_nginx']['proxy_set_headers']['Host'] ||= Nginx.generate_host_header(uri) case uri.scheme when "http"