diff --git a/web-server/apache/README.md b/web-server/apache/README.md
index eaac08b..9fcf036 100644
--- a/web-server/apache/README.md
+++ b/web-server/apache/README.md
@@ -3,14 +3,30 @@
The configuration files in this directory were tested with GitLab 8.1. For
versions of GitLab older than 8.0, check the `apache-old` branch.
+## Installations from source
+
If you are using Apache version 2.4 or above, please use files
[gitlab-apache24.conf](gitlab-apache24.conf) or [gitlab-ssl-apache24.conf](gitlab-ssl-apache24.conf)
for the HTTP and HTTPS versions of the vhost repectively.
-If you are using Apache version 2.2 or above, please use files
+If you are using Apache version 2.2, please use files
[gitlab-apache22.conf](gitlab-apache22.conf) or [gitlab-ssl-apache22.conf](gitlab-ssl-apache22.conf)
for the HTTP and HTTPS versions of the vhost repectively.
+To allow `gitlab-git-http-server` to listen on port 8181, edit or create
+`/etc/default/gitlab` and change or add the following:
+
+```
+gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
+```
+
+## Installations unsing the Omnibus packages
+
+[Omnibus packages][] use their own bundled Nginx server. If you want to use your
+own external Apache server, follow the steps to [configure GitLab][omnibuswebext].
+
+In the last step you will need to download the config from this repository.
+
# RHEL6/CentOS6 recommendations
Most of the settings below were tested on CentOS 6, but are probably applicable
@@ -214,3 +230,5 @@ to better understand it.
[sock]: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
[reports]: https://github.com/gitlabhq/gitlabhq/issues/5139
[digiocean]: https://www.digitalocean.com/community/tutorials/how-to-get-started-with-mod_pagespeed-with-apache-on-an-ubuntu-and-debian-cloud-server
+[Omnibus packages]: https://about.gitlab.com/downloads/
+[omnibuswebext]: http://doc.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
diff --git a/web-server/apache/gitlab-apache22.conf b/web-server/apache/gitlab-apache22.conf
index 0dd8b24..797ef46 100644
--- a/web-server/apache/gitlab-apache22.conf
+++ b/web-server/apache/gitlab-apache22.conf
@@ -1,7 +1,7 @@
# This configuration has been tested on GitLab 8.1
# Note this config assumes unicorn is listening on default port 8080 and gitlab-git-http-server is listening on port 8181.
# To allow gitlab-git-http-server to listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr localhost:8181 -authBackend http://127.0.0.1:8080"
+# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
#Module dependencies
# mod_rewrite
@@ -9,7 +9,7 @@
# mod_proxy_http
# HTTP Configuration
- ServerName gitlab.example.com
+ ServerName YOUR_SERVER_FQDN
ServerSignature Off
ProxyPreserveHost On
@@ -26,7 +26,7 @@
ProxyPassReverse http://127.0.0.1:8181
#Allow forwarding to GitLab Rails app (Unicorn)
ProxyPassReverse http://127.0.0.1:8080
- ProxyPassReverse http://gitlab.example.com/
+ ProxyPassReverse http://YOUR_SERVER_FQDN/
#apache equivalent of nginx try files
@@ -57,9 +57,9 @@
# For Debian distributions you might want to change this to
# /var/log/apache2.
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
- ErrorLog /var/log/httpd/logs/gitlab.example.com_error.log
- CustomLog /var/log/httpd/logs/gitlab.example.com_forwarded.log common_forwarded
- CustomLog /var/log/httpd/logs/gitlab.example.com_access.log combined env=!dontlog
- CustomLog /var/log/httpd/logs/gitlab.example.com.log combined
+ ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
diff --git a/web-server/apache/gitlab-apache24.conf b/web-server/apache/gitlab-apache24.conf
index d44b8ac..8034718 100644
--- a/web-server/apache/gitlab-apache24.conf
+++ b/web-server/apache/gitlab-apache24.conf
@@ -1,7 +1,7 @@
-# This configuration has been tested on GitLab 8.0.0
+# This configuration has been tested on GitLab 8.1
# Note this config assumes unicorn is listening on default port 8080 and gitlab-git-http-server is listening on port 8181.
# To allow gitlab-git-http-server to listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr localhost:8181 -authBackend http://127.0.0.1:8080"
+# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
#Module dependencies
# mod_rewrite
diff --git a/web-server/apache/gitlab-omnibus-apache22.conf b/web-server/apache/gitlab-omnibus-apache22.conf
new file mode 100644
index 0000000..3b05605
--- /dev/null
+++ b/web-server/apache/gitlab-omnibus-apache22.conf
@@ -0,0 +1,68 @@
+# This configuration has been tested on GitLab 8.1
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-git-http-server is listening on port 8181. To allow gitlab-git-http-server to
+# listen on port 8181, edit /etc/gitlab/gitlab.rb and change the following:
+#
+# gitlab_git_http_server['listen_network'] = "tcp"
+# gitlab_git_http_server['listen_addr'] = "127.0.0.1:8181"
+#
+#Module dependencies
+# mod_rewrite
+# mod_proxy
+# mod_proxy_http
+# HTTP Configuration
+
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ ProxyPreserveHost On
+
+ # Ensure that encoded slashes are not decoded but left in their encoded state.
+ # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+ AllowEncodedSlashes NoDecode
+
+
+ Order deny,allow
+ Allow from all
+
+ #Allow forwarding to gitlab-git-http-server
+ ProxyPassReverse http://127.0.0.1:8181
+ #Allow forwarding to GitLab Rails app (Unicorn)
+ ProxyPassReverse http://127.0.0.1:8080
+ ProxyPassReverse http://YOUR_SERVER_FQDN/
+
+
+ #apache equivalent of nginx try files
+ # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+ # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+ RewriteEngine on
+ #Forward these requests to gitlab-git-http-server
+ RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/repository/archive.* [OR]
+ RewriteCond %{REQUEST_URI} ^/api/v3/projects/.*/repository/archive.* [OR]
+ RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+ #Forward any other requests to GitLab Rails app (Unicorn)
+ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+ RewriteCond %{REQUEST_URI} ^/uploads
+ RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE]
+
+ # needed for downloading attachments
+ DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
+
+ #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+ ErrorDocument 404 /404.html
+ ErrorDocument 422 /422.html
+ ErrorDocument 500 /500.html
+ ErrorDocument 503 /deploy.html
+
+ # It is assumed that the log directory is in /var/log/httpd.
+ # For Debian distributions you might want to change this to
+ # /var/log/apache2.
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+ ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+
diff --git a/web-server/apache/gitlab-omnibus-apache24.conf b/web-server/apache/gitlab-omnibus-apache24.conf
new file mode 100644
index 0000000..e7796c4
--- /dev/null
+++ b/web-server/apache/gitlab-omnibus-apache24.conf
@@ -0,0 +1,68 @@
+# This configuration has been tested on GitLab 8.1
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-git-http-server is listening on port 8181. To allow gitlab-git-http-server to
+# listen on port 8181, edit /etc/gitlab/gitlab.rb and change the following:
+#
+# gitlab_git_http_server['listen_network'] = "tcp"
+# gitlab_git_http_server['listen_addr'] = "127.0.0.1:8181"
+#
+#Module dependencies
+# mod_rewrite
+# mod_proxy
+# mod_proxy_http
+
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ ProxyPreserveHost On
+
+ # Ensure that encoded slashes are not decoded but left in their encoded state.
+ # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+ AllowEncodedSlashes NoDecode
+
+
+ # New authorization commands for apache 2.4 and up
+ # http://httpd.apache.org/docs/2.4/upgrading.html#access
+ Require all granted
+
+ #Allow forwarding to gitlab-git-http-server
+ ProxyPassReverse http://127.0.0.1:8181
+ #Allow forwarding to GitLab Rails app (Unicorn)
+ ProxyPassReverse http://127.0.0.1:8080
+ ProxyPassReverse http://YOUR_SERVER_FQDN/
+
+
+ #apache equivalent of nginx try files
+ # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+ # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+ RewriteEngine on
+ #Forward these requests to gitlab-git-http-server
+ RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/repository/archive.* [OR]
+ RewriteCond %{REQUEST_URI} ^/api/v3/projects/.*/repository/archive.* [OR]
+ RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+ #Forward any other requests to GitLab Rails app (Unicorn)
+ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+ RewriteCond %{REQUEST_URI} ^/uploads
+ RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE]
+
+ # needed for downloading attachments
+ DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
+
+ #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+ ErrorDocument 404 /404.html
+ ErrorDocument 422 /422.html
+ ErrorDocument 500 /500.html
+ ErrorDocument 503 /deploy.html
+
+ # It is assumed that the log directory is in /var/log/httpd.
+ # For Debian distributions you might want to change this to
+ # /var/log/apache2.
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+ ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+
diff --git a/web-server/apache/gitlab-omnibus-ssl-apache22.conf b/web-server/apache/gitlab-omnibus-ssl-apache22.conf
new file mode 100644
index 0000000..1d740c0
--- /dev/null
+++ b/web-server/apache/gitlab-omnibus-ssl-apache22.conf
@@ -0,0 +1,96 @@
+# This configuration has been tested on GitLab 8.1
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-git-http-server is listening on port 8181. To allow gitlab-git-http-server to
+# listen on port 8181, edit /etc/gitlab/gitlab.rb and change the following:
+#
+# gitlab_git_http_server['listen_network'] = "tcp"
+# gitlab_git_http_server['listen_addr'] = "127.0.0.1:8181"
+#
+#Module dependencies
+# mod_rewrite
+# mod_ssl
+# mod_proxy
+# mod_proxy_http
+# mod_headers
+
+# This section is only needed if you want to redirect http traffic to https.
+# You can live without it but clients will have to type in https:// to reach gitlab.
+
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ RewriteEngine on
+ RewriteCond %{HTTPS} !=on
+ RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
+
+
+
+ SSLEngine on
+ #strong encryption ciphers only
+ #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
+ SSLProtocol all -SSLv2
+ SSLHonorCipherOrder on
+ SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
+ Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+ SSLCompression Off
+ SSLCertificateFile /etc/pki/tls/certs/YOUR_SERVER_FQDN.crt
+ SSLCertificateKeyFile /etc/pki/tls/private/YOUR_SERVER_FQDN.key
+ SSLCACertificateFile /etc/pki/tls/certs/YOUR_SERVER_FQDN.ca-bundle.crt
+
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ ProxyPreserveHost On
+
+ # Ensure that encoded slashes are not decoded but left in their encoded state.
+ # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+ AllowEncodedSlashes NoDecode
+
+
+ Order deny,allow
+ Allow from all
+
+ #Allow forwarding to gitlab-git-http-server
+ ProxyPassReverse http://127.0.0.1:8181
+ #Allow forwarding to GitLab Rails app (Unicorn)
+ ProxyPassReverse http://127.0.0.1:8080
+ ProxyPassReverse http://YOUR_SERVER_FQDN/
+
+
+ # Apache equivalent of nginx try files
+ # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+ # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+ RewriteEngine on
+
+ #Forward these requests to gitlab-git-http-server
+ RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/repository/archive.* [OR]
+ RewriteCond %{REQUEST_URI} ^/api/v3/projects/.*/repository/archive.* [OR]
+ RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+ #Forward any other requests to GitLab Rails app (Unicorn)
+ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+ RewriteCond %{REQUEST_URI} ^/uploads
+ RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE]
+ RequestHeader set X_FORWARDED_PROTO 'https'
+ RequestHeader set X-Forwarded-Ssl on
+
+ # needed for downloading attachments
+ DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
+
+ #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+ ErrorDocument 404 /404.html
+ ErrorDocument 422 /422.html
+ ErrorDocument 500 /500.html
+ ErrorDocument 503 /deploy.html
+
+ # It is assumed that the log directory is in /var/log/httpd.
+ # For Debian distributions you might want to change this to
+ # /var/log/apache2.
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+ ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+
diff --git a/web-server/apache/gitlab-omnibus-ssl-apache24.conf b/web-server/apache/gitlab-omnibus-ssl-apache24.conf
new file mode 100644
index 0000000..42df8b3
--- /dev/null
+++ b/web-server/apache/gitlab-omnibus-ssl-apache24.conf
@@ -0,0 +1,97 @@
+# This configuration has been tested on GitLab 8.1
+# Note this config assumes unicorn is listening on default port 8080 and
+# gitlab-git-http-server is listening on port 8181. To allow gitlab-git-http-server to
+# listen on port 8181, edit /etc/gitlab/gitlab.rb and change the following:
+#
+# gitlab_git_http_server['listen_network'] = "tcp"
+# gitlab_git_http_server['listen_addr'] = "127.0.0.1:8181"
+#
+#Module dependencies
+# mod_rewrite
+# mod_ssl
+# mod_proxy
+# mod_proxy_http
+# mod_headers
+
+# This section is only needed if you want to redirect http traffic to https.
+# You can live without it but clients will have to type in https:// to reach gitlab.
+
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ RewriteEngine on
+ RewriteCond %{HTTPS} !=on
+ RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
+
+
+
+ SSLEngine on
+ #strong encryption ciphers only
+ #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
+ SSLProtocol all -SSLv2
+ SSLHonorCipherOrder on
+ SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
+ Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+ SSLCompression Off
+ SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
+ SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
+ SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
+
+ ServerName YOUR_SERVER_FQDN
+ ServerSignature Off
+
+ ProxyPreserveHost On
+
+ # Ensure that encoded slashes are not decoded but left in their encoded state.
+ # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+ AllowEncodedSlashes NoDecode
+
+
+ # New authorization commands for apache 2.4 and up
+ # http://httpd.apache.org/docs/2.4/upgrading.html#access
+ Require all granted
+
+ #Allow forwarding to gitlab-git-http-server
+ ProxyPassReverse http://127.0.0.1:8181
+ #Allow forwarding to GitLab Rails app (Unicorn)
+ ProxyPassReverse http://127.0.0.1:8080
+ ProxyPassReverse http://YOUR_SERVER_FQDN/
+
+
+ # Apache equivalent of nginx try files
+ # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+ # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+ RewriteEngine on
+
+ #Forward these requests to gitlab-git-http-server
+ RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/repository/archive.* [OR]
+ RewriteCond %{REQUEST_URI} ^/api/v3/projects/.*/repository/archive.* [OR]
+ RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+
+ #Forward any other requests to GitLab Rails app (Unicorn)
+ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+ RewriteCond %{REQUEST_URI} ^/uploads
+ RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE]
+ RequestHeader set X_FORWARDED_PROTO 'https'
+ RequestHeader set X-Forwarded-Ssl on
+
+ # needed for downloading attachments
+ DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
+
+ #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+ ErrorDocument 404 /404.html
+ ErrorDocument 422 /422.html
+ ErrorDocument 500 /500.html
+ ErrorDocument 503 /deploy.html
+
+ # It is assumed that the log directory is in /var/log/httpd.
+ # For Debian distributions you might want to change this to
+ # /var/log/apache2.
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+ ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
+ CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined
+
+
diff --git a/web-server/apache/gitlab-ssl-apache22.conf b/web-server/apache/gitlab-ssl-apache22.conf
index 65a9378..2693dff 100644
--- a/web-server/apache/gitlab-ssl-apache22.conf
+++ b/web-server/apache/gitlab-ssl-apache22.conf
@@ -1,7 +1,7 @@
# This configuration has been tested on GitLab 8.1
# Note this config assumes unicorn is listening on default port 8080 and gitlab-git-http-server is listening on port 8181.
# To allow gitlab-git-http-server to listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr localhost:8181 -authBackend http://127.0.0.1:8080"
+# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
#Module dependencies
# mod_rewrite
diff --git a/web-server/apache/gitlab-ssl-apache24.conf b/web-server/apache/gitlab-ssl-apache24.conf
index c48bb6f..5ac9e61 100644
--- a/web-server/apache/gitlab-ssl-apache24.conf
+++ b/web-server/apache/gitlab-ssl-apache24.conf
@@ -1,7 +1,7 @@
# This configuration has been tested on GitLab 8.1
# Note this config assumes unicorn is listening on default port 8080 and gitlab-git-http-server is listening on port 8181.
# To allow gitlab-git-http-server to listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
-# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr localhost:8181 -authBackend http://127.0.0.1:8080"
+# gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
#Module dependencies
# mod_rewrite
diff --git a/web-server/nginx/README.md b/web-server/nginx/README.md
index 46bb177..8966279 100644
--- a/web-server/nginx/README.md
+++ b/web-server/nginx/README.md
@@ -1,12 +1,24 @@
## Nginx config moved to official repository
-You can find the nginx config in [GitLab official repository][gitlab].
+You can find the nginx config in [GitLab official repository][gitlab] which can
+be used for source installations.
+
+## Omnibus configs
+
+[Omnibus packages][] use their own bundled nginx server. If you want to use your
+own external Nginx server, follow the first 3 steps to
+[configure GitLab][omnibusnginxext] and then download the appropriate config
+file (ssl or non-ssl) from this directory.
+
+After placing the configs in their appropriate location
+(read [Different conf directories](#different-conf-directories)), make sure to
+restart Nginx.
## CentOS related Nginx notes
### Different conf directories
-If nginx is installed through the package manager, adjust sites in `/etc/nginx/conf.d/`
+If nginx is installed through the package manager, adjust sites in `/etc/nginx/conf.d/`
instead of `/etc/nginx/sites-available/` or create those directories and tell `nginx`
to monitor them:
@@ -31,3 +43,5 @@ or replace the default `nginx` user with `git` and group `root` in `/etc/nginx/n
user git root;
[gitlab]: https://gitlab.com/gitlab-org/gitlab-ce/tree/master/lib/support/nginx "Nginx config for GitLab"
+[Omnibus packages]: https://about.gitlab.com/downloads/
+[omnibusnginxext]: http://doc.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server