Merge branch 'master' into implement_phusion_security_enhancements

Conflicts:
	install/debian_ubuntu_aws.sh

Author: dosire

install/debian_ubuntu_aws.sh

@@ -11,28 +11,32 @@
 # The operating system used is Ubuntu 12.04 64bit.
 
 # HOWTO
-# Signup for AWS, free tier are available at http://aws.amazon.com/free/
+# Signup for AWS, a free usage tier is available at http://aws.amazon.com/free/
 # Go to EC2 tab in the AWS console EC2 https://console.aws.amazon.com/ec2/home
 # Click the 'Launch Instance' button
 # Select: 'Quick launch wizard' and continue
-# Choose a key pair => Create New => Name it => Download it
-# Choose a Launch Configuration => Select 'More Amazon Marketplace Images'
+# Under "Choose a key pair" select "Create New"
+# Write a name for the key in "Name" field and Download it. Place it in a known location since it will be used in one of the next steps.
+# Under "Choose a Launch Configuration", select 'More Amazon Machine Images'.
 # Press 'Continue'
-# Enter 'ubuntu/images/ubuntu-precise-12.04-amd64-server-20120424' and press 'Search'
+# Enter 'ubuntu/images/ubuntu-precise-12.04-amd64-server-20120424' in the search field and press 'Search'
 # Select the only result (ami-3c994355) and press 'Continue'
 # Press 'Edit details' if you want to modify something, for example make the type 'c1.medium' to make the install faster.
 # Press the 'Launch' button
 # Press 'Close'
-# Click 'Security Groups' under the left hand menu 'NETWORK & SECURITY'
-# Select the newly create seciruty group, probably named 'quicklaunch-1'
+# Click 'Security Groups' under the left hand menu 'NETWORK & SECURITY' in aws console.
+# Select the newly create security group, probably named 'quicklaunch-1'
 # Click on the Inbound tab
-# In the 'Create a new rule' dropdown select 'HTTP'
+# In the 'Create a new rule' dropdown select 'HTTP', leave the default value in the "Source" field.
 # Press 'Add Rule'
-# In the 'Create a new rule' dropdown select 'HTTPS'
+# In the 'Create a new rule' dropdown select 'HTTPS', leave the default value in the "Source" field.
 # Press 'Add Rule'
 # Press 'Apply Rule Changes'
-# Give the following command in your local terminal while suptituting the UPPERCASE items
-# 'ssh -i LOCATION_OF_AWS_KEY_PAIR_PRIVATE_KEY PUBLIC_DNS_OF_THE_NEW_SERVER'
+# In Navigation side panel, under Instances -> Instances you can see when the instance is ready.
+# Give the following command in your local terminal while substituting the UPPERCASE items( ommit the '')
+# 'ssh -i LOCATION_OF_AWS_KEY_PAIR_PRIVATE_KEY ubuntu@PUBLIC_DNS_OF_THE_NEW_SERVER'
+# where LOCATION_OF_AWS_KEY_PAIR_PRIVATE_KEY is the location of the key saved on your local machine. Permissions of the .pem file have to be at least 600 (chmod 600 NAME_OF_PRIVATE_KEY.pem).
+# PUBLIC_DNS_OF_THE_NEW_SERVER can be viewed by selecting the aws instance created in previous steps and selecting the 'Description' tab
 # Execute the curl command below and when its ready follow the printed 'Log in instuctions'
 # curl https://raw.github.com/gitlabhq/gitlab-recipes/master/install/debian_ubuntu_aws.sh | sh
 
@@ -41,10 +45,13 @@ echo "Host localhost
    StrictHostKeyChecking no
    UserKnownHostsFile=/dev/null" | sudo tee -a /etc/ssh/ssh_config
 
-# Existing script for Step 1 to 3
+sudo DEBIAN_FRONTEND='noninteractive' apt-get install -y postfix-policyd-spf-python postfix # Install postfix without prompting.
 
-sudo DEBIAN_FRONTEND='noninteractive' apt-get install -y postfix-policyd-spf-python # Install postfix without prompting.
-curl https://raw.github.com/gitlabhq/gitlab-recipes/master/install/debian_ubuntu.sh | sh
+# Existing script for Step 1 to 3
+curl https://raw.github.com/gitlabhq/gitlab-recipes/master/install/debian_ubuntu.sh >> debian_ubuntu.sh
+sed -i 's/postfix//' debian_ubuntu.sh # This will prompt even when postfix is already installed.
+sed -i '/sudo\ apt-get\ upgrade/d' debian_ubuntu.sh # Upgrade can cause prompting for various packages (grub, etc.).
+sh debian_ubuntu.sh
 
 # Install MySQL
 sudo apt-get install -y makepasswd # Needed to create a unique password non-interactively.
@@ -78,11 +85,6 @@ sudo sed -i '0,/host/s/localhost/'`wget -qO- http://instance-data/latest/meta-da
 sudo -u git chmod 750 /home/git/gitolite
 sudo -u gitlab chmod 660 /home/gitlab/gitlab/config/*.yml
 
-# Gitlab installation test (optional)
-# sudo -u gitlab bundle exec rake gitlab:app:status RAILS_ENV=production
-# sudo -u gitlab bundle exec rails s -e production
-# sudo -u gitlab bundle exec rake environment resque:work QUEUE=* RAILS_ENV=production BACKGROUND=no
-
 # Install and configure Nginx
 sudo apt-get install -y nginx
 sudo wget https://raw.github.com/gitlabhq/gitlab-recipes/master/nginx/gitlab -P /etc/nginx/sites-available/
@@ -100,21 +102,9 @@ sudo chmod +x /etc/init.d/gitlab && sudo update-rc.d gitlab defaults
 ## Gitlab service commands (unicorn and resque)
 ## restart doesn't restart resque, only start/stop effect it.
 sudo -u gitlab service gitlab start
-# sudo -u gitlab  service gitlab restart
-# sudo -u gitlab  service gitlab stop
 
 # nginx Service commands
-# sudo service nginx start
 sudo service nginx restart
-# sudo service nginx stop
-
-# Manual startup commands for troubleshooting when the service commands do not work
-# sudo -u gitlab bundle exec unicorn_rails -c config/unicorn.rb -E production -D
-# sudo su -l gitlab -c "cd gitlab && ./resque.sh"
-
-# Monitoring commands
-# sudo tail -f /var/log/nginx/access.log;
-# sudo tail -f /var/log/nginx/error.log;
 
 # Go to gitlab directory by default on next login.
 echo 'cd /home/gitlab/gitlab' >> /home/ubuntu/.bashrc
@@ -130,3 +120,23 @@ echo ''
 echo 'and login with the following Email and Password:'
 echo '[email protected]'
 echo '5iveL!fe'
+
+# If you need it the database password can be found in '/home/gitlab/gitlab/config/database.yml'.
+
+# Gitlab installation test:
+# sudo -u gitlab bundle exec rake gitlab:app:status RAILS_ENV=production
+
+# Stating and stopping services:
+# To stop gitlab use: 'sudo -u gitlab service gitlab stop'
+# To stop nginx server use: 'sudo service nginx stop'
+# Replace stop with start to start those services.
+
+# Manual startup commands for troubleshooting when the service commands do not work:
+# sudo -u gitlab bundle exec unicorn_rails -c config/unicorn.rb -E production -D
+# sudo su -l gitlab -c "cd gitlab && ./resque.sh"
+# sudo -u gitlab bundle exec rails s -e production
+# sudo -u gitlab bundle exec rake environment resque:work QUEUE=* RAILS_ENV=production BACKGROUND=no
+
+# Monitoring commands for the web server:
+# sudo tail -f /var/log/nginx/access.log
+# sudo tail -f /var/log/nginx/error.log

lighttpd/10-gitlab.conf

@@ -0,0 +1,30 @@
+# GITLAB
+# Maintainer: @tvn87
+# App Version: 2.8
+
+server.modules += ( 
+  "mod_simple_vhost",
+  "mod_proxy"
+)
+
+## The document root of a virtual host is document-root =
+##   simple-vhost.server-root + $HTTP["host"] + simple-vhost.document-root
+simple-vhost.server-root = "/var/www"
+simple-vhost.document-root = "htdocs"
+
+## the default host if no host is sent
+simple-vhost.default-host = "YOUR_SERVER_FQDN"
+
+
+$HTTP["host"] == "YOUR_SERVER_FQDN" {
+  var.vhost_name = "YOUR_SERVER_FQDN"
+  var.vhost_path = "/var/www/YOUR_SERVER_FQDN" # This directory should be empty
+
+  proxy.server = ( "" => ( (      
+		  "host" => "127.0.0.1",
+		  "port" => "8080"
+	  ),
+	)
+  )
+  ssl.pemfile = "/etc/lighttpd/certs/YOUR_SERVER_FQDN.pem" # If ssl is enabled
+}

lighttpd/README.md

@@ -0,0 +1,13 @@
+Gitlab with lighttpd webserver
+==============================
+
+* Maintainer: @tvn87
+* App Version: 2.8
+
+This config access gitlab via TCP port instead of sockets because of the
+mod_proxy module which seems to be unable to connect via sockets.
+
+Because the _gitlab_ default config is set for listening to UNIX sockets you
+need to change that default configuration in *gitlab/config/unicorn.rb*:
+
+	listen "127.0.0.1:8080"