Merge pull request #3064 from kkimurak/use-official-nginx-repo

sachilles · web-flow · commit 21a4cbe882dd · 2025-02-22T16:44:22.000+01:00
Use official nginx repository to install nginx
diff --git a/Dockerfile b/Dockerfile
@@ -40,6 +40,9 @@ RUN set -ex && \
  && echo 'deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main' > /etc/apt/sources.list.d/nodesource.list \
  && wget --quiet -O - https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor -o /etc/apt/keyrings/yarn.gpg \
  && echo 'deb [signed-by=/etc/apt/keyrings/yarn.gpg] https://dl.yarnpkg.com/debian/ stable main' > /etc/apt/sources.list.d/yarn.list \
+ && wget --quiet -O - https://nginx.org/keys/nginx_signing.key | gpg --dearmor -o /etc/apt/keyrings/nginx-archive-keyring.gpg \
+ && echo "deb [signed-by=/etc/apt/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu jammy nginx" >> /etc/apt/sources.list.d/nginx.list \
+ && printf "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" >> /etc/apt/preferences.d/99nginx \
  && set -ex \
  && apt-get update \
  && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
@@ -55,7 +58,7 @@ RUN set -ex && \
  && update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \
  && locale-gen en_US.UTF-8 \
  && DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales \
- && rm -rf /var/lib/apt/lists/*
+ && rm -rf /var/lib/apt/lists/* /etc/nginx/conf.d/default.conf
 
 COPY assets/build/ ${GITLAB_BUILD_DIR}/
 RUN bash ${GITLAB_BUILD_DIR}/install.sh
diff --git a/assets/runtime/config/nginx/gitlab b/assets/runtime/config/nginx/gitlab
@@ -30,7 +30,7 @@ map $request_uri $obfuscated_request_uri {
     ~(.+\?)(.*&)?(private_token=|access_token=)[^&]*(&.*|$) $1$2$3****$4;
     default $request_uri;
 }
-log_format main '$remote_addr - $remote_user [$time_local] '
+log_format gitlab_access '$remote_addr - $remote_user [$time_local] '
                   '"$request_method $obfuscated_request_uri $server_protocol" $status $body_bytes_sent '
                   '"$http_referer" "$http_user_agent"';
 
@@ -58,7 +58,7 @@ server {
   add_header Strict-Transport-Security "max-age={{NGINX_HSTS_MAXAGE}};";
 
   ## Individual nginx logs for this GitLab vhost
-  access_log  {{GITLAB_LOG_DIR}}/nginx/gitlab_access.log main;
+  access_log  {{GITLAB_LOG_DIR}}/nginx/gitlab_access.log gitlab_access;
   error_log   {{GITLAB_LOG_DIR}}/nginx/gitlab_error.log;
 
   location / {
diff --git a/assets/runtime/config/nginx/gitlab-registry b/assets/runtime/config/nginx/gitlab-registry
@@ -11,7 +11,7 @@ server {
   server_name  {{GITLAB_REGISTRY_HOST}};
   server_tokens off; ## Don't show the nginx version number, a security best practice
   return 301 https://$http_host:$request_uri;
-  access_log  {{GITLAB_LOG_DIR}}/nginx/gitlab_registry_access.log;
+  access_log  {{GITLAB_LOG_DIR}}/nginx/gitlab_registry_access.log gitlab_access;
   error_log   {{GITLAB_LOG_DIR}}/nginx/gitlab_registry_error.log;
 }
 
@@ -36,7 +36,7 @@ server {
   ssl_session_cache  builtin:1000  shared:SSL:10m;
   ssl_session_timeout  5m;
 
-  access_log  {{GITLAB_LOG_DIR}}/nginx/gitlab_registry_access.log;
+  access_log  {{GITLAB_LOG_DIR}}/nginx/gitlab_registry_access.log gitlab_access;
   error_log   {{GITLAB_LOG_DIR}}/nginx/gitlab_registry_error.log;
 
   location / {
diff --git a/assets/runtime/config/nginx/gitlab-ssl b/assets/runtime/config/nginx/gitlab-ssl
@@ -34,7 +34,7 @@ map $request_uri $obfuscated_request_uri {
     ~(.+\?)(.*&)?(private_token=|access_token=)[^&]*(&.*|$) $1$2$3****$4;
     default $request_uri;
 }
-log_format main '$remote_addr - $remote_user [$time_local] '
+log_format gitlab_ssl_access '$remote_addr - $remote_user [$time_local] '
                   '"$request_method $obfuscated_request_uri $server_protocol" $status $body_bytes_sent '
                   '"$http_referer" "$http_user_agent"';
 
@@ -49,7 +49,7 @@ server {
   server_name _; ## Replace this with something like gitlab.example.com
   server_tokens off; ## Don't show the nginx version number, a security best practice
   return 301 https://$host:{{GITLAB_PORT}}$request_uri;
-  access_log  {{GITLAB_LOG_DIR}}/nginx/gitlab_access.log main;
+  access_log  {{GITLAB_LOG_DIR}}/nginx/gitlab_access.log gitlab_ssl_access;
   error_log   {{GITLAB_LOG_DIR}}/nginx/gitlab_error.log;
 }
 
@@ -103,7 +103,7 @@ server {
   ssl_dhparam {{SSL_DHPARAM_PATH}};
 
   ## Individual nginx logs for this GitLab vhost
-  access_log  {{GITLAB_LOG_DIR}}/nginx/gitlab_access.log main;
+  access_log  {{GITLAB_LOG_DIR}}/nginx/gitlab_access.log gitlab_ssl_access;
   error_log   {{GITLAB_LOG_DIR}}/nginx/gitlab_error.log;
 
   location / {
diff --git a/assets/runtime/functions b/assets/runtime/functions
@@ -23,10 +23,10 @@ GITLAB_ACTIONCABLE_CONFIG="${GITLAB_INSTALL_DIR}/config/cable.yml"
 GITLAB_SECRETS_CONFIG="${GITLAB_INSTALL_DIR}/config/secrets.yml"
 GITLAB_ROBOTS_CONFIG="${GITLAB_INSTALL_DIR}/public/robots.txt"
 GITLAB_SHELL_CONFIG="${GITLAB_SHELL_INSTALL_DIR}/config.yml"
-GITLAB_NGINX_CONFIG="/etc/nginx/sites-enabled/gitlab"
-GITLAB_CI_NGINX_CONFIG="/etc/nginx/sites-enabled/gitlab_ci"
-GITLAB_REGISTRY_NGINX_CONFIG="/etc/nginx/sites-enabled/gitlab-registry"
-GITLAB_PAGES_NGINX_CONFIG="/etc/nginx/sites-enabled/gitlab-pages"
+GITLAB_NGINX_CONFIG="/etc/nginx/conf.d/gitlab.conf"
+GITLAB_CI_NGINX_CONFIG="/etc/nginx/conf.d/gitlab_ci.conf"
+GITLAB_REGISTRY_NGINX_CONFIG="/etc/nginx/conf.d/gitlab-registry.conf"
+GITLAB_PAGES_NGINX_CONFIG="/etc/nginx/conf.d/gitlab-pages.conf"
 GITLAB_PAGES_CONFIG="${GITLAB_INSTALL_DIR}/gitlab-pages-config"
 GITLAB_GITALY_CONFIG="${GITLAB_GITALY_INSTALL_DIR}/config.toml"
 
