-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
create and add a staging environment
add configuration for a staging environment add loadbalancer configuration
- Loading branch information
Showing
9 changed files
with
80 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| --- | ||
| gitlab_pu_ldap_bind_dn: "{{ vault_gitlab_pu_ldap_bind_dn }}" | ||
| gitlab_pu_ldap_password: "{{ vault_gitlab_ldap_password }}" | ||
| gitlab_loadbalancer_domain_name: "pulgit.lib.princeton.edu" | ||
| gitlab_trusted_proxies: "'128.112.203.144', '128.112.203.145', '128.112.203.146'" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| --- | ||
| gitlab_pu_ldap_bind_dn: "{{ vault_gitlab_pu_ldap_bind_dn }}" | ||
| gitlab_pu_ldap_password: "{{ vault_gitlab_ldap_password }}" | ||
| gitlab_loadbalancer_domain_name: "pulgit-staging.lib.princeton.edu" | ||
| gitlab_trusted_proxies: "'172.20.80.13', '172.20.80.14', '172.20.80.19'" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| $ANSIBLE_VAULT;1.1;AES256 | ||
| 35373839333163656537366163363361313465313061313538316139323266316339363762633561 | ||
| 6132613364613066636235393636326237373937396131660a613037636261666564366335383236 | ||
| 63316364333765383835383264373632373366373531643565633131666564613962663538643238 | ||
| 3662623132373862330a383237303561613532383734393534626233353035313632643866613864 | ||
| 63376530643135323466643237323566353464333331613366396163633930343865633136663336 | ||
| 31646435663235613738356330633639366665626135313339383062363032633432316630623732 | ||
| 33643663666236313932623932623134306239333461353936386131663166653765613661326434 | ||
| 34333766396230333961613064623539373538653662653364363131663265663831313033313435 | ||
| 63643336336364343434343138633131313162333935623330353836396636636262363035306464 | ||
| 33303835353663623666356438386661316530386262333835396463323235366331633666306335 | ||
| 61636530646562616531626661303666313764383835613366353231373033636538663532633839 | ||
| 37316135316566666134393831643531643966623331643836643664306362383531333765653332 | ||
| 61616666336165366563313038303530393265366434663165666566663536383766363232313630 | ||
| 6137616636646331376435356564363737353136653764616531 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| [pulgit_production] | ||
| git.lib.princeton.edu | ||
| [pulgit_staging] | ||
| git-staging.lib.princeton.edu |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -64,4 +64,3 @@ | |
| owner: root | ||
| group: root | ||
| mode: "0600" | ||
| notify: Reconfigure gitlab | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| # Ansible managed | ||
| proxy_cache_path /var/cache/nginx/pulgit-staging/ keys_zone=pulgitstagingcache:10m; | ||
|
|
||
| upstream pulgit-staging { | ||
| zone pulgit-staging 64k; | ||
| server git-staging.lib.princeton.edu:443 resolve; | ||
| sticky learn | ||
| create=$upstream_cookie_pulgitstagingcookie | ||
| lookup=$cookie_pulgitstagingcookie | ||
| zone=pulgitstagingclient_sessions:1m; | ||
| } | ||
|
|
||
| server { | ||
| listen 80; | ||
| server_name pulgit-staging.lib.princeton.edu; | ||
|
|
||
| location / { | ||
| return 301 https://$server_name$request_uri; | ||
| } | ||
| } | ||
|
|
||
| server { | ||
| listen 443 ssl; | ||
| http2 on; | ||
| server_name pulgit-staging.lib.princeton.edu; | ||
|
|
||
| ssl_certificate /etc/letsencrypt/live/pulgit-staging.lib/fullchain.pem; | ||
| ssl_certificate_key /etc/letsencrypt/live/pulgit-staging.lib/privkey.pem; | ||
| ssl_session_cache shared:SSL:1m; | ||
| ssl_prefer_server_ciphers on; | ||
|
|
||
| location / { | ||
| proxy_pass https://pulgit-staging; | ||
| proxy_cache pulgitstagingcache; | ||
| proxy_set_header Connection $http_connection; | ||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| } | ||
| } |