Every entry I could find for your Gitlab.rb file

Nov 5th, 2014 | By | Category: Internet, Linux / Freebsd

For now I’m just dumping everything I can find in here randomly, will clean it up later




By default, Unicorn listens at TCP address Nginx listens on port 80 (HTTP) and/or 443 (HTTPS) on all interfaces.

The ports for Redis, PostgreSQL and Unicorn can be overriden in /etc/gitlab/gitlab.rb as follows:

redis['port'] = 1234
postgresql['port'] = 2345
unicorn['port'] = 3456

You can manually lower the amount of shared memory Postgres tries to allocate in /etc/gitlab/gitlab.rb:

postgresql['shared_buffers'] = "100MB"

In order for GitLab to display correct repository clone links to your users it needs to know the URL under which it is reached by your users, e.g.http://gitlab.example.com. Add or edit the following line in /etc/gitlab/gitlab.rb:

external_url "http://gitlab.example.com"

By default, omnibus-gitlab stores Git repository data under /var/opt/gitlab/git-data: repositories are stored in /var/opt/gitlab/git-data/repositories, and satellites in /var/opt/gitlab/git-data/gitlab-satellites. You can change the location of the git-data parent directory by adding the following line to/etc/gitlab/gitlab.rb.

git_data_dir "/mnt/nas/git-data"

By default, omnibus-gitlab uses the user name git for Git gitlab-shell login, ownership of the Git data itself, and SSH URL generation on the web interface. Similarly, gitgroup is used for group ownership of the Git data. You can change the user and group by adding the following lines to /etc/gitlab/gitlab.rb.

user['username'] = "gitlab"
user['group'] = "gitlab"

Setting up LDAP sign-in

If you have an LDAP directory service such as Active Directory, you can configure GitLab so that your users can sign in with their LDAP credentials. Add the following to/etc/gitlab/gitlab.rb, edited for your server.

For GitLab Community Edition:

# These settings are documented in more detail at
# https://gitlab.com/gitlab-org/gitlab-ce/blob/a0a826ebdcb783c660dd40d8cb217db28a9d4998/config/gitlab.yml.example#L136
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-EOS # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
  ## label
  # A human-friendly name for your LDAP server. It is OK to change the label later,
  # for instance if you find out it is too large to fit on the web page.
  # Example: 'Paris' or 'Acme, Ltd.'
  label: 'LDAP'

  host: '_your_ldap_server'
  port: 636
  uid: 'sAMAccountName'
  method: 'ssl' # "tls" or "ssl" or "plain"
  bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
  password: '_the_password_of_the_bind_user'

  # This setting specifies if LDAP server is Active Directory LDAP server.
  # For non AD servers it skips the AD specific queries.
  # If your LDAP server is not AD, set this to false.
  active_directory: true

  # If allow_username_or_email_login is enabled, GitLab will ignore everything
  # after the first '@' in the LDAP username submitted by the user on login.
  # Example:
  # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
  # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
  # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
  # disable this setting, because the userPrincipalName contains an '@'.
  allow_username_or_email_login: false

  # Base where we can search for users
  #   Ex. ou=People,dc=gitlab,dc=example
  base: ''

  # Filter LDAP users
  #   Format: RFC 4515 http://tools.ietf.org/search/rfc4515
  #   Ex. (employeeType=developer)
  #   Note: GitLab does not support omniauth-ldap's custom filter syntax.
  user_filter: ''

Enable HTTPS

By default, omnibus-gitlab does not use HTTPS. If you want to enable HTTPS for gitlab.example.com, add the following statement to /etc/gitlab/gitlab.rb:

# note the 'https' below
external_url "https://gitlab.example.com"

If you need to use an HTTPS port other than the default (443), just specify it as part of the external_url.

external_url "https://gitlab.example.com:2443"

By default, when you specify an external_url starting with ‘https’, Nginx will no longer listen for unencrypted HTTP traffic on port 80. If you want to redirect all HTTP traffic to HTTPS you can use the redirect_http_to_https setting.

external_url "https://gitlab.example.com"
nginx['redirect_http_to_https'] = true

Setting the NGINX listen address or addresses

By default NGINX will accept incoming connections on all local IPv4 addresses. You can change the list of addresses in /etc/gitlab/gitlab.rb.

nginx['listen_addresses'] = ["", "[::]"] # listen on all IPv4 and IPv6 addresses

Inserting custom NGINX settings into the GitLab server block

If you need to add custom settings into the NGINX server block for GitLab for some reason you can use the following setting.

# Example: block raw file downloads from a specific repository
nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"

# You can do the same for GitLab-CI
ci_nginx['custom_gitlab_ci_server_config'] = "some settings"

Using an existing Passenger/Nginx installation

In some cases you may want to host GitLab using an existing Passenger/Nginx installation but still have the convenience of updating and installing using the omnibus packages.

First, you’ll need to setup your /etc/gitlab/gitlab.rb to disable the built-in Nginx and Unicorn:

# Disable the built-in nginx
nginx['enable'] = false

# Disable the built-in unicorn
unicorn['enable'] = false

# Set the internal API URL
gitlab_rails['internal_api_url'] = 'http://git.yourdomain.com'

Specify numeric user and group identifiers

Omnibus-gitlab creates users for GitLab, PostgreSQL, Redis and NGINX. You can specify the numeric identifiers for these users in /etc/gitlab/gitlab.rb as follows.

user['uid'] = 1234
user['gid'] = 1234
postgresql['uid'] = 1235
postgresql['gid'] = 1235
redis['uid'] = 1236
redis['gid'] = 1236
web_server['uid'] = 1237
web_server['gid'] = 1237

Omniauth (Google, Twitter, GitHub login)

Omniauth configuration is documented on doc.gitlab.com. To effect the necessary changes in gitlab.yml, use the following syntax in /etc/gitlab/gitlab.rb. Note that the providers are specified as an array of Ruby hashes.

gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_providers'] = [
    "name" => "google_oauth2",
    "app_id" => "YOUR APP ID",
    "app_secret" => "YOUR APP SECRET",
    "args" => { "access_type" => "offline", "approval_prompt" => "" }

You can modify svlogd settings via /etc/gitlab/gitlab.rb with the following settings:

# Below are the default values
logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
logging['svlogd_num'] = 30 # keep 30 rotated log files
logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
logging['svlogd_filter'] = "gzip" # compress logs with gzip
logging['svlogd_udp'] = nil # transmit log messages via UDP
logging['svlogd_prefix'] = nil # custom prefix for log messages

# Optionally, you can override the prefix for e.g. Nginx
nginx['svlogd_prefix'] = "nginx"

Starting with omnibus-gitlab 7.4 there is a built-in logrotate service in omnibus-gitlab. This service will rotate, compress and eventually delete the log data that is not captured by Runit, such as gitlab-rails/production.log and nginx/gitlab_access.log. You can configure logrotate via /etc/gitlab/gitlab.rb.

# Below are some of the default settings
logging['logrotate_frequency'] = "daily" # rotate logs daily
logging['logrotate_size'] = nil # do not rotate by size by default
logging['logrotate_rotate'] = 30 # keep 30 rotated logs
logging['logrotate_compress'] = "compress" # see 'man logrotate'
logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
logging['logrotate_postrotate'] = nil # no postrotate command by default

# You can add overrides per service
nginx['logrotate_frequency'] = nil
nginx['logrotate_size'] = "200M"

# You can also disable the built-in logrotate service if you want
logrotate['enable'] = false

You can configure omnibus-gitlab to send syslog-ish log messages via UDP.

logging['udp_log_shipping_host'] = '' # Your syslog server
logging['udp_log_shipping_port'] = 1514 # Optional, defaults to 514 (syslog)

If necessary you can set custom environment variables to be used by Unicorn, Sidekiq, Rails and Rake via /etc/gitlab/gitlab.rb. This can be useful in situations where you need to use a proxy to access the internet and you will be wanting to clone externally hosted repositories directly into gitlab. In /etc/gitlab/gitlab.rb supply a gitlab_rails['env'] with a hash value. For example:

gitlab_rails['env'] = {"http_proxy" => "my_proxy", "https_proxy" => "my_proxy"}

For GitLab CI, use gitlab_ci['env']:

gitlab_ci['env'] = {"my_var" => "my value"}

Run sudo gitlab-ctl reconfigure for the change to take effect.


SMTP settings

If you would rather send application email via an SMTP server instead of via Sendmail, add the following configuration information to /etc/gitlab/gitlab.rb and rungitlab-ctl reconfigure.

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.server"
gitlab_rails['smtp_port'] = 456
gitlab_rails['smtp_user_name'] = "smtp user"
gitlab_rails['smtp_password'] = "smtp password"
gitlab_rails['smtp_domain'] = "example.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true

# If your SMTP server does not like the default 'From: gitlab@localhost' you
# can change the 'From' with this setting.
gitlab_rails['gitlab_email_from'] = 'gitlab@example.com'

To send GitLab CI email via SMTP, use gitlab_ci instead of gitlab_rails.

# in /etc/gitlab/gitlab.rb
gitlab_ci['smtp_enable'] = true
gitlab_ci['smtp_address'] = "smtp.server"
# etc.

Unicorn settings

If you need to adjust the Unicorn timeout or the number of workers you can use the following settings in /etc/gitlab/gitlab.rb. Run `sudo gitlab-ctl reconfigure for the change to take effect.

unicorn['worker_processes'] = 3
unicorn['worker_timeout'] = 60

To adjust Unicorn settings for GitLab CI, use the ci_unicorn directive in /etc/gitlab/gitlab.rb.

ci_unicorn['worker_processes'] = 3


Tags: , , ,

3 Comments to “Every entry I could find for your Gitlab.rb file”

  1. PD says:

    Nice! This was definitely helpful. If you know how to set up values for database.yml, that would also be very useful. (gitlab_rails[‘db_adapter’] =, gitlab_rails[‘db_encoding’] =, etc)

  2. admin says:

    Ah sorry, that goes beyond my abilities 🙁

  3. PD says:

    That makes two of us. Thanks for the knowledge you have imparted! Happy New Year!

Leave a Comment