1package config
2
3import (
4	"time"
5
6	"github.com/namsral/flag"
7
8	"gitlab.com/gitlab-org/gitlab-pages/internal/config/tls"
9)
10
11var (
12	pagesRootCert           = flag.String("root-cert", "", "The default path to file certificate to serve static pages")
13	pagesRootKey            = flag.String("root-key", "", "The default path to file certificate to serve static pages")
14	redirectHTTP            = flag.Bool("redirect-http", false, "Redirect pages from HTTP to HTTPS")
15	_                       = flag.Bool("use-http2", true, "DEPRECATED: HTTP2 is always enabled for pages")
16	pagesRoot               = flag.String("pages-root", "shared/pages", "The directory where pages are stored")
17	pagesDomain             = flag.String("pages-domain", "gitlab-example.com", "The domain to serve static pages")
18	rateLimitSourceIP       = flag.Float64("rate-limit-source-ip", 0.0, "Rate limit per source IP in number of requests per second, 0 means is disabled")
19	rateLimitSourceIPBurst  = flag.Int("rate-limit-source-ip-burst", 100, "Rate limit per source IP maximum burst allowed per second")
20	artifactsServer         = flag.String("artifacts-server", "", "API URL to proxy artifact requests to, e.g.: 'https://gitlab.com/api/v4'")
21	artifactsServerTimeout  = flag.Int("artifacts-server-timeout", 10, "Timeout (in seconds) for a proxied request to the artifacts server")
22	pagesStatus             = flag.String("pages-status", "", "The url path for a status page, e.g., /@status")
23	metricsAddress          = flag.String("metrics-address", "", "The address to listen on for metrics requests")
24	sentryDSN               = flag.String("sentry-dsn", "", "The address for sending sentry crash reporting to")
25	sentryEnvironment       = flag.String("sentry-environment", "", "The environment for sentry crash reporting")
26	_                       = flag.Uint("daemon-uid", 0, "DEPRECATED and ignored, will be removed in 15.0")
27	_                       = flag.Uint("daemon-gid", 0, "DEPRECATED and ignored, will be removed in 15.0")
28	_                       = flag.Bool("daemon-enable-jail", false, "DEPRECATED and ignored, will be removed in 15.0")
29	_                       = flag.Bool("daemon-inplace-chroot", false, "DEPRECATED and ignored, will be removed in 15.0") // TODO: https://gitlab.com/gitlab-org/gitlab-pages/-/issues/599
30	propagateCorrelationID  = flag.Bool("propagate-correlation-id", false, "Reuse existing Correlation-ID from the incoming request header `X-Request-ID` if present")
31	logFormat               = flag.String("log-format", "json", "The log output format: 'text' or 'json'")
32	logVerbose              = flag.Bool("log-verbose", false, "Verbose logging")
33	secret                  = flag.String("auth-secret", "", "Cookie store hash key, should be at least 32 bytes long")
34	publicGitLabServer      = flag.String("gitlab-server", "", "Public GitLab server, for example https://www.gitlab.com")
35	internalGitLabServer    = flag.String("internal-gitlab-server", "", "Internal GitLab server used for API requests, useful if you want to send that traffic over an internal load balancer, example value https://gitlab.example.internal (defaults to value of gitlab-server)")
36	gitLabAPISecretKey      = flag.String("api-secret-key", "", "File with secret key used to authenticate with the GitLab API")
37	gitlabClientHTTPTimeout = flag.Duration("gitlab-client-http-timeout", 10*time.Second, "GitLab API HTTP client connection timeout in seconds (default: 10s)")
38	gitlabClientJWTExpiry   = flag.Duration("gitlab-client-jwt-expiry", 30*time.Second, "JWT Token expiry time in seconds (default: 30s)")
39	gitlabCacheExpiry       = flag.Duration("gitlab-cache-expiry", 10*time.Minute, "The maximum time a domain's configuration is stored in the cache")
40	gitlabCacheRefresh      = flag.Duration("gitlab-cache-refresh", time.Minute, "The interval at which a domain's configuration is set to be due to refresh")
41	gitlabCacheCleanup      = flag.Duration("gitlab-cache-cleanup", time.Minute, "The interval at which expired items are removed from the cache")
42	gitlabRetrievalTimeout  = flag.Duration("gitlab-retrieval-timeout", 30*time.Second, "The maximum time to wait for a response from the GitLab API per request")
43	gitlabRetrievalInterval = flag.Duration("gitlab-retrieval-interval", time.Second, "The interval to wait before retrying to resolve a domain's configuration via the GitLab API")
44	gitlabRetrievalRetries  = flag.Int("gitlab-retrieval-retries", 3, "The maximum number of times to retry to resolve a domain's configuration via the API")
45
46	_          = flag.String("domain-config-source", "gitlab", "DEPRECATED and has not affect, see https://gitlab.com/gitlab-org/gitlab-pages/-/merge_requests/541")
47	enableDisk = flag.Bool("enable-disk", true, "Enable disk access, shall be disabled in environments where shared disk storage isn't available")
48
49	clientID           = flag.String("auth-client-id", "", "GitLab application Client ID")
50	clientSecret       = flag.String("auth-client-secret", "", "GitLab application Client Secret")
51	redirectURI        = flag.String("auth-redirect-uri", "", "GitLab application redirect URI")
52	authScope          = flag.String("auth-scope", "api", "Scope to be used for authentication (must match GitLab Pages OAuth application settings)")
53	maxConns           = flag.Int("max-conns", 0, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners, 0 for no limit")
54	maxURILength       = flag.Int("max-uri-length", 1024, "Limit the length of URI, 0 for unlimited.")
55	insecureCiphers    = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4")
56	tlsMinVersion      = flag.String("tls-min-version", "tls1.2", tls.FlagUsage("min"))
57	tlsMaxVersion      = flag.String("tls-max-version", "", tls.FlagUsage("max"))
58	zipCacheExpiration = flag.Duration("zip-cache-expiration", 60*time.Second, "Zip serving archive cache expiration interval")
59	zipCacheCleanup    = flag.Duration("zip-cache-cleanup", 30*time.Second, "Zip serving archive cache cleanup interval")
60	zipCacheRefresh    = flag.Duration("zip-cache-refresh", 30*time.Second, "Zip serving archive cache refresh interval")
61	zipOpenTimeout     = flag.Duration("zip-open-timeout", 30*time.Second, "Zip archive open timeout")
62
63	disableCrossOriginRequests = flag.Bool("disable-cross-origin-requests", false, "Disable cross-origin requests")
64
65	showVersion = flag.Bool("version", false, "Show version")
66
67	// See initFlags()
68	listenHTTP         = MultiStringFlag{separator: ","}
69	listenHTTPS        = MultiStringFlag{separator: ","}
70	listenProxy        = MultiStringFlag{separator: ","}
71	listenHTTPSProxyv2 = MultiStringFlag{separator: ","}
72
73	header = MultiStringFlag{separator: ";;"}
74)
75
76// initFlags will be called from LoadConfig
77func initFlags() {
78	flag.Var(&listenHTTP, "listen-http", "The address(es) to listen on for HTTP requests")
79	flag.Var(&listenHTTPS, "listen-https", "The address(es) to listen on for HTTPS requests")
80	flag.Var(&listenProxy, "listen-proxy", "The address(es) to listen on for proxy requests")
81	flag.Var(&listenHTTPSProxyv2, "listen-https-proxyv2", "The address(es) to listen on for HTTPS PROXYv2 requests (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)")
82	flag.Var(&header, "header", "The additional http header(s) that should be send to the client")
83
84	// read from -config=/path/to/gitlab-pages-config
85	flag.String(flag.DefaultConfigFlagname, "", "path to config file")
86
87	flag.Parse()
88}
89