in internal/config/config.go [319:479]
func loadConfig() (*Config, error) {
config := &Config{
General: General{
Domain: strings.ToLower(*pagesDomain),
MaxConns: *maxConns,
MaxURILength: *maxURILength,
RedirectHTTP: *redirectHTTP,
RootDir: *pagesRoot,
StatusPath: *pagesStatus,
ServerShutdownTimeout: *serverShutdownTimeout,
DisableCrossOriginRequests: *disableCrossOriginRequests,
InsecureCiphers: *insecureCiphers,
PropagateCorrelationID: *propagateCorrelationID,
ShowVersion: *showVersion,
NamespaceInPath: *namespaceInPath,
},
RateLimit: RateLimit{
SourceIPLimitPerSecond: *rateLimitSourceIP,
SourceIPBurst: *rateLimitSourceIPBurst,
DomainLimitPerSecond: *rateLimitDomain,
DomainBurst: *rateLimitDomainBurst,
TLSSourceIPLimitPerSecond: *rateLimitTLSSourceIP,
TLSSourceIPBurst: *rateLimitTLSSourceIPBurst,
TLSDomainLimitPerSecond: *rateLimitTLSDomain,
TLSDomainBurst: *rateLimitTLSDomainBurst,
},
GitLab: GitLab{
ClientHTTPTimeout: *gitlabClientHTTPTimeout,
JWTTokenExpiration: *gitlabClientJWTExpiry,
EnableDisk: *enableDisk,
Cache: Cache{
CacheExpiry: *gitlabCacheExpiry,
CacheCleanupInterval: *gitlabCacheCleanup,
EntryRefreshTimeout: *gitlabCacheRefresh,
RetrievalTimeout: *gitlabRetrievalTimeout,
MaxRetrievalInterval: *gitlabRetrievalInterval,
MaxRetrievalRetries: *gitlabRetrievalRetries,
},
},
ArtifactsServer: ArtifactsServer{
TimeoutSeconds: *artifactsServerTimeout,
URL: *artifactsServer,
},
Authentication: Auth{
Secret: *secret,
ClientID: *clientID,
ClientSecret: *clientSecret,
RedirectURI: *redirectURI,
Scope: *authScope,
Timeout: *authTimeout,
CookieSessionTimeout: *authCookieSessionTimeout,
},
Log: Log{
Format: *logFormat,
Verbose: *logVerbose,
},
Redirects: Redirects{
MaxConfigSize: *redirectsMaxConfigSize,
MaxPathSegments: *redirectsMaxPathSegments,
MaxRuleCount: *redirectsMaxRuleCount,
},
Sentry: Sentry{
DSN: *sentryDSN,
Environment: *sentryEnvironment,
},
TLS: TLS{
MinVersion: allTLSVersions[*tlsMinVersion],
MaxVersion: allTLSVersions[*tlsMaxVersion],
ClientCert: *tlsClientCert,
ClientAuthDomains: tlsClientAuthDomains.value,
},
Zip: ZipServing{
ExpirationInterval: *zipCacheExpiration,
CleanupInterval: *zipCacheCleanup,
RefreshInterval: *zipCacheRefresh,
OpenTimeout: *zipOpenTimeout,
AllowedPaths: []string{*pagesRoot},
HTTPClientTimeout: *zipHTTPClientTimeout,
},
Server: Server{
ReadTimeout: *serverReadTimeout,
ReadHeaderTimeout: *serverReadHeaderTimeout,
WriteTimeout: *serverWriteTimeout,
ListenKeepAlive: *serverKeepAlive,
},
// Actual listener pointers will be populated in appMain. We populate the
// raw strings here so that they are available in appMain
ListenHTTPStrings: listenHTTP,
ListenHTTPSStrings: listenHTTPS,
ListenProxyStrings: listenProxy,
ListenHTTPSProxyv2Strings: listenHTTPSProxyv2,
}
var err error
// Validating and populating Metrics config
if config.Metrics, err = loadMetricsConfig(); err != nil {
return nil, err
}
// Populating remaining General settings
for _, file := range []struct {
contents *[]byte
path string
}{
{&config.General.RootCertificate, *pagesRootCert},
{&config.General.RootKey, *pagesRootKey},
} {
if file.path != "" {
if *file.contents, err = os.ReadFile(file.path); err != nil {
return nil, err
}
}
}
cert, err := loadClientCert(*clientCert, *clientKey)
if err != nil {
return nil, err
}
config.GitLab.ClientCfg = HTTPClientCfg{
Cert: cert,
CAFiles: clientCACerts.Split(),
MinVersion: allTLSVersions[*tlsMinVersion],
MaxVersion: allTLSVersions[*tlsMaxVersion],
}
customHeaders, err := parseHeaderString(header.Split())
if err != nil {
return nil, fmt.Errorf("unable to parse header string: %w", err)
}
clientAuthType, err := parseClientAuthType(*tlsClientAuth)
if err != nil {
return nil, err
}
config.TLS.ClientAuth = clientAuthType
config.General.CustomHeaders = customHeaders
// Populating remaining GitLab settings
config.GitLab.PublicServer = *publicGitLabServer
config.GitLab.InternalServer = internalGitlabServerFromFlags()
config.ArtifactsServer.URL = artifactsServerFromFlags()
if err = setGitLabAPISecretKey(*gitLabAPISecretKey, config); err != nil {
return nil, err
}
bypassCIDRs, err := parseCIDRs(rateLimitBypassCIDRs.Split())
if err != nil {
return nil, err
}
config.RateLimit.RateLimitBypassCIDRs = bypassCIDRs
return config, nil
}