A note on GitLab, Caddy and UNIX sockets

A short note for future reference. The example Caddyfile configuration for GitLab provided by the ones maintaining Caddyserver[1] gives you the advice to proxy using TCP rather than to a UNIX socket. I have always found it better vis-à-vis performance to use UNIX sockets wherever applicable. I am sure there could be some exemptions as there always could be.
Nevertheless, I decided to go with the UNIX socket route for my deployment.

Their example configuration for running GitLab on Caddy looks like this:

https://gitlab.example.com {  
    log git.access.log 
    errors git.errors.log {
        404 /opt/gitlab/embedded/service/gitlab-rails/public/404.html
        422 /opt/gitlab/embedded/service/gitlab-rails/public/422.html
        500 /opt/gitlab/embedded/service/gitlab-rails/public/500.html
        502 /opt/gitlab/embedded/service/gitlab-rails/public/502.html
    }

    proxy / http://127.0.0.1:8181 {
        fail_timeout 300s
        transparent
        header_upstream X-Forwarded-Ssl on
    }
}

Sure, it works just fine (except I think the port number should be 8080, IIRC).
But me, wanting to squeeze every drop of performance there might be possible to squeeze out, opted to simply go for the UNIX socket when proxying to GitLab.

Alas, we can inspect my Caddyfile for GitLab by issuing cat /etc/caddy/Caddyfile. It reveals the following contents:

https://dev.sth.se.k0nsl.org {

    errors {
        404 /opt/gitlab/embedded/service/gitlab-rails/public/404.html
        422 /opt/gitlab/embedded/service/gitlab-rails/public/422.html
        500 /opt/gitlab/embedded/service/gitlab-rails/public/500.html
        502 /opt/gitlab/embedded/service/gitlab-rails/public/502.html
    }

    proxy / unix:/home/git/gitlab/tmp/sockets/gitlab.socket {
    fail_timeout 300s

    header_upstream Host {host}
    header_upstream X-Real-IP {remote}
    header_upstream X-Forwarded-For {remote}
    header_upstream X-Forwarded-Proto {scheme}
    header_upstream X-Forwarded-Ssl on
    }
}

In my case I would have to define the corresponding entries for listen_network and listen_addr in the file /etc/gitlab/gitlab.rb. This could be true for most cases, but don't hold me to it, because I don't know it for a certainty.

Anyway, that's it. A small 'mental note' in the form of a post on my secondary blog -- just in case I should ever forget. What's more, it might even help somebody else in the right direction!

Notes

[1] Caddyserver, or simply 'Caddy', is a HTTP/2 web server with automatic HTTPS loaded with goodness and easily extended with even more goodies in the form of plugins and event hooks.

Comment: