Impossible to support dual-stack (IPv4 + IPv6) on a dedicated pair of IPs

gitlab-pages (and the associated omnibus packagine) takes two arguments: --external-http and --external-https

I have a pair of secondary IP addresses against which I want gitlab-pages to listen:

• 1.2.3.4
• 2001::1:2:3:4

I can't bind to the wildcard ("*") because that will break NGINX, which is running on the same host.

I can't use NGINX proxying to gitlab-pages, and the associated pages_nginx['listen_addresses'] because then I'd lose the TLS support (apparently? Even with SNI? I guess the issue here is the dynamic keys)

I'd suggest the solution here is to make gitlab-pages take multiple --external-http[s] flags, and call Listen(tcp, addr) for each one.

Longer-term, it might be sensible to take TLS management away from both nginx and gitlab-pages, and put it into a dedicated daemon that can do TLS+SNI and dynamically look up keys & certs from a store based on the SNI it gets back. That's a lot of work, though.

@dblessing suggested I cross-reference https://gitlab.com/gitlab-org/gitlab-ee/issues/465

mentioned in merge request !6 (merged)

I've created MR !6 (merged) to implement this.

mentioned in commit 33fca097

closed