[META] Installation "pre-flight" checklist

Before users get to do a reconfigure, we should do a sanity check list. Call it "pre-flight" checklist:

• Tell user to set up dns
• Have a command to check this. Check in pre install script of the package. Try and check a couple of things. On AWS we already check for the hostname and if it is accessible. Ilya: we can use external services via “curl” like whatsmyip and like.
• On AWS we already try to get the public domain. We should try that for everything. We should tell people to assign a hostname. And we should provide them with a copy paste command to test if we can detect the hostname and hit it. Hostname and and reachable?
• “Run this precheck in separate terminal to have it detect all the magical variables for you” and keep it open during installation?
• Domain script in package that is interactive
  • Hostname?
  • Dns?
  • Reachable?

This could later be expanded for LE support:

• Check if the domain is rate limited. If yes, ignore certs.
• Script generates the keys from let's encrypt and puts them somewhere
• GitLab interface shows expiration to admins if less than a month away and tells to run reconfigure ?
• Email address for domain script, also share email with GitLab Inc. ?
• Lessons from Caddy server?
  • Domain name? => detect in request
  • Renew? => just does it
  • Email? => have to supply it, but not mandatory, only to recover via lets encrypt
  • Rate limiting => they deal with it
  • All Go, Apache2 license

There were a few other notes:

Sid: Need to study that very hard before we make something. DJ: looks like something similar can be done as nginx plugin: https://github.com/GUI/lua-resty-auto-ssl (auto-renewal, etc)

• Why not work with http and https out of the box?
• Make it zero config, listen on http and https, first http request sets the domain, first https request overrides that if the http is not a FQDN?

/cc @joshlambert

assigned to @marin

First step https://gitlab.com/gitlab-org/omnibus-gitlab/issues/2619

marked this issue as related to #2620

Short overview of how we are going to attack this problem:

1. With https://gitlab.com/gitlab-org/omnibus-gitlab/issues/2619 we will try to simplify the installation process in order to get the info we need from the user as early as possible. Can be done now.
2. With https://gitlab.com/gitlab-org/omnibus-gitlab/issues/2620 we will investigate what is necessary to do the domain checks. Investigation to be done now and to be worked on as soon as research is done.
3. With https://gitlab.com/gitlab-org/omnibus-gitlab/issues/2617 we will investigate what is the simplest step we can do to fetch the certificates. Investigation done now, work to commence after first 2 items are completed.

marked this issue as related to #2617

mentioned in issue #2833 (closed)