[Documentation] simplify HTTPS setup details
Created by: bbodenmiller
Move all HTTPS setup details to one location and cleanup HTTPS related documentation. Previous documentation had conflicting versions of how to setup and configure various pieces. https://github.com/gitlabhq/gitlab-shell/pull/172 is related to this PR.
Merge request reports
Activity
Created by: TeatroIO
I've prepared a stage. Click to open.
By Administrator on 2014-08-23T07:27:25 (imported from GitLab project)
By Administrator on 2014-08-23T07:27:25 (imported from GitLab)
3 3 # # # # # # # # # # # # # # # # # # 4 4 # 5 5 # How to use: 6 # 1. copy file as gitlab.yml 7 # 2. Replace gitlab -> host with your domain 8 # 3. Replace gitlab -> email_from 6 # 1. Copy file as gitlab.yml 7 # 2. Update gitlab -> host with your fully qualified domain name 8 # 3. Update gitlab -> email_from 9 # 4. If you installed Git from source, change git -> bin_path to /usr/local/bin/git 10 # 5. Review this configuration file for other settings you may want to adjust 3 3 # # # # # # # # # # # # # # # # # # 4 4 # 5 5 # How to use: 6 # 1. copy file as gitlab.yml 7 # 2. Replace gitlab -> host with your domain 8 # 3. Replace gitlab -> email_from 6 # 1. Copy file as gitlab.yml 7 # 2. Update gitlab -> host with your fully qualified domain name 8 # 3. Update gitlab -> email_from Unable to load the diff Created by: dosire
I think adding instructions for self signed certificates complicates the steps for people that are doing the right thing (non-self-signed). Please keep it simple and if you add self-signed stuff (which I discourage) please do it in a separate section.
By Administrator on 2014-09-07T22:31:38 (imported from GitLab project)
By Administrator on 2014-09-07T22:31:38 (imported from GitLab)
Created by: dosire
@bbodenmiller I like the cleanup you are proposing, good stuff!
By Administrator on 2014-08-25T08:06:17 (imported from GitLab project)
By Administrator on 2014-08-25T08:06:17 (imported from GitLab)
Unable to load the diff Created by: bbodenmiller
Unless you can provide a case where no certificate would be better than a self-signed certificate I prefer we keep some directions about it. I have reworded it in https://github.com/bbodenmiller/gitlabhq/commit/61f903f6eaf8d3b82ca421ca87bf1800a015f9cc.
By Administrator on 2014-09-07T22:31:38 (imported from GitLab project)
By Administrator on 2014-09-07T22:31:38 (imported from GitLab)
26 26 ## [1] https://github.com/agentzh/chunkin-nginx-module#status 27 27 ## [2] https://github.com/agentzh/chunkin-nginx-module 28 28 ## 29 ################################### 30 ## SSL file editing ## 31 ################################### 32 ## 33 ## Edit `gitlab-shell/config.yml`: 34 ## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com` 35 ## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt` 36 ## 3) Set "self_signed_cert" to `true` 37 ## Edit `gitlab/config/gitlab.yml`: 38 ## 1) Define port for http "port: 443" 39 ## 2) Enable https "https: true" 40 ## 3) Update ssl for gravatar "ssl_url: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm" 26 26 ## [1] https://github.com/agentzh/chunkin-nginx-module#status 27 27 ## [2] https://github.com/agentzh/chunkin-nginx-module 28 28 ## 29 ################################### 30 ## SSL file editing ## 31 ################################### 32 ## 33 ## Edit `gitlab-shell/config.yml`: 34 ## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com` 35 ## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt` 36 ## 3) Set "self_signed_cert" to `true` 37 ## Edit `gitlab/config/gitlab.yml`: 38 ## 1) Define port for http "port: 443" 39 ## 2) Enable https "https: true" 26 26 ## [1] https://github.com/agentzh/chunkin-nginx-module#status 27 27 ## [2] https://github.com/agentzh/chunkin-nginx-module 28 28 ## 29 ################################### 30 ## SSL file editing ## 31 ################################### 32 ## 33 ## Edit `gitlab-shell/config.yml`: 34 ## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com` 35 ## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt` 36 ## 3) Set "self_signed_cert" to `true` 37 ## Edit `gitlab/config/gitlab.yml`: 38 ## 1) Define port for http "port: 443" 233 230 # Run the installation task for gitlab-shell (replace `REDIS_URL` if needed): 234 231 sudo -u git -H bundle exec rake gitlab:shell:install[v1.9.7] REDIS_URL=redis://localhost:6379 RAILS_ENV=production 235 232 236 # By default, the gitlab-shell config is generated from your main gitlab config. 237 # 238 # Note: When using GitLab with HTTPS please change the following: 239 # - Provide paths to the certificates under `ca_file` and `ca_path` options. 240 # - The `gitlab_url` option must point to the https endpoint of GitLab. 241 # - In case you are using self signed certificate set `self_signed_cert` to `true`. 242 # See #using-https for all necessary details. 243 # 233 # By default, the gitlab-shell config is generated from your main GitLab config. 244 234 # You can review (and modify) the gitlab-shell config as follows: 245 235 sudo -u git -H editor /home/git/gitlab-shell/config.yml 236 237 **Note:** If you want to use HTTPS, see [Using HTTPS](#using-https) for the additional steps. 196 191 197 192 **Important Note:** Make sure to edit both `gitlab.yml` and `unicorn.rb` to match your setup. 198 193 194 **Note:** If you want to use HTTPS, see [Using HTTPS](#using-https) for the additional steps. 3 3 # # # # # # # # # # # # # # # # # # 4 4 # 5 5 # How to use: 6 # 1. copy file as gitlab.yml 7 # 2. Replace gitlab -> host with your domain 8 # 3. Replace gitlab -> email_from 6 # 1. Copy file as gitlab.yml 7 # 2. Update gitlab -> host with your fully qualified domain name 8 # 3. Update gitlab -> email_from 9 # 4. If you installed Git from source, change git -> bin_path to /usr/local/bin/git 153 153 # Copy the example GitLab config 154 154 sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml 155 155 156 # Make sure to change "localhost" to the fully-qualified domain name of your 157 # host serving GitLab where necessary 158 # 159 # If you want to use https make sure that you set `https` to `true`. See #using-https for all necessary details. 160 # 161 # If you installed Git from source, change the git bin_path to /usr/local/bin/git 156 # Update GitLab config file, follow the directions at top of file 309 301 # domain name of your host serving GitLab. 310 302 sudo editor /etc/nginx/sites-available/gitlab 311 303 312 **Note:** If you want to use HTTPS, replace the `gitlab` Nginx config with `gitlab-ssl`. See [Using HTTPS](#using-https) for all necessary details. 304 **Note:** If you want to use HTTPS, replace the `gitlab` Nginx config with `gitlab-ssl`. See [Using HTTPS](#using-https) for HTTPS configuration details. Created by: dosire
@bbodenmiller Sorry, on closer inspection I had some more questions and suggestions. Let me know if you prefer to have me to make the changes myself.
By Administrator on 2014-09-02T06:55:01 (imported from GitLab project)
By Administrator on 2014-09-02T06:55:01 (imported from GitLab)
309 301 # domain name of your host serving GitLab. 310 302 sudo editor /etc/nginx/sites-available/gitlab 311 303 312 **Note:** If you want to use HTTPS, replace the `gitlab` Nginx config with `gitlab-ssl`. See [Using HTTPS](#using-https) for all necessary details. 304 **Note:** If you want to use HTTPS, replace the `gitlab` Nginx config with `gitlab-ssl`. See [Using HTTPS](#using-https) for HTTPS configuration details. Unable to load the diff Created by: bbodenmiller
Not entirely sure but it should be in multiple. Lots of changes over the last many months.
By Administrator on 2014-09-07T22:31:38 (imported from GitLab project)
By Administrator on 2014-09-07T22:31:38 (imported from GitLab)
26 26 ## [1] https://github.com/agentzh/chunkin-nginx-module#status 27 27 ## [2] https://github.com/agentzh/chunkin-nginx-module 28 28 ## 29 ################################### 30 ## SSL file editing ## 31 ################################### 32 ## 33 ## Edit `gitlab-shell/config.yml`: 34 ## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com` 35 ## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt` 36 ## 3) Set "self_signed_cert" to `true` 37 ## Edit `gitlab/config/gitlab.yml`: 38 ## 1) Define port for http "port: 443" Created by: bbodenmiller
See https://github.com/gitlabhq/gitlabhq/pull/7583/files#diff-c462b872cf0b6afb467f894b4b1cf90fR345. I believe it is easier to centralize all the necessary changes in
installation.md.By Administrator on 2014-09-07T22:31:38 (imported from GitLab project)
By Administrator on 2014-09-07T22:31:38 (imported from GitLab)
26 26 ## [1] https://github.com/agentzh/chunkin-nginx-module#status 27 27 ## [2] https://github.com/agentzh/chunkin-nginx-module 28 28 ## 29 ################################### 30 ## SSL file editing ## 31 ################################### 32 ## 33 ## Edit `gitlab-shell/config.yml`: 34 ## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com` 35 ## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt` 36 ## 3) Set "self_signed_cert" to `true` 37 ## Edit `gitlab/config/gitlab.yml`: 38 ## 1) Define port for http "port: 443" 39 ## 2) Enable https "https: true" Created by: bbodenmiller
https://github.com/gitlabhq/gitlabhq/pull/7583/files#diff-de9999f853c82dee91389875a9737878R22 and https://github.com/gitlabhq/gitlabhq/pull/7583/files#diff-c462b872cf0b6afb467f894b4b1cf90fR347.
By Administrator on 2014-09-07T22:31:38 (imported from GitLab project)
By Administrator on 2014-09-07T22:31:38 (imported from GitLab)
26 26 ## [1] https://github.com/agentzh/chunkin-nginx-module#status 27 27 ## [2] https://github.com/agentzh/chunkin-nginx-module 28 28 ## 29 ################################### 30 ## SSL file editing ## 31 ################################### 32 ## 33 ## Edit `gitlab-shell/config.yml`: 34 ## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com` 35 ## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt` 36 ## 3) Set "self_signed_cert" to `true` 37 ## Edit `gitlab/config/gitlab.yml`: 38 ## 1) Define port for http "port: 443" 39 ## 2) Enable https "https: true" 40 ## 3) Update ssl for gravatar "ssl_url: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm" 3 3 # # # # # # # # # # # # # # # # # # 4 4 # 5 5 # How to use: 6 # 1. copy file as gitlab.yml 7 # 2. Replace gitlab -> host with your domain 8 # 3. Replace gitlab -> email_from 6 # 1. Copy file as gitlab.yml 7 # 2. Update gitlab -> host with your fully qualified domain name 8 # 3. Update gitlab -> email_from 9 # 4. If you installed Git from source, change git -> bin_path to /usr/local/bin/git Created by: bbodenmiller
Still is mentioned in https://github.com/bbodenmiller/gitlabhq/blob/https/doc/install/installation.md#1-packages--dependencies.
By Administrator on 2014-09-07T22:31:38 (imported from GitLab project)
By Administrator on 2014-09-07T22:31:38 (imported from GitLab)
3 3 # # # # # # # # # # # # # # # # # # 4 4 # 5 5 # How to use: 6 # 1. copy file as gitlab.yml 7 # 2. Replace gitlab -> host with your domain 8 # 3. Replace gitlab -> email_from 6 # 1. Copy file as gitlab.yml 7 # 2. Update gitlab -> host with your fully qualified domain name 8 # 3. Update gitlab -> email_from 9 # 4. If you installed Git from source, change git -> bin_path to /usr/local/bin/git 309 301 # domain name of your host serving GitLab. 310 302 sudo editor /etc/nginx/sites-available/gitlab 311 303 312 **Note:** If you want to use HTTPS, replace the `gitlab` Nginx config with `gitlab-ssl`. See [Using HTTPS](#using-https) for all necessary details. 304 **Note:** If you want to use HTTPS, replace the `gitlab` Nginx config with `gitlab-ssl`. See [Using HTTPS](#using-https) for HTTPS configuration details. 26 26 ## [1] https://github.com/agentzh/chunkin-nginx-module#status 27 27 ## [2] https://github.com/agentzh/chunkin-nginx-module 28 28 ## 29 ################################### 30 ## SSL file editing ## 31 ################################### 32 ## 33 ## Edit `gitlab-shell/config.yml`: 34 ## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com` 35 ## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt` 36 ## 3) Set "self_signed_cert" to `true` 37 ## Edit `gitlab/config/gitlab.yml`: 38 ## 1) Define port for http "port: 443" 26 26 ## [1] https://github.com/agentzh/chunkin-nginx-module#status 27 27 ## [2] https://github.com/agentzh/chunkin-nginx-module 28 28 ## 29 ################################### 30 ## SSL file editing ## 31 ################################### 32 ## 33 ## Edit `gitlab-shell/config.yml`: 34 ## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com` 35 ## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt` 36 ## 3) Set "self_signed_cert" to `true` 37 ## Edit `gitlab/config/gitlab.yml`: 38 ## 1) Define port for http "port: 443" 39 ## 2) Enable https "https: true" Created by: bbodenmiller
No problem better we get it right. Generally I think this is an improvement as when I was setting HTTPS up I was looking all over the place for details and then finding conflicting, outdated, or incomplete details. I like the idea of all the necessary steps being laid out in one place. I'll make the requested edits and ping you again.
By Administrator on 2014-09-02T08:08:20 (imported from GitLab project)
By Administrator on 2014-09-02T08:08:20 (imported from GitLab)
26 26 ## [1] https://github.com/agentzh/chunkin-nginx-module#status 27 27 ## [2] https://github.com/agentzh/chunkin-nginx-module 28 28 ## 29 ################################### 30 ## SSL file editing ## 31 ################################### 32 ## 33 ## Edit `gitlab-shell/config.yml`: 34 ## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com` 35 ## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt` 36 ## 3) Set "self_signed_cert" to `true` 37 ## Edit `gitlab/config/gitlab.yml`: 38 ## 1) Define port for http "port: 443" Unable to load the diff Created by: bbodenmiller
It is already in this guide, this is just updating to clarify that you need to use the normal or SSL version depending on your setup. Should I review the history and try to determine what version-by-version guides the updates should be added to?
By Administrator on 2014-09-07T22:31:38 (imported from GitLab project)
By Administrator on 2014-09-07T22:31:38 (imported from GitLab)
26 26 ## [1] https://github.com/agentzh/chunkin-nginx-module#status 27 27 ## [2] https://github.com/agentzh/chunkin-nginx-module 28 28 ## 29 ################################### 30 ## SSL file editing ## 31 ################################### 32 ## 33 ## Edit `gitlab-shell/config.yml`: 34 ## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com` 35 ## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt` 36 ## 3) Set "self_signed_cert" to `true` 37 ## Edit `gitlab/config/gitlab.yml`: 38 ## 1) Define port for http "port: 443" 39 ## 2) Enable https "https: true" 40 ## 3) Update ssl for gravatar "ssl_url: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm" 26 26 ## [1] https://github.com/agentzh/chunkin-nginx-module#status 27 27 ## [2] https://github.com/agentzh/chunkin-nginx-module 28 28 ## 29 ################################### 30 ## SSL file editing ## 31 ################################### 32 ## 33 ## Edit `gitlab-shell/config.yml`: 34 ## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com` 35 ## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt` 36 ## 3) Set "self_signed_cert" to `true` 37 ## Edit `gitlab/config/gitlab.yml`: 38 ## 1) Define port for http "port: 443" Created by: dosire
Maybe better to do it, it might be needed to automatically generate the config for gitlab shell, but I really have no idea. /cc @randx
By Administrator on 2014-09-07T22:31:38 (imported from GitLab project)
By Administrator on 2014-09-07T22:31:38 (imported from GitLab)
26 26 ## [1] https://github.com/agentzh/chunkin-nginx-module#status 27 27 ## [2] https://github.com/agentzh/chunkin-nginx-module 28 28 ## 29 ################################### 30 ## SSL file editing ## 31 ################################### 32 ## 33 ## Edit `gitlab-shell/config.yml`: 34 ## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com` 35 ## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt` 36 ## 3) Set "self_signed_cert" to `true` 37 ## Edit `gitlab/config/gitlab.yml`: 38 ## 1) Define port for http "port: 443" Created by: bbodenmiller
/cc @cafferata @axilleas
By Administrator on 2014-09-07T22:31:38 (imported from GitLab project)
By Administrator on 2014-09-07T22:31:38 (imported from GitLab)
26 26 ## [1] https://github.com/agentzh/chunkin-nginx-module#status 27 27 ## [2] https://github.com/agentzh/chunkin-nginx-module 28 28 ## 29 ################################### 30 ## SSL file editing ## 31 ################################### 32 ## 33 ## Edit `gitlab-shell/config.yml`: 34 ## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com` 35 ## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt` 36 ## 3) Set "self_signed_cert" to `true` 37 ## Edit `gitlab/config/gitlab.yml`: 38 ## 1) Define port for http "port: 443" Created by: dosire
I've created https://github.com/gitlabhq/gitlabhq/pull/7709 to simplify things further.
By Administrator on 2014-09-08T09:13:18 (imported from GitLab project)
By Administrator on 2014-09-08T09:13:18 (imported from GitLab)
