Step 1. Generate a Private Key and Self-Signed Certificate
# openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/gitlab/ssl/192.168.1.1.key -out /etc/gitlab/ssl/192.168.1.1.crt
Generating a 4096 bit RSA private key
.....................++
.......................................................................++
writing new private key to '/etc/gitlab/ssl/192.168.1.1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:TW
State or Province Name (full name) []:Taiwan
Locality Name (eg, city) [Default City]:Kaohsiung
Organization Name (eg, company) [Default Company Ltd]:YOUR_COMPANY_NAME
Organizational Unit Name (eg, section) []: YOUR_DEPARTMENT_NAME
Common Name (eg, your name or your server's hostname) []:YOUR_NAME
Email Address []:YOUR_EMAIL
Note
The files name(192.168.1.1.key and 192.168.1.1.crt) are needed following rule in /etc/gitlab/gitlab.rb
external_url "https://192.168.1.1" <---- Files Name Rule.
Step 2. Perfect Forward Secrecy
# openssl dhparam -out /etc/gitlab/ssl/dhparams.pem 4096
Step 3. Modify gitlab.rb
# vim /etc/gitlab/gitlab.rb
...
...
external_url "https://192.168.1.1"
nginx['redirect_http_to_https'] = true
...
...
nginx['ssl_certificate'] = "/etc/gitlab/ssl/192.168.1.1.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/192.168.1.1.key"
...
...
nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparams.pem"
...
...
# gitlab-ctl reconfigure
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#enable-https