Moon Light Box

Time is Money

GitLab - Enable Https

| Comments

Step 1. Generate a Private Key and Self-Signed Certificate

# openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/gitlab/ssl/192.168.1.1.key -out /etc/gitlab/ssl/192.168.1.1.crt

Generating a 4096 bit RSA private key
.....................++
.......................................................................++
writing new private key to '/etc/gitlab/ssl/192.168.1.1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:TW
State or Province Name (full name) []:Taiwan
Locality Name (eg, city) [Default City]:Kaohsiung
Organization Name (eg, company) [Default Company Ltd]:YOUR_COMPANY_NAME
Organizational Unit Name (eg, section) []: YOUR_DEPARTMENT_NAME
Common Name (eg, your name or your server's hostname) []:YOUR_NAME
Email Address []:YOUR_EMAIL

Note

The files name(192.168.1.1.key and 192.168.1.1.crt) are needed following rule in /etc/gitlab/gitlab.rb

external_url "https://192.168.1.1" <---- Files Name Rule.

Step 2. Perfect Forward Secrecy

# openssl dhparam -out /etc/gitlab/ssl/dhparams.pem 4096

Step 3. Modify gitlab.rb

# vim /etc/gitlab/gitlab.rb

...
...
external_url "https://192.168.1.1"
nginx['redirect_http_to_https'] = true
...
...
nginx['ssl_certificate'] = "/etc/gitlab/ssl/192.168.1.1.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/192.168.1.1.key"
...
...
nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparams.pem"
...
...

# gitlab-ctl reconfigure

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04

https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#enable-https

Comments

comments powered by Disqus