Merge branch 'https_docs' into 'master'

Further improve HTTPS docs See merge request !202

Merge branch 'https_docs' into 'master'
Further improve HTTPS docs See merge request !202
Jacob Vosmaer
2 parents 247f5d9f b05d7a67
Showing 1 changed file with 19 additions and 11 deletions Show diff stats
README.md
@@ -281,23 +281,27 @@ Run `sudo gitlab-ctl reconfigure` for the LDAP settings to take effect.
  
 ### Enable HTTPS
  
-By default, omnibus-gitlab does not use HTTPS. If you want to enable
-HTTPS for gitlab.example.com, first place your key and certificate in
+By default, omnibus-gitlab does not use HTTPS. If you want to enable HTTPS for
+gitlab.example.com, add the following statement to `/etc/gitlab/gitlab.rb`:
+
+```ruby
+external_url "https://gitlab.example.com"
+```
+
+Because the hostname in our example is 'gitlab.example.com', omnibus-gitlab
+will look for key and certificate files called
 `/etc/gitlab/ssl/gitlab.example.com.key` and
-`/etc/gitlab/ssl/gitlab.example.com.crt`, respectively.
+`/etc/gitlab/ssl/gitlab.example.com.crt`, respectively. Create the
+`/etc/gitlab/ssl` directory and copy your key and certificate there.
  
 ```
 sudo mkdir -p /etc/gitlab/ssl
 sudo chmod 700 /etc/gitlab/ssl
-sudo cp gitlab.example.com.crt gitlab.example.com.key /etc/gitlab/ssl/
+sudo cp gitlab.example.com.key gitlab.example.com.crt /etc/gitlab/ssl/
 ```
  
-Next, add the following line to `/etc/gitlab/gitlab.rb` and run `sudo
-gitlab-ctl reconfigure`.
-
-```ruby
-external_url "https://gitlab.example.com"
-```
+Now run `sudo gitlab-ctl reconfigure`. When the reconfigure finishes your
+GitLab instance should be reachable at `http://gitlab.example.com`.
  
 If you are using a firewall you may have to open port 443 to allow inbound
 HTTPS traffic.
@@ -306,8 +310,12 @@ HTTPS traffic.
 # UFW example (Debian, Ubuntu)
 sudo ufw allow https
  
-# lokkit example (RedHat, CentOS)
+# lokkit example (RedHat, CentOS 6)
 sudo lokkit -s https
+
+# firewall-cmd (RedHat, Centos 7)
+sudo firewall-cmd --permanent --add-service=https
+sudo systemctl reload firewalld
 ```
  
 #### Redirect `HTTP` requests to `HTTPS`.
...	...	@@ -281,23 +281,27 @@ Run `sudo gitlab-ctl reconfigure` for the LDAP settings to take effect.
281	281
282	282	### Enable HTTPS
283	283
284		-By default, omnibus-gitlab does not use HTTPS. If you want to enable
285		-HTTPS for gitlab.example.com, first place your key and certificate in
	284	+By default, omnibus-gitlab does not use HTTPS. If you want to enable HTTPS for
	285	+gitlab.example.com, add the following statement to `/etc/gitlab/gitlab.rb`:
	286	+
	287	+```ruby
	288	+external_url "https://gitlab.example.com"
	289	+```
	290	+
	291	+Because the hostname in our example is 'gitlab.example.com', omnibus-gitlab
	292	+will look for key and certificate files called
286	293	`/etc/gitlab/ssl/gitlab.example.com.key` and
287		-`/etc/gitlab/ssl/gitlab.example.com.crt`, respectively.
	294	+`/etc/gitlab/ssl/gitlab.example.com.crt`, respectively. Create the
	295	+`/etc/gitlab/ssl` directory and copy your key and certificate there.
288	296
289	297	```
290	298	sudo mkdir -p /etc/gitlab/ssl
291	299	sudo chmod 700 /etc/gitlab/ssl
292		-sudo cp gitlab.example.com.crt gitlab.example.com.key /etc/gitlab/ssl/
	300	+sudo cp gitlab.example.com.key gitlab.example.com.crt /etc/gitlab/ssl/
293	301	```
294	302
295		-Next, add the following line to `/etc/gitlab/gitlab.rb` and run `sudo
296		-gitlab-ctl reconfigure`.
297		-
298		-```ruby
299		-external_url "https://gitlab.example.com"
300		-```
	303	+Now run `sudo gitlab-ctl reconfigure`. When the reconfigure finishes your
	304	+GitLab instance should be reachable at `http://gitlab.example.com`.
301	305
302	306	If you are using a firewall you may have to open port 443 to allow inbound
303	307	HTTPS traffic.
...	...	@@ -306,8 +310,12 @@ HTTPS traffic.
306	310	# UFW example (Debian, Ubuntu)
307	311	sudo ufw allow https
308	312
309		-# lokkit example (RedHat, CentOS)
	313	+# lokkit example (RedHat, CentOS 6)
310	314	sudo lokkit -s https
	315	+
	316	+# firewall-cmd (RedHat, Centos 7)
	317	+sudo firewall-cmd --permanent --add-service=https
	318	+sudo systemctl reload firewalld
311	319	```
312	320
313	321	#### Redirect `HTTP` requests to `HTTPS`.
...	...