Commit 394428c8816f6be8c044c5145ef23f43cde8dcd6
Exists in
master
Merge branch 'https_docs' into 'master'
Further improve HTTPS docs See merge request !202
Showing
1 changed file
with
19 additions
and
11 deletions
Show diff stats
README.md
| @@ -281,23 +281,27 @@ Run `sudo gitlab-ctl reconfigure` for the LDAP settings to take effect. | @@ -281,23 +281,27 @@ Run `sudo gitlab-ctl reconfigure` for the LDAP settings to take effect. | ||
| 281 | 281 | ||
| 282 | ### Enable HTTPS | 282 | ### Enable HTTPS |
| 283 | 283 | ||
| 284 | -By default, omnibus-gitlab does not use HTTPS. If you want to enable | ||
| 285 | -HTTPS for gitlab.example.com, first place your key and certificate in | 284 | +By default, omnibus-gitlab does not use HTTPS. If you want to enable HTTPS for |
| 285 | +gitlab.example.com, add the following statement to `/etc/gitlab/gitlab.rb`: | ||
| 286 | + | ||
| 287 | +```ruby | ||
| 288 | +external_url "https://gitlab.example.com" | ||
| 289 | +``` | ||
| 290 | + | ||
| 291 | +Because the hostname in our example is 'gitlab.example.com', omnibus-gitlab | ||
| 292 | +will look for key and certificate files called | ||
| 286 | `/etc/gitlab/ssl/gitlab.example.com.key` and | 293 | `/etc/gitlab/ssl/gitlab.example.com.key` and |
| 287 | -`/etc/gitlab/ssl/gitlab.example.com.crt`, respectively. | 294 | +`/etc/gitlab/ssl/gitlab.example.com.crt`, respectively. Create the |
| 295 | +`/etc/gitlab/ssl` directory and copy your key and certificate there. | ||
| 288 | 296 | ||
| 289 | ``` | 297 | ``` |
| 290 | sudo mkdir -p /etc/gitlab/ssl | 298 | sudo mkdir -p /etc/gitlab/ssl |
| 291 | sudo chmod 700 /etc/gitlab/ssl | 299 | sudo chmod 700 /etc/gitlab/ssl |
| 292 | -sudo cp gitlab.example.com.crt gitlab.example.com.key /etc/gitlab/ssl/ | 300 | +sudo cp gitlab.example.com.key gitlab.example.com.crt /etc/gitlab/ssl/ |
| 293 | ``` | 301 | ``` |
| 294 | 302 | ||
| 295 | -Next, add the following line to `/etc/gitlab/gitlab.rb` and run `sudo | ||
| 296 | -gitlab-ctl reconfigure`. | ||
| 297 | - | ||
| 298 | -```ruby | ||
| 299 | -external_url "https://gitlab.example.com" | ||
| 300 | -``` | 303 | +Now run `sudo gitlab-ctl reconfigure`. When the reconfigure finishes your |
| 304 | +GitLab instance should be reachable at `http://gitlab.example.com`. | ||
| 301 | 305 | ||
| 302 | If you are using a firewall you may have to open port 443 to allow inbound | 306 | If you are using a firewall you may have to open port 443 to allow inbound |
| 303 | HTTPS traffic. | 307 | HTTPS traffic. |
| @@ -306,8 +310,12 @@ HTTPS traffic. | @@ -306,8 +310,12 @@ HTTPS traffic. | ||
| 306 | # UFW example (Debian, Ubuntu) | 310 | # UFW example (Debian, Ubuntu) |
| 307 | sudo ufw allow https | 311 | sudo ufw allow https |
| 308 | 312 | ||
| 309 | -# lokkit example (RedHat, CentOS) | 313 | +# lokkit example (RedHat, CentOS 6) |
| 310 | sudo lokkit -s https | 314 | sudo lokkit -s https |
| 315 | + | ||
| 316 | +# firewall-cmd (RedHat, Centos 7) | ||
| 317 | +sudo firewall-cmd --permanent --add-service=https | ||
| 318 | +sudo systemctl reload firewalld | ||
| 311 | ``` | 319 | ``` |
| 312 | 320 | ||
| 313 | #### Redirect `HTTP` requests to `HTTPS`. | 321 | #### Redirect `HTTP` requests to `HTTPS`. |