'Enable HTTPS self signed cert for GitLab Community Edition for Ominbus installer
I have an Omnibus gitlab installer. I am trying to setup an HTTPS url with self signed cert. I am using Ubuntu 14.04 as my Host OS. The steps im following are:
Modified gitlab.rb
external_url 'https://gitlab.example.com'
nginx['redirect_http_to_https'] = true
Create Self signed cert with proper name and place it under /etc/gitlab/ssl with permission 600
-rw------- 1 root root 1289 Sep 5 08:38 gitlab.example.com.crt
-rw------- 1 root root 1679 Sep 5 08:38 gitlab.example.com.key
Then I did gitlab-reconfigure and restart.
So when i try the new URL: https://gitlab.example.com the page doesn't load.
The port 443 is open by default and i am able to netcap the same.
I am following this blog for setup - GitLab HTTPS with selfsigned
I dont see any errors under /var/log/gitlab
Is there any additional nginx config required for self signed cert?
Can someone please let me know what logs I should be looking for and am i missing any steps.?
Solution 1:[1]
The official documentation is "Settings NGiNXd"
Check if issue 1374 is relevant in your case.
gitlab_rails['registry_key_path'] = "/etc/gitlab/ssl/gitlab.example.com.key"
registry['rootcertbundle'] = "/etc/gitlab/ssl/gitlab.example.com.crt"
You do not need to specify these two as per documentation on enabling Registry. These two are for internal communication and are auto generated.
Solution 2:[2]
If the SSL/TLS port is open, the most likely problem is firewall-related. Check your firewall settings, you may need to run:
sudo ufw allow https
Solution 3:[3]
On recent Gitlab 14.9.2-ce most ssl bugs seemed to be fixed.
- these settings currently work for self signed SSL:
# external URL must be https for nginx to also listen on port 443
external_url 'https://gitlab.iac'
letsencrypt['auto_renew'] = false
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 80
- Also some notes here for having your browser trust your self signed certificate & how to create them easily.
After running gitlab-ctl reconfigure you may also need to gitlab-ctl restart if nginx is not listening on ports 80 & 443 (check with netstat -lptun)
If there are still problems if is most likely a firewall issue as already noted here.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | VonC |
| Solution 2 | javabrett |
| Solution 3 | Stuart Cardall |