I have been trying to access my local gitlab server with https by creating root and websited certificates.
I have used the below link and in place of Node js application,
https://www.section.io/engineering-education/how-to-get-ssl-https-for-localhost/
I have changed my configuration in gitlab.rb file with
external_url "https://gitlab.mydomain.com"
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/ssl/mydomain/gitlab.crt"
nginx['ssl_certificate_key'] = "/etc/ssl/mydomain/gitlab.key"
and reconfigured the gitlab inside my docker container.
And I imported my root pem(CA.pem) into the browser. But it still showing the connection not secure.
Can you please help me to get my gitlab with https connection.
Related
Hello I configured Gitlab server on a VM OL7. I can easily call the http page. but when I use my self-signed ssl certificate generated using the method offered here, I can't call my page and I get a timeout as error. My configuration is simple and I have already tried different variants someone could tell me how I can configure this one. note that I don't want to use let's encrypt for this.
this is an example of my gitlab.rb
external_url 'http://gitlab.icw19.lab'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.icw19.lab.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.icw19.lab.key"
Your external_url value should include https:// to indicate that you wish to use SSL on port 443. Then GitLab will listen on 443 and will configure Nginx to use your SSL certificates.
external_url 'https://gitlab.icw19.lab'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.icw19.lab.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.icw19.lab.key"
I have a PHP based application in AWS EC2 instances (Amazon Linux, master-worker/s configuration, with worker/s in auto-scale) and I am attempting to enable HTTPS. The application is accessed via ELB URL, not the instance itself, given below (anonymized):
[alt_names]
DNS.1 = primary.dev.myapp.ourdomain.com
DNS.2 = primary.test.myapp.ourdomain.com
DNS.3 = primary.prod.myapp.ourdomain.com
The above is also my setup in my .conf file in generating the .csr file for certificate signing. (For the meantime I am using self-signed certificate for testing).
I followed the usual steps in installing the certificate:
- Install `mod24_ssl`
- Put `.pem` file in `/etc/pki/tls/certs`
- Put `.key`, `.csr` file in `/etc/pki/tls/private`
- Edit SSLCertificate and SSLCertificateKeyFile entries in `/etc/httpd/conf.d/ssl.conf` file
- Restart the httpd
The HTTPS still won't work and when I investigated the log file:
It refers to the master EC2 instance URL, ip-10-16-226-221.ourdomain.com instead of the ELB URL. How do I enable httpd to look for the ELB URL instead?
I have a hosted Git repo on my company intranet. I can clone, pull, push, etc successfully with command line Git by disabling sslverify. I know this is not ideal but I have no control over our certificate or IT infrastructure so it is what it is.
I paid for GitLab EE, setup the omnibus package and I'm trying to clone the repo via https. However I get an error that it cannot verify the SSL certificate. This is not entirely unexpected but I cannot figure out how to bypass the ssl verification with GitLab EE. In the http settings I set self verified to true and pointed it to my .pem in /etc/gitlab/ssl but I get the same error.
Can I just set sslverify to false like I did command line git?
Since GitLab fails to pull from a Repo because the certificate check failed, you can set git specific settings in your /etc/gitlab/gitlab.rb. There is a key called omnibus_gitconfig['system'] there your config should be something like:
omnibus_gitconfig['system'] = { "http" => ["sslVerify = false"]}
This is bad practice and you should use it with caution.
You could specify the domain to disable certificate checks for with:
omnibus_gitconfig['system'] = { "http \"https://example.com\"" => ["sslVerify = false"]}
You can define it in omnibus configuration package like Fairy says.
Or you can use int a git bash command :
git config --global sslVerify false
This will disable the HTTPS verification of current repository
I am trying to setup gitlab on my server with SSL support. I am using a different port for the gitlab as follows in my nginx settings:
external_url 'https://myserver.com:2440
nginx['redirect_http_to_https'] = true
I also setup the SSL certificates as:
nginx['ssl_client_certificate'] = '/etc/ssl/AlphaSSLroot.crt'
nginx['ssl_certificate'] = '/etc/ssl/org.crt'
nginx['ssl_certificate_key'] = '/etc/ssl/org.key'
However, when I try to connect to my gitlab installation as https://myserver.com:2440, it comes back with the server refused to connect error. If I configure using http, it works.
I wonder if there is anything else I need to do to enable SSH here. I have my main website running on an apache web server using the same SSL certificate but on a completely different port (8080). So, I think I should be able to use the certificates.
It turns out that this was because of the passphrase and I had to remove that using
openssl rsa -in www.key -out new.key
and use the new.key in nginx.
I'm running the Omnibus version of Gitlab in docker.
I've edited my gitlab.rb file so as to enable https by prefixing external_url with https://. This seems to work well enough. However, when I also add my port to the URL:
external_url = 'https://www.example.com:12345'
My browser shows me a "connection refused" error. Why is this?
If you want to change the default port where GitLab is running, you have to put this in your gitlab.rb file :
gitlab_rails['gitlab_host'] = 'example.com'
gitlab_rails['gitlab_port'] = 12345
gitlab_rails['gitlab_https'] = true
After you set this parameters, you'll have to run a # gitlab-ctl reconfigure
Also take a look at /opt/gitlab/embedded/service/gitlab-shell/config.yml: you can find here interesting parameters for: the SSL certificates path
http_settings:
#user: someone
#password: somepass
ca_file: /etc/ssl/cert.pem
ca_path: /etc/pki/tls/certs
self_signed_cert: false