diff options
author | Ben Bodenmiller <bbodenmiller@hotmail.com> | 2019-09-12 13:24:49 +0000 |
---|---|---|
committer | Ben Bodenmiller <bbodenmiller@hotmail.com> | 2019-09-12 13:24:49 +0000 |
commit | 0c2ad230389f8ad2e6b7bf37b0c2f4c1a19ad6c8 (patch) | |
tree | e9b9e4d6a6e5ed605b19371dfb7e8b2c1df5b279 | |
parent | d6776e7c8c0e9ea5e751d8f2ad32ff59f76e5fd5 (diff) | |
download | gitlab-ce-docs-gitaly-tls.tar.gz |
Update index.md againdocs-gitaly-tls
-rw-r--r-- | doc/administration/gitaly/index.md | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/doc/administration/gitaly/index.md b/doc/administration/gitaly/index.md index 85c77191c98..780bc7345b6 100644 --- a/doc/administration/gitaly/index.md +++ b/doc/administration/gitaly/index.md @@ -363,9 +363,9 @@ with a Gitaly instance that listens for secure connections you will need to use scheme in the `gitaly_address` of the corresponding storage entry in the GitLab configuration. You will need to bring your own certificates as this isn't provided automatically. -The certificate to be used needs to be installed on all Gitaly nodes, and the +The certificate to be used needs to be installed on all Gitaly nodes, and the certificate (or CA of certificate) on all -client nodes that communicate with it as well, following the procedure described in +client nodes that communicate with it following the procedure described in [GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl.html#install-custom-public-certificates). NOTE: **Note:** @@ -391,6 +391,14 @@ To configure Gitaly with TLS: ``` 1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) on client node(s). +1. Create the `/etc/gitlab/ssl` directory and copy your key and certificate there: + + ```sh + sudo mkdir -p /etc/gitlab/ssl + sudo chmod 700 /etc/gitlab/ssl + sudo cp key.pem cert.pem /etc/gitlab/ssl/ + ``` + 1. On the Gitaly server node(s), edit `/etc/gitlab/gitlab.rb` and add: <!-- @@ -400,8 +408,8 @@ To configure Gitaly with TLS: ```ruby gitaly['tls_listen_addr'] = "0.0.0.0:9999" - gitaly['certificate_path'] = "path/to/cert.pem" - gitaly['key_path'] = "path/to/key.pem" + gitaly['certificate_path'] = "/etc/gitlab/ssl/cert.pem" + gitaly['key_path'] = "/etc/gitlab/ssl/key.pem" ``` 1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) on Gitaly server node(s). @@ -439,14 +447,22 @@ To configure Gitaly with TLS: [this issue](https://gitlab.com/gitlab-org/gitaly/issues/1282) is resolved. 1. Save the file and [restart GitLab](../restart_gitlab.md#installations-from-source) on client node(s). +1. Create the `/etc/gitlab/ssl` directory and copy your key and certificate there: + + ```sh + sudo mkdir -p /etc/gitlab/ssl + sudo chmod 700 /etc/gitlab/ssl + sudo cp key.pem cert.pem /etc/gitlab/ssl/ + ``` + 1. On the Gitaly server node(s), edit `/home/git/gitaly/config.toml` and add: ```toml tls_listen_addr = '0.0.0.0:9999' [tls] - certificate_path = '/path/to/cert.pem' - key_path = '/path/to/key.pem' + certificate_path = '/etc/gitlab/ssl/cert.pem' + key_path = '/etc/gitlab/ssl/key.pem' ``` 1. Save the file and [restart GitLab](../restart_gitlab.md#installations-from-source) on Gitaly server node(s). |