diff options
author | Vladimir Shushlin <vshushlin@gitlab.com> | 2019-05-31 05:22:55 +0000 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2019-05-31 05:22:55 +0000 |
commit | 39e21fb2661693fed914012a39fb3a53b2b687c2 (patch) | |
tree | 70a5fdd93cea81aed9c1638bc32513a1fdf84bb7 /lib/gitlab/lets_encrypt | |
parent | c8c08d326942f30ad87d0702cc8b9c5896d296ad (diff) | |
download | gitlab-ce-39e21fb2661693fed914012a39fb3a53b2b687c2.tar.gz |
Generate lets_encrypt_private_key on the fly
Remove migration generating lets encrypt key
Don't generate private_key if database is readonly
For reference:
This reverts commit 988a7f70489b99383b95e9f271a2caf6bb5b3a44.
This reverts commit 21acbe531592d55caf0e5b8716a3b551dafd6233.
Diffstat (limited to 'lib/gitlab/lets_encrypt')
-rw-r--r-- | lib/gitlab/lets_encrypt/client.rb | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/lib/gitlab/lets_encrypt/client.rb b/lib/gitlab/lets_encrypt/client.rb index 5501f7981ec..66aea137012 100644 --- a/lib/gitlab/lets_encrypt/client.rb +++ b/lib/gitlab/lets_encrypt/client.rb @@ -3,6 +3,8 @@ module Gitlab module LetsEncrypt class Client + include Gitlab::Utils::StrongMemoize + PRODUCTION_DIRECTORY_URL = 'https://acme-v02.api.letsencrypt.org/directory' STAGING_DIRECTORY_URL = 'https://acme-staging-v02.api.letsencrypt.org/directory' @@ -35,6 +37,8 @@ module Gitlab def enabled? return false unless Feature.enabled?(:pages_auto_ssl) + return false unless private_key + Gitlab::CurrentSettings.lets_encrypt_terms_of_service_accepted end @@ -45,7 +49,11 @@ module Gitlab end def private_key - @private_key ||= OpenSSL::PKey.read(Gitlab::CurrentSettings.lets_encrypt_private_key) + strong_memoize(:private_key) do + private_key_string = Gitlab::CurrentSettings.lets_encrypt_private_key + private_key_string ||= generate_private_key + OpenSSL::PKey.read(private_key_string) if private_key_string + end end def admin_email @@ -69,6 +77,19 @@ module Gitlab STAGING_DIRECTORY_URL end end + + def generate_private_key + return if Gitlab::Database.read_only? + + application_settings = Gitlab::CurrentSettings.current_application_settings + application_settings.with_lock do + unless application_settings.lets_encrypt_private_key + application_settings.update(lets_encrypt_private_key: OpenSSL::PKey::RSA.new(4096).to_pem) + end + + application_settings.lets_encrypt_private_key + end + end end end end |