3 files changed, 46 insertions, 11 deletions

diff --git a/doc/administration/pages/img/lets_encrypt_integration_v12_1.png b/doc/administration/pages/img/lets_encrypt_integration_v12_1.png
deleted file mode 100644
index 0f3ca25ce55..00000000000
--- a/doc/administration/pages/img/lets_encrypt_integration_v12_1.png
+++ /dev/null
diff --git a/doc/administration/pages/index.md b/doc/administration/pages/index.md
index ea1e99524b8..5aeb3eaef7f 100644
--- a/doc/administration/pages/index.md
+++ b/doc/administration/pages/index.md
@@ -41,7 +41,7 @@ which you can set it up:
    the Pages daemon is installed, so you must share it through the network.
 - Run the Pages daemon in the same server as GitLab, listening on the same IP
    but on different ports. In that case, you must proxy the traffic with
-   a load balancer. If you choose that route note that you should use TCP load
+   a load balancer. If you choose that route, you should use TCP load
    balancing for HTTPS. If you use TLS-termination (HTTPS-load balancing), the
    pages can't be served with user-provided certificates. For
    HTTP it's OK to use HTTP or TCP load balancing.
@@ -407,17 +407,15 @@ verification requirement:
 allows users to add Let's Encrypt SSL certificates for GitLab Pages
 sites served under a custom domain.
 
-To enable it, you must:
+To enable it:
 
 1. Choose an email address on which you want to receive notifications about expiring domains.
 1. On the top bar, select **Menu >** **{admin}** **Admin**.
 1. On the left sidebar, select **Settings > Preferences**.
 1. Expand **Pages**.
-1. Enter the email address for receiving notifications and accept Let's Encrypt's Terms of Service as shown below.
+1. Enter the email address for receiving notifications and accept Let's Encrypt's Terms of Service.
 1. Select **Save changes**.
 
-![Let's Encrypt settings](img/lets_encrypt_integration_v12_1.png)
-
 ### Access control
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/33422) in GitLab 11.5.
@@ -466,6 +464,7 @@ The scope to use for authentication must match the GitLab Pages OAuth applicatio
 pre-existing applications must modify the GitLab Pages OAuth application. Follow these steps to do
 this:
 
+1. Enable [access control](#access-control).
 1. On the top bar, select **Menu >** **{admin}** **Admin**.
 1. On the left sidebar, select **Settings > Applications**.
 1. Expand **GitLab Pages**.
@@ -473,7 +472,7 @@ this:
    `read_api`).
 1. Select **Save changes**.
 
-#### Disabling public access to all Pages websites
+#### Disable public access to all Pages sites
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/32095) in GitLab 12.7.
 
@@ -662,6 +661,16 @@ Follow the steps below to configure the proxy listener of GitLab Pages.
 
 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
 
+## Set global maximum pages size per project **(FREE SELF)**
+
+To set the global maximum pages size for a project:
+
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the left sidebar, select **Settings > Preferences**.
+1. Expand **Pages**.
+1. Edit the **Maximum size of pages**.
+1. Select **Save changes**.
+
 ## Override maximum pages size per project or group **(PREMIUM SELF)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/16610) in GitLab 12.7.
diff --git a/doc/administration/pages/source.md b/doc/administration/pages/source.md
index 4aaf430db97..b5c3330b2ce 100644
--- a/doc/administration/pages/source.md
+++ b/doc/administration/pages/source.md
@@ -41,7 +41,7 @@ which you can set it up:
    the Pages daemon is installed, so you must share it through the network.
 1. Run the Pages daemon in the same server as GitLab, listening on the same IP
    but on different ports. In that case, you must proxy the traffic with
-   a load balancer. If you choose that route, note that you should use TCP load
+   a load balancer. If you choose that route, you should use TCP load
    balancing for HTTPS. If you use TLS-termination (HTTPS-load balancing), the
    pages aren't able to be served with user-provided certificates. For
    HTTP, it's OK to use HTTP or TCP load balancing.
@@ -127,17 +127,43 @@ The Pages daemon doesn't listen to the outside world.
      # path: shared/pages
 
      host: example.io
-     port: 80
+     access_control: false
+     port: 8090
      https: false
+     artifacts_server: false
+     external_http: ["127.0.0.1:8090"]
+     secret_file: /home/git/gitlab/gitlab-pages/gitlab-pages-secret
+   ```
+
+1. Add the following configuration file to
+   `/home/git/gitlab/gitlab-pages/gitlab-pages.conf`, and be sure to change
+   `example.io` to the FQDN from which you want to serve GitLab Pages and
+   `gitlab.example.com` to the URL of your GitLab instance:
+
+   ```ini
+   listen-http=:8090
+   pages-root=/home/git/gitlab/shared/pages
+   api-secret-key=/home/git/gitlab/gitlab-pages-secret
+   pages-domain=example.io
+   internal-gitlab-server=https://gitlab.example.com
+   ```
+
+   You may use an `http` address, when running GitLab Pages and GitLab on the
+   same host. If you use `https` and use a self-signed certificate, be sure to
+   make your custom CA available to GitLab Pages, for example by setting the
+   `SSL_CERT_DIR` environment variable.
+
+1. Add the secret API key:
+
+   ```shell
+   sudo -u git -H openssl rand -base64 32 > /home/git/gitlab/gitlab-pages-secret
    ```
 
 1. Edit `/etc/default/gitlab` and set `gitlab_pages_enabled` to `true` in
-   order to enable the pages daemon. In `gitlab_pages_options` the
-   `-pages-domain` must match the `host` setting that you set above.
+   order to enable the pages daemon:
 
    ```ini
    gitlab_pages_enabled=true
-   gitlab_pages_options="-pages-domain example.io -pages-root $app_root/shared/pages -listen-proxy 127.0.0.1:8090"
    ```
 
 1. Copy the `gitlab-pages` NGINX configuration file: