diff options
Diffstat (limited to 'doc/user/project/pages')
7 files changed, 29 insertions, 210 deletions
diff --git a/doc/user/project/pages/custom_domains_ssl_tls_certification/dns_concepts.md b/doc/user/project/pages/custom_domains_ssl_tls_certification/dns_concepts.md index 410fdab15e7..165131d50a4 100644 --- a/doc/user/project/pages/custom_domains_ssl_tls_certification/dns_concepts.md +++ b/doc/user/project/pages/custom_domains_ssl_tls_certification/dns_concepts.md @@ -36,12 +36,15 @@ for the most popular hosting services: - [Bluehost](https://www.bluehost.com/help/article/dns-management-add-edit-or-delete-dns-entries) - [Cloudflare](https://support.cloudflare.com/hc/en-us/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website) - [cPanel](https://documentation.cpanel.net/display/84Docs/Edit+DNS+Zone) +- [DigitalOcean](https://docs.digitalocean.com/products/networking/dns/how-to/manage-records/) - [DreamHost](https://help.dreamhost.com/hc/en-us/articles/215414867-How-do-I-add-custom-DNS-records-) +- [Gandi](https://docs.gandi.net/en/domain_names/faq/dns_records.html) - [Go Daddy](https://www.godaddy.com/help/add-an-a-record-19238) - [Hostgator](https://www.hostgator.com/help/article/changing-dns-records) - [Inmotion hosting](https://www.bluehost.com/help/article/dns-management-add-edit-or-delete-dns-entries) - [Media Temple](https://mediatemple.net/community/products/dv/204403794/how-can-i-change-the-dns-records-for-my-domain) - [Microsoft](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727018(v=technet.10)) +- [Namecheap](https://www.namecheap.com/support/knowledgebase/subcategory/2237/host-records-setup/) <!-- vale gitlab.Spelling = YES --> diff --git a/doc/user/project/pages/custom_domains_ssl_tls_certification/index.md b/doc/user/project/pages/custom_domains_ssl_tls_certification/index.md index ee4320d5ea1..ec66dce41f9 100644 --- a/doc/user/project/pages/custom_domains_ssl_tls_certification/index.md +++ b/doc/user/project/pages/custom_domains_ssl_tls_certification/index.md @@ -25,7 +25,8 @@ and steps below. (`*.gitlab.io`, for GitLab.com). - A custom domain name `example.com` or subdomain `subdomain.example.com`. - Access to your domain's server control panel to set up DNS records: - - A DNS A or CNAME record pointing your domain to GitLab Pages server. + - A DNS record (`A`, `ALIAS`, or `CNAME`) pointing your domain to the GitLab Pages server. If + there are multiple DNS records on that name, you must use an `ALIAS` record. - A DNS `TXT` record to verify your domain's ownership. - Set either `external_http` or `external_https` in `/etc/gitlab/gitlab.rb` to the IP and port of your [Pages Daemon](../../../../administration/pages/index.md#overview). @@ -109,15 +110,15 @@ as it most likely doesn't work if you set an [`MX` record](dns_concepts.md#mx-re Subdomains (`subdomain.example.com`) require: -- A DNS [CNAME record](dns_concepts.md#cname-record) pointing your subdomain to the Pages server. +- A DNS [`ALIAS` or `CNAME` record](dns_concepts.md#cname-record) pointing your subdomain to the Pages server. - A DNS [TXT record](dns_concepts.md#txt-record) to verify your domain's ownership. -| From | DNS Record | To | -| ------------------------------------------------------- | ---------- | --------------------- | -| `subdomain.example.com` | CNAME | `namespace.gitlab.io` | -| `_gitlab-pages-verification-code.subdomain.example.com` | `TXT` | `gitlab-pages-verification-code=00112233445566778899aabbccddeeff` | +| From | DNS Record | To | +|:--------------------------------------------------------|:----------------|:----------------------| +| `subdomain.example.com` | `ALIAS`/`CNAME` | `namespace.gitlab.io` | +| `_gitlab-pages-verification-code.subdomain.example.com` | `TXT` | `gitlab-pages-verification-code=00112233445566778899aabbccddeeff` | -Note that, whether it's a user or a project website, the `CNAME` +Note that, whether it's a user or a project website, the DNS record should point to your Pages domain (`namespace.gitlab.io`), without any `/project-name`. @@ -130,8 +131,8 @@ domain to the same website, for instance, `example.com` and `www.example.com`. They require: -- A DNS A record for the domain. -- A DNS CNAME record for the subdomain. +- A DNS `A` record for the domain. +- A DNS `ALIAS`/`CNAME` record for the subdomain. - A DNS `TXT` record for each. | From | DNS Record | To | @@ -147,7 +148,7 @@ If you're using Cloudflare, check > **Notes**: > -> - **Do not** use a CNAME record if you want to point your +> - **Do not** use a `CNAME` record if you want to point your `domain.com` to your GitLab Pages site. Use an `A` record instead. > - **Do not** add any special chars after the default Pages domain. For example, don't point `subdomain.domain.com` to @@ -231,7 +232,7 @@ If you use Cloudflare, you can redirect `www` to `domain.com` without adding both `www.domain.com` and `domain.com` to GitLab. To do so, you can use Cloudflare's page rules associated to a -CNAME record to redirect `www.domain.com` to `domain.com`. You +`CNAME` record to redirect `www.domain.com` to `domain.com`. You can use the following setup: 1. In Cloudflare, create a DNS `A` record pointing `domain.com` to `35.185.44.232`. diff --git a/doc/user/project/pages/custom_domains_ssl_tls_certification/lets_encrypt_integration.md b/doc/user/project/pages/custom_domains_ssl_tls_certification/lets_encrypt_integration.md index ee1004a3416..75fc407ce3f 100644 --- a/doc/user/project/pages/custom_domains_ssl_tls_certification/lets_encrypt_integration.md +++ b/doc/user/project/pages/custom_domains_ssl_tls_certification/lets_encrypt_integration.md @@ -67,7 +67,7 @@ associated Pages domain. GitLab also renews it automatically. > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/30146) in GitLab 13.0. -If you get an error **Something went wrong while obtaining the Let's Encrypt certificate**, first, make sure that your pages site is set to "Everyone" in your project's **Settings > General > Visbility**. This allows the Let's Encrypt Servers reach your pages site. Once this is confirmed, you can try obtaining the certificate again by following these steps: +If you get an error **Something went wrong while obtaining the Let's Encrypt certificate**, first, make sure that your pages site is set to "Everyone" in your project's **Settings > General > Visibility**. This allows the Let's Encrypt Servers reach your pages site. Once this is confirmed, you can try obtaining the certificate again by following these steps: 1. Go to your project's **Settings > Pages**. 1. Click **Edit** on your domain. diff --git a/doc/user/project/pages/getting_started/pages_forked_sample_project.md b/doc/user/project/pages/getting_started/pages_forked_sample_project.md index 386ed566225..b43af2f0efe 100644 --- a/doc/user/project/pages/getting_started/pages_forked_sample_project.md +++ b/doc/user/project/pages/getting_started/pages_forked_sample_project.md @@ -18,9 +18,9 @@ configured to generate a Pages site. To fork a sample project and create a Pages website: 1. View the sample projects by navigating to the [GitLab Pages examples](https://gitlab.com/pages) group. -1. Click the name of the project you want to [fork](../../../../user/project/working_with_projects.md#fork-a-project). -1. In the top right, click the **Fork** button, and then choose a namespace to fork to. -1. Go to your project's **CI/CD > Pipelines** and click **Run pipeline**. +1. Select the name of the project you want to [fork](../../repository/forking_workflow.md#creating-a-fork). +1. In the top right, select **Fork** and then choose a namespace to fork to. +1. For your project, on the left sidebar, select **CI/CD > Pipelines** and then **Run pipeline**. GitLab CI/CD builds and deploys your site. The site can take approximately 30 minutes to deploy. @@ -31,13 +31,13 @@ that immediately publishes your changes to the Pages site. You can take some **optional** further steps: -- _Remove the fork relationship._ If you want to contribute to the project you forked from, +- Remove the fork relationship. If you want to contribute to the project you forked from, you can keep this relationship. Otherwise, go to your project's **Settings > General**, expand **Advanced settings**, and scroll down to **Remove fork relationship**:  -- _Change the URL to match your namespace._ If your Pages site is hosted on GitLab.com, +- Change the URL to match your namespace. If your Pages site is hosted on GitLab.com, you can rename it to `<namespace>.gitlab.io`, where `<namespace>` is your GitLab namespace (the one you chose when you forked the project). diff --git a/doc/user/project/pages/getting_started/pages_from_scratch.md b/doc/user/project/pages/getting_started/pages_from_scratch.md index eb5f3a1bbf0..e0c10e27ec3 100644 --- a/doc/user/project/pages/getting_started/pages_from_scratch.md +++ b/doc/user/project/pages/getting_started/pages_from_scratch.md @@ -27,7 +27,7 @@ To create a GitLab Pages website: ## Prerequisites -You must have a [blank project](../../working_with_projects.md#blank-projects) in GitLab. +You must have a [blank project](../../working_with_projects.md#create-a-blank-project) in GitLab. ## Create the project files diff --git a/doc/user/project/pages/lets_encrypt_for_gitlab_pages.md b/doc/user/project/pages/lets_encrypt_for_gitlab_pages.md index 978e35b3a9f..1f60aafe71b 100644 --- a/doc/user/project/pages/lets_encrypt_for_gitlab_pages.md +++ b/doc/user/project/pages/lets_encrypt_for_gitlab_pages.md @@ -1,165 +1,9 @@ --- -stage: Release -group: Release -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments -description: "How to secure GitLab Pages websites with Let's Encrypt (manual process, deprecated)." +redirect_to: 'custom_domains_ssl_tls_certification/lets_encrypt_integration.md' +remove_date: '2022-03-14' --- -# Let's Encrypt for GitLab Pages (manual process, deprecated) **(FREE)** +This file was moved to [another location](custom_domains_ssl_tls_certification/lets_encrypt_integration.md). -WARNING: -This method is still valid but was **deprecated** in favor of the -[Let's Encrypt integration](custom_domains_ssl_tls_certification/lets_encrypt_integration.md) -introduced in GitLab 12.1. - -If you have a GitLab Pages website served under your own domain, -you might want to secure it with a SSL/TLS certificate. - -[Let's Encrypt](https://letsencrypt.org) is a free, automated, and -open source Certificate Authority. - -## Requirements - -To follow along with this tutorial, we assume you already have: - -- [Created a project](index.md#getting-started) in GitLab - containing your website's source code. -- Acquired a domain (`example.com`) and added a [DNS entry](custom_domains_ssl_tls_certification/index.md#set-up-pages-with-a-custom-domain) - pointing it to your Pages website. -- [Added your domain to your Pages project](custom_domains_ssl_tls_certification/index.md#steps) - and verified your ownership. -- Cloned your project into your computer. -- Your website up and running, served under HTTP protocol at `http://example.com`. - -## Obtaining a Let's Encrypt certificate - -Once you have the requirements addressed, follow the instructions -below to learn how to obtain the certificate. - -Note that these instructions were tested on macOS Mojave. For other operating systems the steps -might be slightly different. Follow the -[CertBot instructions](https://certbot.eff.org/) according to your OS. - -1. On your computer, open a terminal and navigate to your repository's - root directory: - - ```shell - cd path/to/dir - ``` - -1. Install CertBot (the tool Let's Encrypt uses to issue certificates): - - ```shell - brew install certbot - ``` - -1. Request a certificate for your domain (`example.com`) and - provide an email account (`your@email.com`) to receive notifications: - - ```shell - sudo certbot certonly -a manual -d example.com --email your@email.com - ``` - - Alternatively, you can register without adding an email account, - but you aren't notified about the certificate expiration's date: - - ```shell - sudo certbot certonly -a manual -d example.com --register-unsafely-without-email - ``` - - NOTE: - Read through CertBot's documentation on their - [command line options](https://certbot.eff.org/docs/using.html#certbot-command-line-options). - -1. You're prompted with a message to agree with their terms. - Press `A` to agree and `Y` to let they log your IP. - - CertBot then prompts you with the following message: - - ```shell - Create a file containing just this data: - - Rxnv6WKo95hsuLVX3osmT6LgmzsJKSaK9htlPToohOP.HUGNKk82jlsmOOfphlt8Jy69iuglsn095nxOMH9j3Yb - - And make it available on your web server at this URL: - - http://example.com/.well-known/acme-challenge/Rxnv6WKo95hsuLVX3osmT6LgmzsJKSaK9htlPToohOP - - Press Enter to Continue - ``` - -1. **Do not press Enter yet.** Let's Encrypt needs to verify your - domain ownership before issuing the certificate. To do so, create 3 - consecutive directories under your website's root: - `/.well-known/acme-challenge/Rxnv6WKo95hsuLVX3osmT6LgmzsJKSaK9htlPToohOP/` - and add to the last folder an `index.html` file containing the content - referred on the previous prompt message: - - ```shell - Rxnv6WKo95hsuLVX3osmT6LgmzsJKSaK9htlPToohOP.HUGNKk82jlsmOOfphlt8Jy69iuglsn095nxOMH9j3Yb - ``` - - Note that this file needs to be accessed under - `http://example.com/.well-known/acme-challenge/Rxnv6WKo95hsuLVX3osmT6LgmzsJKSaK9htlPToohOP` - to allow Let's Encrypt to verify the ownership of your domain, - therefore, it needs to be part of the website content under the - repository's [`public`](index.md#how-it-works) folder. - -1. Add, commit, and push the file into your repository in GitLab. Once the pipeline - passes, press **Enter** on your terminal to continue issuing your - certificate. CertBot then prompts you with the following message: - - ```shell - Waiting for verification... - Cleaning up challenges - - IMPORTANT NOTES: - - Congratulations! Your certificate and chain have been saved at: - /etc/letsencrypt/live/example.com/fullchain.pem - Your key file has been saved at: - /etc/letsencrypt/live/example.com/privkey.pem - Your cert will expire on 2019-03-12. To obtain a new or tweaked - version of this certificate in the future, simply run certbot - again. To non-interactively renew *all* of your certificates, run - "certbot renew" - - If you like Certbot, please consider supporting our work by: - - Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate - Donating to EFF: https://eff.org/donate-le - ``` - -## Add your certificate to GitLab Pages - -Now that your certificate has been issued, let's add it to your Pages site: - -1. Back at GitLab, navigate to your project's **Settings > Pages**, - find your domain and click **Details** and **Edit** to add your certificate. -1. From your terminal, copy and paste the certificate into the first field - **Certificate (PEM)**: - - ```shell - sudo cat /etc/letsencrypt/live/example.com/fullchain.pem | pbcopy - ``` - -1. Copy and paste the private key into the second field **Key (PEM)**: - - ```shell - sudo cat /etc/letsencrypt/live/example.com/privkey.pem | pbcopy - ``` - -1. Click **Save changes** to apply them to your website. -1. Wait a few minutes for the configuration changes to take effect. -1. Visit your website at `https://example.com`. - -To force `https` connections on your site, navigate to your -project's **Settings > Pages** and check **Force HTTPS (requires -valid certificates)**. - -## Renewal - -Let's Encrypt certificates expire every 90 days and you must -renew them periodically. To renew all your certificates at once, run: - -```shell -sudo certbot renew -``` +<!-- This redirect file can be deleted after <2022-03-14>. --> +<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/#move-or-rename-a-page --> diff --git a/doc/user/project/pages/redirects.md b/doc/user/project/pages/redirects.md index 3deea92f56e..beafbc86cb5 100644 --- a/doc/user/project/pages/redirects.md +++ b/doc/user/project/pages/redirects.md @@ -92,7 +92,7 @@ you can explicitly set your own. The following HTTP codes are supported: > - [Introduced](https://gitlab.com/gitlab-org/gitlab-pages/-/merge_requests/458) in GitLab 14.3. > - Enabled on GitLab.com. -> - Enabled by default in self-managed GitLab behind the [`FF_ENABLE_REDIRECTS` feature flag](#feature-flag-for-redirects). +> - Enabled on self-managed in [GitLab 14.6](https://gitlab.com/gitlab-org/gitlab-pages/-/issues/618). To create a redirect, add a rule that includes a `from` path, a `to` path, and an [HTTP status code](#http-status-codes): @@ -261,36 +261,7 @@ However, there are some minor differences: literal `:placeholder`). - GitLab redirects to `/new/`. -## Features behind feature flags - -Some Pages features are behind feature flags. - -### Feature flag for redirects - -FLAG: -Redirects in GitLab Pages is under development, and is deployed behind a feature flag -that is **enabled by default**. - -To disable redirects, for [Omnibus installations](../../../administration/pages/index.md), define the -`FF_ENABLE_REDIRECTS` environment variable in the -[global settings](../../../administration/pages/index.md#global-settings). -Add the following line to `/etc/gitlab/gitlab.rb` and -[reconfigure the instance](../../../administration/restart_gitlab.md#omnibus-gitlab-reconfigure). - -```ruby -gitlab_pages['env']['FF_ENABLE_REDIRECTS'] = 'false' -``` - -For [source installations](../../../administration/pages/source.md), define the -`FF_ENABLE_REDIRECTS` environment variable, then -[restart GitLab](../../../administration/restart_gitlab.md#installations-from-source): - -```shell -export FF_ENABLE_REDIRECTS="false" -/path/to/pages/bin/gitlab-pages -config gitlab-pages.conf -``` - -### Feature flag for rewrites +## Feature flag for rewrites FLAG: Rewrites in GitLab Pages is under development, and is deployed behind a feature flag |