From 284b7bc1387100a3bfe761aa594258de42b4600f Mon Sep 17 00:00:00 2001
From: Marcel Amirault <ravlen@gmail.com>
Date: Tue, 12 Feb 2019 12:34:21 +0000
Subject: Docs: Realign several CE docs that diverged from EE unnecessarily

---
 doc/administration/high_availability/gitlab.md     |  8 +++-
 .../high_availability/load_balancer.md             | 54 ++++++++++++++++++++--
 doc/administration/uploads.md                      |  2 +-
 doc/ci/examples/sast_docker.md                     |  2 +-
 4 files changed, 58 insertions(+), 8 deletions(-)

diff --git a/doc/administration/high_availability/gitlab.md b/doc/administration/high_availability/gitlab.md
index 2ca860bd763..e554c06532e 100644
--- a/doc/administration/high_availability/gitlab.md
+++ b/doc/administration/high_availability/gitlab.md
@@ -58,6 +58,7 @@ for each GitLab application server in your environment.
 
     # Disable components that will not be on the GitLab application server
     roles ['application_role']
+    nginx['enable'] = true
 
     # PostgreSQL connection details
     gitlab_rails['db_adapter'] = 'postgresql'
@@ -90,6 +91,8 @@ for each GitLab application server in your environment.
     certificates are not present, Nginx will fail to start. See
     [Nginx documentation](http://docs.gitlab.com/omnibus/settings/nginx.html#enable-https)
     for more information.
+    >
+    > **Note:** It is best to set the `uid` and `gid`s prior to the initial reconfigure of GitLab. Omnibus will not recursively `chown` directories if set after the initial reconfigure.
 
 ## First GitLab application server
 
@@ -108,8 +111,9 @@ Additional GitLab servers (servers configured **after** the first GitLab server)
 need some extra configuration.
 
 1. Configure shared secrets. These values can be obtained from the primary
-   GitLab server in `/etc/gitlab/gitlab-secrets.json`. Add these to
-   `/etc/gitlab/gitlab.rb` **prior to** running the first `reconfigure`.
+   GitLab server in `/etc/gitlab/gitlab-secrets.json`. Copy this file to the
+   secondary servers **prior to** running the first `reconfigure` in the steps
+   above.
 
     ```ruby
     gitlab_shell['secret_token'] = 'fbfb19c355066a9afb030992231c4a363357f77345edd0f2e772359e5be59b02538e1fa6cae8f93f7d23355341cea2b93600dab6d6c3edcdced558fc6d739860'
diff --git a/doc/administration/high_availability/load_balancer.md b/doc/administration/high_availability/load_balancer.md
index 359de0efadb..28b226cacd5 100644
--- a/doc/administration/high_availability/load_balancer.md
+++ b/doc/administration/high_availability/load_balancer.md
@@ -8,7 +8,53 @@ choice already. Some examples including HAProxy (open-source), F5 Big-IP LTM,
 and Citrix Net Scaler. This documentation will outline what ports and protocols
 you need to use with GitLab.
 
-## Basic ports
+## SSL
+
+How will you handle SSL in your HA environment? There are several different
+options:
+
+- Each application node terminates SSL
+- The load balancer(s) terminate SSL and communication is not secure between
+  the load balancer(s) and the application nodes
+- The load balancer(s) terminate SSL and communication is *secure* between the
+  load balancer(s) and the application nodes
+
+### Application nodes terminate SSL
+
+Configure your load balancer(s) to pass connections on port 443 as 'TCP' rather
+than 'HTTP(S)' protocol. This will pass the connection to the application nodes
+Nginx service untouched. Nginx will have the SSL certificate and listen on port 443.
+
+See [Nginx HTTPS documentation](https://docs.gitlab.com/omnibus/settings/nginx.html#enable-https)
+for details on managing SSL certificates and configuring Nginx.
+
+### Load Balancer(s) terminate SSL without backend SSL
+
+Configure your load balancer(s) to use the 'HTTP(S)' protocol rather than 'TCP'.
+The load balancer(s) will then be responsible for managing SSL certificates and
+terminating SSL.
+
+Since communication between the load balancer(s) and GitLab will not be secure,
+there is some additional configuration needed. See
+[Nginx Proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl)
+for details.
+
+### Load Balancer(s) terminate SSL with backend SSL
+
+Configure your load balancer(s) to use the 'HTTP(S)' protocol rather than 'TCP'.
+The load balancer(s) will be responsible for managing SSL certificates that
+end users will see.
+
+Traffic will also be secure between the load balancer(s) and Nginx in this
+scenario. There is no need to add configuration for proxied SSL since the
+connection will be secure all the way. However, configuration will need to be
+added to GitLab to configure SSL certificates. See
+[Nginx HTTPS documentation](https://docs.gitlab.com/omnibus/settings/nginx.html#enable-https)
+for details on managing SSL certificates and configuring Nginx.
+
+## Ports
+
+### Basic ports
 
 | LB Port | Backend Port | Protocol        |
 | ------- | ------------ | --------------- |
@@ -16,9 +62,9 @@ you need to use with GitLab.
 | 443     | 443          | TCP or HTTPS [^1] [^2] |
 | 22      | 22           | TCP             |
 
-## GitLab Pages Ports
+### GitLab Pages Ports
 
-If you're using GitLab Pages with custom domain support you will need some 
+If you're using GitLab Pages with custom domain support you will need some
 additional port configurations.
 GitLab Pages requires a separate virtual IP address. Configure DNS to point the
 `pages_external_url` from `/etc/gitlab/gitlab.rb` at the new virtual IP address. See the
@@ -29,7 +75,7 @@ GitLab Pages requires a separate virtual IP address. Configure DNS to point the
 | 80      | Varies [^3]  | HTTP     |
 | 443     | Varies [^3]  | TCP [^4] |
 
-## Alternate SSH Port
+### Alternate SSH Port
 
 Some organizations have policies against opening SSH port 22. In this case,
 it may be helpful to configure an alternate SSH hostname that allows users
diff --git a/doc/administration/uploads.md b/doc/administration/uploads.md
index 476ae8e8a76..9dfe085425f 100644
--- a/doc/administration/uploads.md
+++ b/doc/administration/uploads.md
@@ -149,7 +149,7 @@ _The uploads are stored by default in
 
 [reconfigure gitlab]: restart_gitlab.md#omnibus-gitlab-reconfigure "How to reconfigure Omnibus GitLab"
 [restart gitlab]: restart_gitlab.md#installations-from-source "How to restart GitLab"
-[eep]: https://about.gitlab.com/gitlab-ee/ "GitLab Enterprise Edition Premium"
+[eep]: https://about.gitlab.com/gitlab-ee/ "GitLab Premium"
 [ce]: https://about.gitlab.com/gitlab-ce/ "GitLab Community Edition"
 [ee-3867]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3867
 [ce-17358]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17358
diff --git a/doc/ci/examples/sast_docker.md b/doc/ci/examples/sast_docker.md
index 9f4a63e296d..3a657b3a3d5 100644
--- a/doc/ci/examples/sast_docker.md
+++ b/doc/ci/examples/sast_docker.md
@@ -1 +1 @@
-This document was moved to [another location](./container_scanning.md).
\ No newline at end of file
+This document was moved to [another location](./container_scanning.md).
-- 
cgit v1.2.1