From 76e96878aad0a281f8c32ef98a276b499e2581ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Chojnacki?= <pawel@chojnacki.ws>
Date: Fri, 3 Mar 2017 11:05:24 +0000
Subject: Stop setting Strict-Transport-Securty header from within the app

---
 doc/update/8.17-to-9.0.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 doc/update/8.17-to-9.0.md

(limited to 'doc/update')

diff --git a/doc/update/8.17-to-9.0.md b/doc/update/8.17-to-9.0.md
new file mode 100644
index 00000000000..7b934ecd87a
--- /dev/null
+++ b/doc/update/8.17-to-9.0.md
@@ -0,0 +1,24 @@
+#### Nginx configuration
+
+Ensure you're still up-to-date with the latest NGINX configuration changes:
+
+```sh
+cd /home/git/gitlab
+
+# For HTTPS configurations
+git diff origin/8-17-stable:lib/support/nginx/gitlab-ssl origin/9-0-stable:lib/support/nginx/gitlab-ssl
+
+# For HTTP configurations
+git diff origin/8-17-stable:lib/support/nginx/gitlab origin/9-0-stable:lib/support/nginx/gitlab
+```
+
+If you are using Strict-Transport-Security in your installation to continue using it you must enable it in your Nginx 
+configuration as GitLab application no longer handles setting it.
+
+If you are using Apache instead of NGINX please see the updated [Apache templates].
+Also note that because Apache does not support upstreams behind Unix sockets you
+will need to let gitlab-workhorse listen on a TCP port. You can do this
+via [/etc/default/gitlab].
+
+[Apache templates]: https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/web-server/apache
+[/etc/default/gitlab]: https://gitlab.com/gitlab-org/gitlab-ce/blob/9-0-stable/lib/support/init.d/gitlab.default.example#L38
-- 
cgit v1.2.1