I have explained How to Install GitLab in a Disconnected Environment in a past article. In this article you will learn how to use self-signed or custom SSL certificates to secure your GitLab servers.
You can use any of the below listed certificates depends on your environments for this method.
Follow below steps to configure GitLab with custom SSL certificate.
Create the ssl
directory if does not exist.
$ mkdir /etc/gitlab/ssl/
Copy custom SSL certificate and key to the /etc/gitlab/ssl/
directory.
sudo ls -l /etc/gitlab/ssl
total 8
-rw-r--r--. 1 root root 2222 Dec 22 13:06 gitlab-ce.lab.local.crt
-rw-------. 1 root root 1679 Dec 22 13:06 gitlab-ce.lab.local.key
/etc/gitlab/gitlab.rb
Edit /etc/gitlab/gitlab.rb
file and configure below items.
1. Disable Let’s Encrypt and renewal in /etc/gitlab/gitlab.rb
file
letsencrypt['auto_renew'] = false
2. You can use any custom names or keep the file format as per GitLab configuration. In my case, I follow the GitLab file format and did not change filename or path inside configuration for SSL.
# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
3. Change the external_url
parameter in /etc/gitlab/gitlab.rb
file (from http
to https
)
external_url 'https://gitlab-ce.lab.local'
Reconfigure the GitLab and wait for re-configuration to complete.
$ sudo gitlab-ctl reconfigure
Restart GitLab to use the latest configuration
$sudo gitlab-ctl restart
Now verify access to from a web browser and verify the SSL certificate.
Disclaimer: The views expressed and the content shared are those of the author and do not reflect the views of the author’s employer or techbeatly platform.
Gineesh Madapparambath
Gineesh Madapparambath is the founder of techbeatly and he is the author of the book - ๐๐ป๐๐ถ๐ฏ๐น๐ฒ ๐ณ๐ผ๐ฟ ๐ฅ๐ฒ๐ฎ๐น-๐๐ถ๐ณ๐ฒ ๐๐๐๐ผ๐บ๐ฎ๐๐ถ๐ผ๐ป.
He has worked as a Systems Engineer, Automation Specialist, and content author. His primary focus is on Ansible Automation, Containerisation (OpenShift & Kubernetes), and Infrastructure as Code (Terraform).
(aka Gini Gangadharan - iamgini.com)
This site uses Akismet to reduce spam. Learn how your comment data is processed.2 Responses
Leave a Reply Cancel reply
Hi, I followed these steps but my browser says the gitlab installation is insecure as the SSL certificate is self signed. I am also unable to push to the repo for the same reason, anyway to make a self signed certificate secure? Thanks
Yes, browser will say its not secure as its self-signed. this is the expected behaviour unless you are using a valid CA signed certificate.
You can disable SSL certificate validation globally by
git config --global http.sslVerify false
or
git config http.sslVerify "false"