GitLab CE community version of HTTPS mode configuration (yum)

GitLab CE community version of HTTPS mode configuration (yum)

last installed but not https now requires a universal https Span style= "font-size:19px;font-family: ' the song Body '; > Today we will configure https https access to the landing and git also not https

650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M01/8C/D1/wKiom1h49uCzyV4LAAIOJE0C_W8696.png "title=" 1.png "alt=" Wkiom1h49uczyv4laaioje0c_w8696.png "/>

First back up our configuration and files in case we change the error fallback

Backup configuration executes directly, first into your own backup directory .

tar-zpcf$ (date "+etc-gitlab_%y%m%d_%h%m%s.tar.gz")/etc/gitlab

650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M01/8C/CE/wKioL1h49w_xfGybAAEPxfRMCUI146.png "title=" 2.png "alt=" Wkiol1h49w_xfgybaaepxfrmcui146.png "/>

backup files, Default in /var/opt/gitlab/backup directory does not know can see configuration file

gitlab_rails[' backup_path ']= "/var/opt/gitlab/backups" of the Properties

If the problem is directly restored to the original

Recovery: Stop database service execution restore specified file number

Gitlab-ctl Stop Unicorngitlab-ctl stop sidekiqgitlab-rake gitlab:backup:restore backup=1484296250

input Yes It's all Right.

then restart the service: gitlab-ctl Restart It's all Right.

650) this.width=650; "src=" https://s1.51cto.com/wyfs02/M00/8C/D1/wKiom1h49y_Ac9hsAALIvBTnBqk052.png "title=" 3.png "alt=" Wkiom1h49y_ac9hsaalivbtnbqk052.png "/>

To generate a certificate:

Because I'm playing it myself, without the certificate of the browser trust authority, I command to generate a certificate, which is also encrypted only the browser does not recognize.

To establish a certificate and set permissions, this permission must be:

Mkdir-p/etc/gitlab/ssl && chmod 700/etc/gitlab/ssl && Cd/etc/gitlab/ssl

650) this.width=650; "src=" https://s1.51cto.com/wyfs02/M02/8C/D1/wKiom1h490mzw4KsAAGa0glJFR0055.png "title=" 4.png "alt=" Wkiom1h490mzw4ksaaga0gljfr0055.png "/>

Create a server private key, and the command will let you enter a password: ( It is best not to enter the password, as if not input, I enter 1234 and then use the command to cancel the password )

OpenSSL genrsa-des3-out Server.key 1024

650) this.width=650; "src=" https://s4.51cto.com/wyfs02/M02/8C/CE/wKioL1h496ySwgaTAAI9cVW4JUg534.png "title=" 5.png "alt=" Wkiol1h496yswgataai9cvw4jug534.png "/>

Create a certificate for the signing request ( CSR ):

OpenSSL Req-new-key server.key-out SERVER.CSR

Need to enter the password just now, National province City domain name mailbox and other information

finally, two files were Generated.

650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M00/8C/CE/wKioL1h493riOjaUAAOUfSD51hc116.png "title=" 6.png "alt=" Wkiol1h493riojauaaoufsd51hc116.png "/>

in the Load SSL supported by Nginx and use the above private key when you want to remove the password you just set:

just back up the CSR file

CP server.keyserver.key.org

removal command, directly covering the Server.key the

OpenSSL rsa-inserver.key.org-out Server.key

The last token certificate uses the above private key and CSR : (put CSR marked and converted into a CRT Nginx to use Key and the CRT files)

OpenSSL x509-req-days 365-in server.csr-signkey server.key-out server.crt

650) this.width=650; "src=" https://s1.51cto.com/wyfs02/M00/8C/D1/wKiom1h4-OOSt0EzAAIDNQdEf7s073.png "title=" 7.png "alt=" Wkiom1h4-oost0ezaaidnqdef7s073.png "/>

Direct Modification Gitlab the configuration file is running Gitlab-ctl Reconfigure , this command will import the files you have configured into Nginx configuration file, Running this command will let Nginx configuration changes can be seen Below:

Vim/etc/gitlab/gitlab.rb

Configurations that need to be modified:

External_url "https://192.168.61.128" nginx[' Redirect_http_to_https ']= truenginx[' ssl_certificate ']= '/etc/gitlab/ SSL/SERVER.CRT "nginx[' Ssl_certificate_key ']="/etc/gitlab/ssl/server.key "

650) this.width=650; "src=" https://s1.51cto.com/wyfs02/M02/8C/D1/wKiom1h4-hei5bp2AAKA87WGyqg411.png "title=" 12. PNG "alt=" wkiom1h4-hei5bp2aaka87wgyqg411.png "/>

650) this.width=650; "src=" https://s3.51cto.com/wyfs02/M00/8C/D1/wKiom1h5B66yrfVxAAO8-i0DafY556.png "title=" 17. PNG "alt=" wkiom1h5b66yrfvxaao8-i0dafy556.png "/>

Run Gitlab-ctl Reconfigure ( make configuration effective ) after Nginx configuration has changed to:

is automatically added HTTP80 Jump to 443 the configuration of the is not written by itself.

gitlab-ctlreconfigure The order is very cool.

650) this.width=650; "src=" https://s1.51cto.com/wyfs02/M01/8C/D1/wKiom1h5CAngDUIbAAR646HgDBc717.png "title=" 18. PNG "alt=" wkiom1h5cangduibaar646hgdbc717.png "/>

Last Restart Service

when all of the above has been completed , Use gitlab-ctl Restart (to Restart all services) , Ready to use HTTPS Access GitLab , the certificate is at risk because our HTTPS is not issued by a certificate Authority.

After the reboot is complete, we need to look at Nginx configuration key and CRT path to No.

Here are the Effects:

650) this.width=650; "src=" https://s2.51cto.com/wyfs02/M00/8C/CE/wKioL1h4_I-Q-YYKAAG2r7WhSQg433.png "title=" 13. PNG "alt=" wkiol1h4_i-q-yykaag2r7whsqg433.png "/>

Reference:https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md

Http://serverfault.com/questions/665736/ssl-routinesssl23-writessl-handshake-failure-nginx-on-centos-7

According to the above way has implemented the configuration of our https, the following is the problem I Encountered.

Summary of Issues:

I've seen a lot of people's configuration before, and they're going to modify it themselves Nginx the configuration,

Configure First Nginx to support HTTPS

default configuration file directory /var/opt/gitlab/nginx/conf

gitlab-http.conf nginx.conf Both of these need to be configured

Configure First gitlab-http.conf Listen Port replaced by 443

Add Content To:

Listen *:443

SSL on;

ssl_certificate/etc/gitlab/ssl/server.crt;

ssl_certificate_key/etc/gitlab/ssl/server.key;

Ssl_protocols SSLv3 TLSv1;

ssl_ciphersall:!anull:! adh:!enull:! low:! exp:rc4+rsa:+high:+medium;

650) this.width=650; "src=" https://s2.51cto.com/wyfs02/M01/8C/CE/wKioL1h5AYujk_VZAALyhzz8lrg325.png "title=" 8.png "alt=" Wkiol1h5ayujk_vzaalyhzz8lrg325.png "/>

Add a configuration file to HTTP Jump HTTPS:

/var/opt/gitlab/nginx/conf/index.conf

server {

Listen *:80;

server_name 192.168.61.128;

Rewrite ^ (. *) $ Https://$host $ permanent;

}

650) this.width=650; "src=" https://s2.51cto.com/wyfs02/M02/8C/CE/wKioL1h5Aafwg8PwAAD00HXUDQw102.png "title=" 9.png "alt=" Wkiol1h5aafwg8pwaad00hxudqw102.png "/>

Last modified /var/opt/gitlab/nginx/conf/nginx.conf configuration file , Add the following to the content , to load the configuration file just now index.conf (need to put gzip off Close ; ) :

include/var/opt/gitlab/nginx/conf/index.conf;

650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M01/8C/CE/wKioL1h5AcjRWxWMAAHZgwtqjEk613.png "title=" 10. PNG "alt=" wkiol1h5acjrwxwmaahzgwtqjek613.png "/>

This configuration is complete before you modify the gitlab.rb files Run after Gitlab-ctl Reconfigure

after the order, we add the above-mentioned Nginx the configuration was flushed Out.

This is the only way to Run:

git lab-ctl Stop Nginx stops Nginx

Gitlab-ctl start Nginx

This will never run the Gitlab-ctl reconfigure Command. That's not a good way. The way I use it the Most.

There is one more question:

When you use git to command clone,

git clone https://192.168.61.128/root/test.git error occurred: fatal:destination path ' test ' already exists and is not an empty Direc Tory.git Config--global http.sslverify false off can clone, is our certificate is not the reason why the certification authority git Config--global http.sslverify true to open

650) this.width=650; "src=" https://s3.51cto.com/wyfs02/M02/8C/CE/wKioL1h5A7LS_ZAVAAC1lT97nsA570.png "title=" 16. PNG "alt=" wkiol1h5a7ls_zavaac1lt97nsa570.png "/>

Today's https is even done here. It's late, January 14, 2017, 00:45:39 to Bed.

GitLab CE community version of HTTPS mode configuration (yum)