2016-01-16 15:43:30 +05:30
|
|
|
|
Template: gitlab/fqdn
|
|
|
|
|
Type: string
|
|
|
|
|
Default: localhost
|
|
|
|
|
_Description: Fully qualified domain name for this instance of Gitlab:
|
|
|
|
|
Please choose the domain name which should be used to access this
|
|
|
|
|
instance of Gitlab.
|
|
|
|
|
.
|
|
|
|
|
This should be the fully qualified name as seen from the Internet, with
|
|
|
|
|
the domain name that will be used to access the pod.
|
|
|
|
|
.
|
|
|
|
|
If a reverse proxy is used, give the hostname that the proxy server
|
|
|
|
|
responds to.
|
2015-10-24 13:00:34 +05:30
|
|
|
|
|
|
|
|
|
Template: gitlab/ssl
|
|
|
|
|
Type: boolean
|
2016-02-09 16:17:52 +05:30
|
|
|
|
Default: false
|
2015-10-24 13:00:34 +05:30
|
|
|
|
_Description: Enable https?
|
2016-02-05 23:38:43 +05:30
|
|
|
|
Enabling https means that an SSL certificate is required to access this Gitlab
|
|
|
|
|
instance (as Nginx will be configured to respond only to https requests). A
|
|
|
|
|
self-signed certificate is enough for local testing (and can be generated
|
|
|
|
|
using, for instance, the package easy-rsa), but it is not recommended for a
|
|
|
|
|
production instance.
|
2015-10-24 13:00:34 +05:30
|
|
|
|
.
|
2016-02-05 23:51:05 +05:30
|
|
|
|
Some certificate authorities like Let's Encrypt (letsencrypt.org), StartSSL
|
2016-02-05 23:38:43 +05:30
|
|
|
|
(startssl.com) or WoSign (buy.wosign.com/free) offer free SSL certificates.
|
2015-10-24 13:00:34 +05:30
|
|
|
|
.
|
2016-02-07 14:40:33 +05:30
|
|
|
|
letsencrypt package may be used to automate interaction with Let’s Encrypt to
|
2016-02-11 01:37:00 +05:30
|
|
|
|
obtain a certificate. Nginx must be reloaded after the certificate and key
|
|
|
|
|
files are made available at /etc/gitlab/ssl.
|
2016-02-05 23:51:05 +05:30
|
|
|
|
|
|
|
|
|
Template: gitlab/letsencrypt
|
|
|
|
|
Type: boolean
|
2016-02-09 16:17:52 +05:30
|
|
|
|
Default: false
|
2016-02-05 23:51:05 +05:30
|
|
|
|
_Description: Use Let's Encrypt?
|
2016-02-07 14:40:33 +05:30
|
|
|
|
Symbolic links to certificate and key created using letsencrypt package
|
|
|
|
|
(/etc/letencrypt/live) will be added to /etc/gitlab/ssl if this option is
|
|
|
|
|
selected.
|
2016-02-05 23:51:05 +05:30
|
|
|
|
.
|
|
|
|
|
Otherwise, certificate and key files have to be placed manually to
|
2016-02-07 14:40:33 +05:30
|
|
|
|
/etc/gitlab/ssl directory as 'gitlab.crt' and 'gitlab.key'.
|
2016-02-05 23:51:05 +05:30
|
|
|
|
.
|
2016-02-11 01:37:00 +05:30
|
|
|
|
Nginx will be stopped, if this option is selected, to allow letsencrypt to use
|
|
|
|
|
ports 80 and 443 during domain ownership validation and certificate retrieval
|
|
|
|
|
step.
|
2016-02-11 01:38:57 +05:30
|
|
|
|
.
|
|
|
|
|
Note: letsencrypt does not have an nginx plugin currently and you'll have to
|
|
|
|
|
renew your certificates manually, after 3 months, when your letsencrypt
|
|
|
|
|
certificate expire.
|