Commit e499fd7e authored by Jacob Vosmaer's avatar Jacob Vosmaer

Documentation / scripts for HTTPS via stunnel

parent f6ba2741
......@@ -135,6 +135,13 @@ foreman:
.ruby-version:
ln -s ${gitlab_development_root}/gitlab/.ruby-version $@
localhost.pem: localhost.crt localhost.key
cat localhost.key localhost.crt > $@
localhost.key:
openssl req -new -subj "/CN=localhost/" -x509 -days 365 -newkey rsa:2048 -nodes -keyout "localhost.key" -out "localhost.crt"
chmod 600 $@
gitlab-workhorse-setup: gitlab-workhorse/gitlab-workhorse
gitlab-workhorse-update: gitlab-workhorse/.git/pull
......
......@@ -5,3 +5,4 @@ postgresql: postgres -D /home/git/postgresql/data -k /home/git/postgresql -h ''
gitlab-workhorse: PATH=/home/git/gitlab-workhorse:$PATH gitlab-workhorse -authSocket /home/git/gitlab.socket -listenAddr localhost:$port -documentRoot /home/git/gitlab/public -developmentMode
rails-web: cd gitlab && RAILS_ENV=development bin/web start_foreground
rails-background-jobs: cd gitlab && RAILS_ENV=development bin/background_jobs start_foreground
#workhorse-stunnel: support/workhorse-stunnel localhost:3443 /home/git/gitlab.socket /home/git/localhost.pem
\ No newline at end of file
......@@ -44,6 +44,7 @@ sockets to avoid port conflicts.
- [Setup](#setup)
- [NFS](#nfs)
- [Ubuntu / Debian](#ubuntu-debian)
- [HTTPS](#https)
- [OS X, other developer OS's](#os-x-other-developer-os-s)
- [Troubleshooting](#troubleshooting)
- [Rails cannot connect to Postgres](#rails-cannot-connect-to-postgres)
......@@ -611,6 +612,27 @@ sudo mount 127.0.0.1:/exports/gitlab-data/gitlab-satellites gitlab-satellites
# TODO: put the above mounts in /etc/fstab ?
```
## HTTPS
If you want to access GitLab via HTTPS in development you can use stunnel.
First generate a key and certificate for localhost:
```
make localhost.pem
```
On OS X you can add this certificate to the trust store with:
`security add-trusted-cert localhost.crt`.
Next make sure that HTTPS is enabled in gitlab/config/gitlab.yml.
Uncomment the `workhorse-stunnel` line in your Procfile. Now `./run app`
(and `./run`) will start stunnel listening on https://localhost:3443.
TODO: figure out the impact of Strict-Transport-Security (set
automatically in GitLab (Rails)) in development.
## OS X, other developer OS's
MR welcome!
......
......@@ -25,7 +25,7 @@ db() {
app() {
print_port
foreman_start -c all=0,rails-web=1,rails-background-jobs=1,gitlab-workhorse=1
foreman_start -c all=0,rails-web=1,rails-background-jobs=1,gitlab-workhorse=1,workhorse-stunnel=1
}
all() {
......
#!/bin/sh
main() {
stunnel -fd 3 3<<EOF
foreground = yes
[workhorse-https]
accept = $1
connect = $2
cert = $3
EOF
}
if [ x$# -ne x3 ] ; then
echo "Usage: $0 LISTEN_ADDRESS WORKHORSE_SOCKET CERTIFICATE"
exit 1
fi
main "$@"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment