Draft: Add support for GitLab Rails Nginx SSL
What does this MR do?
MR adds support to enable SSL for GitLab Rails Nginx. This is a core touchpoint and as a result the feature requires the following:
- Support for single node setups where external SSL variables are followed instead
- NGinx internal support (when behind load balancer with SSL termination)
- HAProxy CA support (when it is the load balancer with SSL termination)
- Gitaly Internal Callback Support (via Internal Load Balancer passthrough)
Related issues
Closes #446
Author's checklist
When ready for review, the Author applies the workflowready for review label and mention @gl-quality/get-maintainers
:
- Merge request:
-
Corresponding Issue raised and reviewed by the GET maintainers team. -
Merge Request Title and Description are up-to-date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline -
MR has no new security alerts in the widget from the Secret Detection
andIaC Scan (SAST)
jobs.
-
- Code:
-
Check the area changed works as expected. Consider testing it in different environment sizes (1k,3k,10k,etc.). -
Documentation created/updated in the same MR. -
If this MR adds an optional configuration - check that all permutations continue to work. -
For Terraform changes: set up a previous version environment, then run a terraform plan
with your new changes and ensure nothing will be destroyed. If anything will be destroyed and this can't be avoided please add a comment to the current MR.
-
-
Create any follow-up issue(s) to support the new feature across other supported cloud providers or advanced configurations. Create 1 issue for each provider/configuration. Contact the Quality Enablement team if unsure.