Pages chroot doesn't copy Custom CA - breaking HTML artifacts
From !51 (merged):
On top of that
gitlab-pageschroot deamon will now create a complete jail with
/etc/resolv.conf, a copy of
/etc/ssl/ca-bundle.pem, and a bind mount of
SSL_CERT_FILE is the bundle located at
/opt/gitlab/embedded/ssl/certs/cacert.pem, however we have added our own custom CA to
/etc/gitlab/trusted-certs/customcacert.pem as per https://docs.gitlab.com/omnibus/settings/ssl.html#details-on-how-gitlab-and-ssl-work
From looking at https://gitlab.com/gitlab-org/gitlab-pages/blob/master/daemon.go#L126 I can see that the single
SSL_CERT_FILE is copied, but I do not see anything attempting to copy custom CAs.
The result of this is that HTML artifacts are unable to be seen via the pages daemon, presumably as it requests it via our internal domain, served with a cert signed by our custom CA.