Support for TLS config on Workhorse (!81400) · Merge requests · GitLab.org / GitLab

Igor Drozdov requested to merge id-workhorse-tls into master Feb 23, 2022

What does this MR do and why?

Currently, Workhorse listens on an unencrypted HTTP port or UNIX socket from NGINX. As part of a requirement to use end-to-end encryption, Workhorse needs to be able to run HTTPS server.

It allows specifying [tls] config in config.toml. The config must contain paths to the certificate and private key. After that, the server will be accessible via HTTPS.

How to set up and validate locally

Generate a certificate and private key (for example, via mkcert)
Modify config.toml and add [tls] section as:

[tls]
certificate = "/path/to/certificate"
key = "/path/to/key"

gdk restart gitlab-workhorse
Go to https instead of http

Next steps

Enable configuring HTTPS via GDK (currently possible only with NGINX)

Support for TLS config on Workhorse

What does this MR do and why?

How to set up and validate locally

Next steps

Merge request reports