Support for TLS config on Workhorse
What does this MR do and why?
Related issue: #353010 (closed)
Currently, Workhorse listens on an unencrypted HTTP port or UNIX socket from NGINX. As part of a requirement to use end-to-end encryption, Workhorse needs to be able to run HTTPS server.
It allows specifying [tls] config in config.toml. The config must contain paths to the certificate and private key. After that, the server will be accessible via HTTPS.
How to set up and validate locally
- Generate a certificate and private key (for example, via mkcert)
- Modify
config.toml
and add[tls]
section as:
[tls]
certificate = "/path/to/certificate"
key = "/path/to/key"
gdk restart gitlab-workhorse
- Go to
https
instead ofhttp
Next steps
Enable configuring HTTPS via GDK (currently possible only with NGINX)