Pages access control doesn't pick-up custom CA certs on authentication
Problem to solve
Pages access control doesn't pick-up custom CA certs on authentication. Pages access control is not usable.
Running gitlab with a self signed certificate resolved by a reverse proxy.
==> /var/log/gitlab/gitlab-pages/current <== ... level=debug msg="Fetching access token failed" error="Post https://<git domain>/oauth/token: x509: certificate signed by unknown authority" host=... # results in a 503
echo -n | openssl s_client -connect <git domain>:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/ssl/certs/gitlab.crt # ca-certificates yum install ca-certificates update-ca-trust force-enable cp /etc/ssl/certs/gitlab.crt /etc/pki/ca-trust/source/anchors/ update-ca-trust extract gitlab-ctl reconfigure # doesn't work :( # https://docs.gitlab.com/omnibus/settings/ssl.html#install-custom-public-certificates cp /etc/ssl/certs/gitlab.crt /etc/gitlab/trusted-certs/ gitlab-ctl reconfigure # doesn't work :( # hack cat /etc/ssl/certs/gitlab.crt >> /opt/gitlab/embedded/ssl/certs/cacert.pem gitlab-ctl reconfigure # works :)
What else do you need?
Pages access control takes
ca-certificates into account.
What does success look like, and how can we measure that?
Pages access control works on gitlab with self signed certificate resolved by a reverse proxy.