Set SSL_CERT_DIR for embedded Go services
We tell our users to install custom SSL certificates into
/opt/gitlab/embedded/ssl/certs/. These certificates then get picked up by everything in omnibus-gitlab that uses OpenSSL.
However, we also have some Go programs in omnibus that use Go's own
crypto/tls library instead of OpenSSL (e.g. gitlab-workhorse, see gitlab-workhorse#177 (closed)). These programs will ignore
It turns out we can tell
/opt/gitlab/embedded/ssl/certs/ by setting
SSL_CERT_DIR=/opt/gitlab/embedded/ssl/certs/. I suggest that we go through all our Runit services that spawn Go programs and add this setting to the default
env hash. It has been reported in gitlab-workhorse#177 (closed) that this works.