Skip to content

Draft: Fix LetsEncrypt when NGINX SSL config is set

Stan Hu requested to merge sh-fix-letsencrypt-registry into master

What does this MR do?

When LetsEncrypt is enabled, Omnibus previously defaulted to setting the registry NGINX to /etc/gitlab/ssl/#{uri.host}.{crt,key}. However, if the main NGINX SSL cert/key is explicitly set to /etc/gitlab/ssl/nginx.{crt,key}, LetsEncrypt will use that filename but the registry NGINX will be configured to use the FQDN-based filename, which won't ever be created. This causes a Chef failure when using LetsEncrypt since NGINX won't be able to find the FQDN-based filename.

To fix this, every NGINX should default to the main NGINX SSL config.

There are a number of case to consider. Here's an example:

nginx['ssl_certificate'] registry_external_url registry_nginx['ssl_certificate'] letsencrypt['enable'] Expected result for registry_nginx['ssl_certificate']
/etc/gitlab/ssl/nginx.crt https://dev.gitlab.org:5005 /etc/gitlab/ssl/registry.crt true /etc/gitlab/ssl/nginx.crt
/etc/gitlab/ssl/nginx.crt https://dev.gitlab.org:5005 /etc/gitlab/ssl/registry.crt false /etc/gitlab/ssl/registry.crt
nil https://dev.gitlab.org:5005 /etc/gitlab/ssl/registry.crt true /etc/gitlab/ssl/dev.gitlab.org.crt
nil https://dev.gitlab.org:5005 /etc/gitlab/ssl/registry.crt false /etc/gitlab/ssl/registry.crt

Related issues

Relates to #7458 (closed)

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion

Required

  • Merge Request Title, and Description are up to date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline on GitLab.com
  • Pipeline is green on dev.gitlab.org if the change is touching anything besides documentation or internal cookbooks
  • trigger-package has a green pipeline running against latest commit

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes
  • Documentation created/updated
  • Tests added
  • Integration tests added to GitLab QA
  • Equivalent MR/issue for the GitLab Chart opened
Edited by Stan Hu

Merge request reports