Document how to use the Docker image with self-signed certificate + Mattermost
Implementation Guide
Document in https://docs.gitlab.com/ee/install/docker.html the following:
- Generate your self-signed certificate. You can find the detailed info here: http://www.selfsignedcertificate.com/
- Copy the files into config/ssl directory of your host system (from within you are starting the container)
- Restart your gitlab container, so that it is able to pick up the new certificate files.
If you want to use gitlab with self-signed SSL certificate, you will run into issues while integrating with mattermost. The reason is, mattermost wants to validate the request to gitlab host (which will be served under https) and fails if the certificate is self-signed. You can verify whether you are experiencing this problem by issuing the following command on your host system:
docker logs gitlab
and if you can see 'x509 certificate signed by unknown authority' on your mattermost logs, this means you have to update the ca-certificates on your docker image.
You can fix it by issuing the following commands:
-
Enter interactive session on your container:
docker exec -it gitlab /bin/bash
-
Now, being inside of your container, do the following:
cp /etc/gitlab/ssl/example.com.crt /usr/share/ca-certificates
(assuming that your self-signed certificate is in example.com.crt)
dpkg-reconfigure ca-certificates
pick "ask" (3) as the option and check your file on the list.
-
restart the services to be safe:
gitlab-ctl restart
Your integration with Mattermost should now work as expected.