gitlab-ce-pages
gitlab-ce-pages copied to clipboard
YuMS
ssl?
can this wonderful project support ssl certificates sometimes?
Following https://github.com/YuMS/gitlab-ce-pages/blob/master/src/package.json#L9 it seems https://github.com/Daplie/letsencrypt-express can help to answer your question with yes.
GCP uses NGINX to serve static files as well as to forward to express. So SSL should be set on NGINX.
Several things to do
- [ ] expose
GCP_HTTPSenvironment for SSL switch - [ ] expose 443 for SSL enabled docker port
- [ ] support dropping SSL certificate files into some mounted folder
Oh, I didn't see nginx in here. Actually I believe it would be better to decouple both components into seperate containers for easier maintainability. Then something like https://github.com/jwilder/nginx-proxy can take care of TLS termination.
First thing: We need to protect the private keys of the certs. Dropping them into a volume is ok, but as this is targeted at Gitlab, we might use another approach.
Let the user control the certificates being used from Gitlab UI ;)
Add 2 (or more) private variables (e.g. SSL_CERT and SSL_KEY, optionally SSL_CA). So the user can just paste the plain text from it's LetsEncrypt cert. No one has access, it's not exposed in the repo.
Now the tricky part. We need to transfer the content to GCP somehow. Probably we can use the API to retrieve the variables (we can't just put them into the artifacts). Then, the deployer hook can retrieve the vars, put them into cert files and create nginx config file. I'm gonig to try the API, if this works and will report back.
@morph027 You can't do that this way because the projects owner are not responsible for deploying. We can't have them to set project variable to enable SSL.
Sure? In my personal projects, i can do so ;)
But they also can't edit any files in mounted volumes.