-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SSL support #54
Comments
@arnos i have published my ssl-support branch. There were a lot of use cases to take care of and I finally managed to get it done. I had to hack into the gitlab code to get things working. Anyways, can you test the ssl support and confirm that it works for you? Instructions can be found in the README. |
Must have missed something a I thought you were pulling my branch? I'm a bit concerned with the fact you had to modify gitlab code as their I'll check it as soon as I can. On Monday, April 28, 2014, Sameer Naik notifications@github.com wrote:
|
@arnos its true that gitlab SSL support is supposed to work out of the box. But since we are containerizing the application I had to make minor and harmless edits to get it working for the various use cases. There are a lot of topologies that have to be handled and various scenarios like
Hopefully, I think I have taken care of all scenario's. |
@arnos i was just thinking. Right now this is the general use case: On the host you install a load balancer such as hipache/haproxy or nginx. If you are enabling SSL support then it (SSL) has to also be configured at the load balancer and as such the internal SSL configuration is more or less pointless. Inside the container we are running an nginx server which proxies connections to the unicorn workers. So in essence we have a stack that looks like this: If we remove the internal nginx, then the stack would look like this By doing this change we will effectively be converting the gitlab application from a web server to a app server, which i think fits better with docker and as a side effect your access log collection will happen at the host. Another problem we would be solving with this change is, if i am using nginx as my load balancer and if I want to change the client_max_body_size, then I have to configure this on the internal nginx server as well as at the load balancer (just found this out today). But with this change we only end up configuring this setting at one place. The only downside to this that I can see is that you will not be able to enable ssl support if you decide to use the application without a load balancer, which I think should be fine. what do you think? |
as long as it is defined how to enable SSL from unicorn it should be fine. With an installer experience, you can ask the user if they have a load On Tue, May 13, 2014 at 2:08 PM, Sameer Naik notifications@github.comwrote:
|
@arno Creating an issue for the SSL support work. At the moment the SSL related comments are all over the place.
I just pulled your branch. I see you have given a lot of SSL configuration options. I think its an overkill.
My changes are only a couple of lines (maybe 10 lines or so) I will publish my branch and maybe you can check and we can add whatever else is required.
#53
The text was updated successfully, but these errors were encountered: