Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
move tls.cert and tls.key (and all TLS/HTTPS features) to nginx
- Loading branch information
Showing
16 changed files
with
18 additions
and
159 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,36 +1,3 @@ | ||
# Securing a Sourcegraph instance with TLS/SSL | ||
|
||
If you intend to make your Sourcegraph instance accessible on the Internet or another untrusted network, you should use TLS so that all traffic will be served over HTTPS. | ||
|
||
See "[nginx HTTP server settings](nginx.md)" for more information. | ||
|
||
## Using your own TLS certificate | ||
|
||
### Single-server Sourcegraph deployments | ||
|
||
For single-server Docker image deployments, add the following lines to your site configuration. The TLS certificate and private key must be specified as PEM-encoded strings. | ||
|
||
> Tip: Use [jq](https://stedolan.github.io/jq/) with the command `jq -R --slurp < /path/to/my/cert-or-key.pem` to obtain the JSON-stringified contents of each PEM file. | ||
```json | ||
{ | ||
// ... | ||
"tlsCert": "-----BEGIN CERTIFICATE-----\nMIIFdTCCBF2gAWiB...", | ||
"tlsKey": "-----BEGIN RSA PRIVATE KEY-----\nMII...", | ||
"externalURL": "https://example.com:3443" // Must begin with "https"; replace with the public IP or hostname of your machine | ||
// ... | ||
} | ||
``` | ||
|
||
Next, restart your Sourcegraph instance using the same `docker run` [command](install/docker/index.md), but map the host port to the container HTTPS port 7443 (not the HTTP port 7080). In this example, the host port 443 (HTTPS) is mapped to the container's HTTPS port 7443. | ||
|
||
```shell | ||
docker run \ | ||
--publish 443:7443 --rm \ | ||
--volume ~/.sourcegraph/config:/etc/sourcegraph \ | ||
--volume ~/.sourcegraph/data:/var/opt/sourcegraph \ | ||
--volume /var/run/docker.sock:/var/run/docker.sock \ | ||
sourcegraph/server:2.13.2 | ||
``` | ||
|
||
If you are running on cloud infrastructure, you will likely need to add an ingress rule to make port 30443 accessible to the Internet. | ||
This documentation page has been moved to "[nginx HTTP server settings](nginx.md)". All HTTP and HTTPS configuration options are now handled by nginx, which ships with Sourcegraph. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.