Get up to 50% off on CKA, CKAD, CKS, KCNA, KCSA exams and courses!

Configure Custom SSL to Secure GitLab Server

Configure Custom SSL to Secure GitLab Server

I have explained How to Install GitLab in a Disconnected Environment in a past article. In this article you will learn how to use self-signed or custom SSL certificates to secure your GitLab servers.

You can use any of the below listed certificates depends on your environments for this method.

  • Self-signed SSL certificates and key
  • Custom CA signed SSL certificate and key
  • Let’s Encrypt SSL certificates and key

Follow below steps to configure GitLab with custom SSL certificate.

Copy SSL Certificate and Key

Create the ssl directory if does not exist.

$ mkdir /etc/gitlab/ssl/

Copy custom SSL certificate and key to the /etc/gitlab/ssl/ directory.

sudo ls -l /etc/gitlab/ssl
total 8
-rw-r--r--. 1 root root 2222 Dec 22 13:06 gitlab-ce.lab.local.crt
-rw-------. 1 root root 1679 Dec 22 13:06 gitlab-ce.lab.local.key

Configure /etc/gitlab/gitlab.rb

Edit /etc/gitlab/gitlab.rb file and configure below items.

  1. Disable Let’s Encrypt and renewal in /etc/gitlab/gitlab.rb file
letsencrypt['auto_renew'] = false
  1. You can use any custom names or keep the file format as per GitLab configuration. In my case, I follow the GitLab file format and did not change filename or path inside configuration for SSL.
# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
  1. Change the external_url parameter in /etc/gitlab/gitlab.rb file (from http to https )
external_url 'https://gitlab-ce.lab.local'

Reconfigure the GitLab

Reconfigure the GitLab and wait for re-configuration to complete.

$ sudo gitlab-ctl reconfigure

Restart GitLab to use the latest configuration

$sudo gitlab-ctl restart

Now verify access to `` from a web browser and verify the SSL certificate.

Gineesh Madapparambath

Gineesh Madapparambath

Gineesh Madapparambath is the founder of techbeatly. He is the co-author of The Kubernetes Bible, Second Edition and the author of Ansible for Real Life Automation. He has worked as a Systems Engineer, Automation Specialist, and content author. His primary focus is on Ansible Automation, Containerisation (OpenShift & Kubernetes), and Infrastructure as Code (Terraform). (Read more: iamgini.com)


Note

Disclaimer: The views expressed and the content shared in all published articles on this website are solely those of the respective authors, and they do not necessarily reflect the views of the author’s employer or the techbeatly platform. We strive to ensure the accuracy and validity of the content published on our website. However, we cannot guarantee the absolute correctness or completeness of the information provided. It is the responsibility of the readers and users of this website to verify the accuracy and appropriateness of any information or opinions expressed within the articles. If you come across any content that you believe to be incorrect or invalid, please contact us immediately so that we can address the issue promptly.

Share :

Related Posts

Ansible Navigator Cheat Sheet

Ansible Navigator Cheat Sheet

What is ansible-navigator ansible-navigator is the new command line utility (CLI) introduced in Ansible Automation Platform 2, for running and …

How to Install GitLab in a Disconnected Environment

How to Install GitLab in a Disconnected Environment

GitLab is an open source DevOps platform with functionalities such as Git server, CI/CD, DevSecOps and many other features. You can use hosted …