Merge branch 'fix_nginx_sni' into 'master'
Fix nginx sni Without ssl in the listen directive, it will use the gitlab https certificate when you try to access the gitlab-ci https site. __How to reproduce (sample):__ in gitlab.rb: ``` external_url "https://gitlab.sample.domain" nginx['redirect_http_to_https'] = true nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.sample.domain.chained.crt" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.sample.domain.domain.key" ci_external_url "https://gitlab-ci.sample.domain" ci_nginx['redirect_http_to_https'] = true ci_nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab-ci.sample.domain.chained.crt" ci_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab-ci.sample.domain.key" ``` to view the error point a https enabled client (browser/wget/curl/...) to the gitlab-ci address or execute ```openssl s_client -showcerts -connect gitlab-ci.sample.domain:443``` See merge request !286
This commit is contained in:
commit
484227e2df
|
@ -24,7 +24,7 @@ server {
|
|||
|
||||
server {
|
||||
<% @listen_addresses.each do |listen_address| %>
|
||||
listen <%= listen_address %>:<%= @port %>;
|
||||
listen <%= listen_address %>:<%= @port %><% if @https %> ssl<% end %>;
|
||||
<% end %>
|
||||
server_name <%= @fqdn %>;
|
||||
server_tokens off; # don't show the version number, a security best practice
|
||||
|
|
|
@ -52,7 +52,7 @@ server {
|
|||
|
||||
server {
|
||||
<% @listen_addresses.each do |listen_address| %>
|
||||
listen <%= listen_address %>:<%= @port %>;
|
||||
listen <%= listen_address %>:<%= @port %><% if @https %> ssl<% end %>;
|
||||
<% end %>
|
||||
server_name <%= @fqdn %>;
|
||||
server_tokens off; ## Don't show the nginx version number, a security best practice
|
||||
|
|
Loading…
Reference in New Issue