when redirect_http_to_https is false the template gitlab-puppet.rb.erb ignores ssl_certificate parameter

spuder / puppet-gitlab

A puppet module to install gitlab 7

Apache License 2.0

36 stars 44 forks source link

when redirect_http_to_https is false the template gitlab-puppet.rb.erb ignores ssl_certificate parameter #126

Closed timhughes closed 9 years ago

timhughes commented 9 years ago

<% end %><% if @redirect_http_to_https == true -%>
nginx['redirect_http_to_https'] = <%= @redirect_http_to_https %>
nginx['ssl_certificate'] = '<%= @ssl_certificate -%>'
nginx['ssl_certificate_key'] = '<%= @ssl_certificate_key %>'
<% end -%>

This should probably be dependent on the external_url parameter starting with https

erik-stephens commented 9 years ago

+1 and for some context on why: gitlab ci runners with buggy ssl support or out-of-date CA bundles.

erik-stephens commented 9 years ago

Actually, this doesn't look like a puppet-gitlab issue but an issue with how the gitlab::nginx chef recipe interprets the url.

timhughes commented 9 years ago

@erik-stephens see the pull request. In nutshell, if you dont "redirect_http_to_https" then you dont deploy ssl certs.

My use case is that I run apache on port 80 so I set "redirect_http_to_https = False" (or dont set it at all) so that nginx doesn't listen on port 80. This causes the erb template to not include ssl certificates. My merge #127 request fixes the logic around this and also includes tests that cover what I believe the logic should be.

erik-stephens commented 9 years ago

@timhughes Looks good to me. Not sure what I was linking to.

spuder commented 9 years ago

Module transitioned to here: https://github.com/vshn/puppet-gitlab