From 210d87caeca19bbb78040c3e43e38a76b63fb302 Mon Sep 17 00:00:00 2001
From: sunits <sun@sun-its.com>
Date: Mon, 10 Nov 2014 15:03:01 +0900
Subject: [PATCH 1/2] client certificate

---
 assets/config/nginx/gitlab-ssl | 2 ++
 assets/init                    | 1 +
 2 files changed, 3 insertions(+)

diff --git a/assets/config/nginx/gitlab-ssl b/assets/config/nginx/gitlab-ssl
index c7d0e8f8..49447430 100644
--- a/assets/config/nginx/gitlab-ssl
+++ b/assets/config/nginx/gitlab-ssl
@@ -64,6 +64,8 @@ server {
   ssl on;
   ssl_certificate {{SSL_CERTIFICATE_PATH}};
   ssl_certificate_key {{SSL_KEY_PATH}};
+  ssl_verify_client {{SSL_VERIFY_CLIENT}};
+  ssl_client_certificate {{CA_CERTIFICATES_PATH}};
 
   ssl_ciphers 'AES256+EECDH:AES256+EDH';
 
diff --git a/assets/init b/assets/init
index f1969cd9..d38c873d 100755
--- a/assets/init
+++ b/assets/init
@@ -32,6 +32,7 @@ SSL_SELF_SIGNED=${SSL_SELF_SIGNED:-false}
 SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-$GITLAB_DATA_DIR/certs/gitlab.crt}
 SSL_KEY_PATH=${SSL_KEY_PATH:-$GITLAB_DATA_DIR/certs/gitlab.key}
 SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-$GITLAB_DATA_DIR/certs/dhparam.pem}
+SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
 
 CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-$GITLAB_DATA_DIR/certs/ca.crt}
 

From 81d38c4e4dc66fb974fc76819e22539447873d4d Mon Sep 17 00:00:00 2001
From: sunits <sun@sun-its.com>
Date: Mon, 10 Nov 2014 17:23:15 +0900
Subject: [PATCH 2/2] replace to nginx config

---
 assets/init | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/assets/init b/assets/init
index d38c873d..c5e8d6cf 100755
--- a/assets/init
+++ b/assets/init
@@ -538,6 +538,8 @@ sed 's/{{GITLAB_PORT}}/'"${GITLAB_PORT}"'/' -i /etc/nginx/sites-enabled/gitlab
 sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i /etc/nginx/sites-enabled/gitlab
 sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i /etc/nginx/sites-enabled/gitlab
 sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i /etc/nginx/sites-enabled/gitlab
+sed 's/{{SSL_VERIFY_CLIENT}}/'"${SSL_VERIFY_CLIENT}"'/' -i /etc/nginx/sites-enabled/gitlab
+sed 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' -i /etc/nginx/sites-enabled/gitlab
 sed 's/{{NGINX_MAX_UPLOAD_SIZE}}/'"${NGINX_MAX_UPLOAD_SIZE}"'/' -i /etc/nginx/sites-enabled/gitlab
 sed 's/{{NGINX_X_FORWARDED_PROTO}}/'"${NGINX_X_FORWARDED_PROTO}"'/' -i /etc/nginx/sites-enabled/gitlab