added SSL_CERTIFICATE_PATH configuration option to specify path of ssl certificate

Changelog.md

@@ -1,6 +1,8 @@
 # Changelog
 
 **latest**
+- added SSL_KEY_PATH configuration option to specify path of ssl key.
+- added SSL_CERTIFICATE_PATH configuration option to specify path of ssl certificate
 - added GITLAB_HTTPS_ONLY configuration option to configure strict https only access
 - added SSL_SELF_SIGNED configuration option to specify use of self signed ssl certificates.
 - fix git over ssh when the default http/https ports are not used.

README.md

@@ -463,6 +463,8 @@ Below is the complete list of available options that can be used to customize yo
 - **GITLAB_HTTPS**: Set to true to enable https support, disabled by default.
 - **GITLAB_HTTPS_ONLY**: Configure access over plain http when GITLAB_HTTPS is enabled. Should be set to false when using a load balancer. Defaults to true.
 - **SSL_SELF_SIGNED**: Set to true when using self signed ssl certificates. false by default.
+- **SSL_CERTIFICATE_PATH**: Location of the ssl certificate. Defaults to /home/git/data/certs/gitlab.crt
+- **SSL_KEY_PATH**: Location of the ssl key. Defaults to /home/git/data/certs/gitlab.key
 - **REDIS_HOST**: The hostname of the redis server. Defaults to localhost
 - **REDIS_PORT**: The connection port of the redis server. Defaults to 6379.
 - **UNICORN_WORKERS**: The number of unicorn workers to start. Defaults to 2.

assets/config/nginx/gitlab.https.permissive

@@ -76,8 +76,8 @@ server {
   root /home/git/gitlab/public;
 
   ssl on;
-  ssl_certificate /home/git/data/certs/gitlab.crt;
-  ssl_certificate_key /home/git/data/certs/gitlab.key;
+  ssl_certificate {{SSL_CERTIFICATE_PATH}};
+  ssl_certificate_key {{SSL_KEY_PATH}};
   ssl_protocols SSLv3 TLSv1 TLSv1.2;
 
   ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';

assets/config/nginx/gitlab.https.strict

@@ -33,8 +33,8 @@ server {
   root /home/git/gitlab/public;
 
   ssl on;
-  ssl_certificate /home/git/data/certs/gitlab.crt;
-  ssl_certificate_key /home/git/data/certs/gitlab.key;
+  ssl_certificate {{SSL_CERTIFICATE_PATH}};
+  ssl_certificate_key {{SSL_KEY_PATH}};
   ssl_protocols SSLv3 TLSv1 TLSv1.2;
 
   ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';

assets/init

@@ -12,6 +12,8 @@ GITLAB_SIGNIN=${GITLAB_SIGNIN:-true}
 GITLAB_PROJECTS_LIMIT=${GITLAB_PROJECTS_LIMIT:-10}
 
 SSL_SELF_SIGNED=${SSL_SELF_SIGNED:-false}
+SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-/home/git/data/certs/gitlab.crt}
+SSL_KEY_PATH=${SSL_KEY_PATH:-/home/git/data/certs/gitlab.key}
 
 GITLAB_BACKUPS=${GITLAB_BACKUPS:-disable}
 GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-}
@@ -163,6 +165,8 @@ fi
 
 sed 's/{{YOUR_SERVER_FQDN}}/'"${GITLAB_HOST}"'/g' -i /etc/nginx/sites-available/gitlab
 sed 's/{{GITLAB_PORT}}/'"${GITLAB_PORT}"'/' -i /etc/nginx/sites-available/gitlab
+sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i /etc/nginx/sites-available/gitlab
+sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i /etc/nginx/sites-available/gitlab
 supervisorctl start nginx
 
 # start mysql server if ${DB_HOST} is localhost