Edit: Some of the changes (as noted in the configuration guide: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md) such as nginx['ssl_certificate'] and certificate_key DO work and write to the configuration file.
On Tuesday, May 20, 2014 9:44:12 AM UTC-5, Spencer George wrote: > > In an effort to increase security for our gitlab servers we have attempted > to create proper cipher and protocol orders in NGINx through the gitlab.rb > file in /etc/gitlab but these changes are not written to the > /var/opt/gitlab/nginx/etc/gitlab-http.conf when doing a gitlab-ctl > reconfigure. Specifically these configurations: > > nginx['ssl_protocols'] = "SSLv3 TLSv1 TLSv1.1 TLSv1.2" > nginx['ssl_ciphers'] = > "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" > nginx['ssl_session_timeout'] = "5m" > > We manually update the config file and restart nginx. > Please ask for any additional details. > > -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/03d414a8-1e7c-4b3c-9f88-e92c3512b97d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
