On 05/20/2014 05:45 PM, Spencer George wrote: > Edit: Some of the changes (as noted in the configuration guide: > https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md) such > as nginx['ssl_certificate'] and certificate_key DO work and write to the > configuration file. > > On Tuesday, May 20, 2014 9:44:12 AM UTC-5, Spencer George wrote: > > In an effort to increase security for our gitlab servers we have > attempted to create proper cipher and protocol orders in NGINx > through the gitlab.rb file in /etc/gitlab but these changes are not > written to the /var/opt/gitlab/nginx/etc/gitlab-http.conf when doing > a gitlab-ctl reconfigure. Specifically these configurations: > > nginx['ssl_protocols'] = "SSLv3 TLSv1 TLSv1.1 TLSv1.2" > nginx['ssl_ciphers'] = > > "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" > nginx['ssl_session_timeout'] = "5m" > > We manually update the config file and restart nginx. > Please ask for any additional details. >
This was introduced recently through [0] and will be a part of the next version. So, unless you built your own package from master branch or changed something in the template, this is not an option yet. [0] https://gitlab.com/gitlab-org/omnibus-gitlab/commit/c04a54f90b2c6eec2e6eaa1b80bd42c10989ad9f -- GPG : 0xABF99BE5 Blog: http://axilleas.me -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/537B7A81.7050403%40gmail.com. For more options, visit https://groups.google.com/d/optout.
