Great thanks for the response!! On Tuesday, May 20, 2014 10:53:37 AM UTC-5, Achilleas Pipis wrote: > > On 05/20/2014 05:45 PM, Spencer George wrote: > > Edit: Some of the changes (as noted in the configuration guide: > > https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md) > such > > as nginx['ssl_certificate'] and certificate_key DO work and write to the > > configuration file. > > > > On Tuesday, May 20, 2014 9:44:12 AM UTC-5, Spencer George wrote: > > > > In an effort to increase security for our gitlab servers we have > > attempted to create proper cipher and protocol orders in NGINx > > through the gitlab.rb file in /etc/gitlab but these changes are not > > written to the /var/opt/gitlab/nginx/etc/gitlab-http.conf when doing > > a gitlab-ctl reconfigure. Specifically these configurations: > > > > nginx['ssl_protocols'] = "SSLv3 TLSv1 TLSv1.1 TLSv1.2" > > nginx['ssl_ciphers'] = > > > "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" > > > > nginx['ssl_session_timeout'] = "5m" > > > > We manually update the config file and restart nginx. > > Please ask for any additional details. > > > > This was introduced recently through [0] and will be a part of the next > version. So, unless you built your own package from master branch or > changed something in the template, this is not an option yet. > > > [0] > > https://gitlab.com/gitlab-org/omnibus-gitlab/commit/c04a54f90b2c6eec2e6eaa1b80bd42c10989ad9f > > > > -- > GPG : 0xABF99BE5 > Blog: http://axilleas.me >
-- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/cc2efac2-59d5-489f-8745-4bb82f52ff7f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
