Hi,
I looked at this a long time ago, and spent an unexpected amount of time
trying to get the cert into the keystore, etc. In the end, I gave up and
ran it all on a non-public VPN with no security at all. I would now like to
get this done properly, but all documentation almost assumes manual,
snowflaky installations of GoCD. I think GoCD should provide a good
reference of fully automated GoCD server installation and setup -
Infrastructure as Code is not a new concept, and is typically one you want
to exercise when doing Continuous De* anyway, so ... eating your own dog
food.
Unfortunately, I didn't document all the steps I took. After eventually
giving up on running GoCD server I remember trying to put nginx as a TLS
frontend in front of the server, since that provided better TLS scoring,
both for security and interoperability (support combinations of ciphers and
versions found in the wild). I wonder if anyone is doing this, with their
own custom certificates, and spin it up with Docker?
So something like:
gocd-server:
image: gocd/gocd-server
volumes:
- logs, db, pipeline-config, artifacts
tls-frontend:
build: nginx+certs
ports:
- 80
- 443
I'm looking to have the pipeline-config, database (with history of runs
etc), and artifacts survive a restart and upgrade.
I wouldn't mind running all agents and gocd server on the VPN, ie agents
don't need to go through a public IP address. I do want humans to access
GoCD publicly though, so nginx putting TLS in front of 8153 would work just
fine. I'm not sure if one can create a configuration where agents would
find the vpn endpoint(s).
Any pointers would be highly appreciated.
/ Fredrik
--
You received this message because you are subscribed to the Google Groups
"go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
