728x90
반응형
인증서 생성
//폴더 생성
$mkdir -p /var/opt/gitlab/certs
cd /var/opt/gitlab/certs
// 개인키 생성
$openssl genrsa -out gitlab.key 2048
// CSR 생성
$openssl req -new -key gitlab.key -out gitlab.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:Seoul
Locality Name (eg, city) [Default City]:Gangnam-gu
Organization Name (eg, company) [Default Company Ltd]:Mycompany Ltd.
Organizational Unit Name (eg, section) []:Test
Common Name (eg, your name or your server's hostname) []:gitlab.pli.com
Email Address []:test@test.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:엔터
An optional company name []:엔터
// Self-signed SSL 인증서 생성
$ openssl x509 -req -days 3650 -in gitlab.csr -signkey gitlab.key -out gitlab.crt
// DHE parameter 생성
$ openssl dhparam -out dhparam.pem 2048
// Key 파일 권한 수정
$ chmod 400 /var/opt/gitlab/certs/certs/gitlab.keyGitlab SSL 설정
docker exec -it gitlab bash
gitlab# vim /etc/gitlab/gitlab.rb
// /etc/gitlab/ssl 폴더로 crt, key 파일 복사
external_url 'https://gitlab.pli.com'
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 80
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key"
gitlab# gitlab-ctl reconfigure
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
// InstallCert.java 다운로드
$ curl -O https://gist.githubusercontent.com/lesstif/cd26f57b7cfd2cd55241b20e05b5cd93/raw/InstallCert.java
// compile
$ javac InstallCert.java
// 인증서 받아올 호스트명 입력
$ java -cp ./ InstallCert gitlab.pli.com:443
$ keytool -exportcert -keystore jssecacerts -storepass changeit -file output.cert -alias gilab.pli.com-1
$ sudo keytool -importcert -keystore ${JAVA_HOME}/lib/security/cacerts -storepass changeit -file output.cert -alias gitlab
$ sudo keytool -delete -keystore ${JAVA_HOME}/lib/security/cacerts -storepass changeit -alias gitlab728x90
반응형
'CICD(BUILD tool)' 카테고리의 다른 글
| docker-swarm 이용해서 jenkins / jenkins slave 설치 (0) | 2022.07.29 |
|---|---|
| gitlab-runner docker 내부 git연결 시 설정 (0) | 2021.07.26 |
| docker gitlab 설치 & gitlab-runner 연동 (0) | 2021.07.16 |
| Jenkins Rest API with JAVA (0) | 2021.05.13 |
| windows gradle 설치 (0) | 2021.05.04 |
