Adding SSL for Gitlab on CentOS

A default Gitlab installation comes without HTTPS. This is good because it’s quick and easy to install.

But it’s bad, since when you log in, your password and username are sent in clear over the Internet.

Update: as of Gitlab 7.0 I’ve noted that these changes will all be automatically made by Chef when you change /etc/gitlab/gitlab.rb. You just need to edit this to add:

external_url 'https://host.domain.tld'

Chef will figure out the FQDN and make the adjustment based on the name and the ‘S’ in HTTPS. Then also add your certificates. See the explanation on gitlab.org

Old explanation:
This can be fixed by adding SSL to Gitlab. Edit the file “/var/opt/gitlab/nginx/etc/gitlab-http.conf” to add:

listen 443 ssl;
ssl_certificate /var/opt/gitlab/nginx/etc/certificate.crt;
ssl_certificate_key /var/opt/gitlab/nginx/etc/private.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

Also change /var/opt/gitlab/gitlab-rails/etc/gitlab.yml:
https: true

References:

• GitLab Documentation
• How To Create a SSL Certificate on Nginx for Ubuntu 14.04