Commit graph

6 commits

Author SHA1 Message Date
GitLab Bot
2c72daf2f1 Add latest changes from gitlab-org/gitlab@master 2020-03-30 18:08:07 +00:00
Vladimir Shushlin
432f2bbc9c Use project depended feature flag for pages ssl
Also add ::Gitlab::LetsEncrypt.enabled? shortcut
and simplify it a lot
2019-06-25 10:30:12 +02:00
Vladimir Shushlin
c3338c920d Add pages domains acme orders
Extract acme double to helper

Create ACME challanges for pages domains

* Create order & challange through API
* save them to database
* request challenge validation

We're saving order and challenge as one entity,
that wouldn't be correct if we would order certificates for
several domains simultaneously, but we always order certificate
per domain

Add controller for processing acme challenges redirected from pages

Don't save acme challenge url - we don't use it

Validate acme challenge attributes

Encrypt private_key in acme orders
2019-06-06 18:55:31 +00:00
Vladimir Shushlin
39e21fb266 Generate lets_encrypt_private_key on the fly
Remove migration generating lets encrypt key
Don't generate private_key if database is readonly

For reference:
This reverts commit 988a7f70489b99383b95e9f271a2caf6bb5b3a44.
This reverts commit 21acbe531592d55caf0e5b8716a3b551dafd6233.
2019-05-31 05:22:55 +00:00
Vladimir Shushlin
4687ff7c9b Store Let's Encrypt private key in settings
Storing this key in secrets.yml was a bad idea,
it would require users using HA setups to manually
replicate secrets across nodes during update,
it also needed support from omnibus package

* Revert "Generate Let's Encrypt private key"
  This reverts commit 444959bfa0.

* Add Let's Encrypt private key to settings
  as encrypted attribute

* Generate Let's Encrypt private key
  in database migration
2019-05-28 04:47:34 +00:00
Vladimir Shushlin
3c33724e2e Add Let's Encrypt client
Part of adding Let's Encrypt certificates for pages domains

Add acme-client gem

Client is being initialized by private key stored in secrets.yml
Let's Encrypt account is being created lazily.
If it's already created, Acme::Client just gets account_kid by
calling new_account method

Make Let's Encrypt client an instance
Wrap order and challenge classes
2019-05-16 09:32:25 +00:00