Merge branch 'docs-enhance-gitaly-tls' into 'master'

Add docs about certificate requirements for running Gitaly over TLS See merge request gitlab-org/gitlab!17883

Merge branch 'docs-enhance-gitaly-tls' into 'master'
Add docs about certificate requirements for running Gitaly over TLS See merge request gitlab-org/gitlab!17883
234fe153 · Achilleas Pipinellis · 1bea9238 · 4d980ec1 · 234fe153
Commit 234fe153 authored Oct 14, 2019 by Achilleas Pipinellis
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

doc/administration/gitaly/index.md doc/administration/gitaly/index.md +8 -0

No files found.
--- a/doc/administration/gitaly/index.md
+++ b/doc/administration/gitaly/index.md
@@ -377,6 +377,14 @@ The certificate to be used needs to be installed on all Gitaly nodes and on all
 client nodes that communicate with it following the procedure described in
 [GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl.html#install-custom-public-certificates).
+NOTE: **Note**
+The self-signed certificate must specify the address you use to access the
+Gitaly server. If you are addressing the Gitaly server by a hostname, you can
+either use the Common Name field for this, or add it as a Subject Alternative
+Name. If you are addressing the Gitaly server by its IP address, you must add it
+as a Subject Alternative Name to the certificate.
+[gRPC does not support using an IP address as Common Name in a certificate](https://github.com/grpc/grpc/issues/2691).
 NOTE: **Note:**
 It is possible to configure Gitaly servers with both an
 unencrypted listening address `listen_addr` and an encrypted listening