Merge branch 'patch-163' into 'master'

Remove GitLab pages custom CA workaround Closes #25411 See merge request gitlab-org/gitlab!35401

Merge branch 'patch-163' into 'master'
Remove GitLab pages custom CA workaround Closes #25411 See merge request gitlab-org/gitlab!35401
922f1c42 · Suzanne Selhorn · 32aa5df8 · c7538ce3 · 922f1c42
Commit 922f1c42 authored Jul 03, 2020 by Suzanne Selhorn
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 20 deletions

doc/administration/pages/index.md doc/administration/pages/index.md +5 -20

No files found.
--- a/doc/administration/pages/index.md
+++ b/doc/administration/pages/index.md
@@ -408,6 +408,9 @@ pages:

 ### Using a custom Certificate Authority (CA)

+NOTE: **Note:**
+[Before 13.2](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/4289), when using Omnibus, a [workaround was required](https://docs.gitlab.com/13.1/ee/administration/pages/index.html#using-a-custom-certificate-authority-ca).
+
 When using certificates issued by a custom CA, [Access Control](../../user/project/pages/pages_access_control.md#gitlab-pages-access-control) and
 the [online view of HTML job artifacts](../../ci/pipelines/job_artifacts.md#browsing-artifacts)
 will fail to work if the custom CA is not recognized.
@@ -415,28 +418,10 @@ will fail to work if the custom CA is not recognized.
 This usually results in this error:
 `Post /oauth/token: x509: certificate signed by unknown authority`.

-For installation from source this can be fixed by installing the custom Certificate
+For installation from source, this can be fixed by installing the custom Certificate
 Authority (CA) in the system certificate store.

-For Omnibus, normally this would be fixed by [installing a custom CA in Omnibus GitLab](https://docs.gitlab.com/omnibus/settings/ssl.html#install-custom-public-certificates)
-but a [bug](https://gitlab.com/gitlab-org/gitlab/-/issues/25411) is currently preventing
-that method from working. Use the following workaround:
-
-1. Append your GitLab server TLS/SSL certificate to `/opt/gitlab/embedded/ssl/certs/cacert.pem` where `gitlab-domain-example.com` is your GitLab application URL
-
-   ```shell
-   printf "\ngitlab-domain-example.com\n===========================\n" | sudo tee --append /opt/gitlab/embedded/ssl/certs/cacert.pem
-   echo -n | openssl s_client -connect gitlab-domain-example.com:443  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee --append /opt/gitlab/embedded/ssl/certs/cacert.pem
-   ```
-
-1. [Restart](../restart_gitlab.md) the GitLab Pages Daemon. For Omnibus GitLab instances:
-
-   ```shell
-   sudo gitlab-ctl restart gitlab-pages
-   ```
-
-CAUTION: **Caution:**
-Some Omnibus GitLab upgrades will revert this workaround and you'll need to apply it again.
+For Omnibus, this is fixed by [installing a custom CA in Omnibus GitLab](https://docs.gitlab.com/omnibus/settings/ssl.html#install-custom-public-certificates).

 ## Activate verbose logging for daemon