Sync config v14.8.0 : Remove deprecated config SSL_SELF_CERT

kkimurak · kkimurak · commit 77558c155b54 · 2022-10-24T18:19:08.000+09:00
This is imported from upstream. See corresponding merge requests: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78078 https://gitlab.com/gitlab-org/gitaly/-/merge_requests/4690 https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/602
diff --git a/README.md b/README.md
@@ -483,13 +483,14 @@ Great! we are now just one step away from having our application secured.
 
 ##### Enabling HTTPS support
 
-HTTPS support can be enabled by setting the `GITLAB_HTTPS` option to `true`. Additionally, when using self-signed SSL certificates you need to the set `SSL_SELF_SIGNED` option to `true` as well. Assuming we are using self-signed certificates
+HTTPS support can be enabled by setting the `GITLAB_HTTPS` option to `true`.  
+Since corresponding setting `self_signed_cert` was removed in the gitlab-shell 13.26.0 release, the option `SSL_SELF_SIGNED`, that was used to indicate to use a self-signed certificate, is not used anymore. You don't need to set this option even if you're using a self-signed certificate.
 
 ```bash
 docker run --name gitlab -d \
     --publish 10022:22 --publish 10080:80 --publish 10443:443 \
     --env 'GITLAB_SSH_PORT=10022' --env 'GITLAB_PORT=10443' \
-    --env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \
+    --env 'GITLAB_HTTPS=true' \
     --volume /srv/docker/gitlab/gitlab:/home/git/data \
     sameersbn/gitlab:15.5.0
 ```
@@ -504,7 +505,7 @@ With `NGINX_HSTS_MAXAGE` you can configure that value. The default value is `315
 
 ```bash
 docker run --name gitlab -d \
- --env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \
+ --env 'GITLAB_HTTPS=true' \
  --env 'NGINX_HSTS_MAXAGE=2592000' \
  --volume /srv/docker/gitlab/gitlab:/home/git/data \
  sameersbn/gitlab:15.5.0
@@ -516,7 +517,7 @@ If you want to completely disable HSTS set `NGINX_HSTS_ENABLED` to `false`.
 
 Load balancers like nginx/haproxy/hipache talk to backend applications over plain http and as such the installation of ssl keys and certificates are not required and should **NOT** be installed in the container. The SSL configuration has to instead be done at the load balancer.
 
-However, when using a load balancer you **MUST** set `GITLAB_HTTPS` to `true`. Additionally you will need to set the `SSL_SELF_SIGNED` option to `true` if self signed SSL certificates are in use.
+However, when using a load balancer you **MUST** set `GITLAB_HTTPS` to `true`.
 
 With this in place, you should configure the load balancer to support handling of https requests. But that is out of the scope of this document. Please refer to [Using SSL/HTTPS with HAProxy](http://seanmcgary.com/posts/using-sslhttps-with-haproxy) for information on the subject.
 
@@ -528,12 +529,11 @@ In summation, when using a load balancer, the docker command would look for the
 docker run --name gitlab -d \
     --publish 10022:22 --publish 10080:80 \
     --env 'GITLAB_SSH_PORT=10022' --env 'GITLAB_PORT=443' \
-    --env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \
+    --env 'GITLAB_HTTPS=true' \
     --volume /srv/docker/gitlab/gitlab:/home/git/data \
     sameersbn/gitlab:15.5.0
 ```
 
-Again, drop the `--env 'SSL_SELF_SIGNED=true'` option if you are using CA certified SSL certificates.
 
 In case GitLab responds to any kind of POST request (login, OAUTH, changing settings etc.) with a 422 HTTP Error, consider adding this to your reverse proxy configuration:
 
@@ -1594,10 +1594,6 @@ The value of the `worker-src` directive in the `Content-Security-Policy` header.
 
 The value of the `report-uri` directive in the `Content-Security-Policy` header
 
-##### `SSL_SELF_SIGNED`
-
-Set to `true` when using self signed ssl certificates. `false` by default.
-
 ##### `SSL_CERTIFICATE_PATH`
 
 Location of the ssl certificate. Defaults to `/home/git/data/certs/gitlab.crt`
diff --git a/assets/runtime/config/gitlab-shell/config.yml b/assets/runtime/config/gitlab-shell/config.yml
@@ -26,7 +26,7 @@ http_settings:
 #  password: somepass
 #  ca_file: /etc/ssl/cert.pem
 #  ca_path: /etc/pki/tls/certs
-  self_signed_cert: {{SSL_SELF_SIGNED}}
+#
 
 # File used as authorized_keys for gitlab user
 auth_file: "{{GITLAB_HOME}}/.ssh/authorized_keys"
diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults
@@ -272,7 +272,10 @@ GITLAB_REGISTRY_ISSUER=${GITLAB_REGISTRY_ISSUER:-gitlab-issuer}
 GITLAB_REGISTRY_GENERATE_INTERNAL_CERTIFICATES=${GITLAB_REGISTRY_GENERATE_INTERNAL_CERTIFICATES:-false}
 
 ## SSL
-SSL_SELF_SIGNED=${SSL_SELF_SIGNED:-false}
+### removed
+if [ -v SSL_SELF_SIGNED ]; then
+  echo "The configuration parameter SSL_SELF_SIGNED is removed and not used anymore."
+fi
 SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-$GITLAB_DATA_DIR/certs/gitlab.crt}
 SSL_KEY_PATH=${SSL_KEY_PATH:-$GITLAB_DATA_DIR/certs/gitlab.key}
 SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-$GITLAB_DATA_DIR/certs/dhparam.pem}
diff --git a/assets/runtime/functions b/assets/runtime/functions
@@ -1898,7 +1898,6 @@ configure_gitlab_shell() {
     GITLAB_HOME \
     GITLAB_LOG_DIR \
     GITLAB_SHELL_INSTALL_DIR \
-    SSL_SELF_SIGNED \
     REDIS_HOST \
     REDIS_PORT \
     REDIS_DB_NUMBER
diff --git a/contrib/docker-swarm/docker-compose.yml b/contrib/docker-swarm/docker-compose.yml
@@ -52,7 +52,6 @@ services:
     - GITLAB_TIMEZONE=Kolkata
 
     - GITLAB_HTTPS=false
-    - SSL_SELF_SIGNED=false
 
     - GITLAB_HOST=localhost
     - GITLAB_PORT=10080
diff --git a/docker-compose.swarm.yml b/docker-compose.swarm.yml
@@ -114,7 +114,6 @@ services:
     - GITLAB_TIMEZONE=Kolkata
 
     - GITLAB_HTTPS=true
-    - SSL_SELF_SIGNED=false
 
     - GITLAB_HOST=${GITLAB_HOST?Variable not set}
     - GITLAB_PORT=443
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -54,7 +54,6 @@ services:
     - GITLAB_TIMEZONE=Kolkata
 
     - GITLAB_HTTPS=false
-    - SSL_SELF_SIGNED=false
 
     - GITLAB_HOST=localhost
     - GITLAB_PORT=10080
diff --git a/docs/docker-compose-keycloak.yml b/docs/docker-compose-keycloak.yml
@@ -48,7 +48,6 @@ services:
     - GITLAB_TIMEZONE=Kolkata
 
     - GITLAB_HTTPS=false
-    - SSL_SELF_SIGNED=false
 
     - GITLAB_HOST='<your-ip-address>'
     - GITLAB_PORT=10080
diff --git a/docs/docker-compose-registry.yml b/docs/docker-compose-registry.yml
@@ -49,7 +49,6 @@ services:
     - REDIS_PORT=6379
 
     - GITLAB_HTTPS=false
-    - SSL_SELF_SIGNED=false
 
     - GITLAB_HOST=gitlab.example.com
     - GITLAB_PORT=80
diff --git a/docs/s3_compatible_storage.md b/docs/s3_compatible_storage.md
@@ -7,11 +7,12 @@ This is an extend of AWS Remote Backups.
 As explained in [doc.gitlab.com](https://docs.gitlab.com/ce/raketasks/backup_restore.html#upload-backups-to-remote-cloud-storage), it uses [Fog library](http://fog.io) and the module fog-aws. More details on [s3 supported parameters](https://github.com/fog/fog-aws/blob/master/lib/fog/aws/storage.rb)
 
 
+- [GitLab Backup to s3 compatible storage](#gitlab-backup-to-s3-compatible-storage)
 - [Available Parameters](#available-parameters)
 - [Installation](#installation)
-- [Maintenance](#maintenance)
-    - [Creating Backups](#creating-backups)
-    - [Restoring Backups](#restoring-backups)
+  - [Docker Compose](#docker-compose)
+  - [Creating Backups](#creating-backups)
+  - [Restoring Backups](#restoring-backups)
 
 
 # Available Parameters
@@ -114,7 +115,6 @@ services:
     - TZ=Asia/Kolkata
     - GITLAB_TIMEZONE=Kolkata
     - GITLAB_HTTPS=false
-    - SSL_SELF_SIGNED=false
     - GITLAB_HOST=localhost
     - GITLAB_PORT=10080
     - GITLAB_SSH_PORT=10022
