Add a CA certificate to GitLab running in a podman container

Adding a CA certificate to GitLab which is running in a podman container (also works with docker containers, just replace podman with docker):

  1. Login to the podman container 
  2. Copy/install the CA certificates (in this case Digi-Issuing-CA01-G3.pem & Digi-Root-CA01-G3.pem)
  3. Restart the podman container

Example

euprdgitlab655:~ #
euprdgitlab655:~ # podman exec -it gitlab /bin/bash
root@ad24f5df0102:/#
root@ad24f5df0102:/#
root@ad24f5df0102:/# ls /etc/gitlab/
gitlab-secrets.json gitlab.rb ssh_host_ecdsa_key ssh_host_ecdsa_key.pub ssh_host_ed25519_key ssh_host_ed25519_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub ssl trusted-certs
root@ad24f5df0102:/#
root@ad24f5df0102:/# ls /etc/gitlab/trusted-certs/
07ac5923.0 Digi-Issuing-CA01-G2.pem Digi-Root-CA-G2.pem e0c0effb.0
root@ad24f5df0102:/#
root@ad24f5df0102:/# ls -lah /etc/gitlab/trusted-certs/
total 8.0K
drwxr-xr-x 2 root root 101 Mar 27 12:44 .
drwxrwxr-x 4 root root 250 Oct 15 2024 ..
lrwxrwxrwx 1 root root 19 Mar 27 12:44 07ac5923.0 -> Digi-Root-CA-G2.pem
-rw-r--r-- 1 root root 2.6K Sep 14 2021 Digi-Issuing-CA01-G2.pem
-rw-r--r-- 1 root root 2.3K Sep 14 2021 Digi-Root-CA-G2.pem
lrwxrwxrwx 1 root root 24 Mar 27 12:44 e0c0effb.0 -> Digi-Issuing-CA01-G2.pem
root@ad24f5df0102:/#
root@ad24f5df0102:/#
root@ad24f5df0102:/# vi /etc/gitlab/trusted-certs/Digi-Root-CA-G3.pem
root@ad24f5df0102:/# vi /etc/gitlab/trusted-certs/Digi-Issuing-CA-G3.pem
root@ad24f5df0102:/#
root@ad24f5df0102:/# ls -lah /etc/gitlab/trusted-certs/
total 16K
drwxr-xr-x 2 root root 158 Jul 14 10:16 .
drwxrwxr-x 4 root root 250 Oct 15 2024 ..
lrwxrwxrwx 1 root root 19 Mar 27 12:44 07ac5923.0 -> Digi-Root-CA-G2.pem
-rw-r--r-- 1 root root 2.3K Jul 14 10:16 Digi-Issuing-CA-G3.pem
-rw-r--r-- 1 root root 2.6K Sep 14 2021 Digi-Issuing-CA01-G2.pem
-rw-r--r-- 1 root root 2.3K Sep 14 2021 Digi-Root-CA-G2.pem
-rw-r--r-- 1 root root 1.9K Jul 14 10:16 Digi-Root-CA-G3.pem
lrwxrwxrwx 1 root root 24 Mar 27 12:44 e0c0effb.0 -> Digi-Issuing-CA01-G2.pem
root@ad24f5df0102:/#
root@ad24f5df0102:/# exit
exit
euprdgitlab655:~ #
euprdgitlab655:~ #
euprdgitlab655:~ #
euprdgitlab655:~ # podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ad24f5df0102 reg.subdomain.domain.tld/gitlab/gitlab-ee:18.0.3-ee.0 /assets/wrapper 3 months ago Up 3 weeks (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:2222->22/tcp gitlab
aa22bdf8c33a docker.io/library/nginx:1.27.5 nginx -g daemon o... 3 months ago Up 3 weeks 0.0.0.0:8443->8443/tcp nginx
euprdgitlab655:~ #
euprdgitlab655:~ # podman stop gitlab
WARN[0010] StopSignal SIGTERM failed to stop container gitlab in 10 seconds, resorting to SIGKILL
gitlab
euprdgitlab655:~ # podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ad24f5df0102 reg.subdomain.domain.tld/gitlab/gitlab-ee:18.0.3-ee.0 /assets/wrapper 3 months ago Up 2 seconds (starting) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:2222->22/tcp gitlab
aa22bdf8c33a docker.io/library/nginx:1.27.5 nginx -g daemon o... 3 months ago Up 3 weeks 0.0.0.0:8443->8443/tcp nginx
euprdgitlab655:~ #
 euprdgitlab655:~ #

[...] *wait* [...]

euprdgitlab655:~ #
 euprdgitlab655:~ # podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ad24f5df0102 reg.subdomain.domain.tld/gitlab/gitlab-ee:18.0.3-ee.0 /assets/wrapper 3 months ago Up 7 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:2222->22/tcp gitlab
aa22bdf8c33a docker.io/library/nginx:1.27.5 nginx -g daemon o... 3 months ago Up 3 weeks 0.0.0.0:8443->8443/tcp nginx
euprdgitlab655:~ #
at No comments:
Labels: , , ,
Subscribe to: Comments (Atom)

Add a CA certificate to GitLab running in a podman container

Adding a CA certificate to GitLab which is running in a podman container (also works with docker containers, just replace podman with docker...