Add a CA certificate to GitLab running in a podman container

Adding a CA certificate to GitLab which is running in a podman container (also works with docker containers, just replace podman with docker):

  1. Login to the podman container 
  2. Copy/install the CA certificates (in this case Digi-Issuing-CA01-G3.pem & Digi-Root-CA01-G3.pem)
  3. Restart the podman container

Example

euprdgitlab655:~ #
euprdgitlab655:~ # podman exec -it gitlab /bin/bash
root@ad24f5df0102:/#
root@ad24f5df0102:/#
root@ad24f5df0102:/# ls /etc/gitlab/
gitlab-secrets.json gitlab.rb ssh_host_ecdsa_key ssh_host_ecdsa_key.pub ssh_host_ed25519_key ssh_host_ed25519_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub ssl trusted-certs
root@ad24f5df0102:/#
root@ad24f5df0102:/# ls /etc/gitlab/trusted-certs/
07ac5923.0 Digi-Issuing-CA01-G2.pem Digi-Root-CA-G2.pem e0c0effb.0
root@ad24f5df0102:/#
root@ad24f5df0102:/# ls -lah /etc/gitlab/trusted-certs/
total 8.0K
drwxr-xr-x 2 root root 101 Mar 27 12:44 .
drwxrwxr-x 4 root root 250 Oct 15 2024 ..
lrwxrwxrwx 1 root root 19 Mar 27 12:44 07ac5923.0 -> Digi-Root-CA-G2.pem
-rw-r--r-- 1 root root 2.6K Sep 14 2021 Digi-Issuing-CA01-G2.pem
-rw-r--r-- 1 root root 2.3K Sep 14 2021 Digi-Root-CA-G2.pem
lrwxrwxrwx 1 root root 24 Mar 27 12:44 e0c0effb.0 -> Digi-Issuing-CA01-G2.pem
root@ad24f5df0102:/#
root@ad24f5df0102:/#
root@ad24f5df0102:/# vi /etc/gitlab/trusted-certs/Digi-Root-CA-G3.pem
root@ad24f5df0102:/# vi /etc/gitlab/trusted-certs/Digi-Issuing-CA-G3.pem
root@ad24f5df0102:/#
root@ad24f5df0102:/# ls -lah /etc/gitlab/trusted-certs/
total 16K
drwxr-xr-x 2 root root 158 Jul 14 10:16 .
drwxrwxr-x 4 root root 250 Oct 15 2024 ..
lrwxrwxrwx 1 root root 19 Mar 27 12:44 07ac5923.0 -> Digi-Root-CA-G2.pem
-rw-r--r-- 1 root root 2.3K Jul 14 10:16 Digi-Issuing-CA-G3.pem
-rw-r--r-- 1 root root 2.6K Sep 14 2021 Digi-Issuing-CA01-G2.pem
-rw-r--r-- 1 root root 2.3K Sep 14 2021 Digi-Root-CA-G2.pem
-rw-r--r-- 1 root root 1.9K Jul 14 10:16 Digi-Root-CA-G3.pem
lrwxrwxrwx 1 root root 24 Mar 27 12:44 e0c0effb.0 -> Digi-Issuing-CA01-G2.pem
root@ad24f5df0102:/#
root@ad24f5df0102:/# exit
exit
euprdgitlab655:~ #
euprdgitlab655:~ #
euprdgitlab655:~ #
euprdgitlab655:~ # podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ad24f5df0102 reg.subdomain.domain.tld/gitlab/gitlab-ee:18.0.3-ee.0 /assets/wrapper 3 months ago Up 3 weeks (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:2222->22/tcp gitlab
aa22bdf8c33a docker.io/library/nginx:1.27.5 nginx -g daemon o... 3 months ago Up 3 weeks 0.0.0.0:8443->8443/tcp nginx
euprdgitlab655:~ #
euprdgitlab655:~ # podman stop gitlab
WARN[0010] StopSignal SIGTERM failed to stop container gitlab in 10 seconds, resorting to SIGKILL
gitlab
euprdgitlab655:~ # podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ad24f5df0102 reg.subdomain.domain.tld/gitlab/gitlab-ee:18.0.3-ee.0 /assets/wrapper 3 months ago Up 2 seconds (starting) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:2222->22/tcp gitlab
aa22bdf8c33a docker.io/library/nginx:1.27.5 nginx -g daemon o... 3 months ago Up 3 weeks 0.0.0.0:8443->8443/tcp nginx
euprdgitlab655:~ #
 euprdgitlab655:~ #

[...] *wait* [...]

euprdgitlab655:~ #
 euprdgitlab655:~ # podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ad24f5df0102 reg.subdomain.domain.tld/gitlab/gitlab-ee:18.0.3-ee.0 /assets/wrapper 3 months ago Up 7 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:2222->22/tcp gitlab
aa22bdf8c33a docker.io/library/nginx:1.27.5 nginx -g daemon o... 3 months ago Up 3 weeks 0.0.0.0:8443->8443/tcp nginx
euprdgitlab655:~ #
at No comments:
Labels: , , ,
Subscribe to: Comments (Atom)

Nextcloud v31 on Ubuntu 22.04 - update php v8.1 to v8.4

If you are running HanssonIT Nextcloud VM with Ubuntu 22.04 and your Nextcloud has version 31 and you want to update to version 32, you are ...