Commit 6d753aeb authored by Evan Read's avatar Evan Read

Merge branch 'jfarmiloe-master-patch-35635' into 'master'

Environment variables required for sub-commands on TLS-enabled Gitaly

See merge request gitlab-org/gitlab!78424
parents fd83d464 62af0236
...@@ -565,6 +565,12 @@ Note the following: ...@@ -565,6 +565,12 @@ Note the following:
- You can configure Gitaly servers with both an unencrypted listening address `listen_addr` and an - You can configure Gitaly servers with both an unencrypted listening address `listen_addr` and an
encrypted listening address `tls_listen_addr` at the same time. This allows you to gradually encrypted listening address `tls_listen_addr` at the same time. This allows you to gradually
transition from unencrypted to encrypted traffic if necessary. transition from unencrypted to encrypted traffic if necessary.
- When running Praefect sub-commands such as `dial-nodes` and `list-untracked-repositories` from the command line with Gitaly TLS enabled, you must set
the `SSL_CERT_DIR` or `SSL_CERT_FILE` environment variable so that the Gitaly certificate is trusted. For example:
```shell
sudo SSL_CERT_DIR=/etc/gitlab/trusted_certs /opt/gitlab/embedded/bin/praefect -config /var/opt/gitlab/praefect/config.toml dial-nodes
```
To configure Gitaly with TLS: To configure Gitaly with TLS:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment