include: - role.common.nginx {% if salt['grains.get']('include_secrets', True) %} - secrets.role.web_gitlab {% endif %} nginx: ng: certificates: gitlab.infra.opensuse.org: public_cert: | -----BEGIN CERTIFICATE----- MIIEWTCCA0GgAwIBAgIBDDANBgkqhkiG9w0BAQsFADA9MRswGQYDVQQKDBJJTkZS QS5PUEVOU1VTRS5PUkcxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe Fw0xNzEwMTkxMjI5MzVaFw0xOTEwMjAxMjI5MzVaMEExGzAZBgNVBAoMEklORlJB Lk9QRU5TVVNFLk9SRzEiMCAGA1UEAwwZZ2l0bGFiLmluZnJhLm9wZW5zdXNlLm9y ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWfuMhdJOdrwvu2hCw0 +bRNl8AADSvdBBokQlwpUvbgITNWR3tkj/KgIEO0ohBC7j+a2L3t3qm5tP8ETdET cS96lj1nZ6fTWV1J9qezfpTBRDE3VIK3vykoBqzRMBVq6R4Kajg7SvB9pWRpHBC4 xm3vPA4AnSN9skPtMMGpqZxFMbpGsirObzr5Rit4tM53gZy7zgS2n22TqMeEsEYv d/fHxW2bNLvS5BwX+RU1NhRlNFDPI7BQgCOGzgWrKZeukGfzcOhIXMKtnLPQc/65 VcGQDRm01ReSBqNbyADuAfbYrFOPyf8V2FlloUG/voM4c5y6WamHv2ZJepel5qxI ickCAwEAAaOCAV4wggFaMB8GA1UdIwQYMBaAFKlSimqonCWUWJHsFYnI+g8qlmg/ MEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcwAYYoaHR0cDovL2lwYS1jYS5pbmZy YS5vcGVuc3VzZS5vcmcvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYw FAYIKwYBBQUHAwEGCCsGAQUFBwMCMH0GA1UdHwR2MHQwcqA6oDiGNmh0dHA6Ly9p cGEtY2EuaW5mcmEub3BlbnN1c2Uub3JnL2lwYS9jcmwvTWFzdGVyQ1JMLmJpbqI0 pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhv cml0eTAdBgNVHQ4EFgQUrqKLD5dYozCI//zl7UW5jYyEkXIwJAYDVR0RBB0wG4IZ Z2l0bGFiLmluZnJhLm9wZW5zdXNlLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAVm3I IpSAJovwTDnbDebdPl0+o9QKCYN91B6HXcet05Z+8endi2Nk/vWsa3pClmfo4hgv GieObg+fOnjL7JuPXUDf/0/WggaIjGEbk7I8CUubjK3u6AxM2csWBqg0XEL9KdT9 ScNcNVzHqhrIgO2pz2xImVO03hSLnmsVjTl/ssOsSBbWYSHueT3C7ZJIr4gQ7XDI wL0yxP6NShgkEqAUs9QY5GBjm5bsykOj89qgi6Zu8kUJqPYLKkwjZy62cDRvoiQh TM0JvF2fa2AjvK0CYcYkIo+Kz1KagM52oQBlZQO7RcEVcW9GfHVMmmj3in5/U45H nLpMhv4+wJAh8gJ0oA== -----END CERTIFICATE----- # private_key included from pillar/secrets/role/web_gitlab.sls dh_param: gitlab.infra.opensuse.org.dhparams: | -----BEGIN DH PARAMETERS----- MIIBCAKCAQEA7PJQ8wuX4X5olj1lgscd7NWYCdW2+W/8JmBYQE79qnjKhW9I0lg6 zigDe6qUh/QonJ9v2rjeoOMa9lFpgee7Hd4QP1ZmS2seaNBVaVBUWaTX/W8Kzi6B muks7dMjbkrx4hHzw5A/UK4sXR7o2jkZbSF72hrxL9e2EAD0DTH3cyVJnjbbjxC/ G44CZVTNZpPk1J9kl00eq19Nx/0tXoa6mS1I4h6+zHS8mg2rZKwWZ+FbpGunGXmE V5EOx0TUmcFmCxpdS94+PnFrS78OKpMugJWQNE4hLwZ19+HTzFKRHSoGTUXOZrOk QwknZM+Uol0R0oUeo/5zEmN4mfQ1Iv0nCwIBAg== -----END DH PARAMETERS----- servers: managed: gitlab.infra.opensuse.org.conf: ## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/ ## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html config: - upstream gitlab: - server: - unix:/srv/www/vhosts/gitlab-ce/tmp/sockets/gitlab.socket - fail_timeout=0 - upstream gitlab-workhorse: - server: - unix:/srv/www/vhosts/gitlab-ce/tmp/sockets/gitlab-workhorse.socket - fail_timeout=0 - map $http_upgrade $connection_upgrade_gitlab_ssl: - default: upgrade - "''": close ## NGINX 'combined' log format with filtered query strings - log_format: gitlab_ssl_access $remote_addr - $remote_user [$time_local] "$request_method $gitlab_ssl_filtered_request_uri $server_protocol" $status $body_bytes_sent "$gitlab_ssl_filtered_http_referer" "$http_user_agent" ## Remove private_token from the request URI # In: /foo?private_token=unfiltered&authenticity_token=unfiltered&rss_token=unfiltered&... # Out: /foo?private_token=[FILTERED]&authenticity_token=unfiltered&rss_token=unfiltered&... - map $request_uri $gitlab_ssl_temp_request_uri_1: - default: $request_uri - ~(?i)^(?.*)(?[\?&]private[\-_]token)=[^&]*(?.*)$: '"$start$temp=[FILTERED]$rest"' ## Remove authenticity_token from the request URI # In: /foo?private_token=[FILTERED]&authenticity_token=unfiltered&rss_token=unfiltered&... # Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=unfiltered&... - map $gitlab_ssl_temp_request_uri_1 $gitlab_ssl_temp_request_uri_2: - default: $gitlab_ssl_temp_request_uri_1 - ~(?i)^(?.*)(?[\?&]authenticity[\-_]token)=[^&]*(?.*)$: '"$start$temp=[FILTERED]$rest"' ## Remove rss_token from the request URI # In: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=unfiltered&... # Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=[FILTERED]&... - map $gitlab_ssl_temp_request_uri_2 $gitlab_ssl_filtered_request_uri: - default: $gitlab_ssl_temp_request_uri_2 - ~(?i)^(?.*)(?[\?&]rss[\-_]token)=[^&]*(?.*)$: '"$start$temp=[FILTERED]$rest"' ## A version of the referer without the query string - map $http_referer $gitlab_ssl_filtered_http_referer: - default: $http_referer - ~^(?.*)\?: $temp ## Redirects all HTTP traffic to the HTTPS host - server: - listen: 0.0.0.0:80 - listen: - "[::]:80" - ipv6only=on - default_server - server_name: gitlab.infra.opensuse.org - server_tokens: 'off' - return 301: https://$http_host$request_uri - access_log: - /var/log/nginx/gitlab_access.log - gitlab_ssl_access - error_log: /var/log/nginx/gitlab_error.log - server: - listen: - 0.0.0.0:443 - ssl - listen: - "[::]:443" - ipv6only=on - ssl - default_server - server_name: gitlab.infra.opensuse.org - server_tokens: 'off' ## Strong SSL Security ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ - ssl: 'on' - ssl_certificate: /etc/nginx/ssl/gitlab.infra.opensuse.org.crt - ssl_certificate_key: /etc/nginx/ssl/gitlab.infra.opensuse.org.key # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs - ssl_ciphers: '"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"' - ssl_protocols: - TLSv1 - TLSv1.1 - TLSv1.2 - ssl_prefer_server_ciphers: 'on' - ssl_session_cache: shared:SSL:10m - ssl_session_timeout: 5m - ssl_dhparam: /etc/nginx/ssl/gitlab.infra.opensuse.org.dhparams ## [Optional] Enable HTTP Strict Transport Security - add_header: Strict-Transport-Security "max-age=31536000; includeSubDomains" - access_log: - /var/log/nginx/gitlab_access.log - gitlab_ssl_access - error_log: /var/log/nginx/gitlab_error.log - location /: - client_max_body_size: 0 - gzip: 'off' ## https://github.com/gitlabhq/gitlabhq/issues/694 ## Some requests take more than 30 seconds. - proxy_read_timeout: 300 - proxy_connect_timeout: 300 - proxy_redirect: 'off' - proxy_http_version: 1.1 - proxy_set_header: Host $http_host - proxy_set_header: X-Real-IP $remote_addr - proxy_set_header: X-Forwarded-Ssl on - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for - proxy_set_header: X-Forwarded-Proto $scheme - proxy_set_header: Upgrade $http_upgrade - proxy_set_header: Connection $connection_upgrade_gitlab_ssl - proxy_pass: http://gitlab-workhorse - error_page: 404 /404.html - error_page: 422 /422.html - error_page: 500 /500.html - error_page: 502 /502.html - error_page: 503 /503.html - location ~ ^/(404|422|500|502|503)\.html$: - root: /srv/www/vhosts/gitlab-ce/public - internal enabled: True profile: {% set osrelease = salt['grains.get']('osrelease') %} {% if osrelease == '42.3' %} monitoring: check_zypper: whitelist: - gitaly - gitlab-ce - gitlab-common - gitlab-pages - gitlab-shell - gitlab-workhorse - grpc - libgrpc4 - libprotobuf15 - libprotoc15 - libruby2_4-2_4 - nodejs8 - ruby2.4 - ruby2.4-rubygem-RedCloth - ruby2.4-rubygem-ace-rails-ap - ruby2.4-rubygem-actionmailer-4_2 - ruby2.4-rubygem-actionpack-4_2 - ruby2.4-rubygem-actionview-4_2 - ruby2.4-rubygem-activejob-4_2 - ruby2.4-rubygem-activemodel-4_2 - ruby2.4-rubygem-activerecord-4_2 - ruby2.4-rubygem-activesupport-4_2 - ruby2.4-rubygem-acts-as-taggable-on - ruby2.4-rubygem-addressable - ruby2.4-rubygem-akismet - ruby2.4-rubygem-allocations - ruby2.4-rubygem-arel-6 - ruby2.4-rubygem-asana - ruby2.4-rubygem-asciidoctor - ruby2.4-rubygem-asciidoctor-plantuml - ruby2.4-rubygem-attr_encrypted - ruby2.4-rubygem-attr_required - ruby2.4-rubygem-autoprefixer-rails - ruby2.4-rubygem-babosa - ruby2.4-rubygem-base32 - ruby2.4-rubygem-batch-loader - ruby2.4-rubygem-bcrypt_pbkdf - ruby2.4-rubygem-bindata - ruby2.4-rubygem-bootstrap_form - ruby2.4-rubygem-browser - ruby2.4-rubygem-builder - ruby2.4-rubygem-bundler - ruby2.4-rubygem-carrierwave - ruby2.4-rubygem-cause - ruby2.4-rubygem-charlock_holmes - ruby2.4-rubygem-chronic - ruby2.4-rubygem-chronic_duration - ruby2.4-rubygem-chunky_png - ruby2.4-rubygem-citrus - ruby2.4-rubygem-concurrent-ruby - ruby2.4-rubygem-concurrent-ruby-ext - ruby2.4-rubygem-connection_pool - ruby2.4-rubygem-crack - ruby2.4-rubygem-crass - ruby2.4-rubygem-creole - ruby2.4-rubygem-css_parser - ruby2.4-rubygem-d3_rails - ruby2.4-rubygem-debugger-ruby_core_source - ruby2.4-rubygem-deckar01-task_list - ruby2.4-rubygem-declarative - ruby2.4-rubygem-declarative-option - ruby2.4-rubygem-default_value_for - ruby2.4-rubygem-devise - ruby2.4-rubygem-devise-two-factor - ruby2.4-rubygem-diff-lcs - ruby2.4-rubygem-diffy - ruby2.4-rubygem-domain_name - ruby2.4-rubygem-doorkeeper - ruby2.4-rubygem-doorkeeper-openid_connect - ruby2.4-rubygem-dropzonejs-rails - ruby2.4-rubygem-email_reply_trimmer - ruby2.4-rubygem-encryptor - ruby2.4-rubygem-escape_utils - ruby2.4-rubygem-et-orbi - ruby2.4-rubygem-excon - ruby2.4-rubygem-execjs - ruby2.4-rubygem-expression_parser - ruby2.4-rubygem-faraday - ruby2.4-rubygem-faraday-0.8 - ruby2.4-rubygem-faraday_middleware - ruby2.4-rubygem-fast_gettext - ruby2.4-rubygem-ffi - ruby2.4-rubygem-flipper - ruby2.4-rubygem-flipper-active_record - ruby2.4-rubygem-flowdock - ruby2.4-rubygem-fog-aliyun - ruby2.4-rubygem-fog-aws - ruby2.4-rubygem-fog-core - ruby2.4-rubygem-fog-google - ruby2.4-rubygem-fog-json - ruby2.4-rubygem-fog-local - ruby2.4-rubygem-fog-openstack - ruby2.4-rubygem-fog-rackspace - ruby2.4-rubygem-fog-xml - ruby2.4-rubygem-font-awesome-rails - ruby2.4-rubygem-formatador - ruby2.4-rubygem-gemnasium-gitlab-service - ruby2.4-rubygem-gemojione - ruby2.4-rubygem-gettext - ruby2.4-rubygem-gettext_i18n_rails - ruby2.4-rubygem-gettext_i18n_rails_js - ruby2.4-rubygem-gitaly-proto - ruby2.4-rubygem-github-linguist - ruby2.4-rubygem-github-markup - ruby2.4-rubygem-gitlab-flowdock-git-hook - ruby2.4-rubygem-gitlab-grit - ruby2.4-rubygem-gitlab-markup - ruby2.4-rubygem-gitlab_omniauth-ldap - ruby2.4-rubygem-globalid - ruby2.4-rubygem-gollum-grit_adapter - ruby2.4-rubygem-gollum-lib - ruby2.4-rubygem-gollum-rugged_adapter - ruby2.4-rubygem-gon - ruby2.4-rubygem-google-api-client - ruby2.4-rubygem-google-protobuf - ruby2.4-rubygem-googleapis-common-protos-types - ruby2.4-rubygem-googleauth - ruby2.4-rubygem-gpgme - ruby2.4-rubygem-grape - ruby2.4-rubygem-grape-entity - ruby2.4-rubygem-grape-route-helpers - ruby2.4-rubygem-grape_logging - ruby2.4-rubygem-grpc - ruby2.4-rubygem-hamlit - ruby2.4-rubygem-hashie - ruby2.4-rubygem-hashie-forbidden_attributes - ruby2.4-rubygem-health_check - ruby2.4-rubygem-hipchat - ruby2.4-rubygem-html-pipeline - ruby2.4-rubygem-html2text - ruby2.4-rubygem-htmlentities - ruby2.4-rubygem-http-0.9 - ruby2.4-rubygem-http-cookie - ruby2.4-rubygem-http-form_data - ruby2.4-rubygem-httparty - ruby2.4-rubygem-httpclient - ruby2.4-rubygem-i18n - ruby2.4-rubygem-ice_nine - ruby2.4-rubygem-influxdb - ruby2.4-rubygem-ipaddress - ruby2.4-rubygem-jira-ruby - ruby2.4-rubygem-jquery-atwho-rails - ruby2.4-rubygem-jquery-rails - ruby2.4-rubygem-json-1 - ruby2.4-rubygem-json-jwt - ruby2.4-rubygem-jwt - ruby2.4-rubygem-kaminari - ruby2.4-rubygem-kaminari-actionview - ruby2.4-rubygem-kaminari-activerecord - ruby2.4-rubygem-kaminari-core - ruby2.4-rubygem-kgio - ruby2.4-rubygem-kubeclient - ruby2.4-rubygem-licensee - ruby2.4-rubygem-little-plugger - ruby2.4-rubygem-logging - ruby2.4-rubygem-lograge - ruby2.4-rubygem-loofah - ruby2.4-rubygem-mail - ruby2.4-rubygem-mail_room - ruby2.4-rubygem-memoist - ruby2.4-rubygem-method_source - ruby2.4-rubygem-mime-types - ruby2.4-rubygem-mini_mime - ruby2.4-rubygem-mini_portile2 - ruby2.4-rubygem-mousetrap-rails - ruby2.4-rubygem-multi_json - ruby2.4-rubygem-multi_xml - ruby2.4-rubygem-multipart-post-1.2 - ruby2.4-rubygem-mustermann - ruby2.4-rubygem-mustermann-grape - ruby2.4-rubygem-net-ldap - ruby2.4-rubygem-net-ssh - ruby2.4-rubygem-netrc - ruby2.4-rubygem-nokogiri - ruby2.4-rubygem-numerizer - ruby2.4-rubygem-oauth - ruby2.4-rubygem-oauth2 - ruby2.4-rubygem-octokit - ruby2.4-rubygem-oj - ruby2.4-rubygem-omniauth - ruby2.4-rubygem-omniauth-auth0 - ruby2.4-rubygem-omniauth-authentiq - ruby2.4-rubygem-omniauth-azure-oauth2 - ruby2.4-rubygem-omniauth-cas3 - ruby2.4-rubygem-omniauth-facebook - ruby2.4-rubygem-omniauth-github - ruby2.4-rubygem-omniauth-gitlab - ruby2.4-rubygem-omniauth-google-oauth2 - ruby2.4-rubygem-omniauth-kerberos - ruby2.4-rubygem-omniauth-multipassword - ruby2.4-rubygem-omniauth-oauth - ruby2.4-rubygem-omniauth-oauth2 - ruby2.4-rubygem-omniauth-oauth2-generic - ruby2.4-rubygem-omniauth-saml - ruby2.4-rubygem-omniauth-shibboleth - ruby2.4-rubygem-omniauth-twitter - ruby2.4-rubygem-omniauth_crowd - ruby2.4-rubygem-org-ruby - ruby2.4-rubygem-orm_adapter - ruby2.4-rubygem-os - ruby2.4-rubygem-paranoia - ruby2.4-rubygem-peek - ruby2.4-rubygem-peek-gc - ruby2.4-rubygem-peek-host - ruby2.4-rubygem-peek-performance_bar - ruby2.4-rubygem-peek-pg - ruby2.4-rubygem-peek-rblineprof - ruby2.4-rubygem-peek-redis - ruby2.4-rubygem-peek-sidekiq - ruby2.4-rubygem-pg - ruby2.4-rubygem-po_to_json - ruby2.4-rubygem-posix-spawn - ruby2.4-rubygem-premailer - ruby2.4-rubygem-premailer-rails - ruby2.4-rubygem-prometheus-client-mmap - ruby2.4-rubygem-public_suffix - ruby2.4-rubygem-puma - ruby2.4-rubygem-puma_worker_killer - ruby2.4-rubygem-pyu-ruby-sasl - ruby2.4-rubygem-rack-1_6 - ruby2.4-rubygem-rack-accept - ruby2.4-rubygem-rack-attack - ruby2.4-rubygem-rack-cors - ruby2.4-rubygem-rack-oauth2 - ruby2.4-rubygem-rack-protection - ruby2.4-rubygem-rack-proxy - ruby2.4-rubygem-rails-4_2 - ruby2.4-rubygem-rails-dom-testing-1 - ruby2.4-rubygem-rails-html-sanitizer - ruby2.4-rubygem-rails-i18n-4 - ruby2.4-rubygem-railties-4_2 - ruby2.4-rubygem-rainbow - ruby2.4-rubygem-raindrops - ruby2.4-rubygem-rake - ruby2.4-rubygem-rb-fsevent - ruby2.4-rubygem-rb-inotify - ruby2.4-rubygem-rblineprof - ruby2.4-rubygem-rbnacl - ruby2.4-rubygem-re2 - ruby2.4-rubygem-recaptcha - ruby2.4-rubygem-recursive-open-struct - ruby2.4-rubygem-redcarpet - ruby2.4-rubygem-redis-3 - ruby2.4-rubygem-redis-actionpack - ruby2.4-rubygem-redis-activesupport - ruby2.4-rubygem-redis-namespace - ruby2.4-rubygem-redis-rack - ruby2.4-rubygem-redis-rails - ruby2.4-rubygem-redis-store - ruby2.4-rubygem-representable - ruby2.4-rubygem-request_store - ruby2.4-rubygem-responders - ruby2.4-rubygem-rest-client - ruby2.4-rubygem-retriable - ruby2.4-rubygem-rinku - ruby2.4-rubygem-rotp - ruby2.4-rubygem-rouge - ruby2.4-rubygem-rqrcode - ruby2.4-rubygem-rqrcode-rails3 - ruby2.4-rubygem-ruby-fogbugz - ruby2.4-rubygem-ruby-prof - ruby2.4-rubygem-ruby-saml - ruby2.4-rubygem-ruby_parser - ruby2.4-rubygem-rubyntlm - ruby2.4-rubygem-rubypants - ruby2.4-rubygem-rufus-scheduler - ruby2.4-rubygem-rugged - ruby2.4-rubygem-sanitize-2.1 - ruby2.4-rubygem-sass - ruby2.4-rubygem-sass-listen - ruby2.4-rubygem-sass-rails-5_0 - ruby2.4-rubygem-sawyer - ruby2.4-rubygem-securecompare - ruby2.4-rubygem-seed-fu - ruby2.4-rubygem-select2-rails - ruby2.4-rubygem-sentry-raven - ruby2.4-rubygem-settingslogic - ruby2.4-rubygem-sexp_processor - ruby2.4-rubygem-sidekiq - ruby2.4-rubygem-sidekiq-cron - ruby2.4-rubygem-sidekiq-limit_fetch - ruby2.4-rubygem-signet - ruby2.4-rubygem-slack-notifier - ruby2.4-rubygem-sprockets - ruby2.4-rubygem-sprockets-rails - ruby2.4-rubygem-state_machines - ruby2.4-rubygem-state_machines-activemodel - ruby2.4-rubygem-state_machines-activerecord - ruby2.4-rubygem-stringex - ruby2.4-rubygem-sys-filesystem - ruby2.4-rubygem-temple - ruby2.4-rubygem-thor - ruby2.4-rubygem-thread_safe - ruby2.4-rubygem-tilt - ruby2.4-rubygem-timfel-krb5-auth - ruby2.4-rubygem-toml-rb - ruby2.4-rubygem-truncato - ruby2.4-rubygem-tzinfo - ruby2.4-rubygem-u2f - ruby2.4-rubygem-uber - ruby2.4-rubygem-uglifier - ruby2.4-rubygem-unf - ruby2.4-rubygem-unf_ext - ruby2.4-rubygem-unicorn - ruby2.4-rubygem-unicorn-worker-killer - ruby2.4-rubygem-url_safe_base64 - ruby2.4-rubygem-validates_hostname - ruby2.4-rubygem-version_sorter - ruby2.4-rubygem-vmstat - ruby2.4-rubygem-warden - ruby2.4-rubygem-webpack-rails - ruby2.4-rubygem-wikicloth - ruby2.4-stdlib {% endif %} web: server: nginx: csr: gitlab.infra.opensuse.org: | -----BEGIN CERTIFICATE REQUEST----- MIIDGzCCAgMCAQAwgZ4xCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRIw EAYDVQQHDAlOdXJlbWJlcmcxETAPBgNVBAoMCG9wZW5TVVNFMQ8wDQYDVQQLDAZI ZXJvZXMxIjAgBgNVBAMMGWdpdGxhYi5pbmZyYS5vcGVuc3VzZS5vcmcxITAfBgkq hkiG9w0BCQEWEmFkbWluQG9wZW5zdXNlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBALWfuMhdJOdrwvu2hCw0+bRNl8AADSvdBBokQlwpUvbgITNW R3tkj/KgIEO0ohBC7j+a2L3t3qm5tP8ETdETcS96lj1nZ6fTWV1J9qezfpTBRDE3 VIK3vykoBqzRMBVq6R4Kajg7SvB9pWRpHBC4xm3vPA4AnSN9skPtMMGpqZxFMbpG sirObzr5Rit4tM53gZy7zgS2n22TqMeEsEYvd/fHxW2bNLvS5BwX+RU1NhRlNFDP I7BQgCOGzgWrKZeukGfzcOhIXMKtnLPQc/65VcGQDRm01ReSBqNbyADuAfbYrFOP yf8V2FlloUG/voM4c5y6WamHv2ZJepel5qxIickCAwEAAaA3MDUGCSqGSIb3DQEJ DjEoMCYwJAYDVR0RBB0wG4IZZ2l0bGFiLmluZnJhLm9wZW5zdXNlLm9yZzANBgkq hkiG9w0BAQsFAAOCAQEAGJ+RU/bwMTZ+/rkCibJD3Ylp+UUBm0qvFTFkEtkptrM2 5/im/ogEPgYZnJNBlU+lTba7XL3uyG+eX3A3n8aX9wJE7DMYB7x1qZGkUppd0zIG myRBZlZUBxtGtOLGW5+AcpjHdqk5aeLjaWz3PaX3WD7QnAYx7XWPJMdcFVzzwPoO M+mSd9H9RUx9HOYy2Wolxg+Mx05mvBrTHoTYsgSBhrmSNLVbA7ZgvAx+cc4vh9Q0 6NaN7mDmnbT1CVSlQ43o0pRpUIwa9NGD7DQ/Ccrw0FevD/7szXa9KZvXhHdqS7BP PJKOVLf4VbNDRGmkks0fst/NNdNuXRlS4lZMePi6pQ== -----END CERTIFICATE REQUEST-----