A Self-hosted installation of GitLab comes with an extremely interesting and useful tool that is disabled by default, the Mattermost chat server, think of it as a self-hosted and better Slack.
If you installed GitLab using the Omnibus package, the recommended way, you can enable it and set up a letsencrypt certificate in a few steps as described bellow.
Open the file ‘/etc/gitlab/gitlab.rb’ and find the line:
;mattermost_external_url 'http://mattermost.example.com'
Uncomment it and set the external URL for your chat server.
Now as root run:
gitlab-ctl reconfigure && gitlab-ctl restart
After restarting the GitLab server you can open the external URL in a browser to confirm it’s working.
Now we have to configure a few exceptions before we can create our certificate, again open the file ‘/etc/gitlab/gitlab.rb’ and add to the end.
#Mattermost letsencrypt configuration
mattermost_nginx['custom_gitlab_mattermost_server_config']="location ^~ /.well-known {\n alias /etc/letsencrypt/www/.well-known;\n}\n"
After this you need to regenerate your GitLab configuration with:
gitlab-ctl reconfigure && gitlab-ctl restart
Now you can generate your certificate with the command:
certbot certonly --webroot -w /etc/letsencrypt/www/ -d mattermost.example.com
And then all you need to do is open the file ‘/etc/gitlab/gitlab.rb’ and add to the end of the file the last bits of configuration, taking care to substitute mattermost.example.com with the domain of your chat server.
mattermost_nginx['redirect_http_to_https'] = true
mattermost_nginx['ssl_certificate']= "/etc/letsencrypt/live/mattermost.example.com/fullchain.pem"
mattermost_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/mattermost.example.com/privkey.pem"
The last step is to regenerate your GitLab configuration with:
gitlab-ctl reconfigure && gitlab-ctl restart
All is set, now you have an awesome chat server working with SSL
Sources:
https://docs.gitlab.com/omnibus/settings/nginx.html
https://docs.gitlab.com/omnibus/gitlab-mattermost/
https://stackoverflow.com/a/34539809/980382
https://webnugget.de/setting-up-gitlab-with-free-ssl-certs-from-lets-encrypt-on-ubuntu-14-04/