I have a Gitlab Community Edition (17.2.1) via omnibus metod, installed and running on my Linux Server. The issue is that on my machine (100.X.X.X) is reachable also with an external address (i have a router that sends with another IP in a different network) and also a Proxy DNS for external. How i have to properly set for all of this configuration the correct function of Https with self-signed certificate? I need a solution also for an alternative install of HTTPS for the addresses or only on the machine?
Thanks!
I'm expecting to find a proper way to setting and resolve this issue!
Alternative-1:
You may use internal/external FQDN names as different FQDN names. In this case you might have a server certificate with CN = 'FQDN which will be accessed dominantly', subject alternate name (SAN) field should include 'other FQDN'.
Requirements for Alt.1
Alternative-2:
Requirements for Alt.2
Self-signed cert.may work if the CN is the FQDN (or hostname) with outside Fqdn DNS queries of your server resolve to the external IP of your server and internal DNS resolution to the internal IP of your server.
For all the cases, the clients that access the application will probably need the CA certificate of the issuing CA's root CA in the trust chain and put this CA Certificate in the Trusted Root store of the clients except if you provide the server certificate from a well-known CA .
In the case of a self signed certificate, you will need to put this CA certificate to Trusted Root store of the clients, which may not be an optimal solution.