Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/administration/geo/disaster_recovery/index.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/administration/geo/disaster_recovery/index.md')
-rw-r--r--doc/administration/geo/disaster_recovery/index.md23
1 files changed, 11 insertions, 12 deletions
diff --git a/doc/administration/geo/disaster_recovery/index.md b/doc/administration/geo/disaster_recovery/index.md
index b6703e8a5fb..24a91a7a9c5 100644
--- a/doc/administration/geo/disaster_recovery/index.md
+++ b/doc/administration/geo/disaster_recovery/index.md
@@ -479,25 +479,24 @@ changing Git remotes and API URLs.
external_url 'https://<new_external_url>'
```
- If you provide GitLab with its certificate
- [manually](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-https-manually),
- ensure:
+ NOTE:
+ Changing `external_url` does not prevent access via the old secondary URL, as
+ long as the secondary DNS records are still intact.
- - The new URL is one of the subject alternative names:
+1. Update the **secondary**'s SSL certificate:
+
+ - If you use the [Let's Encrypt integration](https://docs.gitlab.com/omnibus/settings/ssl/index.html#enable-the-lets-encrypt-integration),
+ the certificate updates automatically.
+ - If you had [manually set up](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-https-manually),
+ the **secondary**'s certificate, copy the certificate from the **primary** to the **secondary**.
+ If you don't have access to the **primary**, issue a new certificate and make sure it contains
+ both the **primary** and **secondary** URLs in the subject alternative names. You can check with:
```shell
/opt/gitlab/embedded/bin/openssl x509 -noout -dates -subject -issuer \
-nameopt multiline -ext subjectAltName -in /etc/gitlab/ssl/new-gitlab.new-example.com.crt
```
- - The certificate and key filenames match the new `external_url`,
- or those filenames are
- [specified in `/etc/gitlab/gitlab.rb`](https://docs.gitlab.com/omnibus/settings/ssl/index.html#change-the-default-ssl-certificate-location).
-
- NOTE:
- Changing `external_url` does not prevent access via the old secondary URL, as
- long as the secondary DNS records are still intact.
-
1. Reconfigure the **secondary** site for the change to take effect:
```shell
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-19 17:39:43 +0300