diff options
author | Rob Watson <rob@mixlr.com> | 2018-01-03 23:02:46 +0300 |
---|---|---|
committer | Rob Watson <rob@mixlr.com> | 2018-03-06 21:06:11 +0300 |
commit | 00b6c5f315ac00e9da8a6de99c50b064e9f87872 (patch) | |
tree | 000051186e3a2e820a25b9e4b3157ba83d9af13f /README.md | |
parent | a638665f6c6eacd6aad74c855f0f6441c09ca029 (diff) |
Implement HTTPS-only pages
- Check `config.json` for `httpsonly` attribute
- Store value against custom domain or group/project pair
- Respond with 301 redirect to HTTP requests to these domains/projects
Re: https://gitlab.com/gitlab-org/gitlab-ce/issues/28857
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 18 |
1 files changed, 18 insertions, 0 deletions
@@ -45,6 +45,24 @@ current requests. a `Content-Encoding: gzip` header. This allows compressed versions of the files to be precalculated, saving CPU time and network bandwidth. +### HTTPS only domains + +Users have the option to enable "HTTPS only pages" on a per-project basis. +This option is also enabled by default for all newly-created projects. + +When the option is enabled, a project's `config.json` will contain an +`https_only` attribute. + +When the `https_only` attribute is found in the root context, any project pages +served over HTTP via the group domain (i.e. `username.gitlab.io`) will be 301 +redirected to HTTPS. + +When the attribute is found in a custom domain's configuration, any HTTP +requests to this domain will likewise be redirected. + +If the attribute's value is false, or the attribute is missing, then +the content will be served to the client over HTTP. + ### How it should be run? Ideally the GitLab Pages should run without any load balancer in front of it. |