-
Notifications
You must be signed in to change notification settings - Fork 1
Deployment Options
The machine can be placed anywhere. It could be a physical machine or a virtual machine. It could be on-prem or on the cloud.
But you need to buy a domain name and set it up with Cloudflare.
TODO: Figure out the details for Gerrit SSH port 29418.
This should work fine with a free plan.
Suppose you have a dedicated domain name mycompanyinternal.com that can be used, your installation could be accessible from
https://login.mycompanyinternal.com/
https://bug.mycompanyinternal.com/
https://review.mycompanyinternal.com/
https://build.mycompanyinternal.com/
https://mailpit.mycompanyinternal.com/
If your company's top-level domain is already using Cloudflare, and you are fine with sharing that domain, your installation could also be accessible from
https://login.mycompany.com/
https://bug.mycompany.com/
https://review.mycompany.com/
https://build.mycompany.com/
https://mailpit.mycompany.com/
TODO: We can potentially make this less problematic by allowing the user to customize the subdomains (e.g. changing login to keycloak in a user-provided configuration file).
If you are willing to pay for Cloudflare Total TLS, you could use your company's top-level domain and restrict your installation to a subdomain. Your installation will be accessible from
https://login.corp.mycompany.com/
https://bug.corp.mycompany.com/
https://review.corp.mycompany.com/
https://build.corp.mycompany.com/
https://mailpit.corp.mycompany.com/
This would be the most preferred way if it didn't require buying from Cloudflare.
You would need a public IP address, either fixed or paired with dynamic DNS. Port forwarding rules must be set up if a NAT firewall is present.
However, it would also work with a private IP address, as long as you can get the HTTPS certificates. For example, you could get certificates with https://letsencrypt.org/docs/challenge-types/#dns-01-challenge.
Your installation will be accessible from
https://login.corp.mycompany.com/
https://bug.corp.mycompany.com/
https://review.corp.mycompany.com/
https://build.corp.mycompany.com/
https://mailpit.corp.mycompany.com/
Some ISPs block 443, so you have to use some other port. Suppose you choose to use port 9443, then your installation will be accessible from
https://login.corp.mycompany.com:9443/
https://bug.corp.mycompany.com:9443/
https://review.corp.mycompany.com:9443/
https://build.corp.mycompany.com:9443/
https://mailpit.corp.mycompany.com:9443/
This should work out of the box. It could be useful if you want to restrict accesses within your LAN, or if you have a VPN setup. However, this requires you to set up an internal DNS service, or to let clients to set up /etc/hosts entries.
Your installation could be accessible from
https://login.internal/
https://bug.internal/
https://review.internal/
https://build.internal/
https://mailpit.internal/