GitLab Pages on a subdomain of a self-managed GitLab instance

We host a relatively large self-managed GitLab instance for Bavarian universities (see Introduction: Arto Teräs / LRZ) and are currently running GitLab 13.12.

Our GitLab Pages use a subdomain of the Gitlab instance itself and are hosted on the same servers (a small cluster configuration).

When preparing the upgrade to upcoming GitLab 14.0 I noticed that accordings to the GitLab Pages documentation this kind of domain configuration is not officially supported (GitLab Pages administration | GitLab). When looking back at the documentation of earlier versions it doesn’t seem to be a recent change - just mentioned more prominently in the documentation than before.

It would be a significant inconvenience for our users if we need to change the pages domain. Quite a few have published course information, documentation, results or datasets of their research projects using the current domain. Obviously changing the domain of the instance itself would be a pain as well.

Could someone please explain why Pages on a subdomain of the GitLab instance is not supported? On our instance it has been working already for a couple of years. Should I expect it to break when upgrading to GitLab 14.0? If yes, are there workarounds to prevent that?

Best regards,

Arto Teräs

Sry for the question, we are using gitlab pages with a subdomain as well. This works perfectly for now.

If needed i can provide setup instructions for certs etc.

Hi,

the main concern are shared cookies in the same domain, and possible security issues in that regard with GitLab pages websites. See the discussion in this issue: Use gitlab pages under the same domain as gitlab (#33240) · Issues · GitLab.org / GitLab FOSS · GitLab

I don’t think that things will break (recommend a testing environment to verify though) - it generally is not advised for above security concerns though, and as such not officially supported.

Cheers,
Michael

Hi Michael,

Thank you very much for the clarification. We will test before upgrading in our staging environment and consider the security implications.

Best regards,

Arto

1 Like