Restrict access to only specific IP addresses for public domain

I’m trying to setup GitLab for personal projects on my own server with the omnibus installation and want to block all IP addresses other than my own.

Is this possible? I’ve tried the gitlab.rb config file but cannot find any related entries, and if I manually edit the nginx config I guess any reconfiguring will overwrite my changes. I can’t seem to find any documentation on this either.

What I want to do is what is done with nginx as such;

allow X.X.X.X;
deny all;

Were you able to find a way to do this via the GitLabs configuration?

You could step up to the OS level and restrict connectivity via your server’s firewall (or a separate firewall if you have one?).

Something along the lines of FirewallD or IPTABLES depending on your OS and Version.

Here is how to configure firewalld on CentOS7:
http://www.tecmint.com/configure-firewalld-in-centos-7/

Another option, if your not tied to IP address, would be to run your install via an internal network only and use VPN or SSH Tunnel to connect.

Edit “/etc/gitlab/gitlab.rb” like this and run gitlab-ctl reconfigure to put the configuration into “/var/opt/gitlab/nginx/conf/gitlab-http.conf”. Don’t forget to adapt your firewall if you used that way before.

nginx['custom_gitlab_server_config'] = "allow x.x.x.x;
deny all;

location ~ /.well-known {
    root /opt/gitlab/embedded/service/gitlab-rails/public
    allow all;
}
"

The location part is necessary if you want to allow Let’s Encrypt to access “/opt/gitlab/embedded/service/gitlab-rails/public/”.

1 Like

The solution is missing a semicolon (;) at the end of the line beginning with: root ..., but that line isn’t needed anymore anyway:

allow x.x.x.x;
deny all;

location ~ /.well-known {
    allow all;
}

PS: I have put the config in a separate file like this:

nginx['custom_gitlab_server_config'] = "include /etc/gitlab/nginx_custom_gitlab_server_config.conf;"
1 Like