I’m trying to setup GitLab for personal projects on my own server with the omnibus installation and want to block all IP addresses other than my own.
Is this possible? I’ve tried the gitlab.rb config file but cannot find any related entries, and if I manually edit the nginx config I guess any reconfiguring will overwrite my changes. I can’t seem to find any documentation on this either.
What I want to do is what is done with nginx as such;
allow X.X.X.X;
deny all;
Were you able to find a way to do this via the GitLabs configuration?
You could step up to the OS level and restrict connectivity via your server’s firewall (or a separate firewall if you have one?).
Something along the lines of FirewallD or IPTABLES depending on your OS and Version.
Here is how to configure firewalld on CentOS7:
http://www.tecmint.com/configure-firewalld-in-centos-7/
Another option, if your not tied to IP address, would be to run your install via an internal network only and use VPN or SSH Tunnel to connect.
Edit “/etc/gitlab/gitlab.rb” like this and run gitlab-ctl reconfigure to put the configuration into “/var/opt/gitlab/nginx/conf/gitlab-http.conf”. Don’t forget to adapt your firewall if you used that way before.
nginx['custom_gitlab_server_config'] = "allow x.x.x.x;
deny all;
location ~ /.well-known {
root /opt/gitlab/embedded/service/gitlab-rails/public
allow all;
}
"
The location part is necessary if you want to allow Let’s Encrypt to access “/opt/gitlab/embedded/service/gitlab-rails/public/”.
The solution is missing a semicolon (;) at the end of the line beginning with: root ..., but that line isn’t needed anymore anyway:
allow x.x.x.x;
deny all;
location ~ /.well-known {
allow all;
}
PS: I have put the config in a separate file like this:
nginx['custom_gitlab_server_config'] = "include /etc/gitlab/nginx_custom_gitlab_server_config.conf;"
@ClaasAug Wow. What a great solution! Thank you!!
Hi Guys,
I’ve tried this but when i’m checking the logs of the gitlab container i got the following as output,
==> /var/log/gitlab/nginx/error.log <==
2023/07/21 11:26:58 [emerg] 2018#0: invalid number of arguments in "root" directive in /var/opt/gitlab/nginx/conf/gitlab-http.conf:191
==> /var/log/gitlab/nginx/current <==
2023-07-21_11:26:58.49463 nginx: [emerg] invalid number of arguments in "root" directive in /var/opt/gitlab/nginx/conf/gitlab-http.conf:191
==> /var/log/gitlab/nginx/error.log <==
2023/07/21 11:26:59 [emerg] 2019#0: invalid number of arguments in "root" directive in /var/opt/gitlab/nginx/conf/gitlab-http.conf:191
==> /var/log/gitlab/nginx/current <==
2023-07-21_11:26:59.50100 nginx: [emerg] invalid number of arguments in "root" directive in /var/opt/gitlab/nginx/conf/gitlab-http.conf:191
==> /var/log/gitlab/nginx/error.log <==
2023/07/21 11:27:00 [emerg] 2020#0: invalid number of arguments in "root" directive in /var/opt/gitlab/nginx/conf/gitlab-http.conf:191
==> /var/log/gitlab/nginx/current <==
2023-07-21_11:27:00.51567 nginx: [emerg] invalid number of arguments in "root" directive in /var/opt/gitlab/nginx/conf/gitlab-http.conf:191
Any idea on this ?
Great solution. Tip for users running gitlab runner on the machine: also add:
allow 127.0.0.1;
allow 172.0.0.0/8;
so that the runner is able to access the repository.
It’s good to allow your runners access. Best practice is to have your runners on other machines though.