Restrict access to port 21 only for gitlab's pipeline

Hi, please let me know which IP should I allow so that only gitlab’s pipeline can access port 21.
When I allow all sources all works fine.
When i allow the IP of the runner it does not work.
It seems I miss something…???

Do you use GitLab shared Runners on Do you use your own runners?
If you don’t know your GitLab runner IPs just allow all and use tcpdump on the server to see from what IPs it’s coming from.

I created a new runner which is registered on the same server where apache is.
I chose shell executor. Now the job is successful, but the folder is not there.
Here is the log. i do not understand what is going on? Are the files copied in docker container?

Running with gitlab-runner 16.1.0~beta.5.gf131a6a2 (f131a6a2)
  on JLgUopmM, system ID: s_b9608e9d087b
  feature flags: FF_USE_IMPROVED_URL_MASKING:true
Preparing the "docker+machine" executor
Using Docker executor with image ruby:3.1 ...
Pulling docker image ruby:3.1 ...
Using docker image sha256:0bc9d89ecf1b65c22b20cc0da4a22c3f515ee726
for ruby:3.1 with digest ruby@sha256:5bb1b8ce2f236cc264ae2f2664ec226603655b91 ...
Preparing environment 00:04
Running on runner-jlguopmm-project-46720377-concurrent-0 via runner-jlguopmm-shared-1686300380-81c218f9...
Getting source from Git repository 00:02
Fetching changes with git depth set to 20...
Initialized empty Git repository in /builds/domains/
Created fresh repository.
Checking out 46ec00d5 as detached HEAD (ref is main)...
Skipping Git submodules setup
$ git remote set-url origin "${CI_REPOSITORY_URL}"
Executing "step_script" stage of the job script 00:01
Using docker image sha256:0bc9d89ecf1b65c22b20cc0da4a22c3f515ee726 
for ruby:3.1 with digest ruby@sha256:5bb1b8ce2f236cc264ae2f2664ec226603655b91...
$ mkdir -p /var/www/$APACHE_DEPLOY_PATH
$ cp -Rv . /var/www/$APACHE_DEPLOY_PATH
'./.git' -> '/var/www/'
Cleaning up project directory and file based variables 00:01
Job succeeded

That job was running on shared runners, not on your local Runner. Your runner should have a list of tags assigned and you have to use tags: in Job to specify which runner should run the job.

Hi, so that is the tag of the local runner: ``` ec2-runner2

And that below is how i modified the .yml.
Now the job is with status “This job is in pending state and is waiting to be picked by a runner”
What do i miss?!?

    - mkdir -p /var/www/$DEPLOY_PATH
    - cp -Rv . /var/www/$DEPLOY_PATH
    - main
    - ec2-runner2

i manually added the tag on the config.toml
to look like this

concurrent = 1
check_interval = 0
shutdown_timeout = 0

session_timeout = 1800

name = “ec2-runner”
url = “
id = xxxxxx
token = “xxxxxxx”
token_obtained_at = 2023-06-09T08:43:02Z
token_expires_at = 0001-01-01T00:00:00Z
executor = “shell”
tags = [“ec2-runner2”]
MaxUploadedArchiveSize = 0

tags are propagated to GitLab only on runner registration. If you change tags in config.toml it is not reflected in GitLab. You need to go to GitLab UI and add the tag to the runner also there.