Whitelist IP for specific project - on prem instance

i have a self-managed Gitbal instance. I have a requirement to add a new project which should be accessible only from a particular IP. I don’t think Gitlab support sth like that. I was thinking about changing the configuration in Nginx, but im not sure it is a good option as GitLab manages Nginx and my configuration could be overwritten during upgrades.
Do you have any thoughts on how I could handle my request?


You have two possibilities, if you take a look in /etc/gitlab/gitlab.rb you will find a couple of options similar to below:

# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"

If you choose the first option, you can put the location for that single particular project and allow access via IP and then deny all. Another alternative, is use the second line, which will allow you to do a similar thing for that particular location but the added bonus, you can also later include other projects and control access by IP.

For the second line, I would probably create /etc/gitlab/nginx-conf directory, and then create a config file in here, and configure the line appropriately in gitlab.rb.


@iwalker Thank you for your advice.

1 Like