The settings displayed in the screenshot below are used for the configuration of the GitLab application, and related security services.
gitlab. This route is registered against the apps domain configured on the runtime tile. The URL is used to access the GitLab web interface. Only HTTPS connections are accepted, and attempts to connect over HTTP are automatically redirected to HTTPS.
The address to be used when sending email from GitLab, such as
The reply-to address to be used.
Emails Display Name
A “friendly” name shown to users in their inboxes.
Initial Root Password
Password to pre-configure for the
root user upon deployment of a new installation. This is not required, and will not be used during upgrades.
Enable Rack Attack
Checkbox for enabling Rack Attack for this deployment. Defaults to checked. Only disable if other security measures are in place.
SSH Extra Configuration
text field allows the input of a snippet that will be appened to the
sshd_config by OpenSSH’s
sshd used by GitLab for access via SSH. The field is not validated, so it is left to the user to ensure that all content is valid according to the man(5) page for
This field allows the configuration of security parameters for the SSH daemon such as
KexAlgorithms. The default values are those currently implemented in by the Ubuntu Trusty (14.04.5 LTS) package, as seen below.
Ciphers email@example.com,firstname.lastname@example.org,aes256-ctr,aes192-ctr,aes128-ctr MACs email@example.com,firstname.lastname@example.org,email@example.com,firstname.lastname@example.org,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1
Recommended reading on this configuration item: - http://manpages.ubuntu.com/manpages/trusty/man5/sshd_config.5.html - https://www.openssh.com/legacy.html - https://wiki.mozilla.org/Security/Guidelines/OpenSSH - https://bettercrypto.org/static/applied-crypto-hardening.pdf