GitLab

GitLab Configuration

The settings displayed in the screenshot below are used for the configuration of the GitLab application, and related security services.

Image of OpsManager GitLab configuration

Properties

Route Name

Defaults to gitlab. This route is registered against the apps domain configured on the runtime tile. The URL is used to access the GitLab web interface. Only HTTPS connections are accepted, and attempts to connect over HTTP are automatically redirected to HTTPS.

Emails From

The address to be used when sending email from GitLab, such as gitlab-no-reply@my-pcf.example.com.

Emails Reply-To

The reply-to address to be used.

Emails Display Name

A “friendly” name shown to users in their inboxes.

Initial Root Password

Password to pre-configure for the root user upon deployment of a new installation. This is not required, and will not be used during upgrades.

Enable Rack Attack

Checkbox for enabling Rack Attack for this deployment. Defaults to checked. Only disable if other security measures are in place.

SSH Extra Configuration

This text field allows the input of a snippet that will be appened to the sshd_config by OpenSSH’s sshd used by GitLab for access via SSH. The field is not validated, so it is left to the user to ensure that all content is valid according to the man(5) page for sshd_config.

This field allows the configuration of security parameters for the SSH daemon such as Ciphers, MACs, and KexAlgorithms. The default values are those currently implemented in by the Ubuntu Trusty (14.04.5 LTS) package, as seen below.

Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1

Recommended reading on this configuration item: - http://manpages.ubuntu.com/manpages/trusty/man5/sshd_config.5.html - https://www.openssh.com/legacy.html - https://wiki.mozilla.org/Security/Guidelines/OpenSSH - https://bettercrypto.org/static/applied-crypto-hardening.pdf

Create a pull request or raise an issue on the source for this page in GitHub