diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-08 15:08:54 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-08 15:08:54 +0300 |
commit | 473b876fe3d7e0b36eb6268cc44a4fe0d94f4422 (patch) | |
tree | 2f6d5f2ecad53015024b6b1509896f5933c5c3e6 /doc | |
parent | dca8df0c90d8727d69b3501b15b481546897f3cd (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
-rw-r--r-- | doc/administration/auth/atlassian.md | 12 | ||||
-rw-r--r-- | doc/administration/auth/cognito.md | 6 | ||||
-rw-r--r-- | doc/administration/auth/crowd.md | 68 | ||||
-rw-r--r-- | doc/administration/auth/jwt.md | 14 | ||||
-rw-r--r-- | doc/administration/auth/ldap/google_secure_ldap.md | 6 | ||||
-rw-r--r-- | doc/administration/auth/ldap/index.md | 4 | ||||
-rw-r--r-- | doc/administration/auth/oidc.md | 40 | ||||
-rw-r--r-- | doc/administration/auth/smartcard.md | 18 | ||||
-rw-r--r-- | doc/administration/clusters/kas.md | 12 | ||||
-rw-r--r-- | doc/administration/operations/puma.md | 65 | ||||
-rw-r--r-- | doc/administration/package_information/postgresql_versions.md | 1 | ||||
-rw-r--r-- | doc/user/profile/account/delete_account.md | 2 |
12 files changed, 155 insertions, 93 deletions
diff --git a/doc/administration/auth/atlassian.md b/doc/administration/auth/atlassian.md index 45617b9965c..27e33c85761 100644 --- a/doc/administration/auth/atlassian.md +++ b/doc/administration/auth/atlassian.md @@ -29,13 +29,13 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu 1. On your GitLab server, open the configuration file: - For Omnibus GitLab installations: + For Linux package installations: ```shell sudo editor /etc/gitlab/gitlab.rb ``` - For installations from source: + For self-compiled installations: ```shell sudo -u git -H editor /home/git/gitlab/config/gitlab.yml @@ -47,7 +47,7 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu GitLab account. 1. Add the provider configuration for Atlassian: - For Omnibus GitLab installations: + For Linux package installations: ```ruby gitlab_rails['omniauth_providers'] = [ @@ -61,7 +61,7 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu ] ``` - For installations from source: + For self-compiled installations: ```yaml - { name: "atlassian_oauth2", @@ -76,8 +76,8 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu 1. Save the configuration file. 1. For the changes to take effect: - - If you installed via Omnibus, [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). - - If you installed from source, [restart GitLab](../restart_gitlab.md#installations-from-source). + - If you installed using the Linux package, [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). + - If you self-compiled your installation, [restart GitLab](../restart_gitlab.md#installations-from-source). On the sign-in page there should now be an Atlassian icon below the regular sign in form. Select the icon to begin the authentication process. diff --git a/doc/administration/auth/cognito.md b/doc/administration/auth/cognito.md index cfac958e297..d821a1e9cfe 100644 --- a/doc/administration/auth/cognito.md +++ b/doc/administration/auth/cognito.md @@ -37,16 +37,14 @@ To enable AWS Cognito as an authentication provider, complete the following step 1. Save changes for the app client settings. 1. Under **Domain name**, include the AWS domain name for your AWS Cognito application. -1. Under **App Clients**, find your app client ID. Select **Show details* to display the app client secret. These values correspond to the OAuth 2.0 Client ID and Client Secret. Save these values. +1. Under **App Clients**, find your app client ID. Select **Show details** to display the app client secret. These values correspond to the OAuth 2.0 Client ID and Client Secret. Save these values. ## Configure GitLab 1. Configure the [common settings](../../integration/omniauth.md#configure-common-settings) to add `cognito` as a single sign-on provider. This enables Just-In-Time account provisioning for users who do not have an existing GitLab account. -1. On your GitLab server, open the configuration file. - - **For Omnibus installations** +1. On your GitLab server, open the configuration file. For Linux package installations: ```shell sudo editor /etc/gitlab/gitlab.rb diff --git a/doc/administration/auth/crowd.md b/doc/administration/auth/crowd.md index f89e1a00928..c4ebb9a5dee 100644 --- a/doc/administration/auth/crowd.md +++ b/doc/administration/auth/crowd.md @@ -26,19 +26,19 @@ this provider also allows Crowd authentication for Git-over-https requests. 1. On your GitLab server, open the configuration file. - **Omnibus:** + - Linux package installations: - ```shell - sudo editor /etc/gitlab/gitlab.rb - ``` + ```shell + sudo editor /etc/gitlab/gitlab.rb + ``` - **Source:** + - Self-compiled installations: - ```shell - cd /home/git/gitlab + ```shell + cd /home/git/gitlab - sudo -u git -H editor config/gitlab.yml - ``` + sudo -u git -H editor config/gitlab.yml + ``` 1. Configure the [common settings](../../integration/omniauth.md#configure-common-settings) to add `crowd` as a single sign-on provider. This enables Just-In-Time @@ -46,39 +46,39 @@ this provider also allows Crowd authentication for Git-over-https requests. 1. Add the provider configuration: - **Omnibus:** - - ```ruby - gitlab_rails['omniauth_providers'] = [ - { - name: "crowd", - # label: "Provider name", # optional label for login button, defaults to "Crowd" - args: { - crowd_server_url: "CROWD_SERVER_URL", - application_name: "YOUR_APP_NAME", - application_password: "YOUR_APP_PASSWORD" + - Linux package installations: + + ```ruby + gitlab_rails['omniauth_providers'] = [ + { + name: "crowd", + # label: "Provider name", # optional label for login button, defaults to "Crowd" + args: { + crowd_server_url: "CROWD_SERVER_URL", + application_name: "YOUR_APP_NAME", + application_password: "YOUR_APP_PASSWORD" + } } - } - ] - ``` + ] + ``` - **Source:** + - Self-compiled installations: - ```yaml - - { name: 'crowd', - # label: 'Provider name', # optional label for login button, defaults to "Crowd" - args: { - crowd_server_url: 'CROWD_SERVER_URL', - application_name: 'YOUR_APP_NAME', - application_password: 'YOUR_APP_PASSWORD' } } - ``` + ```yaml + - { name: 'crowd', + # label: 'Provider name', # optional label for login button, defaults to "Crowd" + args: { + crowd_server_url: 'CROWD_SERVER_URL', + application_name: 'YOUR_APP_NAME', + application_password: 'YOUR_APP_PASSWORD' } } + ``` 1. Change `CROWD_SERVER_URL` to the [base URL of your Crowd server](https://confluence.atlassian.com/crowdkb/how-to-change-the-crowd-base-url-245827278.html). 1. Change `YOUR_APP_NAME` to the application name from Crowd applications page. 1. Change `YOUR_APP_PASSWORD` to the application password you've set. 1. Save the configuration file. -1. [Reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure) (Omnibus GitLab) or [restart](../restart_gitlab.md#installations-from-source) (source installations) for - the changes to take effect. +1. [Reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure) (Linux package installations) or + [restart](../restart_gitlab.md#installations-from-source) (self-compiled installations) for the changes to take effect. On the sign in page there should now be a Crowd tab in the sign in form. diff --git a/doc/administration/auth/jwt.md b/doc/administration/auth/jwt.md index bdcd6fc89cc..0f2036bea04 100644 --- a/doc/administration/auth/jwt.md +++ b/doc/administration/auth/jwt.md @@ -12,13 +12,13 @@ JWT provides you with a secret key for you to use. 1. On your GitLab server, open the configuration file. - For Omnibus GitLab: + For Linux package installations: ```shell sudo editor /etc/gitlab/gitlab.rb ``` - For installations from source: + For self-compiled installations: ```shell cd /home/git/gitlab @@ -30,7 +30,7 @@ JWT provides you with a secret key for you to use. account provisioning for users who do not have an existing GitLab account. 1. Add the provider configuration. - For Omnibus GitLab: + For Linux package installations: ```ruby gitlab_rails['omniauth_providers'] = [ @@ -49,7 +49,7 @@ JWT provides you with a secret key for you to use. ] ``` - For installation from source: + For self-compiled installations: ```yaml - { name: 'jwt', @@ -75,9 +75,9 @@ JWT provides you with a secret key for you to use. 1. Change `YOUR_APP_SECRET` to the client secret and set `auth_url` to your redirect URL. 1. Save the configuration file. -1. For the changes to take effect: - - If you installed via Omnibus, [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). - - If you installed from source, [restart GitLab](../restart_gitlab.md#installations-from-source). +1. For changes to take effect, if you: + - Used the Linux package to install GitLab, [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). + - Self-compiled your GitLab installation, [restart GitLab](../restart_gitlab.md#installations-from-source). On the sign in page there should now be a JWT icon below the regular sign in form. Select the icon to begin the authentication process. JWT asks the user to diff --git a/doc/administration/auth/ldap/google_secure_ldap.md b/doc/administration/auth/ldap/google_secure_ldap.md index 042a65be500..8084633c3ba 100644 --- a/doc/administration/auth/ldap/google_secure_ldap.md +++ b/doc/administration/auth/ldap/google_secure_ldap.md @@ -72,7 +72,7 @@ values obtained during the LDAP client configuration earlier: - `cert`: The `.crt` file text from the downloaded certificate bundle - `key`: The `.key` file text from the downloaded certificate bundle -**For Omnibus installations** +For Linux package installations: 1. Edit `/etc/gitlab/gitlab.rb`: @@ -142,9 +142,7 @@ values obtained during the LDAP client configuration earlier: 1. Save the file and [reconfigure](../../restart_gitlab.md#omnibus-gitlab-reconfigure) GitLab for the changes to take effect. ---- - -**For installations from source** +For self-compiled installations: 1. Edit `config/gitlab.yml`: diff --git a/doc/administration/auth/ldap/index.md b/doc/administration/auth/ldap/index.md index efed9d76746..a4484da5940 100644 --- a/doc/administration/auth/ldap/index.md +++ b/doc/administration/auth/ldap/index.md @@ -1037,8 +1037,8 @@ For more information on synchronizing users and groups between LDAP and GitLab, ## Move from LDAP to SAML 1. [Configure SAML](../../../integration/saml.md). Add `auto_link_ldap_user` to: - - [`gitlab.rb` for Omnibus](../../../integration/saml.html?tab=Linux+package+%28Omnibus%29). - - [`values.yml` for Kubernetes](../../../integration/saml.html?tab=Helm+chart+%28Kubernetes%29). + - [`gitlab.rb` for Linux package installations](../../../integration/saml.html?tab=Linux+package+%28Omnibus%29). + - [`values.yml` for Helm chart installations](../../../integration/saml.html?tab=Helm+chart+%28Kubernetes%29). For more information, see the [initial settings for all providers](../../../integration/omniauth.md#configure-initial-settings). 1. Optional. [Disable the LDAP auth from the sign-in page](#disable-ldap-web-sign-in). diff --git a/doc/administration/auth/oidc.md b/doc/administration/auth/oidc.md index 106cc6c23eb..88c9a669441 100644 --- a/doc/administration/auth/oidc.md +++ b/doc/administration/auth/oidc.md @@ -16,7 +16,7 @@ The OpenID Connect provides you with a client's details and secret for you to us 1. On your GitLab server, open the configuration file. - For Omnibus GitLab: + For Linux package installations: ```shell sudo editor /etc/gitlab/gitlab.rb @@ -35,7 +35,7 @@ The OpenID Connect provides you with a client's details and secret for you to us 1. Add the provider configuration. - For Omnibus GitLab: + For Linux package installations: ```ruby gitlab_rails['omniauth_providers'] = [ @@ -63,7 +63,7 @@ The OpenID Connect provides you with a client's details and secret for you to us ] ``` - For Omnibus GitLab with multiple identity providers: + For Linux package installations with multiple identity providers: ```ruby { 'name' => 'openid_connect', @@ -108,7 +108,7 @@ The OpenID Connect provides you with a client's details and secret for you to us NOTE: For more information on using multiple identity providers with OIDC, see [issue 5992](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5992). - For installation from source: + For self-compiled installations: ```yaml - { name: 'openid_connect', # do not change this parameter @@ -184,10 +184,10 @@ The OpenID Connect provides you with a client's details and secret for you to us - `jwks_uri` is the URL to the endpoint where the Token signer publishes its keys. 1. Save the configuration file. -1. For changes to take effect, if you installed GitLab: +1. For changes to take effect, if you: - - With Omnibus, [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). - - From source, [restart GitLab](../restart_gitlab.md#installations-from-source). + - Used the Linux package to install GitLab, [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). + - Self-compiled your GitLab installation, [restart GitLab](../restart_gitlab.md#installations-from-source). On the sign in page, you have an OpenID Connect option below the regular sign in form. Select this option to begin the authentication process. The OpenID Connect provider @@ -197,7 +197,7 @@ by the client. You are redirected to GitLab and signed in. ## Example configurations The following configurations illustrate how to set up OpenID with -different providers with Omnibus GitLab. +different providers when using the GitLab Linux package installation. ### Configure Google @@ -240,7 +240,7 @@ you need the following information: [Microsoft Quickstart Register an Application](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) documentation to obtain the tenant ID, client ID, and client secret for your app. -Example Omnibus configuration block: +Example configuration block for Linux package installations: ```ruby gitlab_rails['omniauth_providers'] = [ @@ -372,7 +372,7 @@ but `LocalAccounts` authenticates against local Active Directory accounts. Befor ``` 1. Configure the issuer URL with the custom policy used for `signup_signin`. For example, this is - the Omnibus configuration with a custom policy for `b2c_1a_signup_signin`: + the configuration with a custom policy for `b2c_1a_signup_signin` for Linux package installations: ```ruby gitlab_rails['omniauth_providers'] = [ @@ -432,7 +432,7 @@ HS256 or HS358) to sign tokens. Public key encryption algorithms are: 1. Select **Realm Settings > Tokens > Default Signature Algorithm**. 1. Configure the signature algorithm. -Example Omnibus configuration block: +Example configuration block for Linux package installations: ```ruby gitlab_rails['omniauth_providers'] = [ @@ -556,7 +556,7 @@ For your app, complete the following steps on Casdoor: See the [Casdoor documentation](https://casdoor.org/docs/integration/ruby/gitlab) for more details. -Example Omnibus GitLab configuration (file path: `/etc/gitlab/gitlab.rb`): +Example configuration for Linux package installations (file path: `/etc/gitlab/gitlab.rb`): ```ruby gitlab_rails['omniauth_providers'] = [ @@ -617,7 +617,7 @@ This is not compatible with [configuring users based on OIDC group membership](# The following example configurations show how to offer different levels of authentication, one option with 2FA and one without 2FA. -For Omnibus GitLab: +For Linux package installations: ```ruby gitlab_rails['omniauth_providers'] = [ @@ -668,7 +668,7 @@ gitlab_rails['omniauth_providers'] = [ ] ``` -For installation from source: +For self-compiled installations: ```yaml - { name: 'openid_connect', @@ -774,7 +774,7 @@ response to require users to be members of a certain group, configure GitLab to If you do not set `required_groups` or leave the setting empty, any user authenticated by the IdP through OIDC can use GitLab. -For Omnibus GitLab: +For Linux package installations: 1. Edit `/etc/gitlab/gitlab.rb`: @@ -808,7 +808,7 @@ For Omnibus GitLab: 1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. -For installation from source: +For self-compiled installations: 1. Edit `/home/git/gitlab/config/gitlab.yml`: @@ -853,7 +853,7 @@ based on group membership, configure GitLab to identify: [external user](../../user/admin_area/external_users.md), using the `external_groups` setting. -For Omnibus GitLab: +For Linux package installations: 1. Edit `/etc/gitlab/gitlab.rb`: @@ -887,7 +887,7 @@ For Omnibus GitLab: 1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. -For installation from source: +For self-compiled installations: 1. Edit `/home/git/gitlab/config/gitlab.yml`: @@ -930,7 +930,7 @@ response to assign users as administrator based on group membership, configure G - Which group memberships grant the user administrator access, using the `admin_groups` setting. -For Omnibus GitLab: +For Linux package installations: 1. Edit `/etc/gitlab/gitlab.rb`: @@ -964,7 +964,7 @@ For Omnibus GitLab: 1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. -For installation from source: +For self-compiled installations: 1. Edit `/home/git/gitlab/config/gitlab.yml`: diff --git a/doc/administration/auth/smartcard.md b/doc/administration/auth/smartcard.md index 5b6d299f171..0fa585bace5 100644 --- a/doc/administration/auth/smartcard.md +++ b/doc/administration/auth/smartcard.md @@ -115,7 +115,7 @@ more information, see [the relevant issue](https://gitlab.com/gitlab-org/gitlab/ ## Configure GitLab for smartcard authentication -**For Omnibus installations** +For Linux package installations: 1. Edit `/etc/gitlab/gitlab.rb`: @@ -140,9 +140,7 @@ more information, see [the relevant issue](https://gitlab.com/gitlab-org/gitlab/ 1. Save the file and [reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure) GitLab for the changes to take effect. ---- - -**For installations from source** +For self-compiled installations: 1. Configure NGINX to request a client side certificate @@ -237,7 +235,7 @@ more information, see [the relevant issue](https://gitlab.com/gitlab-org/gitlab/ ### Additional steps when using SAN extensions -**For Omnibus installations** +For Linux package installations: 1. Add to `/etc/gitlab/gitlab.rb`: @@ -248,7 +246,7 @@ more information, see [the relevant issue](https://gitlab.com/gitlab-org/gitlab/ 1. Save the file and [reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure) GitLab for the changes to take effect. -**For installations from source** +For self-compiled installations: 1. Add the `san_extensions` line to `config/gitlab.yml` within the smartcard section: @@ -267,7 +265,7 @@ more information, see [the relevant issue](https://gitlab.com/gitlab-org/gitlab/ ### Additional steps when authenticating against an LDAP server -**For Omnibus installations** +For Linux package installations: 1. Edit `/etc/gitlab/gitlab.rb`: @@ -284,7 +282,7 @@ more information, see [the relevant issue](https://gitlab.com/gitlab-org/gitlab/ 1. Save the file and [reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure) GitLab for the changes to take effect. -**For installations from source** +For self-compiled installations: 1. Edit `config/gitlab.yml`: @@ -304,7 +302,7 @@ more information, see [the relevant issue](https://gitlab.com/gitlab-org/gitlab/ ### Require browser session with smartcard sign-in for Git access -**For Omnibus installations** +For Linux package installations: 1. Edit `/etc/gitlab/gitlab.rb`: @@ -315,7 +313,7 @@ more information, see [the relevant issue](https://gitlab.com/gitlab-org/gitlab/ 1. Save the file and [reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure) GitLab for the changes to take effect. -**For installations from source** +For self-compiled installations: 1. Edit `config/gitlab.yml`: diff --git a/doc/administration/clusters/kas.md b/doc/administration/clusters/kas.md index 6d6e8e5513c..cbd32dea95c 100644 --- a/doc/administration/clusters/kas.md +++ b/doc/administration/clusters/kas.md @@ -21,12 +21,12 @@ If you use self-managed GitLab, you must install an agent server or specify an e As a GitLab administrator, you can install the agent server: -- For [Omnibus installations](#for-omnibus). -- For [GitLab Helm Chart installations](#for-gitlab-helm-chart). +- For [Linux package installations](#for-linux-package-installations). +- For [GitLab Helm chart installations](#for-gitlab-helm-chart). -### For Omnibus +### For Linux package installations -You can enable the agent server for [Omnibus](https://docs.gitlab.com/omnibus/) package installations on a single node, or on multiple nodes at once. +You can enable the agent server for Linux package installations on a single node, or on multiple nodes at once. #### Enable on a single node @@ -167,7 +167,7 @@ service logs by running the following command: kubectl logs -f -l=app=kas -n <YOUR-GITLAB-NAMESPACE> ``` -In Omnibus GitLab, find the logs in `/var/log/gitlab/gitlab-kas/`. +In Linux package installations, find the logs in `/var/log/gitlab/gitlab-kas/`. You can also [troubleshoot issues with individual agents](../../user/clusters/agent/troubleshooting.md). @@ -212,7 +212,7 @@ When the agent server tries to connect to the GitLab API, the following error mi {"level":"error","time":"2021-08-16T14:56:47.289Z","msg":"GetAgentInfo()","correlation_id":"01FD7QE35RXXXX8R47WZFBAXTN","grpc_service":"gitlab.agent.reverse_tunnel.rpc.ReverseTunnel","grpc_method":"Connect","error":"Get \"https://gitlab.example.com/api/v4/internal/kubernetes/agent_info\": dial tcp 172.17.0.4:443: connect: connection refused"} ``` -To fix this issue for [Omnibus](https://docs.gitlab.com/omnibus/) package installations, +To fix this issue for Linux package installations, set the following parameter in `/etc/gitlab/gitlab.rb`. Replace `gitlab.example.com` with your GitLab instance's hostname: ```ruby diff --git a/doc/administration/operations/puma.md b/doc/administration/operations/puma.md index efc55a5fbc3..63f3c66622d 100644 --- a/doc/administration/operations/puma.md +++ b/doc/administration/operations/puma.md @@ -211,6 +211,71 @@ make Prometheus scrape them over HTTPS, and support for it is being discussed Hence, it is not technically possible to turn off this HTTP listener without losing Prometheus metrics. +### Using an encrypted SSL key + +> [Introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7799) in GitLab 16.1. + +Puma supports the use of an encrypted private SSL key, which can be +decrypted at runtime. The following instructions illustrate how to +configure this: + +1. Encrypt the key with a password if it is not already: + + ```shell + openssl rsa -aes256 -in /path/to/ssl-key.pem -out /path/to/encrypted-ssl-key.pem + ``` + + Enter in a password twice to write the encrypted file. In this + example, we use `some-password-here`. + +1. Create a script or executable that prints the password. For + example, create a basic script in + `/var/opt/gitlab/gitlab-rails/etc/puma-ssl-key-password` that echoes + the password: + + ```shell + #!/bin/sh + echo some-password-here + ``` + + Note that in production, you should avoid storing the password on + disk and use a secure mechanism for retrieving a password, such as + Vault. For example, the script might look like: + + ```shell + #!/bin/sh + export VAULT_ADDR=http://vault-password-distribution-point:8200 + export VAULT_TOKEN=<some token> + + echo "$(vault kv get -mount=secret puma-ssl-password)" + ``` + +1. Ensure the Puma process has sufficient permissions to execute the + script and to read the encrypted key: + + ```shell + chown git:git /var/opt/gitlab/gitlab-rails/etc/puma-ssl-key-password + chmod 770 /var/opt/gitlab/gitlab-rails/etc/puma-ssl-key-password + chmod 660 /path/to/encrypted-ssl-key.pem + ``` + +1. Edit `/etc/gitlab/gitlab.rb`, and replace `puma['ssl_certificate_key']` with the encrypted key and specify + `puma['ssl_key_password_command]`: + + ```ruby + puma['ssl_certificate_key'] = '/path/to/encrypted-ssl-key.pem' + puma['ssl_key_password_command'] = '/var/opt/gitlab/gitlab-rails/etc/puma-ssl-key-password' + ``` + +1. Reconfigure GitLab: + + ```shell + sudo gitlab-ctl reconfigure + ``` + +1. If GitLab comes up successfully, you should be able to remove the + unencrypted SSL key that was stored on the GitLab instance. + ## Switch from Unicorn to Puma NOTE: diff --git a/doc/administration/package_information/postgresql_versions.md b/doc/administration/package_information/postgresql_versions.md index c1e9f7320ea..44032883eb4 100644 --- a/doc/administration/package_information/postgresql_versions.md +++ b/doc/administration/package_information/postgresql_versions.md @@ -30,6 +30,7 @@ Read more about update policies and warnings in the PostgreSQL | GitLab version | PostgreSQL versions | Default version for fresh installs | Default version for upgrades | Notes | | -------------- | --------------------- | ---------------------------------- | ---------------------------- | ----- | +| 16.0 | 13.11 | 13.11 | 13.11 | | | 15.6 | 12.12, 13.8 | 13.8 | 12.12 | For upgrades, users can manually upgrade to 13.8 following the [upgrade documentation](https://docs.gitlab.com/omnibus/settings/database.html#gitlab-150-and-later). | | 15.0 | 12.10, 13.6 | 13.6 | 12.10 | For upgrades, users can manually upgrade to 13.6 following the [upgrade documentation](https://docs.gitlab.com/omnibus/settings/database.html#gitlab-150-and-later). | | 14.1 | 12.7, 13.3 | 12.7 | 12.7 | PostgreSQL 13 available for fresh installations if not using [Geo](../geo/index.md#requirements-for-running-geo) or [Patroni](../postgresql/index.md#postgresql-replication-and-failover-with-omnibus-gitlab). diff --git a/doc/user/profile/account/delete_account.md b/doc/user/profile/account/delete_account.md index 0b6aed01309..1ffe01d6e00 100644 --- a/doc/user/profile/account/delete_account.md +++ b/doc/user/profile/account/delete_account.md @@ -32,6 +32,8 @@ As a user, to delete your own account: NOTE: On GitLab.com, there is a seven day delay between a user deleting their own account and deletion of the user record. During this time, that user is [blocked](../../admin_area/moderate_users.md#block-a-user) and a new account with the same email address or username cannot be created. +Unblocking the account does not undo the deletion because the account will still be in the deletion queue, and there is no quick method to reverse this process. + ## Delete users and user contributions **(FREE SELF)** As an administrator, to delete a user account: |