diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-16 03:11:15 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-16 03:11:15 +0300 |
commit | d089b5729e472d68256aa39fade51e7ed99f042b (patch) | |
tree | d668fe62261e53daa2b2c1a4b4b9019eaadecf06 /doc | |
parent | c568cb4dbc0421212a28f3cd5b77223aad8888ba (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
-rw-r--r-- | doc/administration/monitoring/prometheus/gitlab_metrics.md | 4 | ||||
-rw-r--r-- | doc/administration/pages/index.md | 35 | ||||
-rw-r--r-- | doc/api/geo_nodes.md | 15 | ||||
-rw-r--r-- | doc/development/service_ping/index.md | 4 | ||||
-rw-r--r-- | doc/user/project/settings/project_access_tokens.md | 4 |
5 files changed, 38 insertions, 24 deletions
diff --git a/doc/administration/monitoring/prometheus/gitlab_metrics.md b/doc/administration/monitoring/prometheus/gitlab_metrics.md index a244a92394b..2f9c1e3bc9c 100644 --- a/doc/administration/monitoring/prometheus/gitlab_metrics.md +++ b/doc/administration/monitoring/prometheus/gitlab_metrics.md @@ -190,9 +190,6 @@ configuration option in `gitlab.yml`. These metrics are served from the | `geo_lfs_objects` | Gauge | 10.2 | Total number of LFS objects available on primary | `url` | | `geo_lfs_objects_synced` | Gauge | 10.2 | Number of LFS objects synced on secondary | `url` | | `geo_lfs_objects_failed` | Gauge | 10.2 | Number of LFS objects failed to sync on secondary | `url` | -| `geo_attachments` | Gauge | 10.2 | Total number of file attachments available on primary | `url` | -| `geo_attachments_synced` | Gauge | 10.2 | Number of attachments synced on secondary | `url` | -| `geo_attachments_failed` | Gauge | 10.2 | Number of attachments failed to sync on secondary | `url` | | `geo_last_event_id` | Gauge | 10.2 | Database ID of the latest event log entry on the primary | `url` | | `geo_last_event_timestamp` | Gauge | 10.2 | UNIX timestamp of the latest event log entry on the primary | `url` | | `geo_cursor_last_event_id` | Gauge | 10.2 | Last database ID of the event log processed by the secondary | `url` | @@ -201,7 +198,6 @@ configuration option in `gitlab.yml`. These metrics are served from the | `geo_last_successful_status_check_timestamp` | Gauge | 10.2 | Last timestamp when the status was successfully updated | `url` | | `geo_lfs_objects_synced_missing_on_primary` | Gauge | 10.7 | Number of LFS objects marked as synced due to the file missing on the primary | `url` | | `geo_job_artifacts_synced_missing_on_primary` | Gauge | 10.7 | Number of job artifacts marked as synced due to the file missing on the primary | `url` | -| `geo_attachments_synced_missing_on_primary` | Gauge | 10.7 | Number of attachments marked as synced due to the file missing on the primary | `url` | | `geo_repositories_checksummed` | Gauge | 10.7 | Number of repositories checksummed on primary | `url` | | `geo_repositories_checksum_failed` | Gauge | 10.7 | Number of repositories failed to calculate the checksum on primary | `url` | | `geo_wikis_checksummed` | Gauge | 10.7 | Number of wikis checksummed on primary | `url` | diff --git a/doc/administration/pages/index.md b/doc/administration/pages/index.md index 01a71db018f..18c4c08a194 100644 --- a/doc/administration/pages/index.md +++ b/doc/administration/pages/index.md @@ -259,7 +259,8 @@ control over how the Pages daemon runs and serves content in your environment. | `FF_ENABLE_REDIRECTS` | Feature flag to enable/disable redirects (enabled by default). Read the [redirects documentation](../../user/project/pages/redirects.md#feature-flag-for-redirects) for more information. | | `FF_ENABLE_PLACEHOLDERS` | Feature flag to enable/disable rewrites (disabled by default). Read the [redirects documentation](../../user/project/pages/redirects.md#feature-flag-for-rewrites) for more information. | | `use_legacy_storage` | Temporarily-introduced parameter allowing to use legacy domain configuration source and storage. [Removed in 14.3](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6166). | - +| `rate_limit_source_ip` | Rate limit per source IP in number of requests per second. Set to `0` to disable this feature. | +| `rate_limit_source_ip_burst` | Rate limit per source IP maximum burst allowed per second. | --- ## Advanced configuration @@ -1032,6 +1033,38 @@ GitLab Pages are part of the [regular backup](../../raketasks/backup_restore.md) You should strongly consider running GitLab Pages under a different hostname than GitLab to prevent XSS attacks. +### Rate limits + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-pages/-/issues/631) in GitLab 14.5. + +You can enforce source-IP rate limits to help minimize the risk of a Denial of Service (DoS) attack. GitLab Pages +uses a [token bucket algorithm](https://en.wikipedia.org/wiki/Token_bucket) to enforce rate limiting. By default, +requests that exceed the specified limits are reported but not rejected. + +Source-IP rate limits are enforced using the following: + +- `rate_limit_source_ip`: Set the maximum threshold in number of requests per second. Set to 0 to disable this feature. +- `rate_limit_source_ip_burst`: Sets the maximum threshold of number of requests allowed in an initial outburst of requests. + For example, when you load a web page that loads a number of resources at the same time. + +#### Enable source-IP rate limits + +1. Set rate limits in `/etc/gitlab/gitlab.rb`: + + ```ruby + gitlab_pages['rate_limit_source_ip'] = 20.0 + gitlab_pages['rate_limit_source_ip_burst'] = 600 + ``` + +1. To reject requests that exceed the specified limits, enable the `FF_ENABLE_RATE_LIMITER` feature flag in + `/etc/gitlab/gitlab.rb`: + + ```ruby + gitlab_pages['env'] = {'FF_ENABLE_RATE_LIMITER' => 'true'} + ``` + +1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). + <!-- ## Troubleshooting Include any troubleshooting steps that you can foresee. If you know beforehand what issues diff --git a/doc/api/geo_nodes.md b/doc/api/geo_nodes.md index d9b23485fd5..fb821824dd1 100644 --- a/doc/api/geo_nodes.md +++ b/doc/api/geo_nodes.md @@ -306,11 +306,6 @@ Example response: "health": "Healthy", "health_status": "Healthy", "missing_oauth_application": false, - "attachments_count": 1, - "attachments_synced_count": null, - "attachments_failed_count": null, - "attachments_synced_missing_on_primary_count": 0, - "attachments_synced_in_percentage": "0.00%", "db_replication_lag_seconds": null, "lfs_objects_count": 0, "lfs_objects_synced_count": null, @@ -465,11 +460,6 @@ Example response: "health": "Healthy", "health_status": "Healthy", "missing_oauth_application": false, - "attachments_count": 1, - "attachments_synced_count": 1, - "attachments_failed_count": 0, - "attachments_synced_missing_on_primary_count": 0, - "attachments_synced_in_percentage": "100.00%", "db_replication_lag_seconds": 0, "lfs_objects_count": 0, "lfs_objects_synced_count": 0, @@ -628,11 +618,6 @@ Example response: "health": "Healthy", "health_status": "Healthy", "missing_oauth_application": false, - "attachments_count": 1, - "attachments_synced_count": 1, - "attachments_failed_count": 0, - "attachments_synced_missing_on_primary_count": 0, - "attachments_synced_in_percentage": "100.00%", "db_replication_lag_seconds": 0, "lfs_objects_count": 0, "lfs_objects_synced_count": 0, diff --git a/doc/development/service_ping/index.md b/doc/development/service_ping/index.md index 1a08bc1cffb..6ddbe2f9646 100644 --- a/doc/development/service_ping/index.md +++ b/doc/development/service_ping/index.md @@ -231,10 +231,6 @@ We also collect metrics specific to [Geo](../../administration/geo/index.md) sec "repositories_replication_enabled"=>true, "repositories_synced_count"=>24, "repositories_failed_count"=>0, - "attachments_replication_enabled"=>true, - "attachments_count"=>1, - "attachments_synced_count"=>1, - "attachments_failed_count"=>0, "git_fetch_event_count_weekly"=>nil, "git_push_event_count_weekly"=>nil, ... other geo node status fields diff --git a/doc/user/project/settings/project_access_tokens.md b/doc/user/project/settings/project_access_tokens.md index 6ecee215d79..954d0b7a019 100644 --- a/doc/user/project/settings/project_access_tokens.md +++ b/doc/user/project/settings/project_access_tokens.md @@ -10,6 +10,7 @@ type: reference, howto > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/210181) in GitLab 13.0. > - [Became available on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/235765) in GitLab 13.5 for paid groups only. > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/235765) in GitLab 13.5. +> - [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/342327) in GitLab 14.5. Default prefix added. Project access tokens are similar to [personal access tokens](../../profile/personal_access_tokens.md) except they are attached to a project rather than a user. They can be used to: @@ -32,6 +33,9 @@ Project access tokens: For examples of how you can use a project access token to authenticate with the API, see the [relevant section from our API Docs](../../../api/index.md#personalproject-access-tokens). +NOTE: +For GitLab.com and new self-managed instances, the default prefix is `glpat-`. + ## Creating a project access token 1. Log in to GitLab. |