diff options
Diffstat (limited to 'doc/user/admin_area/settings')
15 files changed, 212 insertions, 155 deletions
diff --git a/doc/user/admin_area/settings/account_and_limit_settings.md b/doc/user/admin_area/settings/account_and_limit_settings.md index 3549aa5323b..c511e85f3ce 100644 --- a/doc/user/admin_area/settings/account_and_limit_settings.md +++ b/doc/user/admin_area/settings/account_and_limit_settings.md @@ -61,10 +61,15 @@ details. ## Personal Access Token prefix +> [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/342327) in GitLab 14.5. Default prefix added. + You can set a global prefix for all generated Personal Access Tokens. A prefix can help you identify PATs visually, as well as with automation tools. +NOTE: +For GitLab.com and self-managed instances, the default prefix is `glpat-`. + ### Set a prefix Only a GitLab administrator can set the prefix, which is a global setting applied @@ -125,7 +130,7 @@ is rejected. NOTE: The repository size limit includes repository files and LFS, but does not include artifacts, uploads, -wiki, packages, or snippets. +wiki, packages, or snippets. The repository size limit applies to both private and public projects. For details on manually purging files, see [reducing the repository size using Git](../../project/repository/reducing_the_repo_size_using_git.md). @@ -148,7 +153,7 @@ add the line below to `/etc/gitlab/gitlab.rb` before increasing the max attachme nginx['client_max_body_size'] = "200m" ``` -## Customize session duration for Git Operations when 2FA is enabled **(PREMIUM)** +## Customize session duration for Git Operations when 2FA is enabled **(PREMIUM SELF)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/296669) in GitLab 13.9. > - It's deployed behind a feature flag, disabled by default. @@ -173,7 +178,7 @@ To set a limit on how long these sessions are valid: ## Limit the lifetime of personal access tokens **(ULTIMATE SELF)** -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3649) in GitLab Ultimate 12.6. +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3649) in GitLab 12.6. Users can optionally specify a lifetime for [personal access tokens](../../profile/personal_access_tokens.md). @@ -222,7 +227,7 @@ Disabling SSH key expiration immediately enables all expired SSH keys. ## Allow expired Personal Access Tokens to be used **(ULTIMATE SELF)** -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214723) in GitLab Ultimate 13.1. +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214723) in GitLab 13.1. > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/296881) in GitLab 13.9. By default, expired personal access tokens (PATs) **are not usable**. diff --git a/doc/user/admin_area/settings/continuous_integration.md b/doc/user/admin_area/settings/continuous_integration.md index 1b6da0e2806..565e905d732 100644 --- a/doc/user/admin_area/settings/continuous_integration.md +++ b/doc/user/admin_area/settings/continuous_integration.md @@ -221,7 +221,7 @@ It is also possible to specify a [custom CI/CD configuration file for a specific By default, a banner displays in merge requests with no pipeline suggesting a walkthrough on how to add one. - + To enable or disable the banner: diff --git a/doc/user/admin_area/settings/deprecated_api_rate_limits.md b/doc/user/admin_area/settings/deprecated_api_rate_limits.md index a2edb6da86e..9be703f3b82 100644 --- a/doc/user/admin_area/settings/deprecated_api_rate_limits.md +++ b/doc/user/admin_area/settings/deprecated_api_rate_limits.md @@ -47,7 +47,7 @@ To override the general user and IP rate limits for requests to deprecated API e 1. Select the **Maximum authenticated API requests per period per user**. 1. Select the **Authenticated API rate limit period in seconds**. -## Resources +## Related topics - [Rate limits](../../../security/rate_limits.md) - [User and IP rate limits](user_and_ip_rate_limits.md) diff --git a/doc/user/admin_area/settings/files_api_rate_limits.md b/doc/user/admin_area/settings/files_api_rate_limits.md index f91d4b2fb0c..4f0f50dbcd2 100644 --- a/doc/user/admin_area/settings/files_api_rate_limits.md +++ b/doc/user/admin_area/settings/files_api_rate_limits.md @@ -49,7 +49,7 @@ To override the general user and IP rate limits for requests to the Repository f 1. Select the **Max authenticated API requests per period per user**. 1. Select the **Authenticated API rate limit period in seconds**. -## Resources +## Related topics - [Rate limits](../../../security/rate_limits.md) - [Repository files API](../../../api/repository_files.md) diff --git a/doc/user/admin_area/settings/git_lfs_rate_limits.md b/doc/user/admin_area/settings/git_lfs_rate_limits.md index 8a0754374e2..adc6cc2b11b 100644 --- a/doc/user/admin_area/settings/git_lfs_rate_limits.md +++ b/doc/user/admin_area/settings/git_lfs_rate_limits.md @@ -29,7 +29,7 @@ supersede the [general user and IP rate limits](user_and_ip_rate_limits.md): 1. Enter a value for **Authenticated Git LFS rate limit period in seconds**. 1. Select **Save changes**. -## Resources +## Related topics - [Rate limiting](../../../security/rate_limits.md) - [User and IP rate limits](user_and_ip_rate_limits.md) diff --git a/doc/user/admin_area/settings/img/suggest_pipeline_banner.png b/doc/user/admin_area/settings/img/suggest_pipeline_banner.png Binary files differdeleted file mode 100644 index 9f118ccc5ed..00000000000 --- a/doc/user/admin_area/settings/img/suggest_pipeline_banner.png +++ /dev/null diff --git a/doc/user/admin_area/settings/img/suggest_pipeline_banner_v14_5.png b/doc/user/admin_area/settings/img/suggest_pipeline_banner_v14_5.png Binary files differnew file mode 100644 index 00000000000..0d9bfa4a173 --- /dev/null +++ b/doc/user/admin_area/settings/img/suggest_pipeline_banner_v14_5.png diff --git a/doc/user/admin_area/settings/index.md b/doc/user/admin_area/settings/index.md index 688734849e5..7945e5d790f 100644 --- a/doc/user/admin_area/settings/index.md +++ b/doc/user/admin_area/settings/index.md @@ -7,124 +7,186 @@ type: index # Admin Area settings **(FREE SELF)** -As an administrator of a GitLab self-managed instance, you can manage the behavior of your deployment. To do so, select **Admin Area > Settings**. +As an administrator of a GitLab self-managed instance, you can manage the behavior of your +deployment. -The Admin Area is not accessible on GitLab.com, and settings can only be changed by the -GitLab.com administrators. See the [GitLab.com settings](../../gitlab_com/index.md) -documentation for all current settings and limits on the GitLab.com instance. +The **Admin Area** is not accessible on GitLab.com, and settings can only be changed by the +GitLab.com administrators. For the settings and limits on the GitLab.com instance, +read [GitLab.com settings](../../gitlab_com/index.md). -## General +## Access the Admin Area -To access the default page for Admin Area settings: +To access the **Admin Area**: +1. Sign in to your GitLab instance as an administrator. 1. On the top bar, select **Menu > Admin**. -1. On the left sidebar, select **Settings > General**. - -| Option | Description | -| ------ | ----------- | -| [Visibility and access controls](visibility_and_access_controls.md) | Set default and restrict visibility levels. Configure import sources and Git access protocol. | -| [Account and limit](account_and_limit_settings.md) | Set projects and maximum size limits, session duration, user options, and check feature availability for namespace plan. | -| [Diff limits](../diff_limits.md) | Diff content limits. | -| [Sign-up restrictions](sign_up_restrictions.md) | Configure the way a user creates a new account. | -| [Sign in restrictions](sign_in_restrictions.md) | Set requirements for a user to sign in. Enable mandatory two-factor authentication. | -| [Terms of Service and Privacy Policy](terms.md) | Include a Terms of Service agreement and Privacy Policy that all users must accept. | -| [External Authentication](external_authorization.md#configuration) | External Classification Policy Authorization | -| [Web terminal](../../../administration/integration/terminal.md#limiting-websocket-connection-time) | Set max session time for web terminal. | -| [Web IDE](../../project/web_ide/index.md#enable-live-preview) | Manage Web IDE features. | -| [FLoC](floc.md) | Enable or disable [Federated Learning of Cohorts (FLoC)](https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts) tracking. | - -## Integrations - -| Option | Description | -| ------ | ----------- | -| [Elasticsearch](../../../integration/elasticsearch.md#enable-advanced-search) | Elasticsearch integration. Elasticsearch AWS IAM. | -| [Kroki](../../../administration/integration/kroki.md#enable-kroki-in-gitlab) | Allow rendering of diagrams in AsciiDoc and Markdown documents using [kroki.io](https://kroki.io). | -| [Mailgun](../../../administration/integration/mailgun.md) | Enable your GitLab instance to receive invite email bounce events from Mailgun, if it is your email provider. | -| [PlantUML](../../../administration/integration/plantuml.md) | Allow rendering of PlantUML diagrams in documents. | -| [Slack application](../../../user/project/integrations/gitlab_slack_application.md#configuration) **(FREE SAAS)** | Slack integration allows you to interact with GitLab via slash commands in a chat window. This option is only available on GitLab.com, though it may be [available for self-managed instances in the future](https://gitlab.com/gitlab-org/gitlab/-/issues/28164). | -| [Third party offers](third_party_offers.md) | Control the display of third party offers. | -| [Snowplow](../../../development/snowplow/index.md) | Configure the Snowplow integration. | -| [Google GKE](../../project/clusters/add_gke_clusters.md) | Google GKE integration allows you to provision GKE clusters from GitLab. | -| [Amazon EKS](../../project/clusters/add_eks_clusters.md) | Amazon EKS integration allows you to provision EKS clusters from GitLab. | - -## Repository - -| Option | Description | -| ------ | ----------- | -| [Repository's custom initial branch name](../../project/repository/branches/default.md#instance-level-custom-initial-branch-name) | Set a custom branch name for new repositories created in your instance. | -| [Repository mirror](visibility_and_access_controls.md#enable-project-mirroring) | Configure repository mirroring. | -| [Repository storage](../../../administration/repository_storage_types.md) | Configure storage path settings. | -| Repository maintenance | ([Repository checks](../../../administration/repository_checks.md) and [Housekeeping](../../../administration/housekeeping.md)). Configure automatic Git checks and housekeeping on repositories. | -| [Repository static objects](../../../administration/static_objects_external_storage.md) | Serve repository static objects (for example, archives and blobs) from an external storage (for example, a CDN). | - -## Templates **(PREMIUM SELF)** - -| Option | Description | -| ------ | ----------- | -| [Templates](instance_template_repository.md#configuration) | Set instance-wide template repository. | -| [Custom project templates](../custom_project_templates.md) | Select the custom project template source group. | - -## CI/CD - -| Option | Description | -| ------ | ----------- | -| [Continuous Integration and Deployment](continuous_integration.md) | Auto DevOps, runners and job artifacts. | -| [Required pipeline configuration](continuous_integration.md#required-pipeline-configuration) **(PREMIUM SELF)** | Set an instance-wide auto included [pipeline configuration](../../../ci/yaml/index.md). This pipeline configuration is run after the project's own configuration. | -| [Package Registry](continuous_integration.md#package-registry-configuration) | Settings related to the use and experience of using the GitLab Package Registry. Note there are [risks involved](../../packages/container_registry/index.md#use-with-external-container-registries) in enabling some of these settings. | - -## Reporting - -| Option | Description | -| ------ | ----------- | -| [Spam and Anti-bot Protection](../../../integration/recaptcha.md) | Enable reCAPTCHA or Akismet and set IP limits. For reCAPTCHA, we currently only support [v2](https://developers.google.com/recaptcha/docs/versions). | -| [Abuse reports](../review_abuse_reports.md) | Set notification email for abuse reports. | - -## Metrics and profiling - -| Option | Description | -| ------ | ----------- | -| [Metrics - Prometheus](../../../administration/monitoring/prometheus/gitlab_metrics.md) | Enable and configure Prometheus metrics. | -| [Metrics - Grafana](../../../administration/monitoring/performance/grafana_configuration.md#integration-with-gitlab-ui) | Enable and configure Grafana. | -| [Profiling - Performance bar](../../../administration/monitoring/performance/performance_bar.md#enable-the-performance-bar-for-non-administrators) | Enable access to the Performance Bar for non-administrator users in a given group. | -| [Self monitoring](../../../administration/monitoring/gitlab_self_monitoring_project/index.md#create-the-self-monitoring-project) | Enable or disable instance self monitoring. | -| [Usage statistics](usage_statistics.md) | Enable or disable version check and Service Ping. | -| [Pseudonymizer data collection](../../../administration/pseudonymizer.md) **(ULTIMATE)** | Enable or disable the Pseudonymizer data collection. | - -## Network - -| Option | Description | -| ------ | ----------- | -| Performance optimization | [Write to "authorized_keys" file](../../../administration/operations/fast_ssh_key_lookup.md#setting-up-fast-lookup-via-gitlab-shell) and [Push event activities limit and bulk push events](push_event_activities_limit.md). Various settings that affect GitLab performance. | -| [User and IP rate limits](user_and_ip_rate_limits.md) | Configure limits for web and API requests. | -| [Package Registry Rate Limits](package_registry_rate_limits.md) | Configure specific limits for Packages API requests that supersede the user and IP rate limits. | -| [Git LFS Rate Limits](git_lfs_rate_limits.md) | Configure specific limits for Git LFS requests that supersede the user and IP rate limits. | -| [Files API Rate Limits](files_api_rate_limits.md) | Configure specific limits for Files API requests that supersede the user and IP rate limits. | -| [Deprecated API Rate Limits](deprecated_api_rate_limits.md) | Configure specific limits for deprecated API requests that supersede the user and IP rate limits. | -| [Outbound requests](../../../security/webhooks.md) | Allow requests to the local network from hooks and services. | -| [Protected Paths](protected_paths.md) | Configure paths to be protected by Rack Attack. | -| [Incident Management](../../../operations/incident_management/index.md) Limits | Limit the number of inbound alerts that can be sent to a project. | -| [Notes creation limit](rate_limit_on_notes_creation.md)| Set a rate limit on the note creation requests. | - -## Geo - -| Option | Description | -| ------ | ----------- | -| Geo | Geo allows you to replicate your GitLab instance to other geographical locations. Redirects to **Admin Area > Geo > Settings** are no longer available at **Admin Area > Settings > Geo** in [GitLab 13.0](https://gitlab.com/gitlab-org/gitlab/-/issues/36896). | - -## Preferences - -| Option | Description | -| ------ | ----------- | -| [Email](email.md) | Various email settings. | -| [What's new](../../../administration/whats-new.md) | Configure What's new drawer and content. | -| [Help page](help_page.md) | Help page text and support page URL. | -| [Pages](../../../administration/pages/index.md#custom-domain-verification) | Size and domain settings for static websites | -| [Polling interval multiplier](../../../administration/polling.md) | Configure how frequently the GitLab UI polls for updates. | -| [Gitaly timeouts](gitaly_timeouts.md) | Configure Gitaly timeouts. | -| Localization | [Default first day of the week](../../profile/preferences.md) and [Time tracking](../../project/time_tracking.md#limit-displayed-units-to-hours). | -| [Sidekiq Job Limits](sidekiq_job_limits.md) | Limit the size of Sidekiq jobs stored in Redis. | - -### Default first day of the week +1. On the left sidebar, select **Settings**, and the group of settings to view: + - [General](#general) + - [Geo](#geo) + - [CI/CD](#cicd) + - [Integrations](#integrations) + - [Metrics and profiling](#metrics-and-profiling) + - [Network](#network) + - [Preferences](#preferences) + - [Reporting](#reporting) + - [Repository](#repository) + - [Templates](#templates) + +### General + +The **General** settings contain: + +- [Visibility and access controls](visibility_and_access_controls.md) - Set default and + restrict visibility levels. Configure import sources and Git access protocol. +- [Account and limit](account_and_limit_settings.md) - Set projects and maximum size limits, + session duration, user options, and check feature availability for namespace plan. +- [Diff limits](../diff_limits.md) - Diff content limits. +- [Sign-up restrictions](sign_up_restrictions.md) - Configure the way a user creates a new account. +- [Sign in restrictions](sign_in_restrictions.md) - Set requirements for a user to sign in. + Enable mandatory two-factor authentication. +- [Terms of Service and Privacy Policy](terms.md) - Include a Terms of Service agreement + and Privacy Policy that all users must accept. +- [External Authentication](external_authorization.md#configuration) - External Classification Policy Authorization. +- [Web terminal](../../../administration/integration/terminal.md#limiting-websocket-connection-time) - + Set max session time for web terminal. +- [Web IDE](../../project/web_ide/index.md#enable-live-preview) - Manage Web IDE features. +- [FLoC](floc.md) - Enable or disable + [Federated Learning of Cohorts (FLoC)](https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts) tracking. + +### CI/CD + +The **CI/CD** settings contain: + +- [Continuous Integration and Deployment](continuous_integration.md) - + Auto DevOps, runners and job artifacts. +- [Required pipeline configuration](continuous_integration.md#required-pipeline-configuration) - + Set an instance-wide auto included [pipeline configuration](../../../ci/yaml/index.md). + This pipeline configuration is run after the project's own configuration. +- [Package Registry](continuous_integration.md#package-registry-configuration) - + Settings related to the use and experience of using the GitLab Package Registry. Some + [risks are involved](../../packages/container_registry/index.md#use-with-external-container-registries) + in enabling some of these settings. + +### Geo **(PREMIUM SELF)** + +The **Geo** setting contains: + +- [Geo](../../../administration/geo/index.md) - Replicate your GitLab instance to other + geographical locations. Redirects to **Admin Area > Geo > Settings** are no + longer available at **Admin Area > Settings > Geo** in [GitLab 13.0](https://gitlab.com/gitlab-org/gitlab/-/issues/36896). + +### Integrations + +The **Integrations** settings contain: + +- [Elasticsearch](../../../integration/elasticsearch.md#enable-advanced-search) - + Elasticsearch integration. Elasticsearch AWS IAM. +- [Kroki](../../../administration/integration/kroki.md#enable-kroki-in-gitlab) - + Allow rendering of diagrams in AsciiDoc and Markdown documents using [kroki.io](https://kroki.io). +- [Mailgun](../../../administration/integration/mailgun.md) - Enable your GitLab instance + to receive invite email bounce events from Mailgun, if it is your email provider. +- [PlantUML](../../../administration/integration/plantuml.md) - Allow rendering of PlantUML + diagrams in documents. +- [Slack application](../../../user/project/integrations/gitlab_slack_application.md#configuration) - + Slack integration allows you to interact with GitLab via slash commands in a chat window. + This option is only available on GitLab.com, though it may be + [available for self-managed instances in the future](https://gitlab.com/gitlab-org/gitlab/-/issues/28164). +- [Third party offers](third_party_offers.md) - Control the display of third-party offers. +- [Snowplow](../../../development/snowplow/index.md) - Configure the Snowplow integration. +- [Google GKE](../../project/clusters/add_gke_clusters.md) - Google GKE integration enables + you to provision GKE clusters from GitLab. +- [Amazon EKS](../../project/clusters/add_eks_clusters.md) - Amazon EKS integration enables + you to provision EKS clusters from GitLab. + +### Metrics and profiling + +The **Metrics and profiling** settings contain: + +- [Metrics - Prometheus](../../../administration/monitoring/prometheus/gitlab_metrics.md) - + Enable and configure Prometheus metrics. +- [Metrics - Grafana](../../../administration/monitoring/performance/grafana_configuration.md#integration-with-gitlab-ui) - + Enable and configure Grafana. +- [Profiling - Performance bar](../../../administration/monitoring/performance/performance_bar.md#enable-the-performance-bar-for-non-administrators) - + Enable access to the Performance Bar for non-administrator users in a given group. +- [Self monitoring](../../../administration/monitoring/gitlab_self_monitoring_project/index.md#create-the-self-monitoring-project) - + Enable or disable instance self monitoring. +- [Usage statistics](usage_statistics.md) - Enable or disable version check and Service Ping. +- [Pseudonymizer data collection](../../../administration/pseudonymizer.md) - + Enable or disable the Pseudonymizer data collection. + +### Network + +The **Network** settings contain: + +- Performance optimization - Various settings that affect GitLab performance, including: + - [Write to `authorized_keys` file](../../../administration/operations/fast_ssh_key_lookup.md#setting-up-fast-lookup-via-gitlab-shell). + - [Push event activities limit and bulk push events](push_event_activities_limit.md). +- [User and IP rate limits](user_and_ip_rate_limits.md) - Configure limits for web and API requests. + These rate limits can be overridden: + - [Package Registry Rate Limits](package_registry_rate_limits.md) - Configure specific + limits for Packages API requests that supersede the user and IP rate limits. + - [Git LFS Rate Limits](git_lfs_rate_limits.md) - Configure specific limits for + Git LFS requests that supersede the user and IP rate limits. + - [Files API Rate Limits](files_api_rate_limits.md) - Configure specific limits for + Files API requests that supersede the user and IP rate limits. + - [Deprecated API Rate Limits](deprecated_api_rate_limits.md) - Configure specific limits + for deprecated API requests that supersede the user and IP rate limits. +- [Outbound requests](../../../security/webhooks.md) - Allow requests to the local network from hooks and services. +- [Protected Paths](protected_paths.md) - Configure paths to be protected by Rack Attack. +- [Incident Management Limits](../../../operations/incident_management/index.md) - Limit the + number of inbound alerts that can be sent to a project. +- [Notes creation limit](rate_limit_on_notes_creation.md) - Set a rate limit on the note creation requests. + +### Preferences + +The **Preferences** settings contain: + +- [Email](email.md) - Various email settings. +- [What's new](../../../administration/whats-new.md) - Configure **What's new** drawer and content. +- [Help page](help_page.md) - Help page text and support page URL. +- [Pages](../../../administration/pages/index.md#custom-domain-verification) - + Size and domain settings for static websites. +- [Polling interval multiplier](../../../administration/polling.md) - + Configure how frequently the GitLab UI polls for updates. +- [Gitaly timeouts](gitaly_timeouts.md) - Configure Gitaly timeouts. +- Localization: + - [Default first day of the week](../../profile/preferences.md). + - [Time tracking](../../project/time_tracking.md#limit-displayed-units-to-hours). +- [Sidekiq Job Limits](sidekiq_job_limits.md) - Limit the size of Sidekiq jobs stored in Redis. + +### Reporting + +The **Reporting** settings contain: + +- [Spam and Anti-bot Protection](../../../integration/recaptcha.md) - + Enable anti-spam services, like reCAPTCHA or Akismet, and set IP limits. +- [Abuse reports](../review_abuse_reports.md) - Set notification email for abuse reports. + +### Repository + +The **Repository** settings contain: + +- [Repository's custom initial branch name](../../project/repository/branches/default.md#instance-level-custom-initial-branch-name) - + Set a custom branch name for new repositories created in your instance. +- [Repository mirror](visibility_and_access_controls.md#enable-project-mirroring) - + Configure repository mirroring. +- [Repository storage](../../../administration/repository_storage_types.md) - Configure storage path settings. +- Repository maintenance: + - [Repository checks](../../../administration/repository_checks.md) - Configure + automatic Git checks on repositories. + - [Housekeeping](../../../administration/housekeeping.md)). Configure automatic + Git housekeeping on repositories. +- [Repository static objects](../../../administration/static_objects_external_storage.md) - + Serve repository static objects (for example, archives and blobs) from an external storage (for example, a CDN). + +### Templates **(PREMIUM SELF)** + +The **Templates** settings contain: + +- [Templates](instance_template_repository.md#configuration) - Set instance-wide template repository. +- [Custom project templates](../custom_project_templates.md) - Select the custom project template source group. + +## Default first day of the week You can change the [Default first day of the week](../../profile/preferences.md) for the entire GitLab instance: diff --git a/doc/user/admin_area/settings/instance_template_repository.md b/doc/user/admin_area/settings/instance_template_repository.md index 044863729db..71eb7bbbdc9 100644 --- a/doc/user/admin_area/settings/instance_template_repository.md +++ b/doc/user/admin_area/settings/instance_template_repository.md @@ -7,7 +7,7 @@ type: reference # Instance template repository **(PREMIUM SELF)** -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5986) in GitLab Premium 11.3. +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5986) in GitLab 11.3. In hosted systems, enterprises often have a need to share their own templates across teams. This feature allows an administrator to pick a project to be the diff --git a/doc/user/admin_area/settings/protected_paths.md b/doc/user/admin_area/settings/protected_paths.md index dc328fe8b7c..e686c65fe9a 100644 --- a/doc/user/admin_area/settings/protected_paths.md +++ b/doc/user/admin_area/settings/protected_paths.md @@ -7,28 +7,11 @@ type: reference # Protected paths **(FREE SELF)** -Rate limiting is a common technique used to improve the security and durability -of a web application. For more details, see -[Rate limits](../../../security/rate_limits.md). +Rate limiting is a technique that improves the security and durability of a web +application. For more details, see [Rate limits](../../../security/rate_limits.md). -GitLab rate limits the following paths with Rack Attack by default: - -```plaintext -'/users/password', -'/users/sign_in', -'/api/#{API::API.version}/session.json', -'/api/#{API::API.version}/session', -'/users', -'/users/confirmation', -'/unsubscribes/', -'/import/github/personal_access_token', -'/admin/session' -``` - -GitLab responds with HTTP status code `429` to POST requests at protected paths -that exceed 10 requests per minute per IP address. - -See [User and IP rate limits](../../admin_area/settings/user_and_ip_rate_limits.md#response-headers) for the headers responded to blocked requests. +You can rate limit (protect) specified paths. For these paths, GitLab responds with HTTP status +code `429` to POST requests at protected paths that exceed 10 requests per minute per IP address. For example, the following are limited to a maximum 10 requests per minute: @@ -36,10 +19,15 @@ For example, the following are limited to a maximum 10 requests per minute: - User sign-up (if enabled) - User password reset -After 10 requests, the client must wait 60 seconds before it can -try again. +After 10 requests, the client must wait 60 seconds before it can try again. + +See also: + +- List of paths [protected by default](../../../administration/instance_limits.md#by-protected-path). +- [User and IP rate limits](../../admin_area/settings/user_and_ip_rate_limits.md#response-headers) + for the headers returned to blocked requests. -## Configure using GitLab UI +## Configure protected paths > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/31246) in GitLab 12.4. diff --git a/doc/user/admin_area/settings/rate_limits_on_raw_endpoints.md b/doc/user/admin_area/settings/rate_limits_on_raw_endpoints.md index 020d02b1635..028d5e4c2f3 100644 --- a/doc/user/admin_area/settings/rate_limits_on_raw_endpoints.md +++ b/doc/user/admin_area/settings/rate_limits_on_raw_endpoints.md @@ -7,7 +7,7 @@ type: reference # Rate limits on raw endpoints **(FREE SELF)** -> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/30829) in GitLab 12.2. +> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/30635) in GitLab 12.2. This setting defaults to `300` requests per minute, and allows you to rate limit the requests to raw endpoints: @@ -21,7 +21,7 @@ For example, requests over `300` per minute to `https://gitlab.com/gitlab-org/gi This limit is: -- Applied independently per project, per commit and per file path. +- Applied independently per project, per file path. - Not applied per IP address. - Active by default. To disable, set the option to `0`. diff --git a/doc/user/admin_area/settings/sign_up_restrictions.md b/doc/user/admin_area/settings/sign_up_restrictions.md index ed80bca470e..8ce3b4f1c18 100644 --- a/doc/user/admin_area/settings/sign_up_restrictions.md +++ b/doc/user/admin_area/settings/sign_up_restrictions.md @@ -48,7 +48,7 @@ automatically approved in a background job. NOTE: This setting doesn't apply to LDAP or OmniAuth users. To enforce approvals for new users signing up using OmniAuth or LDAP, set `block_auto_created_users` to `true` in the -[OmniAuth configuration](../../../integration/omniauth.md#initial-omniauth-configuration) or +[OmniAuth configuration](../../../integration/omniauth.md#configure-initial-settings) or [LDAP configuration](../../../administration/auth/ldap/index.md#basic-configuration-settings). ## Require email confirmation diff --git a/doc/user/admin_area/settings/terms.md b/doc/user/admin_area/settings/terms.md index c7c41e665ec..693b3e6c7b6 100644 --- a/doc/user/admin_area/settings/terms.md +++ b/doc/user/admin_area/settings/terms.md @@ -28,13 +28,13 @@ To enforce acceptance of a Terms of Service and Privacy Policy: For each update to the terms, a new version is stored. When a user accepts or declines the terms, GitLab records which version they accepted or declined. +Existing users must accept the terms on their next GitLab interaction. +If a signed-in user declines the terms, they are signed out. + When enabled, it adds a mandatory checkbox to the sign up page for new users:  -Existing users must accept the terms on their next GitLab interaction. -If a logged-in user declines the terms, they are signed out. - <!-- ## Troubleshooting Include any troubleshooting steps that you can foresee. If you know beforehand what issues diff --git a/doc/user/admin_area/settings/user_and_ip_rate_limits.md b/doc/user/admin_area/settings/user_and_ip_rate_limits.md index ac6fe29da28..d713ef4b4e0 100644 --- a/doc/user/admin_area/settings/user_and_ip_rate_limits.md +++ b/doc/user/admin_area/settings/user_and_ip_rate_limits.md @@ -76,7 +76,9 @@ To enable the unauthenticated request rate limit: ## Use a custom rate limit response -A request that exceeds a rate limit returns a 429 response code and a +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/50693) in GitLab 13.8. + +A request that exceeds a rate limit returns a `429` response code and a plain-text body, which by default is `Retry later`. To use a custom response: @@ -88,7 +90,7 @@ To use a custom response: ## Response headers -> [Introduced](https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/731) in GitLab 13.8, the `Rate-Limit` headers. `Retry-After` was introduced in an earlier version. +> [Introduced](https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/731) in GitLab 13.8, the `RateLimit` headers. `Retry-After` was introduced in an earlier version. When a client exceeds the associated rate limit, the following requests are blocked. The server may respond with rate-limiting information allowing the diff --git a/doc/user/admin_area/settings/visibility_and_access_controls.md b/doc/user/admin_area/settings/visibility_and_access_controls.md index 075becfd32f..fd44d6445cf 100644 --- a/doc/user/admin_area/settings/visibility_and_access_controls.md +++ b/doc/user/admin_area/settings/visibility_and_access_controls.md @@ -68,7 +68,7 @@ GitLab administrators can still update the default branch protection of a group. ## Define which roles can create projects Instance-level protections for project creation define which roles can -[add projects to a group](../../group/index.md#specify-who-can-add-projects-to-a-group)] +[add projects to a group](../../group/index.md#specify-who-can-add-projects-to-a-group) on the instance. To alter which roles have permission to create projects: 1. Sign in to GitLab as a user with [Administrator role](../../permissions.md). |
