debian-mirror-gitlab/doc/administration/monitoring/ip_whitelist.md

60 lines
1.6 KiB
Markdown
Raw Normal View History

2020-06-23 00:09:42 +05:30
---
stage: Monitor
2021-04-29 21:17:54 +05:30
group: Monitor
2021-02-22 17:27:13 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2020-06-23 00:09:42 +05:30
---
2021-03-11 19:13:27 +05:30
# IP whitelist **(FREE SELF)**
2017-09-10 17:25:29 +05:30
> Introduced in GitLab 9.4.
2021-02-22 17:27:13 +05:30
NOTE:
2021-10-27 15:23:28 +05:30
We intend to [rename IP whitelist as `IP allowlist`](https://gitlab.com/groups/gitlab-org/-/epics/3478).
2020-04-22 19:07:51 +05:30
GitLab provides some [monitoring endpoints](../../user/admin_area/monitoring/health_check.md)
that provide health check information when probed.
2017-09-10 17:25:29 +05:30
To control access to those endpoints via IP whitelisting, you can add single
hosts or use IP ranges:
**For Omnibus installations**
1. Open `/etc/gitlab/gitlab.rb` and add or uncomment the following:
2019-09-30 21:07:59 +05:30
```ruby
gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '192.168.0.1']
```
2017-09-10 17:25:29 +05:30
2020-04-22 19:07:51 +05:30
1. Save the file and [reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure) GitLab for the changes to take effect.
2017-09-10 17:25:29 +05:30
---
2021-09-30 23:02:18 +05:30
**For installations using cloud native Helm charts**
You can set the required IPs under the `gitlab.webservice.monitoring.ipWhitelist` key. For example:
```yaml
gitlab:
webservice:
monitoring:
# Monitoring IP whitelist
ipWhitelist:
- 0.0.0.0/0 # Default
```
---
2017-09-10 17:25:29 +05:30
**For installations from source**
1. Edit `config/gitlab.yml`:
2019-09-30 21:07:59 +05:30
```yaml
monitoring:
# by default only local IPs are allowed to access monitoring resources
ip_whitelist:
- 127.0.0.0/8
- 192.168.0.1
```
2017-09-10 17:25:29 +05:30
2020-04-22 19:07:51 +05:30
1. Save the file and [restart](../restart_gitlab.md#installations-from-source) GitLab for the changes to take effect.