debian-mirror-gitlab/doc/administration/packages/dependency_proxy.md

187 lines
7.8 KiB
Markdown
Raw Normal View History

2020-06-23 00:09:42 +05:30
---
stage: Package
group: Package
2021-02-22 17:27:13 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2020-06-23 00:09:42 +05:30
---
2021-01-29 00:20:46 +05:30
# GitLab Dependency Proxy administration
2019-12-04 20:38:33 +05:30
2021-01-29 00:20:46 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7934) in [GitLab Premium](https://about.gitlab.com/pricing/) 11.11.
2021-03-11 19:13:27 +05:30
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/273655) to [GitLab Free](https://about.gitlab.com/pricing/) in GitLab 13.6.
2019-12-04 20:38:33 +05:30
2021-01-29 00:20:46 +05:30
GitLab can be used as a dependency proxy for a variety of common package managers.
2019-12-04 20:38:33 +05:30
This is the administration documentation. If you want to learn how to use the
2021-01-03 14:25:43 +05:30
dependency proxies, see the [user guide](../../user/packages/dependency_proxy/index.md).
2019-12-04 20:38:33 +05:30
## Enabling the Dependency Proxy feature
2021-02-22 17:27:13 +05:30
NOTE:
2019-12-04 20:38:33 +05:30
Dependency proxy requires the Puma web server to be enabled.
2020-04-08 14:13:33 +05:30
To enable the dependency proxy feature:
2019-12-04 20:38:33 +05:30
**Omnibus GitLab installations**
1. Edit `/etc/gitlab/gitlab.rb` and add the following line:
```ruby
gitlab_rails['dependency_proxy_enabled'] = true
```
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure "How to reconfigure Omnibus GitLab") for the changes to take effect.
1. Enable the [Puma web server](https://docs.gitlab.com/omnibus/settings/puma.html).
**Installations from source**
2021-02-22 17:27:13 +05:30
1. After the installation is complete, configure the `dependency_proxy`
2019-12-04 20:38:33 +05:30
section in `config/gitlab.yml`. Set to `true` to enable it:
```yaml
dependency_proxy:
enabled: true
```
1. [Restart GitLab](../restart_gitlab.md#installations-from-source "How to restart GitLab") for the changes to take effect.
2020-04-08 14:13:33 +05:30
Since Puma is already the default web server for installations from source as of GitLab 12.9,
no further changes are needed.
2019-12-04 20:38:33 +05:30
2021-04-17 20:07:23 +05:30
**Multi-node GitLab installations**
Follow the steps for **Omnibus GitLab installation** for each Web and Sidekiq nodes.
2019-12-04 20:38:33 +05:30
## Changing the storage path
By default, the dependency proxy files are stored locally, but you can change the default
local location or even use object storage.
### Changing the local storage path
The dependency proxy files for Omnibus GitLab installations are stored under
`/var/opt/gitlab/gitlab-rails/shared/dependency_proxy/` and for source
installations under `shared/dependency_proxy/` (relative to the Git home directory).
To change the local storage path:
**Omnibus GitLab installations**
1. Edit `/etc/gitlab/gitlab.rb` and add the following line:
```ruby
gitlab_rails['dependency_proxy_storage_path'] = "/mnt/dependency_proxy"
```
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure "How to reconfigure Omnibus GitLab") for the changes to take effect.
**Installations from source**
1. Edit the `dependency_proxy` section in `config/gitlab.yml`:
```yaml
dependency_proxy:
enabled: true
storage_path: shared/dependency_proxy
```
1. [Restart GitLab](../restart_gitlab.md#installations-from-source "How to restart GitLab") for the changes to take effect.
### Using object storage
Instead of relying on the local storage, you can use an object storage to
2020-04-22 19:07:51 +05:30
store the blobs of the dependency proxy.
[Read more about using object storage with GitLab](../object_storage.md).
2019-12-04 20:38:33 +05:30
2021-02-22 17:27:13 +05:30
NOTE:
2020-07-28 23:09:34 +05:30
In GitLab 13.2 and later, we recommend using the
[consolidated object storage settings](../object_storage.md#consolidated-object-storage-configuration).
This section describes the earlier configuration format.
2019-12-04 20:38:33 +05:30
**Omnibus GitLab installations**
1. Edit `/etc/gitlab/gitlab.rb` and add the following lines (uncomment where
necessary):
```ruby
gitlab_rails['dependency_proxy_enabled'] = true
gitlab_rails['dependency_proxy_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/dependency_proxy"
gitlab_rails['dependency_proxy_object_store_enabled'] = true
gitlab_rails['dependency_proxy_object_store_remote_directory'] = "dependency_proxy" # The bucket name.
gitlab_rails['dependency_proxy_object_store_direct_upload'] = false # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false).
gitlab_rails['dependency_proxy_object_store_background_upload'] = true # Temporary option to limit automatic upload (Default: true).
gitlab_rails['dependency_proxy_object_store_proxy_download'] = false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage.
gitlab_rails['dependency_proxy_object_store_connection'] = {
##
## If the provider is AWS S3, uncomment the following
##
#'provider' => 'AWS',
#'region' => 'eu-west-1',
#'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
##
## If the provider is other than AWS (an S3-compatible one), uncomment the following
##
#'host' => 's3.amazonaws.com',
#'aws_signature_version' => 4 # For creation of signed URLs. Set to 2 if provider does not support v4.
#'endpoint' => 'https://s3.amazonaws.com' # Useful for S3-compliant services such as DigitalOcean Spaces.
#'path_style' => false # If true, use 'host/bucket_name/object' instead of 'bucket_name.host/object'.
}
```
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure "How to reconfigure Omnibus GitLab") for the changes to take effect.
**Installations from source**
1. Edit the `dependency_proxy` section in `config/gitlab.yml` (uncomment where necessary):
```yaml
dependency_proxy:
enabled: true
##
## The location where build dependency_proxy are stored (default: shared/dependency_proxy).
##
2021-01-03 14:25:43 +05:30
# storage_path: shared/dependency_proxy
2019-12-04 20:38:33 +05:30
object_store:
enabled: false
2021-01-03 14:25:43 +05:30
remote_directory: dependency_proxy # The bucket name.
# direct_upload: false # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false).
# background_upload: true # Temporary option to limit automatic upload (Default: true).
# proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage.
2019-12-04 20:38:33 +05:30
connection:
2021-01-03 14:25:43 +05:30
##
## If the provider is AWS S3, use the following
##
provider: AWS
region: us-east-1
aws_access_key_id: AWS_ACCESS_KEY_ID
aws_secret_access_key: AWS_SECRET_ACCESS_KEY
2019-12-04 20:38:33 +05:30
##
2021-01-03 14:25:43 +05:30
## If the provider is other than AWS (an S3-compatible one), comment out the previous 4 lines and use the following instead:
2019-12-04 20:38:33 +05:30
##
2021-01-03 14:25:43 +05:30
# host: 's3.amazonaws.com' # default: s3.amazonaws.com.
# aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4.
# endpoint: 'https://s3.amazonaws.com' # Useful for S3-compliant services such as DigitalOcean Spaces.
# path_style: false # If true, use 'host/bucket_name/object' instead of 'bucket_name.host/object'.
2019-12-04 20:38:33 +05:30
```
1. [Restart GitLab](../restart_gitlab.md#installations-from-source "How to restart GitLab") for the changes to take effect.
2021-02-22 17:27:13 +05:30
## Disabling Authentication
Authentication was introduced in 13.7 as part of [enabling private groups to use the
Dependency Proxy](https://gitlab.com/gitlab-org/gitlab/-/issues/11582). If you
previously used the Dependency Proxy without authentication and need to disable
this feature while you update your workflow to [authenticate with the Dependency
Proxy](../../user/packages/dependency_proxy/index.md#authenticate-with-the-dependency-proxy),
the following commands can be issued in a Rails console:
```ruby
# Disable the authentication
Feature.disable(:dependency_proxy_for_private_groups)
# Re-enable the authentication
Feature.enable(:dependency_proxy_for_private_groups)
```
The ability to disable this feature will be [removed in 13.9](https://gitlab.com/gitlab-org/gitlab/-/issues/276777).