debian-mirror-gitlab/doc/security/asset_proxy.md

69 lines
3.4 KiB
Markdown
Raw Normal View History

2019-12-04 20:38:33 +05:30
# Proxying assets
2019-09-04 21:01:54 +05:30
A possible security concern when managing a public facing GitLab instance is
the ability to steal a users IP address by referencing images in issues, comments, etc.
For example, adding `![Example image](http://example.com/example.png)` to
an issue description will cause the image to be loaded from the external
2019-12-04 20:38:33 +05:30
server in order to be displayed. However, this also allows the external server
2019-09-04 21:01:54 +05:30
to log the IP address of the user.
One way to mitigate this is by proxying any external images to a server you
2019-12-04 20:38:33 +05:30
control.
2019-12-21 20:55:43 +05:30
GitLab can be configured to use an asset proxy server when requesting external images/videos/audio in
2019-12-04 20:38:33 +05:30
issues, comments, etc. This helps ensure that malicious images do not expose the user's IP address
when they are fetched.
We currently recommend using [cactus/go-camo](https://github.com/cactus/go-camo#how-it-works)
2019-12-21 20:55:43 +05:30
as it supports proxying video, audio, and is more configurable.
2019-12-04 20:38:33 +05:30
## Installing Camo server
A Camo server is used to act as the proxy.
To install a Camo server as an asset proxy:
1. Deploy a `go-camo` server. Helpful instructions can be found in
[building catus/go-camo](https://github.com/cactus/go-camo#building).
1. Make sure your instance of GitLab is running, and that you have created a private API token.
Using the API, configure the asset proxy settings on your GitLab instance. For example:
2020-03-09 13:42:32 +05:30
```shell
curl --request "PUT" "https://gitlab.example.com/api/v4/application/settings?\
asset_proxy_enabled=true&\
asset_proxy_url=https://proxy.gitlab.example.com&\
asset_proxy_secret_key=<somekey>" \
--header 'PRIVATE-TOKEN: <my_private_token>'
```
The following settings are supported:
| Attribute | Description |
|:-------------------------|:-------------------------------------------------------------------------------------------------------------------------------------|
| `asset_proxy_enabled` | Enable proxying of assets. If enabled, requires: `asset_proxy_url`). |
| `asset_proxy_secret_key` | Shared secret with the asset proxy server. |
| `asset_proxy_url` | URL of the asset proxy server. |
| `asset_proxy_whitelist` | Assets that match these domain(s) will NOT be proxied. Wildcards allowed. Your GitLab installation URL is automatically whitelisted. |
2019-12-04 20:38:33 +05:30
1. Restart the server for the changes to take effect. Each time you change any values for the asset
proxy, you need to restart the server.
## Using the Camo server
2019-12-21 20:55:43 +05:30
Once the Camo server is running and you've enabled the GitLab settings, any image, video, or audio that
2019-12-04 20:38:33 +05:30
references an external source will get proxied to the Camo server.
2019-09-04 21:01:54 +05:30
2019-12-04 20:38:33 +05:30
For example, the following is a link to an image in Markdown:
2019-09-04 21:01:54 +05:30
2019-12-04 20:38:33 +05:30
```markdown
![logo](https://about.gitlab.com/images/press/logo/jpg/gitlab-icon-rgb.jpg)
```
2019-09-04 21:01:54 +05:30
2019-12-04 20:38:33 +05:30
The following is an example of a source link that could result:
2019-09-04 21:01:54 +05:30
2019-12-04 20:38:33 +05:30
```text
http://proxy.gitlab.example.com/f9dd2b40157757eb82afeedbf1290ffb67a3aeeb/68747470733a2f2f61626f75742e6769746c61622e636f6d2f696d616765732f70726573732f6c6f676f2f6a70672f6769746c61622d69636f6e2d7267622e6a7067
```