debian-mirror-gitlab/doc/administration/packages/dependency_proxy.md
2021-02-22 17:27:13 +05:30

7.7 KiB

stage group info
Package Package To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments

GitLab Dependency Proxy administration

GitLab can be used as a dependency proxy for a variety of common package managers.

This is the administration documentation. If you want to learn how to use the dependency proxies, see the user guide.

Enabling the Dependency Proxy feature

NOTE: Dependency proxy requires the Puma web server to be enabled.

To enable the dependency proxy feature:

Omnibus GitLab installations

  1. Edit /etc/gitlab/gitlab.rb and add the following line:

    gitlab_rails['dependency_proxy_enabled'] = true
    
  2. Save the file and reconfigure GitLab for the changes to take effect.

  3. Enable the Puma web server.

Installations from source

  1. After the installation is complete, configure the dependency_proxy section in config/gitlab.yml. Set to true to enable it:

    dependency_proxy:
      enabled: true
    
  2. Restart GitLab for the changes to take effect.

Since Puma is already the default web server for installations from source as of GitLab 12.9, no further changes are needed.

Changing the storage path

By default, the dependency proxy files are stored locally, but you can change the default local location or even use object storage.

Changing the local storage path

The dependency proxy files for Omnibus GitLab installations are stored under /var/opt/gitlab/gitlab-rails/shared/dependency_proxy/ and for source installations under shared/dependency_proxy/ (relative to the Git home directory). To change the local storage path:

Omnibus GitLab installations

  1. Edit /etc/gitlab/gitlab.rb and add the following line:

    gitlab_rails['dependency_proxy_storage_path'] = "/mnt/dependency_proxy"
    
  2. Save the file and reconfigure GitLab for the changes to take effect.

Installations from source

  1. Edit the dependency_proxy section in config/gitlab.yml:

    dependency_proxy:
      enabled: true
      storage_path: shared/dependency_proxy
    
  2. Restart GitLab for the changes to take effect.

Using object storage

Instead of relying on the local storage, you can use an object storage to store the blobs of the dependency proxy.

Read more about using object storage with GitLab.

NOTE: In GitLab 13.2 and later, we recommend using the consolidated object storage settings. This section describes the earlier configuration format.

Omnibus GitLab installations

  1. Edit /etc/gitlab/gitlab.rb and add the following lines (uncomment where necessary):

    gitlab_rails['dependency_proxy_enabled'] = true
    gitlab_rails['dependency_proxy_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/dependency_proxy"
    gitlab_rails['dependency_proxy_object_store_enabled'] = true
    gitlab_rails['dependency_proxy_object_store_remote_directory'] = "dependency_proxy" # The bucket name.
    gitlab_rails['dependency_proxy_object_store_direct_upload'] = false         # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false).
    gitlab_rails['dependency_proxy_object_store_background_upload'] = true      # Temporary option to limit automatic upload (Default: true).
    gitlab_rails['dependency_proxy_object_store_proxy_download'] = false        # Passthrough all downloads via GitLab instead of using Redirects to Object Storage.
    gitlab_rails['dependency_proxy_object_store_connection'] = {
      ##
      ## If the provider is AWS S3, uncomment the following
      ##
      #'provider' => 'AWS',
      #'region' => 'eu-west-1',
      #'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
      #'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
      ##
      ## If the provider is other than AWS (an S3-compatible one), uncomment the following
      ##
      #'host' => 's3.amazonaws.com',
      #'aws_signature_version' => 4             # For creation of signed URLs. Set to 2 if provider does not support v4.
      #'endpoint' => 'https://s3.amazonaws.com' # Useful for S3-compliant services such as DigitalOcean Spaces.
      #'path_style' => false                    # If true, use 'host/bucket_name/object' instead of 'bucket_name.host/object'.
    }
    
  2. Save the file and reconfigure GitLab for the changes to take effect.

Installations from source

  1. Edit the dependency_proxy section in config/gitlab.yml (uncomment where necessary):

    dependency_proxy:
      enabled: true
      ##
      ## The location where build dependency_proxy are stored (default: shared/dependency_proxy).
      ##
      # storage_path: shared/dependency_proxy
      object_store:
        enabled: false
        remote_directory: dependency_proxy  # The bucket name.
        #  direct_upload: false      # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false).
        #  background_upload: true   # Temporary option to limit automatic upload (Default: true).
        #  proxy_download: false     # Passthrough all downloads via GitLab instead of using Redirects to Object Storage.
        connection:
        ##
        ## If the provider is AWS S3, use the following
        ##
          provider: AWS
          region: us-east-1
          aws_access_key_id: AWS_ACCESS_KEY_ID
          aws_secret_access_key: AWS_SECRET_ACCESS_KEY
          ##
          ## If the provider is other than AWS (an S3-compatible one), comment out the previous 4 lines and use the following instead:
          ##
          #  host: 's3.amazonaws.com'             # default: s3.amazonaws.com.
          #  aws_signature_version: 4             # For creation of signed URLs. Set to 2 if provider does not support v4.
          #  endpoint: 'https://s3.amazonaws.com' # Useful for S3-compliant services such as DigitalOcean Spaces.
          #  path_style: false                    # If true, use 'host/bucket_name/object' instead of 'bucket_name.host/object'.
    
  2. Restart GitLab for the changes to take effect.

Disabling Authentication

Authentication was introduced in 13.7 as part of enabling private groups to use the Dependency Proxy. If you previously used the Dependency Proxy without authentication and need to disable this feature while you update your workflow to authenticate with the Dependency Proxy, the following commands can be issued in a Rails console:

# Disable the authentication
Feature.disable(:dependency_proxy_for_private_groups)

# Re-enable the authentication
Feature.enable(:dependency_proxy_for_private_groups)

The ability to disable this feature will be removed in 13.9.