862 lines
40 KiB
Text
862 lines
40 KiB
Text
= form_for @application_setting, url: admin_application_settings_path, html: { class: 'form-horizontal fieldset-form' } do |f|
|
|
= form_errors(@application_setting)
|
|
|
|
%fieldset
|
|
%legend Visibility and Access Controls
|
|
.form-group
|
|
= f.label :default_branch_protection, class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.select :default_branch_protection, options_for_select(Gitlab::Access.protection_options, @application_setting.default_branch_protection), {}, class: 'form-control'
|
|
.form-group.visibility-level-setting
|
|
= f.label :default_project_visibility, class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= render('shared/visibility_radios', model_method: :default_project_visibility, form: f, selected_level: @application_setting.default_project_visibility, form_model: Project.new)
|
|
.form-group.visibility-level-setting
|
|
= f.label :default_snippet_visibility, class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= render('shared/visibility_radios', model_method: :default_snippet_visibility, form: f, selected_level: @application_setting.default_snippet_visibility, form_model: ProjectSnippet.new)
|
|
.form-group.visibility-level-setting
|
|
= f.label :default_group_visibility, class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= render('shared/visibility_radios', model_method: :default_group_visibility, form: f, selected_level: @application_setting.default_group_visibility, form_model: Group.new)
|
|
.form-group
|
|
= f.label :restricted_visibility_levels, class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
- checkbox_name = 'application_setting[restricted_visibility_levels][]'
|
|
= hidden_field_tag(checkbox_name)
|
|
- restricted_level_checkboxes('restricted-visibility-help', checkbox_name).each do |level|
|
|
.checkbox
|
|
= level
|
|
%span.help-block#restricted-visibility-help
|
|
Selected levels cannot be used by non-admin users for projects or snippets.
|
|
If the public level is restricted, user profiles are only visible to logged in users.
|
|
.form-group
|
|
= f.label :import_sources, class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
- import_sources_checkboxes('import-sources-help').each do |source|
|
|
.checkbox= source
|
|
%span.help-block#import-sources-help
|
|
Enabled sources for code import during project creation. OmniAuth must be configured for GitHub
|
|
= link_to "(?)", help_page_path("integration/github")
|
|
, Bitbucket
|
|
= link_to "(?)", help_page_path("integration/bitbucket")
|
|
and GitLab.com
|
|
= link_to "(?)", help_page_path("integration/gitlab")
|
|
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :project_export_enabled do
|
|
= f.check_box :project_export_enabled
|
|
Project export enabled
|
|
|
|
.form-group
|
|
%label.control-label.col-sm-2 Enabled Git access protocols
|
|
.col-sm-10
|
|
= select(:application_setting, :enabled_git_access_protocol, [['Both SSH and HTTP(S)', nil], ['Only SSH', 'ssh'], ['Only HTTP(S)', 'http']], {}, class: 'form-control')
|
|
%span.help-block#clone-protocol-help
|
|
Allow only the selected protocols to be used for Git access.
|
|
|
|
- ApplicationSetting::SUPPORTED_KEY_TYPES.each do |type|
|
|
- field_name = :"#{type}_key_restriction"
|
|
.form-group
|
|
= f.label field_name, "#{type.upcase} SSH keys", class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.select field_name, key_restriction_options_for_select(type), {}, class: 'form-control'
|
|
|
|
%fieldset
|
|
%legend Account and Limit Settings
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :gravatar_enabled do
|
|
= f.check_box :gravatar_enabled
|
|
Gravatar enabled
|
|
.form-group
|
|
= f.label :default_projects_limit, class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :default_projects_limit, class: 'form-control'
|
|
.form-group
|
|
= f.label :max_attachment_size, 'Maximum attachment size (MB)', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :max_attachment_size, class: 'form-control'
|
|
.form-group
|
|
= f.label :session_expire_delay, 'Session duration (minutes)', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :session_expire_delay, class: 'form-control'
|
|
%span.help-block#session_expire_delay_help_block GitLab restart is required to apply changes
|
|
.form-group
|
|
= f.label :user_oauth_applications, 'User OAuth applications', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
.checkbox
|
|
= f.label :user_oauth_applications do
|
|
= f.check_box :user_oauth_applications
|
|
Allow users to register any application to use GitLab as an OAuth provider
|
|
.form-group
|
|
= f.label :user_default_external, 'New users set to external', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
.checkbox
|
|
= f.label :user_default_external do
|
|
= f.check_box :user_default_external
|
|
Newly registered users will by default be external
|
|
|
|
%fieldset
|
|
%legend Sign-up Restrictions
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :signup_enabled do
|
|
= f.check_box :signup_enabled
|
|
Sign-up enabled
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :send_user_confirmation_email do
|
|
= f.check_box :send_user_confirmation_email
|
|
Send confirmation email on sign-up
|
|
.form-group
|
|
= f.label :domain_whitelist, 'Whitelisted domains for sign-ups', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_area :domain_whitelist_raw, placeholder: 'domain.com', class: 'form-control', rows: 8
|
|
.help-block ONLY users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com
|
|
.form-group
|
|
= f.label :domain_blacklist_enabled, 'Domain Blacklist', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
.checkbox
|
|
= f.label :domain_blacklist_enabled do
|
|
= f.check_box :domain_blacklist_enabled
|
|
Enable domain blacklist for sign ups
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.radio
|
|
= label_tag :blacklist_type_file do
|
|
= radio_button_tag :blacklist_type, :file
|
|
.option-title
|
|
Upload blacklist file
|
|
.radio
|
|
= label_tag :blacklist_type_raw do
|
|
= radio_button_tag :blacklist_type, :raw, @application_setting.domain_blacklist.present? || @application_setting.domain_blacklist.blank?
|
|
.option-title
|
|
Enter blacklist manually
|
|
.form-group.blacklist-file
|
|
= f.label :domain_blacklist_file, 'Blacklist file', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.file_field :domain_blacklist_file, class: 'form-control', accept: '.txt,.conf'
|
|
.help-block Users with e-mail addresses that match these domain(s) will NOT be able to sign-up. Wildcards allowed. Use separate lines or commas for multiple entries.
|
|
.form-group.blacklist-raw
|
|
= f.label :domain_blacklist, 'Blacklisted domains for sign-ups', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_area :domain_blacklist_raw, placeholder: 'domain.com', class: 'form-control', rows: 8
|
|
.help-block Users with e-mail addresses that match these domain(s) will NOT be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com
|
|
|
|
.form-group
|
|
= f.label :after_sign_up_text, class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_area :after_sign_up_text, class: 'form-control', rows: 4
|
|
.help-block Markdown enabled
|
|
|
|
%fieldset
|
|
%legend Sign-in Restrictions
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :password_authentication_enabled_for_web do
|
|
= f.check_box :password_authentication_enabled_for_web
|
|
Password authentication enabled for web interface
|
|
.help-block
|
|
When disabled, an external authentication provider must be used.
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :password_authentication_enabled_for_git do
|
|
= f.check_box :password_authentication_enabled_for_git
|
|
Password authentication enabled for Git over HTTP(S)
|
|
.help-block
|
|
When disabled, a Personal Access Token
|
|
- if Gitlab::LDAP::Config.enabled?
|
|
or LDAP password
|
|
must be used to authenticate.
|
|
- if omniauth_enabled? && button_based_providers.any?
|
|
.form-group
|
|
= f.label :enabled_oauth_sign_in_sources, 'Enabled OAuth sign-in sources', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
.btn-group{ data: { toggle: 'buttons' } }
|
|
- oauth_providers_checkboxes.each do |source|
|
|
= source
|
|
.form-group
|
|
= f.label :two_factor_authentication, 'Two-factor authentication', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
.checkbox
|
|
= f.label :require_two_factor_authentication do
|
|
= f.check_box :require_two_factor_authentication
|
|
Require all users to setup Two-factor authentication
|
|
.form-group
|
|
= f.label :two_factor_authentication, 'Two-factor grace period (hours)', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :two_factor_grace_period, min: 0, class: 'form-control', placeholder: '0'
|
|
.help-block Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication
|
|
.form-group
|
|
= f.label :home_page_url, 'Home page URL', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :home_page_url, class: 'form-control', placeholder: 'http://company.example.com', :'aria-describedby' => 'home_help_block'
|
|
%span.help-block#home_help_block We will redirect non-logged in users to this page
|
|
.form-group
|
|
= f.label :after_sign_out_path, class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :after_sign_out_path, class: 'form-control', placeholder: 'http://company.example.com', :'aria-describedby' => 'after_sign_out_path_help_block'
|
|
%span.help-block#after_sign_out_path_help_block We will redirect users to this page after they sign out
|
|
.form-group
|
|
= f.label :sign_in_text, class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_area :sign_in_text, class: 'form-control', rows: 4
|
|
.help-block Markdown enabled
|
|
|
|
%fieldset
|
|
%legend Help Page
|
|
.form-group
|
|
= f.label :help_page_text, class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_area :help_page_text, class: 'form-control', rows: 4
|
|
.help-block Markdown enabled
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :help_page_hide_commercial_content do
|
|
= f.check_box :help_page_hide_commercial_content
|
|
Hide marketing-related entries from help
|
|
.form-group
|
|
= f.label :help_page_support_url, 'Support page URL', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :help_page_support_url, class: 'form-control', placeholder: 'http://company.example.com/getting-help', :'aria-describedby' => 'support_help_block'
|
|
%span.help-block#support_help_block Alternate support URL for help page
|
|
|
|
%fieldset
|
|
%legend Pages
|
|
.form-group
|
|
= f.label :max_pages_size, 'Maximum size of pages (MB)', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :max_pages_size, class: 'form-control'
|
|
.help-block 0 for unlimited
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :pages_domain_verification_enabled do
|
|
= f.check_box :pages_domain_verification_enabled
|
|
Require users to prove ownership of custom domains
|
|
.help-block
|
|
Domain verification is an essential security measure for public GitLab
|
|
sites. Users are required to demonstrate they control a domain before
|
|
it is enabled
|
|
= link_to icon('question-circle'), help_page_path('user/project/pages/getting_started_part_three.md', anchor: 'dns-txt-record')
|
|
|
|
%fieldset
|
|
%legend Continuous Integration and Deployment
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :auto_devops_enabled do
|
|
= f.check_box :auto_devops_enabled
|
|
Enabled Auto DevOps (Beta) for projects by default
|
|
.help-block
|
|
It will automatically build, test, and deploy applications based on a predefined CI/CD configuration
|
|
= link_to icon('question-circle'), help_page_path('topics/autodevops/index.md')
|
|
.form-group
|
|
= f.label :auto_devops_domain, class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :auto_devops_domain, class: 'form-control', placeholder: 'domain.com'
|
|
.help-block
|
|
= s_("AdminSettings|Specify a domain to use by default for every project's Auto Review Apps and Auto Deploy stages.")
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :shared_runners_enabled do
|
|
= f.check_box :shared_runners_enabled
|
|
Enable shared runners for new projects
|
|
.form-group
|
|
= f.label :shared_runners_text, class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_area :shared_runners_text, class: 'form-control', rows: 4
|
|
.help-block Markdown enabled
|
|
.form-group
|
|
= f.label :max_artifacts_size, 'Maximum artifacts size (MB)', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :max_artifacts_size, class: 'form-control'
|
|
.help-block
|
|
Set the maximum file size for each job's artifacts
|
|
= link_to icon('question-circle'), help_page_path('user/admin_area/settings/continuous_integration', anchor: 'maximum-artifacts-size')
|
|
.form-group
|
|
= f.label :default_artifacts_expire_in, 'Default artifacts expiration', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :default_artifacts_expire_in, class: 'form-control'
|
|
.help-block
|
|
Set the default expiration time for each job's artifacts.
|
|
0 for unlimited.
|
|
= link_to icon('question-circle'), help_page_path('user/admin_area/settings/continuous_integration', anchor: 'default-artifacts-expiration')
|
|
|
|
- if Gitlab.config.registry.enabled
|
|
%fieldset
|
|
%legend Container Registry
|
|
.form-group
|
|
= f.label :container_registry_token_expire_delay, 'Authorization token duration (minutes)', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :container_registry_token_expire_delay, class: 'form-control'
|
|
|
|
%fieldset
|
|
%legend Metrics - Influx
|
|
%p
|
|
Setup InfluxDB to measure a wide variety of statistics like the time spent
|
|
in running SQL queries. These settings require a
|
|
= link_to 'restart', help_page_path('administration/restart_gitlab')
|
|
to take effect.
|
|
= link_to icon('question-circle'), help_page_path('administration/monitoring/performance/introduction')
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :metrics_enabled do
|
|
= f.check_box :metrics_enabled
|
|
Enable InfluxDB Metrics
|
|
.form-group
|
|
= f.label :metrics_host, 'InfluxDB host', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :metrics_host, class: 'form-control', placeholder: 'influxdb.example.com'
|
|
.form-group
|
|
= f.label :metrics_port, 'InfluxDB port', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :metrics_port, class: 'form-control', placeholder: '8089'
|
|
.help-block
|
|
The UDP port to use for connecting to InfluxDB. InfluxDB requires that
|
|
your server configuration specifies a database to store data in when
|
|
sending messages to this port, without it metrics data will not be
|
|
saved.
|
|
.form-group
|
|
= f.label :metrics_pool_size, 'Connection pool size', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :metrics_pool_size, class: 'form-control'
|
|
.help-block
|
|
The amount of InfluxDB connections to open. Connections are opened
|
|
lazily. Users using multi-threaded application servers should ensure
|
|
enough connections are available (at minimum the amount of application
|
|
server threads).
|
|
.form-group
|
|
= f.label :metrics_timeout, 'Connection timeout', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :metrics_timeout, class: 'form-control'
|
|
.help-block
|
|
The amount of seconds after which an InfluxDB connection will time
|
|
out.
|
|
.form-group
|
|
= f.label :metrics_method_call_threshold, 'Method Call Threshold (ms)', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :metrics_method_call_threshold, class: 'form-control'
|
|
.help-block
|
|
A method call is only tracked when it takes longer to complete than
|
|
the given amount of milliseconds.
|
|
.form-group
|
|
= f.label :metrics_sample_interval, 'Sampler Interval (sec)', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :metrics_sample_interval, class: 'form-control'
|
|
.help-block
|
|
The sampling interval in seconds. Sampled data includes memory usage,
|
|
retained Ruby objects, file descriptors and so on.
|
|
.form-group
|
|
= f.label :metrics_packet_size, 'Metrics per packet', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :metrics_packet_size, class: 'form-control'
|
|
.help-block
|
|
The amount of points to store in a single UDP packet. More points
|
|
results in fewer but larger UDP packets being sent.
|
|
|
|
%fieldset
|
|
%legend Metrics - Prometheus
|
|
%p
|
|
Enable a Prometheus metrics endpoint at
|
|
%code= metrics_path
|
|
to expose a variety of statistics on the health and performance of GitLab. Additional information on authenticating and connecting to the metrics endpoint is available
|
|
= link_to 'here', admin_health_check_path
|
|
\. This setting requires a
|
|
= link_to 'restart', help_page_path('administration/restart_gitlab')
|
|
to take effect.
|
|
= link_to icon('question-circle'), help_page_path('administration/monitoring/prometheus/index')
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :prometheus_metrics_enabled do
|
|
= f.check_box :prometheus_metrics_enabled
|
|
Enable Prometheus Metrics
|
|
- unless Gitlab::Metrics.metrics_folder_present?
|
|
.help-block
|
|
%strong.cred WARNING:
|
|
Environment variable
|
|
%code prometheus_multiproc_dir
|
|
does not exist or is not pointing to a valid directory.
|
|
= link_to icon('question-circle'), help_page_path('administration/monitoring/prometheus/gitlab_metrics', anchor: 'metrics-shared-directory')
|
|
|
|
%fieldset
|
|
%legend Profiling - Performance Bar
|
|
%p
|
|
Enable the Performance Bar for a given group.
|
|
= link_to icon('question-circle'), help_page_path('administration/monitoring/performance/performance_bar')
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :performance_bar_enabled do
|
|
= f.check_box :performance_bar_enabled
|
|
Enable the Performance Bar
|
|
.form-group
|
|
= f.label :performance_bar_allowed_group_id, 'Allowed group', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :performance_bar_allowed_group_id, class: 'form-control', placeholder: 'my-org/my-group', value: @application_setting.performance_bar_allowed_group&.full_path
|
|
|
|
%fieldset
|
|
%legend Background Jobs
|
|
%p
|
|
These settings require a
|
|
= link_to 'restart', help_page_path('administration/restart_gitlab')
|
|
to take effect.
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :sidekiq_throttling_enabled do
|
|
= f.check_box :sidekiq_throttling_enabled
|
|
Enable Sidekiq Job Throttling
|
|
.help-block
|
|
Limit the amount of resources slow running jobs are assigned.
|
|
.form-group
|
|
= f.label :sidekiq_throttling_queues, 'Sidekiq queues to throttle', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.select :sidekiq_throttling_queues, sidekiq_queue_options_for_select, { include_hidden: false }, multiple: true, class: 'select2 select-wide', data: { field: 'sidekiq_throttling_queues' }
|
|
.help-block
|
|
Choose which queues you wish to throttle.
|
|
.form-group
|
|
= f.label :sidekiq_throttling_factor, 'Throttling Factor', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :sidekiq_throttling_factor, class: 'form-control', min: '0.01', max: '0.99', step: '0.01'
|
|
.help-block
|
|
The factor by which the queues should be throttled. A value between 0.0 and 1.0, exclusive.
|
|
|
|
%fieldset
|
|
%legend Spam and Anti-bot Protection
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :recaptcha_enabled do
|
|
= f.check_box :recaptcha_enabled
|
|
Enable reCAPTCHA
|
|
%span.help-block#recaptcha_help_block Helps prevent bots from creating accounts
|
|
|
|
.form-group
|
|
= f.label :recaptcha_site_key, 'reCAPTCHA Site Key', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :recaptcha_site_key, class: 'form-control'
|
|
.help-block
|
|
Generate site and private keys at
|
|
%a{ href: 'http://www.google.com/recaptcha', target: 'blank' } http://www.google.com/recaptcha
|
|
|
|
.form-group
|
|
= f.label :recaptcha_private_key, 'reCAPTCHA Private Key', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :recaptcha_private_key, class: 'form-control'
|
|
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :akismet_enabled do
|
|
= f.check_box :akismet_enabled
|
|
Enable Akismet
|
|
%span.help-block#akismet_help_block Helps prevent bots from creating issues
|
|
|
|
.form-group
|
|
= f.label :akismet_api_key, 'Akismet API Key', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :akismet_api_key, class: 'form-control'
|
|
.help-block
|
|
Generate API key at
|
|
%a{ href: 'http://www.akismet.com', target: 'blank' } http://www.akismet.com
|
|
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :unique_ips_limit_enabled do
|
|
= f.check_box :unique_ips_limit_enabled
|
|
Limit sign in from multiple ips
|
|
%span.help-block#unique_ip_help_block
|
|
Helps prevent malicious users hide their activity
|
|
|
|
.form-group
|
|
= f.label :unique_ips_limit_per_user, 'IPs per user', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :unique_ips_limit_per_user, class: 'form-control'
|
|
.help-block
|
|
Maximum number of unique IPs per user
|
|
|
|
.form-group
|
|
= f.label :unique_ips_limit_time_window, 'IP expiration time', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :unique_ips_limit_time_window, class: 'form-control'
|
|
.help-block
|
|
How many seconds an IP will be counted towards the limit
|
|
|
|
%fieldset
|
|
%legend Abuse reports
|
|
.form-group
|
|
= f.label :admin_notification_email, 'Abuse reports notification email', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :admin_notification_email, class: 'form-control'
|
|
.help-block
|
|
Abuse reports will be sent to this address if it is set. Abuse reports are always available in the admin area.
|
|
|
|
%fieldset
|
|
%legend Error Reporting and Logging
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :sentry_enabled do
|
|
= f.check_box :sentry_enabled
|
|
Enable Sentry
|
|
.help-block
|
|
%p This setting requires a restart to take effect.
|
|
Sentry is an error reporting and logging tool which is currently not shipped with GitLab, get it here:
|
|
%a{ href: 'https://getsentry.com', target: '_blank', rel: 'noopener noreferrer' } https://getsentry.com
|
|
|
|
.form-group
|
|
= f.label :sentry_dsn, 'Sentry DSN', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :sentry_dsn, class: 'form-control'
|
|
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :clientside_sentry_enabled do
|
|
= f.check_box :clientside_sentry_enabled
|
|
Enable Clientside Sentry
|
|
.help-block
|
|
Sentry can also be used for reporting and logging clientside exceptions.
|
|
%a{ href: 'https://sentry.io/for/javascript/', target: '_blank', rel: 'noopener noreferrer' } https://sentry.io/for/javascript/
|
|
|
|
.form-group
|
|
= f.label :clientside_sentry_dsn, 'Clientside Sentry DSN', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :clientside_sentry_dsn, class: 'form-control'
|
|
|
|
%fieldset
|
|
%legend Repository Storage
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :hashed_storage_enabled do
|
|
= f.check_box :hashed_storage_enabled
|
|
Create new projects using hashed storage paths
|
|
.help-block
|
|
Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents
|
|
repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance.
|
|
%em (EXPERIMENTAL)
|
|
.form-group
|
|
= f.label :repository_storages, 'Storage paths for new projects', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.select :repository_storages, repository_storages_options_for_select(@application_setting.repository_storages),
|
|
{include_hidden: false}, multiple: true, class: 'form-control'
|
|
.help-block
|
|
Manage repository storage paths. Learn more in the
|
|
= succeed "." do
|
|
= link_to "repository storages documentation", help_page_path("administration/repository_storages")
|
|
|
|
%fieldset
|
|
%legend Git Storage Circuitbreaker settings
|
|
.form-group
|
|
= f.label :circuitbreaker_check_interval, _('Check interval'), class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :circuitbreaker_check_interval, class: 'form-control'
|
|
.help-block
|
|
= circuitbreaker_check_interval_help_text
|
|
.form-group
|
|
= f.label :circuitbreaker_access_retries, _('Number of access attempts'), class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :circuitbreaker_access_retries, class: 'form-control'
|
|
.help-block
|
|
= circuitbreaker_access_retries_help_text
|
|
.form-group
|
|
= f.label :circuitbreaker_storage_timeout, _('Seconds to wait for a storage access attempt'), class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :circuitbreaker_storage_timeout, class: 'form-control'
|
|
.help-block
|
|
= circuitbreaker_storage_timeout_help_text
|
|
.form-group
|
|
= f.label :circuitbreaker_failure_count_threshold, _('Maximum git storage failures'), class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :circuitbreaker_failure_count_threshold, class: 'form-control'
|
|
.help-block
|
|
= circuitbreaker_failure_count_help_text
|
|
.form-group
|
|
= f.label :circuitbreaker_failure_reset_time, _('Seconds before reseting failure information'), class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :circuitbreaker_failure_reset_time, class: 'form-control'
|
|
.help-block
|
|
= circuitbreaker_failure_reset_time_help_text
|
|
|
|
%fieldset
|
|
%legend Repository Checks
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :repository_checks_enabled do
|
|
= f.check_box :repository_checks_enabled
|
|
Enable Repository Checks
|
|
.help-block
|
|
GitLab will periodically run
|
|
%a{ href: 'https://www.kernel.org/pub/software/scm/git/docs/git-fsck.html', target: 'blank' } 'git fsck'
|
|
in all project and wiki repositories to look for silent disk corruption issues.
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
= link_to 'Clear all repository checks', clear_repository_check_states_admin_application_settings_path, data: { confirm: 'This will clear repository check states for ALL projects in the database. This cannot be undone. Are you sure?' }, method: :put, class: "btn btn-sm btn-remove"
|
|
.help-block
|
|
If you got a lot of false alarms from repository checks you can choose to clear all repository check information from the database.
|
|
|
|
- if koding_enabled?
|
|
%fieldset
|
|
%legend Koding
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :koding_enabled do
|
|
= f.check_box :koding_enabled
|
|
Enable Koding
|
|
.help-block
|
|
Koding integration has been deprecated since GitLab 10.0. If you disable your Koding integration, you will not be able to enable it again.
|
|
.form-group
|
|
= f.label :koding_url, 'Koding URL', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :koding_url, class: 'form-control', placeholder: 'http://gitlab.your-koding-instance.com:8090'
|
|
.help-block
|
|
Koding has integration enabled out of the box for the
|
|
%strong gitlab
|
|
team, and you need to provide that team's URL here. Learn more in the
|
|
= succeed "." do
|
|
= link_to "Koding administration documentation", help_page_path("administration/integration/koding")
|
|
|
|
%fieldset
|
|
%legend PlantUML
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :plantuml_enabled do
|
|
= f.check_box :plantuml_enabled
|
|
Enable PlantUML
|
|
.form-group
|
|
= f.label :plantuml_url, 'PlantUML URL', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :plantuml_url, class: 'form-control', placeholder: 'http://gitlab.your-plantuml-instance.com:8080'
|
|
.help-block
|
|
Allow rendering of
|
|
= link_to "PlantUML", "http://plantuml.com"
|
|
diagrams in Asciidoc documents using an external PlantUML service.
|
|
|
|
%fieldset
|
|
%legend#usage-statistics Usage statistics
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :version_check_enabled do
|
|
= f.check_box :version_check_enabled
|
|
Version check enabled
|
|
.help-block
|
|
Let GitLab inform you when an update is available.
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
- can_be_configured = @application_setting.usage_ping_can_be_configured?
|
|
.checkbox
|
|
= f.label :usage_ping_enabled do
|
|
= f.check_box :usage_ping_enabled, disabled: !can_be_configured
|
|
Usage ping enabled
|
|
= link_to icon('question-circle'), help_page_path("user/admin_area/settings/usage_statistics", anchor: "usage-ping")
|
|
.help-block
|
|
- if can_be_configured
|
|
Every week GitLab will report license usage back to GitLab, Inc.
|
|
Disable this option if you do not want this to occur. To see the
|
|
JSON payload that will be sent, visit the
|
|
= succeed '.' do
|
|
= link_to "Cohorts page", admin_cohorts_path(anchor: 'usage-ping')
|
|
- else
|
|
The usage ping is disabled, and cannot be configured through this
|
|
form. For more information, see the documentation on
|
|
= succeed '.' do
|
|
= link_to 'deactivating the usage ping', help_page_path('user/admin_area/settings/usage_statistics', anchor: 'deactivate-the-usage-ping')
|
|
|
|
%fieldset
|
|
%legend Email
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :email_author_in_body do
|
|
= f.check_box :email_author_in_body
|
|
Include author name in notification email body
|
|
.help-block
|
|
Some email servers do not support overriding the email sender name.
|
|
Enable this option to include the name of the author of the issue,
|
|
merge request or comment in the email body instead.
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :html_emails_enabled do
|
|
= f.check_box :html_emails_enabled
|
|
Enable HTML emails
|
|
.help-block
|
|
By default GitLab sends emails in HTML and plain text formats so mail
|
|
clients can choose what format to use. Disable this option if you only
|
|
want to send emails in plain text format.
|
|
%fieldset
|
|
%legend Automatic Git repository housekeeping
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :housekeeping_enabled do
|
|
= f.check_box :housekeeping_enabled
|
|
Enable automatic repository housekeeping (git repack, git gc)
|
|
.help-block
|
|
If you keep automatic housekeeping disabled for a long time Git
|
|
repository access on your GitLab server will become slower and your
|
|
repositories will use more disk space. We recommend to always leave
|
|
this enabled.
|
|
.checkbox
|
|
= f.label :housekeeping_bitmaps_enabled do
|
|
= f.check_box :housekeeping_bitmaps_enabled
|
|
Enable Git pack file bitmap creation
|
|
.help-block
|
|
Creating pack file bitmaps makes housekeeping take a little longer but
|
|
bitmaps should accelerate 'git clone' performance.
|
|
.form-group
|
|
= f.label :housekeeping_incremental_repack_period, 'Incremental repack period', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :housekeeping_incremental_repack_period, class: 'form-control'
|
|
.help-block
|
|
Number of Git pushes after which an incremental 'git repack' is run.
|
|
.form-group
|
|
= f.label :housekeeping_full_repack_period, 'Full repack period', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :housekeeping_full_repack_period, class: 'form-control'
|
|
.help-block
|
|
Number of Git pushes after which a full 'git repack' is run.
|
|
.form-group
|
|
= f.label :housekeeping_gc_period, 'Git GC period', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :housekeeping_gc_period, class: 'form-control'
|
|
.help-block
|
|
Number of Git pushes after which 'git gc' is run.
|
|
|
|
%fieldset
|
|
%legend Gitaly Timeouts
|
|
.form-group
|
|
= f.label :gitaly_timeout_default, 'Default Timeout Period', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :gitaly_timeout_default, class: 'form-control'
|
|
.help-block
|
|
Timeout for Gitaly calls from the GitLab application (in seconds). This timeout is not enforced
|
|
for git fetch/push operations or Sidekiq jobs.
|
|
.form-group
|
|
= f.label :gitaly_timeout_fast, 'Fast Timeout Period', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :gitaly_timeout_fast, class: 'form-control'
|
|
.help-block
|
|
Fast operation timeout (in seconds). Some Gitaly operations are expected to be fast.
|
|
If they exceed this threshold, there may be a problem with a storage shard and 'failing fast'
|
|
can help maintain the stability of the GitLab instance.
|
|
.form-group
|
|
= f.label :gitaly_timeout_medium, 'Medium Timeout Period', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :gitaly_timeout_medium, class: 'form-control'
|
|
.help-block
|
|
Medium operation timeout (in seconds). This should be a value between the Fast and the Default timeout.
|
|
|
|
%fieldset
|
|
%legend Web terminal
|
|
.form-group
|
|
= f.label :terminal_max_session_time, 'Max session time', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :terminal_max_session_time, class: 'form-control'
|
|
.help-block
|
|
Maximum time for web terminal websocket connection (in seconds).
|
|
0 for unlimited.
|
|
|
|
%fieldset
|
|
%legend Real-time features
|
|
.form-group
|
|
= f.label :polling_interval_multiplier, 'Polling interval multiplier', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.text_field :polling_interval_multiplier, class: 'form-control'
|
|
.help-block
|
|
Change this value to influence how frequently the GitLab UI polls for updates.
|
|
If you set the value to 2 all polling intervals are multiplied
|
|
by 2, which means that polling happens half as frequently.
|
|
The multiplier can also have a decimal value.
|
|
The default value (1) is a reasonable choice for the majority of GitLab
|
|
installations. Set to 0 to completely disable polling.
|
|
= link_to icon('question-circle'), help_page_path('administration/polling')
|
|
|
|
%fieldset
|
|
%legend Performance optimization
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :authorized_keys_enabled do
|
|
= f.check_box :authorized_keys_enabled
|
|
Write to "authorized_keys" file
|
|
.help-block
|
|
By default, we write to the "authorized_keys" file to support Git
|
|
over SSH without additional configuration. GitLab can be optimized
|
|
to authenticate SSH keys via the database file. Only uncheck this
|
|
if you have configured your OpenSSH server to use the
|
|
AuthorizedKeysCommand. Click on the help icon for more details.
|
|
= link_to icon('question-circle'), help_page_path('administration/operations/fast_ssh_key_lookup')
|
|
|
|
%fieldset
|
|
%legend User and IP Rate Limits
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :throttle_unauthenticated_enabled do
|
|
= f.check_box :throttle_unauthenticated_enabled
|
|
Enable unauthenticated request rate limit
|
|
%span.help-block
|
|
Helps reduce request volume (e.g. from crawlers or abusive bots)
|
|
.form-group
|
|
= f.label :throttle_unauthenticated_requests_per_period, 'Max requests per period per IP', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :throttle_unauthenticated_requests_per_period, class: 'form-control'
|
|
.form-group
|
|
= f.label :throttle_unauthenticated_period_in_seconds, 'Rate limit period in seconds', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :throttle_unauthenticated_period_in_seconds, class: 'form-control'
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :throttle_authenticated_api_enabled do
|
|
= f.check_box :throttle_authenticated_api_enabled
|
|
Enable authenticated API request rate limit
|
|
%span.help-block
|
|
Helps reduce request volume (e.g. from crawlers or abusive bots)
|
|
.form-group
|
|
= f.label :throttle_authenticated_api_requests_per_period, 'Max requests per period per user', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :throttle_authenticated_api_requests_per_period, class: 'form-control'
|
|
.form-group
|
|
= f.label :throttle_authenticated_api_period_in_seconds, 'Rate limit period in seconds', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :throttle_authenticated_api_period_in_seconds, class: 'form-control'
|
|
.form-group
|
|
.col-sm-offset-2.col-sm-10
|
|
.checkbox
|
|
= f.label :throttle_authenticated_web_enabled do
|
|
= f.check_box :throttle_authenticated_web_enabled
|
|
Enable authenticated web request rate limit
|
|
%span.help-block
|
|
Helps reduce request volume (e.g. from crawlers or abusive bots)
|
|
.form-group
|
|
= f.label :throttle_authenticated_web_requests_per_period, 'Max requests per period per user', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :throttle_authenticated_web_requests_per_period, class: 'form-control'
|
|
.form-group
|
|
= f.label :throttle_authenticated_web_period_in_seconds, 'Rate limit period in seconds', class: 'control-label col-sm-2'
|
|
.col-sm-10
|
|
= f.number_field :throttle_authenticated_web_period_in_seconds, class: 'form-control'
|
|
|
|
.form-actions
|
|
= f.submit 'Save', class: 'btn btn-save'
|