doc/administration/gitlab_duo/configure/_index.md
{{< details >}}
{{< /details >}}
GitLab Duo is an AI-native assistant that helps you across the software development lifecycle.
You can configure GitLab Duo to use:
This feature was removed in GitLab 18.9.
<!--- end_remove -->https://duo-workflow-svc.runway.gitlab.net with HTTP/2. The application and service communicate with gRPC.duo-workflow-svc.runway.gitlab.net on port 443 with https:// and support for
HTTP/2 traffic.Your GitLab instance must allow inbound connections from IDE clients.
Connection: upgradeUpgrade: websocketHTTP/2 protocol supportSec-WebSocket-*wss:// (WebSocket Secure) protocol support.wss://<customer-instance>/-/cableHTTP/2 protocol is not downgraded to HTTP/1.1.443 (HTTPS/WSS)If you have issues:
wss://gitlab.example.com/-/cable and other .com domains.To resolve this issue, edit your proxy settings:
# Enable WebSocket reverse Proxy
# Needs proxy_wstunnel enabled
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://127.0.0.1:8181/$1" [P,L]
For GitLab Duo Agent Platform features that make use of runners, like flows, the runner must be able to connect to the GitLab instance.
The same inbound connections from clients to the GitLab instance must be allowed as outbound connections from the runner to the GitLab instance.
In addition, runners must be able to connect to:
| Destination | Port | Purpose |
|---|---|---|
registry.npmjs.org | 443 | Download the Duo CLI package at runtime |
registry.gitlab.com | 443 | Download the default Docker image (unless using a custom image) |
If your organization cannot allow access to the public npm registry, you can use a custom Docker image with the required dependencies already installed.
{{< history >}}
{{< /history >}}
To help improve service quality, you can share usage data about GitLab Duo Agent Platform features with GitLab.
When you turn on data collection, GitLab logs information about GitLab Duo feature usage. This data is used exclusively for service improvement and debugging, and not for training AI models.
For more information about what data is collected, see Agent Platform usage data.
Prerequisites:
To turn on extended logging:
If you use a self-hosted AI gateway and self-hosted models, detailed logs are stored on your infrastructure and are not shared with GitLab. To share data with GitLab, you must configure your self-hosted AI Gateway to send traces to an external observability service.
You can use Service Ping to send usage data to GitLab. This data is different from the telemetry data.
{{< details >}}
{{< /details >}}
{{< history >}}
{{< /history >}}
You can determine if your instance meets the requirements to use GitLab Duo. When the health check completes, it displays a pass or fail result and the types of issues. If the health check fails any of the tests, users might not be able to use GitLab Duo features in your instance.
This is a beta feature.
Prerequisites:
To run a health check:
These tests are performed:
| Test | Description |
|---|---|
| AI Gateway | GitLab Duo Self-Hosted models only. Tests whether the AI Gateway URL is configured as an environment variable. This connectivity is required for self-hosted model deployments that use the AI Gateway. |
| Network | Tests whether your instance can connect to customers.gitlab.com and cloud.gitlab.com. |
If your instance cannot connect to either destination, ensure that your firewall or proxy server settings allow connection. | | Synchronization | Tests whether your subscription:
customers.gitlab.com.For GitLab instances earlier than version 17.10, if you are encountering any issues with the health check, see the troubleshooting page.
By default, GitLab Duo uses supported AI vendor language models and sends data through a cloud-based AI Gateway that's hosted by GitLab.
If you want to host your own language models or AI Gateway: