ContextQMD
Back to Gitlabhq

IP allowlist

doc/administration/monitoring/ip_allowlist.md

18.11.21.4 KB
Original Source

{{< details >}}

  • Tier: Free, Premium, Ultimate
  • Offering: GitLab Self-Managed

{{< /details >}}

GitLab provides some monitoring endpoints that provide health check information when probed.

To control access to those endpoints through IP allowlisting, you can add single hosts or use IP ranges:

{{< tabs >}}

{{< tab title="Linux package (Omnibus)" >}}

  1. Open /etc/gitlab/gitlab.rb and add or uncomment the following:

    ruby
    gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '192.168.0.1']

  2. Save the file and reconfigure GitLab for the changes to take effect.

{{< /tab >}}

{{< tab title="Helm chart (Kubernetes)" >}}

You can set the required IPs under the gitlab.webservice.monitoring.ipWhitelist key. For example:

yaml
gitlab:
   webservice:
      monitoring:
         # Monitoring IP allowlist
         ipWhitelist:
         # Defaults
         - 0.0.0.0/0
         - ::/0

{{< /tab >}}

{{< tab title="Self-compiled (source)" >}}

  1. Edit config/gitlab.yml:

    yaml
    monitoring:
  # by default only local IPs are allowed to access monitoring resources
  ip_whitelist:
    - 127.0.0.0/8
    - 192.168.0.1

  2. Save the file and restart GitLab for the changes to take effect.

{{< /tab >}}

{{< /tabs >}}