| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\
| |
| |
| |
| | |
Implement ClientKeepAlive option
See merge request gitlab-org/gitlab-shell!622
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Git clients sometimes open a connection and leave it idling,
like when compressing objects.
Settings like timeout client in HAProxy might cause these
idle connections to be terminated.
Let's send the keepalive message in order to prevent a client
from closing
|
|\ \
| |/
|/|
| |
| | |
build: bump go-proxyproto to 0.6.2
See merge request gitlab-org/gitlab-shell!610
|
| | |
|
|\ \
| | |
| | |
| | |
| | | |
Release 14.1.1
See merge request gitlab-org/gitlab-shell!621
|
|/ /
| |
| |
| | |
- Log the error that happens on sconn.Wait() !613
|
|\ \
| | |
| | |
| | |
| | | |
Use require.WithinDuration to fix flaky test
See merge request gitlab-org/gitlab-shell!617
|
| |/ |
|
|\ \
| | |
| | |
| | |
| | | |
Log the error that happens on sconn.Wait()
See merge request gitlab-org/gitlab-shell!613
|
| |/
| |
| |
| |
| |
| |
| | |
Warning level is used because a non-nil error is logged even for
successful scenarios
We plan to use it for debug reasons
|
|\ \
| | |
| | |
| | |
| | | |
Release 14.1.0
See merge request gitlab-org/gitlab-shell!620
|
|/ / |
|
|\ \
| | |
| | |
| | |
| | | |
Make PROXY policy configurable
See merge request gitlab-org/gitlab-shell!619
|
| | |
| | |
| | |
| | |
| | | |
It would give us more flexibility when we decide to enable
PROXY protocol
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
Exclude authentication errors from error rate
See merge request gitlab-org/gitlab-shell!611
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Most of the time a connection fails due to the client's
misconfiguration or when a client cancels a request, so we
shouldn't treat them as an error
Warnings will help us to track the errors whether
they happened on the server-side
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Fix check_ip argument when gitlab-sshd used with PROXY protocol
See merge request gitlab-org/gitlab-shell!616
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When gitlab-sshd were used with the PROXY protocol, the `check_ip`
argument passed to `/api/v4/internal/allowed` was the Go remote
address, which is a host and port combination
(e.g. 127.0.0.1:12345). As a result, This prevents IP restrictions
from working properly on Rails. We fix this by stripping out the port
if it is present.
When OpenSSH is used, this is not an issue because the IP address
is extracted from `SSH_CONNECTION`.
Changelog: fixed
|
|\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | | |
Remove departed team member from CODEOWNERS
See merge request gitlab-org/gitlab-shell!615
|
|/ / / |
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
Use labkit for FIPS check
See merge request gitlab-org/gitlab-shell!607
|
|/ /
| |
| |
| |
| | |
New version of LabKit provides FIPS checks that we can use instead
of the custom code
|
|\ \
| | |
| | |
| | |
| | | |
Release 14.0.0
See merge request gitlab-org/gitlab-shell!609
|
|/ /
| |
| |
| | |
Always use Gitaly sidechannel connections !567
|
|\ \
| | |
| | |
| | |
| | | |
Always use Gitaly sidechannel connections
See merge request gitlab-org/gitlab-shell!567
|
|/ /
| |
| |
| |
| |
| |
| | |
Before this change, the GitLab internal API could use a boolean
response field to indicate whether gitlab-shell should make
sidechannel connections go Gitaly. We now ignore that response field
and always use sidechannel connections.
|
|\ \
| | |
| | |
| | |
| | | |
Release 13.26.0
See merge request gitlab-org/gitlab-shell!608
|
|/ /
| |
| |
| |
| |
| | |
- Add JWT token to GitLab Rails request !596
- Drop go 1.16 support !601
- Remove `self_signed_cert` option !602
|
|\ \
| | |
| | |
| | |
| | | |
Remove deprecated function NewHTTPClient
See merge request gitlab-org/gitlab-shell!603
|
| | |
| | |
| | |
| | |
| | |
| | | |
Contributes to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/484
Changelog: removed
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
Add JWT token to GitLab Rails request
See merge request gitlab-org/gitlab-shell!596
|
|/ /
| |
| |
| |
| | |
It is passed as a Gitlab-Shell-Api-Request header and uses
the same shared secret in order to encrypt the token
|
|\ \
| | |
| | |
| | |
| | | |
drop go 1.16 support
See merge request gitlab-org/gitlab-shell!601
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Remove `self_signed_cert` option
See merge request gitlab-org/gitlab-shell!602
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
Contributes to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/541
Changelog: removed
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
feat: replace status mutex with RWMutex
See merge request gitlab-org/gitlab-shell!604
|
| |/ / |
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Release v13.25.2
See merge request gitlab-org/gitlab-shell!606
|
|/ / / |
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
Revert "Abort long-running unauthenticated SSH connections"
See merge request gitlab-org/gitlab-shell!605
|
|/ /
| |
| |
| | |
This reverts commit 3a2c8f2c47774a35d840ec8baf54341beede5d43.
|
|\ \
| | |
| | |
| | |
| | | |
Bump Go to 1.17.9 for asdf users
See merge request gitlab-org/gitlab-shell!600
|
| |/ |
|
|\ \
| |/
|/|
| |
| | |
Fix typo in FIPS mode message
See merge request gitlab-org/gitlab-shell!599
|
|/
|
|
| |
Rename Gitaly -> gitlab-shell
|
|\
| |
| |
| |
| | |
Release 13.25.1
See merge request gitlab-org/gitlab-shell!598
|
|/ |
|
|\
| |
| |
| |
| | |
Add support for FIPS encryption
See merge request gitlab-org/gitlab-shell!597
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds support of using a FIPS-validated SSL library with
compiled Go executables when `FIPS_MODE=1 make` is run. A Go compiler
that supports BoringSSL either directly (e.g. the `dev.boringcrypto`
branch) or with a dynamically linked OpenSSL
(e.g. https://github.com/golang-fips/go) is required.
This is similar to the changes to support FIPS in GitLab Runner and in
GitLab Pages:
https://gitlab.com/gitlab-org/gitlab-pages/-/merge_requests/716
Changelog: added
|