summaryrefslogtreecommitdiff
path: root/config.yml.example
blob: f3545ba335455b7f0b0d9f98201e8a6f82678964 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#
# If you change this file in a Merge Request, please also create
# a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
#

# GitLab user. git by default
user: git

# URL to GitLab instance, used for API calls. Default: http://localhost:8080.
# For relative URL support read http://doc.gitlab.com/ce/install/relative_url.html
# You only have to change the default if you have configured Unicorn
# to listen on a custom port, or if you have configured Unicorn to
# only listen on a Unix domain socket. For Unix domain sockets use
# "http+unix://<urlquoted-path-to-socket>", e.g.
# "http+unix://%2Fpath%2Fto%2Fsocket"
gitlab_url: "http+unix://%2Fhome%2Fgit%2Fgitlab%2Ftmp%2Fsockets%2Fgitlab-workhorse.socket"

# When a http+unix:// is used in gitlab_url, this is the relative URL root to GitLab.
# Not used if gitlab_url is http:// or https://.
# gitlab_relative_url_root: "/"

# See installation.md#using-https for additional HTTPS configuration details.
http_settings:
#  read_timeout: 300
#  user: someone
#  password: somepass
#  ca_file: /etc/ssl/cert.pem
#  ca_path: /etc/pki/tls/certs
#
#  The self_signed_cert option is deprecated
#  When it's set to true, any certificate is accepted, which may make machine-in-the-middle attack possible
#  Certificates specified in ca_file and ca_path are trusted anyway even if they are self-signed
#  Issue: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/120
  self_signed_cert: false

# File used as authorized_keys for gitlab user
auth_file: "/home/git/.ssh/authorized_keys"

# SSL certificate dir where custom certificates can be placed
# https://golang.org/pkg/crypto/x509/
# ssl_cert_dir: /opt/gitlab/embedded/ssl/certs/

# File that contains the secret key for verifying access to GitLab.
# Default is .gitlab_shell_secret in the gitlab-shell directory.
# secret_file: "/home/git/gitlab-shell/.gitlab_shell_secret"
#
# The secret field supersedes the secret_file, and if set that
# file will not be read.
# secret: "supersecret"

# Log file.
# Default is gitlab-shell.log in the root directory.
# log_file: "/home/git/gitlab-shell/gitlab-shell.log"

# Log level. INFO by default
log_level: INFO

# Log format. 'json' by default, can be changed to 'text' if needed
# log_format: json

# Audit usernames.
# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but
# incurs an extra API call on every gitlab-shell command.
audit_usernames: false

# Distributed Tracing. GitLab-Shell has distributed tracing instrumentation.
# For more details, visit https://docs.gitlab.com/ee/development/distributed_tracing.html
# gitlab_tracing: opentracing://driver

# This section configures the built-in SSH server. Ignored when running on OpenSSH.
sshd:
  # Address which the SSH server listens on. Defaults to [::]:22.
  listen: "[::]:22"
  # Set to true if gitlab-sshd is being fronted by a load balancer that implements
  # the PROXY protocol.
  proxy_protocol: false
  # Address which the server listens on HTTP for monitoring/health checks. Defaults to localhost:9122.
  web_listen: "localhost:9122"
  # Maximum number of concurrent sessions allowed on a single SSH connection. Defaults to 10.
  concurrent_sessions_limit: 10
  # The server waits for this time (in seconds) for the ongoing connections to complete before shutting down. Defaults to 10.
  grace_period: 10
  # The endpoint that returns 200 OK if the server is ready to receive incoming connections; otherwise, it returns 503 Service Unavailable. Defaults to "/start".
  readiness_probe: "/start"
  # The endpoint that returns 200 OK if the server is alive. Defaults to "/health".
  liveness_probe: "/health"
  # The server disconnects after this time (in seconds) if the user has not successfully logged in. Defaults to 60.
  login_grace_time: 60
  # SSH host key files.
  host_key_files:
    - /run/secrets/ssh-hostkeys/ssh_host_rsa_key
    - /run/secrets/ssh-hostkeys/ssh_host_ecdsa_key
    - /run/secrets/ssh-hostkeys/ssh_host_ed25519_key