:title="s__('Serverless|Help shape the future of Serverless at GitLab')"
:button-text="s__('Serverless|Sign up for First Look')"
:button-link="surveyUrl"
@close="handleClose"
>
<p>
{{
s__(
'Serverless|We are continually striving to improve our Serverless functionality. As a Knative user, we would love to hear how we can make this experience better for you. Sign up for GitLab First Look today and we will be in touch shortly.',
@@ -96,7 +96,5 @@ they will receive a `Connection failed` message.
...
@@ -96,7 +96,5 @@ they will receive a `Connection failed` message.
> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/8413) in GitLab 8.17.
> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/8413) in GitLab 8.17.
Terminal sessions use long-lived connections; by default, these may last
Terminal sessions, by default, do not expire.
forever. You can configure a maximum session time in the Admin Area of your
You can limit terminal session lifetime in your GitLab instance. To do so, navigate to **{admin}**[**Admin Area > Settings > Web terminal**](../../user/admin_area/settings/index.md#general), and set a `max session time`.
GitLab instance if you find this undesirable from a scalability or security
@@ -21,10 +21,7 @@ This project will be used for self monitoring your GitLab instance.
...
@@ -21,10 +21,7 @@ This project will be used for self monitoring your GitLab instance.
1. Navigate to **Admin Area > Settings > Metrics and profiling**, and expand the **Self monitoring** section.
1. Navigate to **Admin Area > Settings > Metrics and profiling**, and expand the **Self monitoring** section.
1. Toggle the **Create Project** button on.
1. Toggle the **Create Project** button on.
1. It can take a few seconds for the project to be created. After the project is
1. Once your GitLab instance creates the project, you'll see a link to the project in the text above the **Create Project** toggle. You can also find it under **Projects > Your projects**.
created, GitLab displays a message with a link to the project. The project
will also be linked in the help text above the **Create Project** button. You can also
find the project under **Projects > Your projects**.
Instances deployed in our private subnets need to connect to the internet for updates, but should not be reachable from the public internet. To achieve this, we'll make use of [NAT Gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) deployed in each of our public subnets:
1. Navigate to the VPC dashboard and click on **NAT Gateways** in the left menu bar.
1. Click **Create NAT Gateway** and complete the following:
1.**Subnet**: Select `gitlab-public-10.0.0.0` from the dropdown.
1.**Elastic IP Allocation ID**: Enter an existing Elastic IP or click **Allocate Elastic IP address** to allocate a new IP to your NAT gateway.
1. Add tags if needed.
1. Click **Create NAT Gateway**.
Create a second NAT gateway but this time place it in the second public subnet, `gitlab-public-10.0.2.0`.
### Route Table
### Route Table
Up to now all our subnets are private. We need to create a Route Table
Up to now all our subnets are private. We need to create a Route Table
In the Admin Area **Settings** page, you can find various options for your GitLab
As an administrator of a GitLab self-managed instance, you can manage the behavior of your deployment. To do so, select **{admin}****Admin Area > Settings**.
instance like sign-up restrictions, account limits and quota, metrics, etc.
Navigate to it by going to **Admin Area > Settings**. Some of the settings
include:
-[Account and limit settings](account_and_limit_settings.md)**(STARTER)**
-[Continuous Integration and Deployment](continuous_integration.md)
-[Email](email.md)
-[Sign up restrictions](sign_up_restrictions.md)
-[Sign in restrictions](sign_in_restrictions.md)
-[Terms](terms.md)
-[Third party offers](third_party_offers.md)
-[Usage statistics](usage_statistics.md)
-[Visibility and access controls](visibility_and_access_controls.md)
-[User and IP rate limits](user_and_ip_rate_limits.md)
-[Help messages for the `/help` page and the login page](help_page.md)
-[Push event activities limit and bulk push events](push_event_activities_limit.md)
-[Gitaly timeouts](gitaly_timeouts.md)
NOTE: **Note:**
The admin area is not accessible on GitLab.com, and settings can only be changed by the
You can change the [first day of the week](../../profile/preferences.md) for the entire GitLab instance
GitLab.com administrators. See the [GitLab.com settings](../../gitlab_com/index.md)
in the **Localization** section of **Admin Area > Settings > Preferences**.
documentation for all current settings and limits on the GitLab.com instance.
## General
Access the default page for admin area settings by navigating to
**{admin}****Admin Area > Settings > General**:
| Option | Description |
| ------ | ----------- |
| [Visibility and access controls](visibility_and_access_controls.md) | Set default and restrict visibility levels. Configure import sources and Git access protocol. |
| [Account and limit](account_and_limit_settings.md)**(STARTER)** | Set projects and maximum size limits, session duration, user options, and check feature availability for namespace plan. |
| [PlantUML](../../../administration/integration/plantuml.md#gitlab) | Allow rendering of PlantUML diagrams in Asciidoc documents. |
| [Slack application](../../../user/project/integrations/gitlab_slack_application.md#configuration)**(FREE ONLY)** | Slack integration allows you to interact with GitLab via slash commands in a chat window. This option is only available on GitLab.com, though it may be [available for self-managed instances in the future](https://gitlab.com/gitlab-org/gitlab/-/issues/28164). |
| [Third party offers](third_party_offers.md) | Control the display of third party offers. |
| [Snowplow](../../../telemetry/index.md#enabling-tracking) | Configure the Snowplow integration. |
| [Amazon EKS](../../project/clusters/add_remove_clusters.md#additional-requirements-for-self-managed-instances-core-only) | Amazon EKS integration allows you to provision EKS clusters from GitLab. |
| [Continuous Integration and Deployment](continuous_integration.md) | Auto DevOps, runners and job artifacts. |
| [Required pipeline configuration](continuous_integration.md#required-pipeline-configuration-premium-only)**(PREMIUM ONLY)** | Set an instance-wide auto included [pipeline configuration](../../../ci/yaml/README.md). This pipeline configuration will be run after the project's own configuration. |
| [Package Registry](continuous_integration.md#package-registry-configuration-premium-only)**(PREMIUM ONLY)**| Settings related to the use and experience of using GitLab's Package Registry. |
Most of the settings under the Admin Area change the behavior of the whole
## Reporting
GitLab instance. For GitLab.com, the admin settings are available only for the
GitLab.com administrators, and the parameters can be found on the
| [Spam and Anti-bot Protection](../../../integration/recaptcha.md) | Enable reCAPTCHA or Akismet and set IP limits. For reCAPTCHA, we currently only support [v2](https://developers.google.com/recaptcha/docs/versions). |
| [Abuse reports](../abuse_reports.md) | Set notification email for abuse reports. |
| [Metrics - Grafana](../../../administration/monitoring/performance/grafana_configuration.md#integration-with-gitlab-ui) | Enable and configure Grafana. |
| [Profiling - Performance bar](../../../administration/monitoring/performance/performance_bar.md#enable-the-performance-bar-via-the-admin-panel) | Enable access to the Performance Bar for a given group. |
| [Usage statistics](usage_statistics.md) | Enable or disable version check and usage ping. |
| [Pseudonymizer data collection](../../../administration/pseudonymizer.md)**(ULTIMATE)** | Enable or disable the Pseudonymizer data collection. |
## Network
| Option | Description |
| ------ | ----------- |
| Performance optimization | [Write to "authorized_keys" file](../../../administration/operations/fast_ssh_key_lookup.md#setting-up-fast-lookup-via-gitlab-shell) and [Push event activities limit and bulk push events](push_event_activities_limit.md). Various settings that affect GitLab performance. |
| [User and IP rate limits](user_and_ip_rate_limits.md) | Configure limits for web and API requests. |
| [Outbound requests](../../../security/webhooks.md) | Allow requests to the local network from hooks and services. |
| [Protected Paths](protected_paths.md) | Configure paths to be protected by Rack Attack. |
| [Incident Management](../../incident_management/index.md) Limits | Configure limits on the number of inbound alerts able to be sent to a project. |
## Geo
| Option | Description |
| ------ | ----------- |
| Geo | Geo allows you to replicate your GitLab instance to other geographical locations. Redirects to **{admin}****Admin Area >****{location-dot}****Geo >****{settings}****Settings**, and will no longer be available at **{admin}****Admin Area >****{settings}****Settings >****{location-dot}****Geo** in [GitLab 13.0](https://gitlab.com/gitlab-org/gitlab/-/issues/36896). |
## Preferences
| Option | Description |
| ------ | ----------- |
| [Email](email.md) | Various email settings. |
| [Help page](../../../customization/help_message.md) | Help page text and support page url. |
| [Pages](../../../administration/pages/index.md#custom-domain-verification) | Size and domain settings for static websites |
| [Real-time features](../../../administration/polling.md) | Change this value to influence how frequently the GitLab UI polls for updates. |
| Localization | [Default first day of the week](../../profile/preferences.md) and [Time tracking](../../project/time_tracking.md#limit-displayed-units-to-hours-core-only). |
NOTE: **Note:**
You can change the [Default first day of the week](../../profile/preferences.md) for the entire GitLab instance
in the **Localization** section of **Admin Area > Settings > Preferences**.
This document describes how to operate Secure scanners offline.
It is possible to run most of the GitLab security scanners when not
connected to the internet.
## Overview
This document describes how to operate Secure scanners in an air-gapped or offline envionment. These instructions also apply to
self-managed installations that are secured, have security policies (e.g., firewall policies), or otherwise restricted from
accessing the full internet. These instructions are designed for physically disconnected networks,
but can also be followed in these other use cases.
It is possible to run most of the GitLab security scanners when not
## Air-gapped (or offline) environments
connected to the internet, in what is sometimes known as an offline,
limited connectivity, Local Area Network (LAN), Intranet, or "air-gap"
In this situation, the GitLab instance can be one or more servers and services that can communicate
environment.
on a local network, but with no or very restricted access to the internet. Assume anything within
the GitLab instance and supporting infrastructure (for example, a private Maven repository) can be
accessed through a local network connection. Assume any files from the internet must come in through
physical media (USB drive, hard drive, writeable DVD, etc.).
In this situation, the GitLab instance can be one, or more, servers and services running in a network that can talk to one another, but have zero, or perhaps very restricted access to the internet. Assume anything within the GitLab instance and supporting infrastructure (private Maven repository for example) can be accessed via local network connection. Assume any files from the internet must come in via physical media (USB drive, hard drive).
## Overview
GitLab scanners generally will connect to the internet to download the
GitLab scanners generally will connect to the internet to download the
latest sets of signatures, rules, and patches. A few extra steps are necessary
latest sets of signatures, rules, and patches. A few extra steps are necessary
to configure the tools to not do this and to still function properly.
to configure the tools to function properly by using resources available on your local network.
### Container registries and package repositories
### Container registries and package repositories
At a high-level, each of the security analyzers are delivered as Docker
At a high-level, the security analyzers are delivered as Docker images and
containers and reference various package repositories. When you run a job on
may leverage various package repositories. When you run a job on
an internet-connected GitLab installation, GitLab checks the GitLab.com-hosted
an internet-connected GitLab installation, GitLab checks the GitLab.com-hosted
container registry and package repositories to ensure that you have
container registry to check that you have the latest versions of these Docker images
the latest versions.
and possibly connect to package repositories to install necessary dependencies.
In an air-gapped environment, this must be disabled so that GitLab.com is not
In an air-gapped environment, these checks must be disabled so that GitLab.com is not
queried. Because the GitLab.com registry and repositories are not available,
queried. Because the GitLab.com registry and repositories are not available,
you must update each of the scanners to either reference a different,
you must update each of the scanners to either reference a different,
internally-hosted registry or provide access to the individual scanner images.
internally-hosted registry or provide access to the individual scanner images.
You must also ensure that your app has access to common package repos
You must also ensure that your app has access to common package repositories
that are not hosted on GitLab.com, such as npm, yarn, or rubygems. Packages
that are not hosted on GitLab.com, such as npm, yarn, or rubygems. Packages
from these repos can be obtained by temporarily connecting to a network or by
from these repos can be obtained by temporarily connecting to a network or by
mirroring the packages inside your own offline network.
mirroring the packages inside your own offline network.
### Interacting with the vulnerabilities
Once a vulnerability is found, you can interact with it. Read more on how to [interact with the vulnerabilities](../index.md#interacting-with-the-vulnerabilities).
Please note that in some cases the reported vulnerabilities provide metadata that can contain external links exposed in the UI. These links might not be accessible within an air-gapped (or offline) environment.
### Scanner signature and rule updates
### Scanner signature and rule updates
When connected to the internet, some scanners will reference public databases
When connected to the internet, some scanners will reference public databases
for the latest sets of signatures and rules to check against. Without connectivity,
for the latest sets of signatures and rules to check against. Without connectivity,
this is not possible. Depending on the scanner, you must therefore disable
this is not possible. Depending on the scanner, you must therefore disable
these automatic update checks and either use the databases that they came
these automatic update checks and either use the databases that they came
with or manually update those databases.
with and manually update those databases or provide access to your own copies
msgid "CycleAnalyticsEvent|Merge Request label was added"
msgid "CycleAnalyticsEvent|Merge request closed"
msgstr ""
msgstr ""
msgid "CycleAnalyticsEvent|Merge Request label was removed"
msgid "CycleAnalyticsEvent|Merge request created"
msgstr ""
msgstr ""
msgid "CycleAnalyticsEvent|Merge request closed"
msgid "CycleAnalyticsEvent|Merge request first deployed to production"
msgstr ""
msgstr ""
msgid "CycleAnalyticsEvent|Merge request created"
msgid "CycleAnalyticsEvent|Merge request label was added"
msgstr ""
msgstr ""
msgid "CycleAnalyticsEvent|Merge request first deployed to production"
msgid "CycleAnalyticsEvent|Merge request label was removed"
msgstr ""
msgstr ""
msgid "CycleAnalyticsEvent|Merge request last build finish time"
msgid "CycleAnalyticsEvent|Merge request last build finish time"
...
@@ -11161,6 +11161,9 @@ msgstr ""
...
@@ -11161,6 +11161,9 @@ msgstr ""
msgid "Issue events"
msgid "Issue events"
msgstr ""
msgstr ""
msgid "Issue first depoloyed to production"
msgstr ""
msgid "Issue or Merge Request ID is required"
msgid "Issue or Merge Request ID is required"
msgstr ""
msgstr ""
...
@@ -17972,6 +17975,9 @@ msgstr ""
...
@@ -17972,6 +17975,9 @@ msgstr ""
msgid "Serverless|Getting started with serverless"
msgid "Serverless|Getting started with serverless"
msgstr ""
msgstr ""
msgid "Serverless|Help shape the future of Serverless at GitLab"
msgstr ""
msgid "Serverless|If you believe none of these apply, please check back later as the function data may be in the process of becoming available."
msgid "Serverless|If you believe none of these apply, please check back later as the function data may be in the process of becoming available."
msgstr ""
msgstr ""
...
@@ -17984,6 +17990,9 @@ msgstr ""
...
@@ -17984,6 +17990,9 @@ msgstr ""
msgid "Serverless|No functions available"
msgid "Serverless|No functions available"
msgstr ""
msgstr ""
msgid "Serverless|Sign up for First Look"
msgstr ""
msgid "Serverless|The deploy job has not finished."
msgid "Serverless|The deploy job has not finished."
msgstr ""
msgstr ""
...
@@ -17993,6 +18002,9 @@ msgstr ""
...
@@ -17993,6 +18002,9 @@ msgstr ""
msgid "Serverless|There is currently no function data available from Knative. This could be for a variety of reasons including:"
msgid "Serverless|There is currently no function data available from Knative. This could be for a variety of reasons including:"
msgstr ""
msgstr ""
msgid "Serverless|We are continually striving to improve our Serverless functionality. As a Knative user, we would love to hear how we can make this experience better for you. Sign up for GitLab First Look today and we will be in touch shortly."
msgstr ""
msgid "Serverless|Your %{startTag}.gitlab-ci.yml%{endTag} file is not properly configured."
msgid "Serverless|Your %{startTag}.gitlab-ci.yml%{endTag} file is not properly configured."