Commit 47db2c3f authored by Steve Abrams's avatar Steve Abrams Committed by Nick Gaskill

Update dependency proxy docs with JWT expiration

Add notes to the Dependency Proxy docs about the JWT
expiration and how to configure it.
parent b382973c
......@@ -265,6 +265,20 @@ Feature.disable(:dependency_proxy_for_private_groups)
Feature.enable(:dependency_proxy_for_private_groups)
```
## Changing the JWT expiration
The Dependency Proxy follows the [Docker v2 token authentication flow](https://docs.docker.com/registry/spec/auth/token/),
issuing the client a JWT to use for the pull requests. The token expiration time is a configurable
using the application setting `container_registry_token_expire_delay`. It can be changed from the
rails console:
```ruby
# update the JWT expiration to 30 minutes
ApplicationSetting.update(container_registry_token_expire_delay: 30)
```
The default expiration and the expiration on GitLab.com is 15 minutes.
## Using the dependency proxy behind a proxy
1. Edit `/etc/gitlab/gitlab.rb` and add the following lines:
......
......@@ -96,6 +96,14 @@ You can authenticate using:
Users accessing the Dependency Proxy with a personal access token or username and password must
have at least the Guest role for the group they pull images from.
The Dependency Proxy follows the [Docker v2 token authentication flow](https://docs.docker.com/registry/spec/auth/token/),
issuing the client a JWT to use for the pull requests. The JWT issued as a result of authenticating
expires after some time. When the token expires, most Docker clients store your credentials and
automatically request a new token without further action.
The token expiration time is a [configurable setting](../../../administration/packages/dependency_proxy.md#changing-the-jwt-expiration).
On GitLab.com, the expiration time is 15 minutes.
#### SAML SSO
When [SSO enforcement](../../group/saml_sso/index.md#sso-enforcement)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment