IP allowlist
Offering: Self-managed
GitLab provides some monitoring endpoints that provide health check information when probed.
To control access to those endpoints through IP allowlisting, you can add single hosts or use IP ranges:
-
Open
/etc/gitlab/gitlab.rb
and add or uncomment the following:gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '192.168.0.1']
-
Save the file and reconfigure GitLab for the changes to take effect.
You can set the required IPs under the gitlab.webservice.monitoring.ipWhitelist
key. For example:
gitlab:
webservice:
monitoring:
# Monitoring IP allowlist
ipWhitelist:
- 0.0.0.0/0 # Default
-
Edit
config/gitlab.yml
:monitoring: # by default only local IPs are allowed to access monitoring resources ip_whitelist: - 127.0.0.0/8 - 192.168.0.1
-
Save the file and restart GitLab for the changes to take effect.