Using the Libravatar service with GitLab

GitLab by default supports the Gravatar avatar service.

Libravatar is another service that delivers your avatar (profile picture) to other websites. The Libravatar API is heavily based on Gravatar, so you can switch to the Libravatar avatar service or even your own Libravatar server.

You cannot use any Libravatar service including Gravatar in FIPS mode.

Change the Libravatar service to your own service

note
You can use only the MD5 hash in the URL for the Libravatar service. See issue 370057 for adding SHA-256 support.

In the gitlab.yml gravatar section, set the configuration options as follows:

For Linux package installations:

  1. Edit /etc/gitlab/gitlab.rb:

    gitlab_rails['gravatar_enabled'] = true
    #### For HTTPS
    gitlab_rails['gravatar_ssl_url'] = "https://seccdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
    #### Use this line instead for HTTP
    # gitlab_rails['gravatar_plain_url'] = "http://cdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
    
  2. To apply the changes, run sudo gitlab-ctl reconfigure.

For self-compiled installations:

  1. Edit config/gitlab.yml:

      gravatar:
        enabled: true
        # default: https://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
        plain_url: "http://cdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
        # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
        ssl_url: https://seccdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
    
  2. Save the file, and then restart GitLab for the changes to take effect.

Set the Libravatar service to default (Gravatar)

For Linux package installations:

  1. Delete gitlab_rails['gravatar_ssl_url'] or gitlab_rails['gravatar_plain_url'] from /etc/gitlab/gitlab.rb.
  2. To apply the changes, run sudo gitlab-ctl reconfigure.

For self-compiled installations:

  1. Remove gravatar: section from config/gitlab.yml.
  2. Save the file, then restart GitLab to apply the changes.

Disable Gravatar service

To disable Gravatar, for example, to prohibit third-party services, complete the following steps:

For Linux package installations:

  1. Edit /etc/gitlab/gitlab.rb:

    gitlab_rails['gravatar_enabled'] = false
    
  2. To apply the changes, run sudo gitlab-ctl reconfigure.

For self-compiled installations:

  1. Edit config/gitlab.yml:

      gravatar:
        enabled: false
    
  2. Save the file, then restart GitLab to apply the changes.

Your own Libravatar server

If you are running your own Libravatar service, the URL is different in the configuration, but you must provide the same placeholders so GitLab can parse the URL correctly.

For example, you host a service on https://libravatar.example.com and the ssl_url you must supply in gitlab.yml is:

https://libravatar.example.com/avatar/%{hash}?s=%{size}&d=identicon

Default URL for missing images

Libravatar supports different sets of missing images for user email addresses that are not found on the Libravatar service.

To use a set other than identicon, replace the &d=identicon portion of the URL with another supported set. For example, you can use the retro set, in which case the URL would look like: ssl_url: "https://seccdn.libravatar.org/avatar/%{hash}?s=%{size}&d=retro"

Usage examples for Microsoft Office 365

If your users are Office 365 users, the GetPersonaPhoto service can be used. This service requires a login, so this use case is most useful in a corporate installation where all users have access to Office 365.

gitlab_rails['gravatar_plain_url'] = 'http://outlook.office.com/owa/service.svc/s/GetPersonaPhoto?email=%{email}&size=HR120x120'
gitlab_rails['gravatar_ssl_url'] = 'https://outlook.office.com/owa/service.svc/s/GetPersonaPhoto?email=%{email}&size=HR120x120'