GitLab Instance - Security Best Practices
To get started securing your admin account and your GitLab server, check out our blog post with suggestions for some great starting configurations to consider.
Below is a helpful checklist of configuration options and topics from the blog article:
-
Long root password, stored in a vault. -
Install trusted SSL certificate, and establish a process for renewal/revocation. -
Configure SSH key restrictions per your company's guidelines. -
Disable sign-up. -
Require email confirmation. -
Set password length limit, configure SSO or SAML user management. -
Limit email domains (if allowing sign-up). -
Require 2FA. -
Disable password authentication for Git over HTTPS. -
Email notification for unknown sign-ins. -
Configure user and IP rate limits. -
Limit webhooks local access. -
Rate limit for protected paths.
This is not intended to be a comprehensive guide to security. Securing a server is a job that is never finished, so this is intended to serve as a quick start guide helping new admins know which options to consider for their organization.