Configure preferred repository access protocols with enable/disable options
It would be really nice to disable HTTP repository url. In my instance I only use the SSH one so the HTTP one presents dummy url starting with http://localhost/
Rationale: we have a firewalled installation of Gitlab that only permits https/http connections from outside. We only need to advertise the Smart HTTPS access on the dashboard (while the SSH is "secret" and only works internally from behind the firewall).
There are two places where this SSH access URL appears: in the address bar for each repo on the top, and within the initial setup instructions.
There is a related feature request for hiding HTTPS at http://feedback.gitlab.com/forums/176466-general/suggestions/3864195-add-option-to-disable-repository-http-url .
We’re accepting merge requests for adding two options to gitlab.yml for this: enable_git_over_ssh, enable_git_over_http
Just to add my two cents:
I want to allow ssh and https cloning, but NOT http cloning. I think the reasons should be obvious-- if I offer https and I'm not getting enormous (i.e., costly) traffic, there is no good reason to allow my users to download the code over an insecure connection. Even in a case where a user only wants to read the code, the small speed benefit doesn't outweigh the risks. I don't want it to be an option, and if it's not then I don't even need to care about the risks.
I'm getting an impression that people are using the term "http" as a shorthand for "http and https"-- that's why I wanted to comment.
Accounting Programmer commented
http://tasaheelteeba.com/?p=68 شركة تنظيف منازل بالمدينة المنورة
http://tasaheelteeba.com/?p=46 شركة مكافحة حشرات بالمدينة المنورة
http://tasaheelteeba.com/?p=41 شركة كشف تسربات بالمدينة المنورة
http://tasaheelteeba.com/?p=38 شركة تنظيف كنب بالمدينة المنورة
http://tasaheelteeba.com/?p=21 شركة تنظيف وغسيل الخزانات بالمدينة المنورة
http://tasaheelteeba.com/?p=8 شركة نقل العفش بالمدينة المنورة
http://tasaheelteeba.com/?p=192 شراء الاثاث المستعمل بالمدينة المنورة
http://tasaheelteeba.com/?p=99 شراء اثاث مستعمل بالمدينة المنورة
http://tasaheelteeba.com/?p=215 شركة غسيل كنب بالمدينة المنورة
http://tasaheelteeba.com/?p=225 شركة عزل خزانات بالمدينة المنورة
s7v7nislands there is no update, we're still accepting merge requests for this
where to post? github,or gitlab, or here?
Is someone still activly working on this?
may be an alternative solution is to have one "per project" setting witch can set each project can clone via ssh or not.
when one project is "public" there is no such config. and can only clone|push via http(s)
So you continue you PR ? In this case no necessary to continue mine. ;)
1) Good question for public repositories... Technically it would deactivate git clone at all, not very useful but not a problem if public repos are not used...
2) Yeah I was going on the same way. Disable views and, at least, services. But I don't well know where to do this...
The best is to try a PR with yours propositions and start a discussion directly with the collaborators! ;)
@Sullivan I will use your refs and the extra text if both are disabled. Like the keys tab on profile settings and the default_clone_protocol and address.
Do you have any suggestions for my 2 questions?
@Philipp, I started implement it here: https://github.com/Soullivaneuh/gitlabhq/tree/ssh-http
For now, I just an configuration option and modify the project view.
If you have more and want to continue it, please notify me because it not necessary to propose two identical pull request ! ;)
I'm just trying to implement this options but i have some questions. First of all what should happen to the clone panel on public repositories if http is disabled!?
Should we hide it because if you can't login, you can't add your key and ergo can't clone it.
Other question is related to the question from "Sullivan SENECHAL". Before i have to review the whole code it would be nice to get some hints where to disable the services and ssh keys of profile.
At first I'm going to hide the views and later disable the services.
I think if http or ssh disable, that must desactivate the service, not only the showed link, I'm right ?
Toms Seisums commented
Yeah, this would be great. Ultimately, it'd be nice if we could have something like Apache's "allow/deny" functionality, so we could enable/disable hosts that can do either of clones.
I'm using some tools that work with these repositories, and I have these tools on the same host as GitLab. So, adding localhost to the allow list and deny everything else would be wonderful!
Philipp Häfele, nobody is working on this, please submit an MR and leave a comment here linking to it.
Ben, that is why we are accepting MR's for two options, both enabled is what you want.
Ben Bodenmiller commented
I think there should be a third option that allows a user to specific the preferred option without disabling the others. For example if I have HTTP set as prefer I would expect that address to show up on the project page first.
Is there anybody working in this feature, because i would try to implement this options?
Would be great to be able to disable SSH and HTTP git methods independently. Seems like there are use cases for people using only one or the other...or both.
Possibility to disable GLOBALLY HTTPS/HTTPS pull/push,... achieve only SSH data access via rsa key.