https://blog.csdn.net/xukangkang1hao/article/details/80756085
gitlab使用webhook向jenkins發送請求,報錯 Requests to the local network are not allowed
以下是官方給出解釋:
鏈接:https://docs.gitlab.com/ee/security/webhooks.html
If you have non-GitLab web services running on your GitLab server or within its local network, these may be vulnerable to exploitation via Webhooks.
With?Webhooks, you and your project maintainers and owners can set up URLs to be triggered when specific things happen to projects. Normally, these requests are sent to external web services specifically set up for this purpose, that process the request and its attached data in some appropriate way.
Things get hairy, however, when a Webhook is set up with a URL that doesn't point to an external, but to an internal service, that may do something completely unintended when the webhook is triggered and the POST request is sent.
Because Webhook requests are made by the GitLab server itself, these have complete access to everything running on the server (http://localhost:123) or within the server's local network (http://192.168.1.12:345), even if these services are otherwise protected and inaccessible from the outside world.
If a web service does not require authentication, Webhooks can be used to trigger destructive commands by getting the GitLab server to make POST requests to endpoints like "http://localhost:123/some-resource/delete".
To prevent this type of exploitation from happening, starting with GitLab 10.6, all Webhook requests to the current GitLab instance server address and/or in a private network will be forbidden by default. That means that all requests made to 127.0.0.1, ::1 and 0.0.0.0, as well as IPv4 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 and IPv6 site-local (ffc0::/10) addresses won't be allowed.
This behavior can be overridden by enabling the option?"Allow requests to the local network from hooks and services"?in the?"Outbound requests"?section inside the Admin area under?Settings?(/admin/application_settings):
大致意思 gitlab 10.6 版本以后為了安全,不允許向本地網絡發送webhook請求,如果想向本地網絡發送webhook請求,則需要使用管理員帳號登錄,默認管理員帳號是admin@example.com,密碼就是你gitlab搭建好之后第一次輸入的密碼,登錄之后,?點擊Configure Gitlab ,如下圖所示
即可進入Admin area,在Admin area中,在settings標簽下面,找到OutBound Request,勾選上Allow requests to the local network from hooks and services ,保存更改即可解決問題
1、url is blocked requist to the local network are not allowed
解決:
https://blog.csdn.net/xukangkang1hao/article/details/80756085
gitlab使用webhook向jenkins發送請求,報錯 Requests to the local network are not allowed
以下是官方給出解釋:
鏈接:https://docs.gitlab.com/ee/security/webhooks.html
If you have non-GitLab web services running on your GitLab server or within its local network, these may be vulnerable to exploitation via Webhooks.
With?Webhooks, you and your project maintainers and owners can set up URLs to be triggered when specific things happen to projects. Normally, these requests are sent to external web services specifically set up for this purpose, that process the request and its attached data in some appropriate way.
Things get hairy, however, when a Webhook is set up with a URL that doesn't point to an external, but to an internal service, that may do something completely unintended when the webhook is triggered and the POST request is sent.
Because Webhook requests are made by the GitLab server itself, these have complete access to everything running on the server (http://localhost:123) or within the server's local network (http://192.168.1.12:345), even if these services are otherwise protected and inaccessible from the outside world.
If a web service does not require authentication, Webhooks can be used to trigger destructive commands by getting the GitLab server to make POST requests to endpoints like "http://localhost:123/some-resource/delete".
To prevent this type of exploitation from happening, starting with GitLab 10.6, all Webhook requests to the current GitLab instance server address and/or in a private network will be forbidden by default. That means that all requests made to 127.0.0.1, ::1 and 0.0.0.0, as well as IPv4 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 and IPv6 site-local (ffc0::/10) addresses won't be allowed.
This behavior can be overridden by enabling the option?"Allow requests to the local network from hooks and services"?in the?"Outbound requests"?section inside the Admin area under?Settings?(/admin/application_settings):
大致意思 gitlab 10.6 版本以后為了安全,不允許向本地網絡發送webhook請求,如果想向本地網絡發送webhook請求,則需要使用管理員帳號登錄,默認管理員帳號是admin@example.com,密碼就是你gitlab搭建好之后第一次輸入的密碼,登錄之后,?點擊Configure Gitlab ,如下圖所示
即可進入Admin area,在Admin area中,在settings標簽下面,找到OutBound Request,勾選上Allow requests to the local network from hooks and services ,保存更改即可解決問題
2、gitlab 頁面 503 錯誤 之前好好的,突然503錯誤
解決: 內存不夠了,清理一下緩存, gitlab很占內存,至少得5G以上才可以啟動
3、獲取gitlabtoken
參考地址 https://blog.csdn.net/u011215669/article/details/80458972
4、修改gitlab密碼
轉自 https://www.cnblogs.com/kevingrace/p/5985918.html
Gitlab安裝后,http://localhost訪問,首次訪問的時候,如果不知道管理員賬號和密碼,盡管可以注冊用戶,但注冊的用戶都不是管理員。這個時候,可以重置管理員的密碼,管理員默認是root。
重置管理員密碼(密碼要是8位)的方法如下:
[root@gitlab ~]# gitlab-rails console production
Loading production environment (Rails 4.1.1)
irb(main):001:0> user = User.where(id:1).first
irb(main):002:0> user.password='12345678'
irb(main):003:0> user.save!
這樣,Gitlab管理員的登錄權限就是:root/12345678,管理員的默認郵箱是部署機的本機郵箱,也是從本機發的郵件。這也就是為什么在開頭要安裝postfix。
6、設置用戶、組、權限
參照
http://www.cnblogs.com/zangxueyuan/p/9222014.html