简体繁体 English

限制从 gitlab.com 访问 gitlab-runner

[英]Limit access to gitlab-runner from gitlab.com

原文 2020-05-28 11:23:59 4 1 networking/ gitlab/ gitlab-ci-runner

I've installed a gitlab-runner instance on my server.我在我的服务器上安装了一个 gitlab-runner 实例。 I currently set up the firewall as allowing access to port 443, which the gitlab-runner is running on.我目前将防火墙设置为允许访问 gitlab-runner 正在运行的端口 443。 There are no further restrictions configured though and I'd like to see it limited to gitlab.com only.虽然没有配置进一步的限制，但我希望看到它仅限于 gitlab.com。

Is it possible to limit the source IPs to gitlab's?是否可以将源 IP 限制为 gitlab 的？ Or is it safe to have a firewall rule that just opens port 443 for the runner?或者有一个只为运行者打开端口 443 的防火墙规则是否安全？

Note: the executor is docker unprivileged注意：执行者是 docker 非特权

1 个解决方案

You dont need to open any incoming ports, all the communication is from your runner instance to the gitlab.com您不需要打开任何传入端口，所有通信都是从您的运行器实例到 gitlab.com

Your runner check every x time if there is a job to pull.您的跑步者每 x 次检查一次是否有工作要拉。 It just need an internet access to reach (https) the gitlab.com site.它只需要访问互联网即可访问 (https) gitlab.com 站点。

gitlab-runner 无法解析主机：gitlab.com - gitlab-runner Could not resolve host: gitlab.com

从网络访问Docker Gitlab实例 - Access to a Docker Gitlab instance from the network

Kubernetes 与印花布 Gitlab Runner Pod 无法到达外部 API - Kubernetes with Calico Gitlab Runner Pods can't reach external API

使用 gitlab-ci 时从服务中获取构建容器的名称 - Get the name of the build container from service when using gitlab-ci

如何从 .network 上的另一台计算机克隆本地 Gitlab 服务器上的存储库？ - How do I clone a repository on a local Gitlab server from another computer on the network?

GitLab Web Hook需要URL中的公共IP吗？ - GitLab Web Hook requires public ip in URL?

如何源码控制a.network文件夹到GitLab？ - How to source control a network folder to GitLab?

Kubernetes 集群（Debian10）在设置 GitLab Kubernetes 代理设置时无法连接 GitLab - Kubernetes Cluster (Debian10) not able to connect GitLab while setup GitLab Kubernetes Agent Setup

Gitlab SSL 握手失败服务器很可能需要客户端证书 - Gitlab SSL Handshake failed server most likely require client certificate

在 gitlab ci 中查找在 docker-compose 中运行的容器的 url/ip - Find url/ip of container running in docker-compose in gitlab ci

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 gitlab-runner 无法解析主机：gitlab.com - gitlab-runner Could not resolve host: gitlab.com 从网络访问Docker Gitlab实例 - Access to a Docker Gitlab instance from the network Kubernetes 与印花布 Gitlab Runner Pod 无法到达外部 API - Kubernetes with Calico Gitlab Runner Pods can't reach external API 使用 gitlab-ci 时从服务中获取构建容器的名称 - Get the name of the build container from service when using gitlab-ci 如何从 .network 上的另一台计算机克隆本地 Gitlab 服务器上的存储库？ - How do I clone a repository on a local Gitlab server from another computer on the network? GitLab Web Hook需要URL中的公共IP吗？ - GitLab Web Hook requires public ip in URL? 如何源码控制a.network文件夹到GitLab？ - How to source control a network folder to GitLab? Kubernetes 集群（Debian10）在设置 GitLab Kubernetes 代理设置时无法连接 GitLab - Kubernetes Cluster (Debian10) not able to connect GitLab while setup GitLab Kubernetes Agent Setup Gitlab SSL 握手失败服务器很可能需要客户端证书 - Gitlab SSL Handshake failed server most likely require client certificate 在 gitlab ci 中查找在 docker-compose 中运行的容器的 url/ip - Find url/ip of container running in docker-compose in gitlab ci

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM