[英]Limit access to gitlab-runner from gitlab.com
I've installed a gitlab-runner instance on my server.我在我的服务器上安装了一个 gitlab-runner 实例。 I currently set up the firewall as allowing access to port 443, which the gitlab-runner is running on.我目前将防火墙设置为允许访问 gitlab-runner 正在运行的端口 443。 There are no further restrictions configured though and I'd like to see it limited to gitlab.com only.虽然没有配置进一步的限制,但我希望看到它仅限于 gitlab.com。
Is it possible to limit the source IPs to gitlab's?是否可以将源 IP 限制为 gitlab 的? Or is it safe to have a firewall rule that just opens port 443 for the runner?或者有一个只为运行者打开端口 443 的防火墙规则是否安全?
Note: the executor is docker unprivileged注意:执行者是 docker 非特权
You dont need to open any incoming ports, all the communication is from your runner instance to the gitlab.com您不需要打开任何传入端口,所有通信都是从您的运行器实例到 gitlab.com
Your runner check every x time if there is a job to pull.您的跑步者每 x 次检查一次是否有工作要拉。 It just need an internet access to reach (https) the gitlab.com site.它只需要访问互联网即可访问 (https) gitlab.com 站点。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.