1. 08 Dec, 2017 1 commit
    • Bob Van Landuyt's avatar
      Move the circuitbreaker check out in a separate process · f1ae1e39
      Bob Van Landuyt authored
      Moving the check out of the general requests, makes sure we don't have
      any slowdown in the regular requests.
      
      To keep the process performing this checks small, the check is still
      performed inside a unicorn. But that is called from a process running
      on the same server.
      
      Because the checks are now done outside normal request, we can have a
      simpler failure strategy:
      
      The check is now performed in the background every
      `circuitbreaker_check_interval`. Failures are logged in redis. The
      failures are reset when the check succeeds. Per check we will try
      `circuitbreaker_access_retries` times within
      `circuitbreaker_storage_timeout` seconds.
      
      When the number of failures exceeds
      `circuitbreaker_failure_count_threshold`, we will block access to the
      storage.
      
      After `failure_reset_time` of no checks, we will clear the stored
      failures. This could happen when the process that performs the checks
      is not running.
      f1ae1e39
  2. 29 Nov, 2017 1 commit
  3. 23 Nov, 2017 3 commits
  4. 17 Nov, 2017 1 commit
  5. 23 Oct, 2017 1 commit
  6. 17 Oct, 2017 1 commit
  7. 04 Sep, 2017 1 commit
  8. 01 Sep, 2017 2 commits
  9. 31 Aug, 2017 2 commits
  10. 30 Aug, 2017 2 commits
    • Nick Thomas's avatar
      Rework the permissions model for SSH key restrictions · 68470602
      Nick Thomas authored
      `allowed_key_types` is removed and the `minimum_<type>_bits` fields are
      renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies
      that the key type is disabled.
      
      This also feeds through to the UI - checkboxes per key type are out, inline
      selection of "forbidden" and "allowed" (i.e., no restrictions) are in.
      
      As with the previous model, unknown key types are disallowed, even if the
      underlying ssh daemon happens to support them. The defaults have also been
      changed from the lowest known bit size to "no restriction". So if someone
      does happen to have a 768-bit RSA key, it will continue to work on upgrade, at
      least until the administrator restricts them.
      68470602
    • Nick Thomas's avatar
      Add settings for minimum key strength and allowed key type · b0f982fb
      Nick Thomas authored
      This is an amalgamation of:
      
      * Cory Hinshaw: Initial implementation !5552
      * Rémy Coutable: Updates !9350
      * Nick Thomas: Resolve conflicts and add ED25519 support !13712
      b0f982fb
  11. 26 Aug, 2017 1 commit
  12. 22 Aug, 2017 2 commits
  13. 21 Aug, 2017 1 commit
    • Sean McGivern's avatar
      Only require sidekiq-limit_fetch when enabled in settings · 0db5f576
      Sean McGivern authored
      This gem allows Sidekiq jobs to be throttled. Unfortunately, it has a
      side-effect: when we haven't enabled job throttling, it will still hit Redis a
      lot (and miss, because nothing is configured).
      
      As this setting already required a restart, ensure that the library is only
      required when it's enabled.
      0db5f576
  14. 11 Aug, 2017 1 commit
  15. 02 Aug, 2017 1 commit
  16. 20 Jul, 2017 1 commit
  17. 13 Jul, 2017 1 commit
    • Robin Bobbitt's avatar
      Fixes needed when GitLab sign-in is not enabled · 672a68d3
      Robin Bobbitt authored
      When sign-in is disabled:
       - skip password expiration checks
       - prevent password reset requests
       - don’t show Password tab in User Settings
       - don’t allow login with username/password for Git over HTTP requests
       - render 404 on requests to Profiles::PasswordsController
      672a68d3
  18. 06 Jul, 2017 1 commit
  19. 05 Jul, 2017 1 commit
  20. 19 Jun, 2017 1 commit
  21. 16 Jun, 2017 1 commit
  22. 14 Jun, 2017 1 commit
  23. 02 Jun, 2017 2 commits
  24. 11 May, 2017 1 commit
    • Sean McGivern's avatar
      Allow disabling usage ping in `gitlab.yml` · 3c546acf
      Sean McGivern authored
      Setting `usage_ping_enabled` to false in `gitlab.yml`:
      
      1. Disables the usage ping, regardless of the value stored in the database.
      2. Prevents the usage ping from being enabled through the admin panel. It can
         only be enabled by either removing the line from `gitlab.yml` and configuring
         through the admin panel, or setting it to true in `gitlab.yml`.
      3c546acf
  25. 03 May, 2017 1 commit
  26. 28 Apr, 2017 2 commits
  27. 17 Apr, 2017 1 commit
  28. 14 Apr, 2017 4 commits
  29. 10 Apr, 2017 1 commit