Add user docs for Pages access control
This commit is contained in:
parent
547952b4a9
commit
a019c9c7ce
|
@ -244,8 +244,9 @@ This setting is enabled by default.
|
|||
|
||||
### Access control
|
||||
|
||||
Access control was [introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/33422)
|
||||
in GitLab 11.5. It can be configured per-project, and allows access to a Pages
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/33422) in GitLab 11.5.
|
||||
|
||||
GitLab Pages access control can be configured per-project, and allows access to a Pages
|
||||
site to be controlled based on a user's membership to that project.
|
||||
|
||||
Access control works by registering the Pages daemon as an OAuth application
|
||||
|
@ -259,15 +260,16 @@ Each request to view a resource in a private site is authenticated by Pages
|
|||
using that token. For each request it receives, it makes a request to the GitLab
|
||||
API to check that the user is authorized to read that site.
|
||||
|
||||
Pages access control is currently disabled by default. To enable it, you must:
|
||||
Pages access control is disabled by default. To enable it:
|
||||
|
||||
1. Enable it in `/etc/gitlab/gitlab.rb`
|
||||
1. Enable it in `/etc/gitlab/gitlab.rb`:
|
||||
|
||||
```ruby
|
||||
gitlab_pages['access_control'] = true
|
||||
```
|
||||
|
||||
1. [Reconfigure GitLab][reconfigure]
|
||||
1. [Reconfigure GitLab][reconfigure].
|
||||
1. Users can now configure it in their [projects' settings](../../user/project/pages/introduction.md#gitlab-pages-access-control-core-only).
|
||||
|
||||
## Activate verbose logging for daemon
|
||||
|
||||
|
|
|
@ -393,8 +393,9 @@ server_name ~^.*\.pages\.example\.io$;
|
|||
|
||||
## Access control
|
||||
|
||||
Access control was [introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/33422)
|
||||
in GitLab 11.5. It can be configured per-project, and allows access to a Pages
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/33422) in GitLab 11.5.
|
||||
|
||||
GitLab Pages access control can be configured per-project, and allows access to a Pages
|
||||
site to be controlled based on a user's membership to that project.
|
||||
|
||||
Access control works by registering the Pages daemon as an OAuth application
|
||||
|
@ -408,15 +409,17 @@ Each request to view a resource in a private site is authenticated by Pages
|
|||
using that token. For each request it receives, it makes a request to the GitLab
|
||||
API to check that the user is authorized to read that site.
|
||||
|
||||
Pages access control is currently disabled by default. To enable it, you must:
|
||||
Pages access control is disabled by default. To enable it:
|
||||
|
||||
1. Modify your `config/gitlab.yml` file:
|
||||
|
||||
```yaml
|
||||
pages:
|
||||
access_control: true
|
||||
```
|
||||
1. [Restart GitLab][restart]
|
||||
1. Create a new [system OAuth application](../../integration/oauth_provider.md#adding-an-application-through-the-profile)
|
||||
|
||||
1. [Restart GitLab][restart].
|
||||
1. Create a new [system OAuth application](../../integration/oauth_provider.md#adding-an-application-through-the-profile).
|
||||
This should be called `GitLab Pages` and have a `Redirect URL` of
|
||||
`https://projects.example.io/auth`. It does not need to be a "trusted"
|
||||
application, but it does need the "api" scope.
|
||||
|
@ -429,6 +432,8 @@ Pages access control is currently disabled by default. To enable it, you must:
|
|||
-auth-server <URL of the GitLab instance>
|
||||
```
|
||||
|
||||
1. Users can now configure it in their [projects' settings](../../user/project/pages/introduction.md#gitlab-pages-access-control-core-only).
|
||||
|
||||
## Change storage path
|
||||
|
||||
Follow the steps below to change the default path where GitLab Pages' contents
|
||||
|
|
|
@ -95,7 +95,7 @@ The following table depicts the various user permission levels in a project.
|
|||
| Manage GitLab Pages | | | | ✓ | ✓ |
|
||||
| Manage GitLab Pages domains and certificates | | | | ✓ | ✓ |
|
||||
| Remove GitLab Pages | | | | | ✓ |
|
||||
| View GitLab Pages protected by [access control](../administration/pages/index.md#access-control) | ✓ | ✓ | ✓ | ✓ | ✓ |
|
||||
| View GitLab Pages protected by [access control](project/pages/introduction.md#gitlab-pages-access-control-core-only) | ✓ | ✓ | ✓ | ✓ | ✓ |
|
||||
| Manage clusters | | | | ✓ | ✓ |
|
||||
| Manage license policy **[ULTIMATE]** | | | | ✓ | ✓ |
|
||||
| Edit comments (posted by any user) | | | | ✓ | ✓ |
|
||||
|
|
|
@ -441,6 +441,46 @@ The rest of the guide still applies.
|
|||
|
||||
See also: [GitLab Pages from A to Z: Part 1 - Static sites and GitLab Pages domains](getting_started_part_one.md#gitlab-pages-domain).
|
||||
|
||||
## GitLab Pages access control **[CORE ONLY]**
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/33422) in GitLab 11.5.
|
||||
|
||||
NOTE: **Note:**
|
||||
GitLab Pages access control is not activated on GitLab.com.
|
||||
|
||||
You can enable Pages access control on your project, so that only
|
||||
[members of your project](../../permissions.md#project-members-permissions)
|
||||
(at least Guest) can access your website:
|
||||
|
||||
1. Navigate to your project's **Settings > General > Permissions**.
|
||||
1. Toggle the **Pages** button to enable the access control.
|
||||
|
||||
NOTE: **Note:**
|
||||
If you don't see the toggle button, that means that it's not enabled.
|
||||
Ask your administrator to [enable it](../../../administration/pages/index.md#access-control).
|
||||
|
||||
1. The Pages access control dropdown allows you to set who can view pages hosted
|
||||
with GitLab Pages, depending on your project's visibility:
|
||||
|
||||
- If your project is private:
|
||||
- **Only project members**: Only project members will be able to browse the website.
|
||||
- **Everyone**: Everyone, both logged into and logged out of GitLab, will be able to browse the website, no matter their project membership.
|
||||
- If your project is internal:
|
||||
- **Only project members**: Only project members will be able to browse the website.
|
||||
- **Everyone with access**: Everyone logged into GitLab will be able to browse the website, no matter their project membership.
|
||||
- **Everyone**: Everyone, both logged into and logged out of GitLab, will be able to browse the website, no matter their project membership.
|
||||
- If your project is public:
|
||||
- **Only project members**: Only project members will be able to browse the website.
|
||||
- **Everyone with access**: Everyone, both logged into and logged out of GitLab, will be able to browse the website, no matter their project membership.
|
||||
|
||||
1. Click **Save changes**.
|
||||
|
||||
---
|
||||
|
||||
The next time someone tries to access your website and the access control is
|
||||
enabled, they will be presented with a page to sign into GitLab and verify they
|
||||
can access the website.
|
||||
|
||||
## Limitations
|
||||
|
||||
When using Pages under the general domain of a GitLab instance (`*.example.io`),
|
||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 49 KiB After Width: | Height: | Size: 45 KiB |
Loading…
Reference in New Issue