GitLab Dependency Proxy administration
- Introduced in GitLab Premium 11.11.
- Moved to GitLab Free in GitLab 13.6.
GitLab can be used as a dependency proxy for a variety of common package managers.
This is the administration documentation. If you want to learn how to use the dependency proxies, see the user guide.
Enabling the Dependency Proxy feature
To enable the dependency proxy feature:
Omnibus GitLab installations
-
Edit
/etc/gitlab/gitlab.rb
and add the following line:gitlab_rails['dependency_proxy_enabled'] = true
- Save the file and reconfigure GitLab for the changes to take effect.
- Enable the Puma web server.
Helm chart installations
-
After the installation is complete, update the global
appConfig
to enable the feature:global: appConfig: dependencyProxy: enabled: true bucket: gitlab-dependency-proxy connection: {} secret: key:
For more information, see Configure Charts using Globals.
Installations from source
-
After the installation is complete, configure the
dependency_proxy
section inconfig/gitlab.yml
. Set totrue
to enable it:dependency_proxy: enabled: true
-
Restart GitLab for the changes to take effect.
Since Puma is already the default web server for installations from source as of GitLab 12.9, no further changes are needed.
Multi-node GitLab installations
Follow the steps for Omnibus GitLab installation for each Web and Sidekiq nodes.
Changing the storage path
By default, the dependency proxy files are stored locally, but you can change the default local location or even use object storage.
Changing the local storage path
The dependency proxy files for Omnibus GitLab installations are stored under
/var/opt/gitlab/gitlab-rails/shared/dependency_proxy/
and for source
installations under shared/dependency_proxy/
(relative to the Git home directory).
To change the local storage path:
Omnibus GitLab installations
-
Edit
/etc/gitlab/gitlab.rb
and add the following line:gitlab_rails['dependency_proxy_storage_path'] = "/mnt/dependency_proxy"
-
Save the file and reconfigure GitLab for the changes to take effect.
Installations from source
-
Edit the
dependency_proxy
section inconfig/gitlab.yml
:dependency_proxy: enabled: true storage_path: shared/dependency_proxy
-
Restart GitLab for the changes to take effect.
Using object storage
Instead of relying on the local storage, you can use an object storage to store the blobs of the dependency proxy.
Read more about using object storage with GitLab.
Omnibus GitLab installations
-
Edit
/etc/gitlab/gitlab.rb
and add the following lines (uncomment where necessary):gitlab_rails['dependency_proxy_enabled'] = true gitlab_rails['dependency_proxy_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/dependency_proxy" gitlab_rails['dependency_proxy_object_store_enabled'] = true gitlab_rails['dependency_proxy_object_store_remote_directory'] = "dependency_proxy" # The bucket name. gitlab_rails['dependency_proxy_object_store_direct_upload'] = false # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false). gitlab_rails['dependency_proxy_object_store_background_upload'] = true # Temporary option to limit automatic upload (Default: true). gitlab_rails['dependency_proxy_object_store_proxy_download'] = false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage. gitlab_rails['dependency_proxy_object_store_connection'] = { ## ## If the provider is AWS S3, uncomment the following ## #'provider' => 'AWS', #'region' => 'eu-west-1', #'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', #'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', ## ## If the provider is other than AWS (an S3-compatible one), uncomment the following ## #'host' => 's3.amazonaws.com', #'aws_signature_version' => 4 # For creation of signed URLs. Set to 2 if provider does not support v4. #'endpoint' => 'https://s3.amazonaws.com' # Useful for S3-compliant services such as DigitalOcean Spaces. #'path_style' => false # If true, use 'host/bucket_name/object' instead of 'bucket_name.host/object'. }
-
Save the file and reconfigure GitLab for the changes to take effect.
Installations from source
-
Edit the
dependency_proxy
section inconfig/gitlab.yml
(uncomment where necessary):dependency_proxy: enabled: true ## ## The location where build dependency_proxy are stored (default: shared/dependency_proxy). ## # storage_path: shared/dependency_proxy object_store: enabled: false remote_directory: dependency_proxy # The bucket name. # direct_upload: false # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false). # background_upload: true # Temporary option to limit automatic upload (Default: true). # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage. connection: ## ## If the provider is AWS S3, use the following ## provider: AWS region: us-east-1 aws_access_key_id: AWS_ACCESS_KEY_ID aws_secret_access_key: AWS_SECRET_ACCESS_KEY ## ## If the provider is other than AWS (an S3-compatible one), comment out the previous 4 lines and use the following instead: ## # host: 's3.amazonaws.com' # default: s3.amazonaws.com. # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. # endpoint: 'https://s3.amazonaws.com' # Useful for S3-compliant services such as DigitalOcean Spaces. # path_style: false # If true, use 'host/bucket_name/object' instead of 'bucket_name.host/object'.
-
Restart GitLab for the changes to take effect.
Disabling Authentication
Authentication was introduced in 13.7 as part of enabling private groups to use the Dependency Proxy. If you previously used the Dependency Proxy without authentication and need to disable this feature while you update your workflow to authenticate with the Dependency Proxy, the following commands can be issued in a Rails console:
# Disable the authentication
Feature.disable(:dependency_proxy_for_private_groups)
# Re-enable the authentication
Feature.enable(:dependency_proxy_for_private_groups)
The ability to disable this feature will be removed in 13.9.