GitLab.com settings · Gitlab 中文文档

# GitLab.com settings > 原文：[https://docs.gitlab.com/ee/user/gitlab_com/](https://docs.gitlab.com/ee/user/gitlab_com/) * [SSH host keys fingerprints](#ssh-host-keys-fingerprints) * [SSH `known_hosts` entries](#ssh-known_hosts-entries) * [Mail configuration](#mail-configuration) * [Backups](#backups) * [Alternative SSH port](#alternative-ssh-port) * [GitLab Pages](#gitlab-pages) * [GitLab CI/CD](#gitlab-cicd) * [Repository size limit](#repository-size-limit) * [IP range](#ip-range) * [Maximum number of webhooks](#maximum-number-of-webhooks) * [Shared Runners](#shared-runners) * [Linux Shared Runners](#linux-shared-runners) * [Pre-clone script](#pre-clone-script) * [`config.toml`](#configtoml) * [Windows Shared Runners (beta)](#windows-shared-runners-beta) * [Configuration](#configuration) * [Example](#example) * [Limitations and known issues](#limitations-and-known-issues) * [Sidekiq](#sidekiq) * [PostgreSQL](#postgresql) * [Unicorn](#unicorn) * [GitLab.com-specific rate limits](#gitlabcom-specific-rate-limits) * [HAProxy API throttle](#haproxy-api-throttle) * [Rack Attack initializer](#rack-attack-initializer) * [Protected paths throttle](#protected-paths-throttle) * [Git and container registry failed authentication ban](#git-and-container-registry-failed-authentication-ban) * [Admin Area settings](#admin-area-settings) * [Visibility settings](#visibility-settings) * [SSH maximum number of connections](#ssh-maximum-number-of-connections) * [Import/export](#importexport) * [GitLab.com Logging](#gitlabcom-logging) * [GitLab.com at scale](#gitlabcom-at-scale) * [Elastic Cluster](#elastic-cluster) * [Fluentd](#fluentd) * [Prometheus](#prometheus) * [Grafana](#grafana) * [Sentry](#sentry) * [Consul](#consul) * [HAProxy](#haproxy) # GitLab.com settings[](#gitlabcom-settings "Permalink") 在此页面中，您将找到有关[GitLab.com](https://about.gitlab.com/pricing/)上使用的设置的信息. ## SSH host keys fingerprints[](#ssh-host-keys-fingerprints "Permalink") 以下是 GitLab.com 的 SSH 主机密钥的指纹. 首次连接到 GitLab.com 存储库时，您将在输出中看到这些键之一. | Algorithm | MD5（已弃用） | SHA256 | | --- | --- | --- | | DSA（已弃用） | `7a:47:81:3a:ee:89:89:64:33:ca:44:52:3d:30:d4:87` | `p8vZBUOR0XQz6sYiaWSMLmh0t9i8srqYKool/Xfdfqw` | | ECDSA | `f1:d0:fb:46:73:7a:70:92:5a:ab:5d:ef:43:e2:1c:35` | `HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw` | | ED25519 | `2e:65:6a:c8:cf:bf:b2:8b:9a:bd:6d:9f:11:5c:12:16` | `eUXGGm1YGsMAS7vkcx6JOJdOGHPem5gQp4taiCfCLB8` | | RSA | `b6:03:0e:39:97:9e:d0:e7:24:ce:a3:77:3e:01:42:09` | `ROQFvPThGrW4RuWLoL9tq9I9zJ42fK4XywyRtbOz/EQ` | ## SSH `known_hosts` entries[](#ssh-known_hosts-entries "Permalink") 将以下内容添加到`.ssh/known_hosts`以跳过 SSH 中的手动指纹确认： ``` gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= ``` ## Mail configuration[](#mail-configuration "Permalink") GitLab.com 通过[Mailgun](https://www.mailgun.com/)从`mg.gitlab.com`域发送电子邮件，并拥有自己的专用 IP 地址（ `192.237.158.143` ）. **注意：** `mg.gitlab.com`的 IP 地址可能随时更改. ## Backups[](#backups "Permalink") [See our backup strategy](https://about.gitlab.com/handbook/engineering/infrastructure/production/#backups). ## Alternative SSH port[](#alternative-ssh-port "Permalink") 可以通过`git+ssh`的[其他 SSH 端口](https://about.gitlab.com/blog/2016/02/18/gitlab-dot-com-now-supports-an-alternate-git-plus-ssh-port/)访问 GitLab.com. | Setting | Value | | --- | --- | | `Hostname` | `altssh.gitlab.com` | | `Port` | `443` | 以下是`~/.ssh/config`的示例： ``` Host gitlab.com Hostname altssh.gitlab.com User git Port 443 PreferredAuthentications publickey IdentityFile ~/.ssh/gitlab ``` ## GitLab Pages[](#gitlab-pages "Permalink") 以下是[GitLab 页面](https://about.gitlab.com/stages-devops-lifecycle/pages/)的设置. | Setting | GitLab.com | Default | | --- | --- | --- | | 域名 | `gitlab.io` | - | | IP 地址 | `35.185.44.232` | - | | 自定义域支持 | yes | no | | TLS 证书支持 | yes | no | | 最大大小（未压缩） | 1G | 100M | **注意：** Pages 站点的最大大小由[GitLab CI / CD 中](#gitlab-cicd)的工件最大大小决定. ## GitLab CI/CD[](#gitlab-cicd "Permalink") 以下是有关[GitLab CI / CD](../../ci/README.html)的当前设置. | Setting | GitLab.com | Default | | --- | --- | --- | | 工件最大尺寸（未压缩） | 1G | 100M | | Artifacts [expiry time](../../ci/yaml/README.html#artifactsexpire_in) | 从 2020 年 6 月 22 日开始，除非另有说明，否则在 30 天后删除（该日期之前创建的工件没有过期）. | 除非另有说明，否则 30 天后删除 | | 预定管道计划 | `*/5 * * * *` | `19 * * * *` | | [Max jobs in active pipelines](../../administration/instance_limits.html#number-of-jobs-in-active-pipelines) | 免费套餐为`500` ，否则为无限制 | Unlimited | | [Max pipeline schedules in projects](../../administration/instance_limits.html#number-of-pipeline-schedules) | 免费套餐`10` `50` ，所有付费套餐`50` | Unlimited | | [Max number of instance level variables](../../administration/instance_limits.html#number-of-instance-level-variables) | `25` | `25` | | [Scheduled Job Archival](../../user/admin_area/settings/continuous_integration.html#archive-jobs-core-only) | 3 个月 | Never | ## Repository size limit[](#repository-size-limit "Permalink") GitLab.com 已启用以下[帐户限制](../admin_area/settings/account_and_limit_settings.html) . 如果未列出设置，则将其设置为默认值. 如果您接近或超过存储库大小限制，则可以[使用 Git 减小存储库大小](../project/repository/reducing_the_repo_size_using_git.html) . | Setting | GitLab.com | Default | | --- | --- | --- | | 资料库大小，包括 LFS | 10 GB | Unlimited | **注意：**每个请求通过 Cloudflare 的`git push`和 GitLab 项目导入限制为 5 GB. Git LFS 和文件上传以外的导入不受此限制的影响. ## IP range[](#ip-range "Permalink") GitLab.com 将 IP 范围`34.74.90.64/28`用于其 Web / API `34.74.90.64/28`的流量. 这整个范围仅分配给 GitLab. 您可以期望来自 Webhooks 或存储库镜像的连接来自这些 IP 并允许它们. GitLab.com 由 Cloudflare 领导. 对于与 GitLab.com 的传入连接，您可能需要允许 Cloudflare 的 CIDR 块（ [IPv4](https://www.cloudflare.com/ips-v4)和[IPv6](https://www.cloudflare.com/ips-v6) ）. 对于 CI / CD 运行程序的传出连接，我们不提供静态 IP 地址. 我们所有的运行程序都已部署到 Google Cloud Platform（GCP）中-通过查找[GCP 的](https://cloud.google.com/compute/docs/faq#where_can_i_find_product_name_short_ip_ranges)所有[IP 地址范围或 CIDR 块，](https://cloud.google.com/compute/docs/faq#where_can_i_find_product_name_short_ip_ranges)可以配置任何基于 IP 的防火墙. ## Maximum number of webhooks[](#maximum-number-of-webhooks "Permalink") 限制： * 100 个 webhooks 适用于项目. * 50 个 webhooks 适用于组. ## Shared Runners[](#shared-runners "Permalink") GitLab 提供在 GitLab.com 上托管的 Linux 和 Windows 共享运行程序，用于执行管道. **注意：** GitLab 提供的共享运行器**不可**配置. 如果您有特定的配置需求，请考虑[安装自己的 Runner](https://docs.gitlab.com/runner/install/) . ### Linux Shared Runners[](#linux-shared-runners "Permalink") Linux Shared Runners on GitLab.com run in [autoscale mode](https://docs.gitlab.com/runner/configuration/autoscale.html) and are powered by Google Cloud Platform. Autoscaling means reduced waiting times to spin up CI/CD jobs, and isolated VMs for each project, thus maximizing security. They’re free to use for public open source projects and limited to 2000 CI minutes per month per group for private projects. More minutes [can be purchased](../../subscriptions/index.html#purchasing-additional-ci-minutes), if needed. Read about all [GitLab.com plans](https://about.gitlab.com/pricing/). 您的所有 CI / CD 作业都在具有 3.75GB RAM，CoreOS 和最新 Docker Engine 的[n1-standard-1 实例](https://cloud.google.com/compute/docs/machine-types)上运行. 实例提供 1 个 vCPU 和 25GB 的 HDD 磁盘空间. VM 的默认区域是 US East1\. 每个实例仅用于一项作业，这确保了其他人无法访问其 CI 作业访问系统上剩余的任何敏感数据. `gitlab-shared-runners-manager-X.gitlab.com`专用于 GitLab 项目以及它们的社区分支. 它们使用稍大的计算机类型（n1-standard-2），并且具有更大的 SSD 磁盘大小. 它们将不会运行未加标签的作业，并且与共享赛跑者的一般团队不同，这些实例最多可重复使用 40 次. 由 GitLab.com（ `shared-runners-manager-X.gitlab.com` ）上的共享 Runner 处理的作业**将在 3 小时后**超时，无论项目中配置的超时时间如何. 检查问题[4010](https://gitlab.com/gitlab-com/infrastructure/-/issues/4010)和[4070，](https://gitlab.com/gitlab-com/infrastructure/-/issues/4070)以供参考. 以下是共享的"跑步者"设置. | Setting | GitLab.com | Default | | --- | --- | --- | | [GitLab Runner](https://gitlab.com/gitlab-org/gitlab-runner) | [Runner versions dashboard](https://dashboards.gitlab.com/d/000000159/ci?from=now-1h&to=now&refresh=5m&orgId=1&panelId=12&fullscreen&theme=light) | - | | Executor | `docker+machine` | - | | 默认 Docker 映像 | `ruby:2.5` | - | | `privileged` (run [Docker in Docker](https://hub.docker.com/_/docker/)) | `true` | `false` | #### Pre-clone script[](#pre-clone-script "Permalink") 在 Runner 尝试运行`git init`和`git fetch`下载 GitLab 存储库之前，GitLab.com 上的 Linux Shared Runner 提供了一种在 CI 作业中运行命令的方法. [`pre_clone_script`](https://docs.gitlab.com/runner/configuration/advanced-configuration.html)可用于： * 用存储库数据播种构建目录 * 向服务器发送请求 * 从 CDN 下载资产 * `git init`之前必须运行的任何其他命令要使用此功能，请定义一个包含 bash 脚本的[CI / CD 变量](../../ci/variables/README.html#create-a-custom-variable-in-the-ui) `CI_PRE_CLONE_SCRIPT` . [本示例](../../development/pipelines.html#pre-clone-step)演示了如何使用预克隆步骤为构建目录添加种子. #### `config.toml`[](#configtoml "Permalink") 我们的`config.toml`的完整内容是： **注意：**非公开的设置显示为`X` **Google Cloud Platform** ``` concurrent = X check_interval = 1 metrics_server = "X" sentry_dsn = "X" [[runners]] name = "docker-auto-scale" request_concurrency = X url = "https://gitlab.com/" token = "SHARED_RUNNER_TOKEN" pre_clone_script = "eval \"$CI_PRE_CLONE_SCRIPT\"" executor = "docker+machine" environment = [ "DOCKER_DRIVER=overlay2", "DOCKER_TLS_CERTDIR=" ] limit = X [runners.docker] image = "ruby:2.5" privileged = true volumes = [ "/certs/client", "/dummy-sys-class-dmi-id:/sys/class/dmi/id:ro" # Make kaniko builds work on GCP. ] [runners.machine] IdleCount = 50 IdleTime = 3600 OffPeakPeriods = ["* * * * * sat,sun *"] OffPeakTimezone = "UTC" OffPeakIdleCount = 15 OffPeakIdleTime = 3600 MaxBuilds = 1 # For security reasons we delete the VM after job has finished so it's not reused. MachineName = "srm-%s" MachineDriver = "google" MachineOptions = [ "google-project=PROJECT", "google-disk-size=25", "google-machine-type=n1-standard-1", "google-username=core", "google-tags=gitlab-com,srm", "google-use-internal-ip", "google-zone=us-east1-d", "engine-opt=mtu=1460", # Set MTU for container interface, for more information check https://gitlab.com/gitlab-org/gitlab-runner/-/issues/3214#note_82892928 "google-machine-image=PROJECT/global/images/IMAGE", "engine-opt=ipv6", # This will create IPv6 interfaces in the containers. "engine-opt=fixed-cidr-v6=fc00::/7", "google-operation-backoff-initial-interval=2" # Custom flag from forked docker-machine, for more information check https://github.com/docker/machine/pull/4600 ] [runners.cache] Type = "gcs" Shared = true [runners.cache.gcs] CredentialsFile = "/path/to/file" BucketName = "bucket-name" ``` ### Windows Shared Runners (beta)[](#windows-shared-runners-beta "Permalink") Windows Shared Runners 当前处于[beta 中](https://about.gitlab.com/handbook/product/#beta) ，不应用于生产工作负载. 在测试版期间， [共享运行程序管道配额](../admin_area/settings/continuous_integration.html#shared-runners-pipeline-minutes-quota-starter-only)将以与 Linux Runners 相同的方式应用于组和项目. 如本[相关问题所述](https://gitlab.com/gitlab-org/gitlab/-/issues/30834) ，当 beta 时期结束时，这可能会改变. 通过在 Google Cloud Platform 上启动虚拟机，GitLab.com 上的 Windows Shared Runners 可以自动自动缩放. 此解决方案使用 GitLab 为[自定义执行](https://docs.gitlab.com/runner/executors/custom.html) [程序](https://gitlab.com/gitlab-org/ci-cd/custom-executor-drivers/autoscaler/tree/master/docs/readme.md)开发的新[自动缩放驱动程序](https://gitlab.com/gitlab-org/ci-cd/custom-executor-drivers/autoscaler/tree/master/docs/readme.md) . Windows 共享运行程序在具有 2 个 vCPU 和 7.5GB RAM 的`n1-standard-2`实例上执行 CI / CD 作业. 您可以在[软件包文档中](https://gitlab.com/gitlab-org/ci-cd/shared-runners/images/gcp/windows-containers/blob/master/cookbooks/preinstalled-software/README.md)找到可用的 Windows 软件包的完整列表. 我们希望不断进行迭代，以使 Windows Shared Runners 处于稳定状态并[普遍可用](https://about.gitlab.com/handbook/product/#generally-available-ga) . 您可以在[相关的史诗中](https://gitlab.com/groups/gitlab-org/-/epics/2162)按照我们的工作朝着这个目标迈进. #### Configuration[](#configuration "Permalink") The full contents of our `config.toml` are: **注意：**非公开的设置显示为`X` ``` concurrent = X check_interval = 3 [[runners]] name = "windows-runner" url = "https://gitlab.com/" token = "TOKEN" executor = "custom" builds_dir = "C:\\GitLab-Runner\\builds" cache_dir = "C:\\GitLab-Runner\\cache" shell = "powershell" [runners.custom] config_exec = "C:\\GitLab-Runner\\autoscaler\\autoscaler.exe" config_args = ["--config", "C:\\GitLab-Runner\\autoscaler\\config.toml", "custom", "config"] prepare_exec = "C:\\GitLab-Runner\\autoscaler\\autoscaler.exe" prepare_args = ["--config", "C:\\GitLab-Runner\\autoscaler\\config.toml", "custom", "prepare"] run_exec = "C:\\GitLab-Runner\\autoscaler\\autoscaler.exe" run_args = ["--config", "C:\\GitLab-Runner\\autoscaler\\config.toml", "custom", "run"] cleanup_exec = "C:\\GitLab-Runner\\autoscaler\\autoscaler.exe" cleanup_args = ["--config", "C:\\GitLab-Runner\\autoscaler\\config.toml", "custom", "cleanup"] ``` 我们的`autoscaler/config.toml`的完整内容是： ``` Provider = "gcp" Executor = "winrm" OS = "windows" LogLevel = "info" LogFormat = "text" LogFile = "C:\\GitLab-Runner\\autoscaler\\autoscaler.log" VMTag = "windows" [GCP] ServiceAccountFile = "PATH" Project = "some-project-df9323" Zone = "us-east1-c" MachineType = "n1-standard-2" Image = "IMAGE" DiskSize = 50 DiskType = "pd-standard" Subnetwork = "default" Network = "default" Tags = ["TAGS"] Username = "gitlab_runner" [WinRM] MaximumTimeout = 3600 ExecutionMaxRetries = 0 [ProviderCache] Enabled = true Directory = "C:\\GitLab-Runner\\autoscaler\\machines" ``` #### Example[](#example "Permalink") 下面是一个简单的`.gitlab-ci.yml`文件，以显示如何开始使用 Windows Shared Runners： ``` .shared_windows_runners: tags: - shared-windows - windows - windows-1809 stages: - build - test before_script: - Set-Variable -Name "time" -Value (date -Format "%H:%m") - echo ${time} - echo "started by ${GITLAB_USER_NAME}" build: extends: - .shared_windows_runners stage: build script: - echo "running scripts in the build job" test: extends: - .shared_windows_runners stage: test script: - echo "running scripts in the test job" ``` #### Limitations and known issues[](#limitations-and-known-issues "Permalink") * [Beta 定义中](https://about.gitlab.com/handbook/product/#beta)提到的所有限制. * 新 Windows VM 的平均配置时间为 5 分钟. 这意味着在测试期间，您可能会注意到 Windows Shared Runner 机群上的构建开始时间变慢. 在将来的版本中，我们将更新自动缩放器以启用虚拟机的预配置. 这将大大减少在 Windows 机群上配置 VM 所花费的时间. 您可以按照[相关问题进行操作](https://gitlab.com/gitlab-org/ci-cd/custom-executor-drivers/autoscaler/-/issues/32) . * Windows Shared Runner 舰队可能偶尔不可用进行维护或更新. * Windows Shared Runner 虚拟机实例不使用 GitLab Docker 执行器. 这意味着您将无法在管道配置中指定[`image`](../../ci/yaml/README.html#image)或[`services`](../../ci/yaml/README.html#services) . * 对于 Beta 版本，我们在基本 VM 映像中包含了一组软件包. 如果您的 CI 作业需要此列表中未包含的其他软件，那么您将需要在[`before_script`](../../ci/yaml/README.html#before_script-and-after_script)或[`script`](../../ci/yaml/README.html#script)添加安装命令以安装所需的软件. 请注意，每个作业都在新的 VM 实例上运行，因此需要为管道中的每个作业重复安装其他软件包. * 作业在等待状态中的停留时间可能比 Linux 共享运行器更长. * 我们有可能引入重大更改，这将需要更新使用 Windows Shared Runner 组件的管道. ## Sidekiq[](#sidekiq "Permalink") GitLab.com 使用参数`--timeout=4 --concurrency=4`和以下环境变量运行[Sidekiq](https://sidekiq.org) ： | Setting | GitLab.com | Default | | --- | --- | --- | | `SIDEKIQ_DAEMON_MEMORY_KILLER` | - | - | | `SIDEKIQ_MEMORY_KILLER_MAX_RSS` | `2000000` | `2000000` | | `SIDEKIQ_MEMORY_KILLER_HARD_LIMIT_RSS` | - | - | | `SIDEKIQ_MEMORY_KILLER_CHECK_INTERVAL` | - | `3` | | `SIDEKIQ_MEMORY_KILLER_GRACE_TIME` | - | `900` | | `SIDEKIQ_MEMORY_KILLER_SHUTDOWN_WAIT` | - | `30` | | `SIDEKIQ_LOG_ARGUMENTS` | `1` | - | **注意：**在 Sidekiq 导入节点和 Sidekiq 导出节点上， `SIDEKIQ_MEMORY_KILLER_MAX_RSS`设置为`16000000` . ## PostgreSQL[](#postgresql "Permalink") GitLab.com being a fairly large installation of GitLab means we have changed various PostgreSQL settings to better suit our needs. For example, we use streaming replication and servers in hot-standby mode to balance queries across different database servers. GitLab.com 特定设置（及其默认设置）的列表如下： | Setting | GitLab.com | Default | | --- | --- | --- | | `archive_command` | `/usr/bin/envdir /etc/wal-e.d/env /opt/wal-e/bin/wal-e wal-push %p` | empty | | `archive_mode` | on | off | | `autovacuum_analyze_scale_factor` | 0.01 | 0.01 | | `autovacuum_max_workers` | 6 | 3 | | `autovacuum_vacuum_cost_limit` | 1000 | -1 | | `autovacuum_vacuum_scale_factor` | 0.01 | 0.02 | | `checkpoint_completion_target` | 0.7 | 0.9 | | `checkpoint_segments` | 32 | 10 | | `effective_cache_size` | 338688MB | 基于可用内存量 | | `hot_standby` | on | off | | `hot_standby_feedback` | on | off | | `log_autovacuum_min_duration` | 0 | -1 | | `log_checkpoints` | on | off | | `log_line_prefix` | `%t [%p]: [%l-1]` | empty | | `log_min_duration_statement` | 1000 | -1 | | `log_temp_files` | 0 | -1 | | `maintenance_work_mem` | 2048MB | 16 兆字节 | | `max_replication_slots` | 5 | 0 | | `max_wal_senders` | 32 | 0 | | `max_wal_size` | 5GB | 1GB | | `shared_buffers` | 112896MB | 基于可用内存量 | | `shared_preload_libraries` | pg_stat_statements | empty | | `shmall` | 30146560 | 基于服务器的功能 | | `shmmax` | 123480309760 | 基于服务器的功能 | | `wal_buffers` | 16MB | -1 | | `wal_keep_segments` | 512 | 10 | | `wal_level` | replica | minimal | | `statement_timeout` | 15s | 60s | | `idle_in_transaction_session_timeout` | 60s | 60s | 其中一些设置正在调整过程中. 例如， `shared_buffers`的值很高，因此我们正在考虑对其进行调整. 有关此特定更改的更多信息，请参见[https://gitlab.com/gitlab-com/infrastructure/-/issues/1555](https://gitlab.com/gitlab-com/infrastructure/-/issues/1555) . 可以在[https://gitlab.com/gitlab-com/infrastructure/-/issues?scope=all&utf8=✓&state=opened&label_name[]=database&label_name[]=change](https://gitlab.com/gitlab-com/infrastructure/-/issues?scope=all&utf8=✓&state=opened&label_name[]=database&label_name[]=change)找到最新的建议更改列表. ## Unicorn[](#unicorn "Permalink") GitLab.com 调整了[独角兽杀手级](https://rubygems.org/gems/unicorn-worker-killer)宝石的内存限制. 基本默认值： * `memory_limit_min` = 750MiB * `memory_limit_max` = 1024MiB Web 前端： * `memory_limit_min` = 1024MiB * `memory_limit_max` = 1280MiB ## GitLab.com-specific rate limits[](#gitlabcom-specific-rate-limits "Permalink") **注意：**有关管理员文档，请参阅[速率限制](../../security/rate_limits.html) . 当 GitLab.com 从单个 IP 地址接收到异常流量时，通常会发生 IP 阻止，系统根据速率限制设置将其视为潜在恶意软件. 在异常流量停止后，IP 地址将根据阻止类型自动释放，如下所述. 如果您对 GitLab.com 的所有请求均收到`403 Forbidden`错误，请检查是否有任何自动流程可能触发了阻止. 要获得帮助，请与[GitLab 支持人员](https://support.gitlab.com/hc/en-us)联系，以获取详细信息，例如受影响的 IP 地址. ### HAProxy API throttle[](#haproxy-api-throttle "Permalink") 对于每个 IP 地址每秒超过 10 个请求的 API 请求，GitLab.com 会以 HTTP 状态代码`429`进行响应. 所有 API 请求均包含以下示例标头： ``` RateLimit-Limit: 600 RateLimit-Observed: 6 RateLimit-Remaining: 594 RateLimit-Reset: 1563325137 RateLimit-ResetTime: Wed, 17 Jul 2019 00:58:57 GMT ``` Source: * 在[GitLab.com 的当前 HAProxy 设置中](https://gitlab.com/gitlab-cookbooks/gitlab-haproxy/blob/master/attributes/default.rb)搜索`rate_limit_http_rate_per_minute`和`rate_limit_sessions_per_second` . ### Rack Attack initializer[](#rack-attack-initializer "Permalink") [机架攻击](../../security/rack_attack.html)实施的速率限制的详细信息. #### Protected paths throttle[](#protected-paths-throttle "Permalink") GitLab.com 以 HTTP 状态代码`429`响应在每个 IP 地址每**分钟**超过 10 个请求的受保护路径上的 POST 请求. 请参阅下面的源，了解哪些路径受保护. 这包括用户创建，用户确认，用户登录和密码重置. 此标头包含在对阻止的请求的响应中： ``` Retry-After: 60 ``` 有关更多详细信息，请参见[受保护的路径](../admin_area/settings/protected_paths.html) . #### Git and container registry failed authentication ban[](#git-and-container-registry-failed-authentication-ban "Permalink") 如果在 3 分钟内从一个 IP 地址收到 30 个失败的身份验证请求，则 GitLab.com 会以 HTTP 状态代码`403`响应 1 小时. 这仅适用于 Git 请求和容器注册表（ `/jwt/auth` ）请求（组合）. 此限制： * 由成功认证的请求重置. 例如，29 个失败的身份验证请求后跟 1 个成功的请求，然后再有 29 个失败的身份验证请求不会触发禁止. * 不适用于`gitlab-ci-token`认证的 JWT 请求. 没有提供响应头. ### Admin Area settings[](#admin-area-settings "Permalink") GitLab.com: * [将原始端点的速率限制](../../user/admin_area/settings/rate_limits_on_raw_endpoints.html)设置为默认值. * 没有启用用户和 IP 速率限制设置. ### Visibility settings[](#visibility-settings "Permalink") 在 GitLab.com 上，自 GitLab 12.2（2019 年 7 月）起创建的项目，组和代码段[在 GitLab.com 上禁用](https://gitlab.com/gitlab-org/gitlab/-/issues/12388)了[**内部**可见性](../../public_access/public_access.html#internal-projects)设置. ### SSH maximum number of connections[](#ssh-maximum-number-of-connections "Permalink") GitLab.com 通过使用[MaxStartups 设置](http://man.openbsd.org/sshd_config.5#MaxStartups)来定义并发，未经[身份](http://man.openbsd.org/sshd_config.5#MaxStartups)验证的 SSH 连接的最大数量. 如果同时发生的连接数超过了允许的最大连接数，则会将其丢弃，并且用户会收到[`ssh_exchange_identification`错误](../../topics/git/troubleshooting_git.html#ssh_exchange_identification-error) . ### Import/export[](#importexport "Permalink") 为了避免滥用，对项目和组的导入，导出和导出下载进行了速率限制. 有关详细信息，请参见[项目导入/导出速率限制](../../user/project/settings/import_export.html#rate-limits)和[组导入/导出速率限制](../../user/group/settings/import_export.html#rate-limits) . ## GitLab.com Logging[](#gitlabcom-logging "Permalink") 我们使用[Fluentd](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#fluentd)解析日志. Fluentd 将我们的日志发送到 Stackdriver [Logging](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#stackdriver)和[Cloud Pub / Sub](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#cloud-pubsub) . Stackdriver 用于将日志长期存储在 Google Cold Storage（GCS）中. Cloud Pub / Sub 用于使用[pubsubbeat](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#pubsubbeat-vms)将日志转发到[Elastic 集群](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#elastic) . 您可以在我们的运行手册中查看更多信息，例如： * A [detailed list of what we’re logging](https://gitlab.com/gitlab-com/runbooks/-/tree/master/docs/logging#what-are-we-logging) * Our [current log retention policies](https://gitlab.com/gitlab-com/runbooks/-/tree/master/docs/logging#retention) * A [diagram of our logging infrastructure](https://gitlab.com/gitlab-com/runbooks/-/tree/master/docs/logging#logging-infrastructure-overview) ## GitLab.com at scale[](#gitlabcom-at-scale "Permalink") In addition to the GitLab Enterprise Edition Omnibus install, GitLab.com uses the following applications and settings to achieve scale. All settings are publicly available at [chef cookbooks](https://gitlab.com/gitlab-cookbooks). ### Elastic Cluster[](#elastic-cluster "Permalink") 我们使用 Elasticsearch 和 Kibana 作为我们的监控解决方案的一部分： * [`gitlab-cookbooks` / `gitlab-elk` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab-elk) * [`gitlab-cookbooks` / `gitlab_elasticsearch` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab_elasticsearch) ### Fluentd[](#fluentd "Permalink") 我们使用 Fluentd 统一我们的 GitLab 日志： * [`gitlab-cookbooks` / `gitlab_fluentd` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab_fluentd) ### Prometheus[](#prometheus "Permalink") Prometheus 完成了我们的监视堆栈： * [`gitlab-cookbooks` / `gitlab-prometheus` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab-prometheus) ### Grafana[](#grafana "Permalink") 为了可视化监视数据： * [`gitlab-cookbooks` / `gitlab-grafana` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab-grafana) ### Sentry[](#sentry "Permalink") 开源错误跟踪： * [`gitlab-cookbooks` / `gitlab-sentry` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab-sentry) ### Consul[](#consul "Permalink") 服务发现： * [`gitlab-cookbooks` / `gitlab_consul` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab_consul) ### HAProxy[](#haproxy "Permalink") 高性能 TCP / HTTP 负载均衡器： * [`gitlab-cookbooks` / `gitlab-haproxy` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab-haproxy)