summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorPatricio Cano <suprnova32@gmail.com>2016-06-23 18:43:36 -0500
committerPatricio Cano <suprnova32@gmail.com>2016-07-05 16:54:22 -0500
commit5841851551db6b9aa682b17a075535cd431c2c2a (patch)
tree9819a49dbd9cd872c3ac4596e0a6e3385f4ee8fb /doc
parent41c87b9a23d7ebf24c3c100a4c261b8d2a68d0ff (diff)
downloadgitlab-ce-5841851551db6b9aa682b17a075535cd431c2c2a.tar.gz
Added documentation on the access restrictions.
Diffstat (limited to 'doc')
-rw-r--r--doc/README.md1
-rw-r--r--doc/administration/access_restrictions.md38
-rw-r--r--doc/administration/img/access_restrictions.pngbin0 -> 317529 bytes
-rw-r--r--doc/administration/img/restricted_url.pngbin0 -> 188210 bytes
4 files changed, 39 insertions, 0 deletions
diff --git a/doc/README.md b/doc/README.md
index 53a12d2a455..cf7a828d91e 100644
--- a/doc/README.md
+++ b/doc/README.md
@@ -21,6 +21,7 @@
## Administrator documentation
+- [Access restrictions](administration/access_restrictions.md) Define which Git access protocols can be used to talk to GitLab
- [Authentication/Authorization](administration/auth/README.md) Configure
external authentication with LDAP, SAML, CAS and additional Omniauth providers.
- [Custom Git hooks](administration/custom_hooks.md) Custom Git hooks (on the filesystem) for when webhooks aren't enough.
diff --git a/doc/administration/access_restrictions.md b/doc/administration/access_restrictions.md
new file mode 100644
index 00000000000..d3a58b8c144
--- /dev/null
+++ b/doc/administration/access_restrictions.md
@@ -0,0 +1,38 @@
+# Access Restrictions
+
+> **Note:** This feature is only available on versions 8.10 and above.
+
+With GitLab's Access restrictions you can choose which Git access protocols you
+want your users to use to communicate with GitLab. This feature can be enabled
+via the `Application Settings` in the Admin interface.
+
+The setting is called `Enabled Git access protocols`, and it gives you the option
+to choose between:
+
+- Both SSH and HTTP(S)
+- Only SSH
+- Only HTTP(s)
+
+![](img/access_restrictions.png)
+
+## Enabled Protocol
+
+When both SSH and HTTP(S) are enabled, GitLab will behave as usual, it will give
+your users the option to choose which protocol they would like to use.
+
+When you choose to allow only one of the protocols, a couple of things will happen:
+
+- The project page will only show the allowed protocol's URL, with no option to
+ change it.
+- A tooltip will be shown when you hover over the URL's protocol, if an action
+ on the user's part is required, e.g. adding an SSH key, or setting a password.
+
+![](img/restricted_url.png)
+
+On top of these UI restrictions, GitLab will deny all Git actions on the protocol
+not selected.
+
+> **Note:** Please keep in mind that disabling an access protocol does not actually
+ block access to the server itself. The ports used for the protocol, be it SSH or
+ HTTP, will still be accessible. What GitLab does is restrict access on the
+ application level. \ No newline at end of file
diff --git a/doc/administration/img/access_restrictions.png b/doc/administration/img/access_restrictions.png
new file mode 100644
index 00000000000..66fd9491e85
--- /dev/null
+++ b/doc/administration/img/access_restrictions.png
Binary files differ
diff --git a/doc/administration/img/restricted_url.png b/doc/administration/img/restricted_url.png
new file mode 100644
index 00000000000..0a677433dcf
--- /dev/null
+++ b/doc/administration/img/restricted_url.png
Binary files differ