summaryrefslogtreecommitdiff
path: root/config/gitlab.yml.example
diff options
context:
space:
mode:
Diffstat (limited to 'config/gitlab.yml.example')
-rw-r--r--config/gitlab.yml.example25
1 files changed, 19 insertions, 6 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index f7b1c2f7567..a8881fd8a2e 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -959,6 +959,11 @@ production: &base
# (default: false)
auto_link_saml_user: false
+ # CAUTION!
+ # Allows larger SAML messages to be received. Numeric value in bytes (default: 250000)
+ # Too high limits exposes instance to decompression DDoS attack type.
+ saml_message_max_byte_size: 250000
+
# Allow users with existing accounts to sign in and auto link their account via OmniAuth
# login, without having to do a manual login first and manually add OmniAuth. Links on email.
# Define the allowed providers using an array, e.g. ["saml", "twitter"], or as true/false to
@@ -1146,14 +1151,22 @@ production: &base
# # Use multipart uploads when file size reaches 100MB, see
# # http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
# multipart_chunk_size: 104857600
- # # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
- # # encryption: 'AES256'
+ # # Specifies Amazon S3 storage class to use for backups (optional)
+ # # storage_class: 'STANDARD'
# # Turns on AWS Server-Side Encryption with Amazon Customer-Provided Encryption Keys for backups, this is optional
- # # This should be set to the 256-bit encryption key for Amazon S3 to use to encrypt or decrypt your data.
- # # 'encryption' must also be set in order for this to have any effect.
+ # # 'encryption' must be set in order for this to have any effect.
+ # # 'encryption_key' should be set to the 256-bit encryption key for Amazon S3 to use to encrypt or decrypt your data.
+ # # encryption: 'AES256'
# # encryption_key: '<key>'
- # # Specifies Amazon S3 storage class to use for backups, this is optional
- # # storage_class: 'STANDARD'
+ # #
+ # # Turns on AWS Server-Side Encryption with Amazon S3-Managed keys (optional)
+ # # https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html
+ # # For SSE-S3, set 'server_side_encryption' to 'AES256'.
+ # # For SS3-KMS, set 'server_side_encryption' to 'aws:kms'. Set
+ # # 'server_side_encryption_kms_key_id' to the ARN of customer master key.
+ # # storage_options:
+ # # server_side_encryption: 'aws:kms'
+ # # server_side_encryption_kms_key_id: 'arn:aws:kms:YOUR-KEY-ID-HERE'
## Pseudonymizer exporter
pseudonymizer: