gitlab配置webhook报错解决
https://blog.csdn.net/xukangkang1hao/article/details/80756085
gitlab使用webhook向jenkins发送请求,报错 Requests to the local network are not allowed
以下是官方给出解释:
链接:https://docs.gitlab.com/ee/security/webhooks.html
If you have non-GitLab web services running on your GitLab server or within its local network, these may be vulnerable to exploitation via Webhooks.
With?Webhooks, you and your project maintainers and owners can set up URLs to be triggered when specific things happen to projects. Normally, these requests are sent to external web services specifically set up for this purpose, that process the request and its attached data in some appropriate way.
Things get hairy, however, when a Webhook is set up with a URL that doesn't point to an external, but to an internal service, that may do something completely unintended when the webhook is triggered and the POST request is sent.
Because Webhook requests are made by the GitLab server itself, these have complete access to everything running on the server (http://localhost:123) or within the server's local network (http://192.168.1.12:345), even if these services are otherwise protected and inaccessible from the outside world.
If a web service does not require authentication, Webhooks can be used to trigger destructive commands by getting the GitLab server to make POST requests to endpoints like "http://localhost:123/some-resource/delete".
To prevent this type of exploitation from happening, starting with GitLab 10.6, all Webhook requests to the current GitLab instance server address and/or in a private network will be forbidden by default. That means that all requests made to 127.0.0.1, ::1 and 0.0.0.0, as well as IPv4 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 and IPv6 site-local (ffc0::/10) addresses won't be allowed.
This behavior can be overridden by enabling the option?"Allow requests to the local network from hooks and services"?in the?"Outbound requests"?section inside the Admin area under?Settings?(/admin/application_settings):
大致意思 gitlab 10.6 版本以后为了安全,不允许向本地网络发送webhook请求,如果想向本地网络发送webhook请求,则需要使用管理员帐号登录,默认管理员帐号是admin@example.com,密码就是你gitlab搭建好之后第一次输入的密码,登录之后,?点击Configure Gitlab ,如下图所示
即可进入Admin area,在Admin area中,在settings标签下面,找到OutBound Request,勾选上Allow requests to the local network from hooks and services ,保存更改即可解决问题
1、url is blocked requist to the local network are not allowed
解决:
https://blog.csdn.net/xukangkang1hao/article/details/80756085
gitlab使用webhook向jenkins发送请求,报错 Requests to the local network are not allowed
以下是官方给出解释:
链接:https://docs.gitlab.com/ee/security/webhooks.html
If you have non-GitLab web services running on your GitLab server or within its local network, these may be vulnerable to exploitation via Webhooks.
With?Webhooks, you and your project maintainers and owners can set up URLs to be triggered when specific things happen to projects. Normally, these requests are sent to external web services specifically set up for this purpose, that process the request and its attached data in some appropriate way.
Things get hairy, however, when a Webhook is set up with a URL that doesn't point to an external, but to an internal service, that may do something completely unintended when the webhook is triggered and the POST request is sent.
Because Webhook requests are made by the GitLab server itself, these have complete access to everything running on the server (http://localhost:123) or within the server's local network (http://192.168.1.12:345), even if these services are otherwise protected and inaccessible from the outside world.
If a web service does not require authentication, Webhooks can be used to trigger destructive commands by getting the GitLab server to make POST requests to endpoints like "http://localhost:123/some-resource/delete".
To prevent this type of exploitation from happening, starting with GitLab 10.6, all Webhook requests to the current GitLab instance server address and/or in a private network will be forbidden by default. That means that all requests made to 127.0.0.1, ::1 and 0.0.0.0, as well as IPv4 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 and IPv6 site-local (ffc0::/10) addresses won't be allowed.
This behavior can be overridden by enabling the option?"Allow requests to the local network from hooks and services"?in the?"Outbound requests"?section inside the Admin area under?Settings?(/admin/application_settings):
大致意思 gitlab 10.6 版本以后为了安全,不允许向本地网络发送webhook请求,如果想向本地网络发送webhook请求,则需要使用管理员帐号登录,默认管理员帐号是admin@example.com,密码就是你gitlab搭建好之后第一次输入的密码,登录之后,?点击Configure Gitlab ,如下图所示
即可进入Admin area,在Admin area中,在settings标签下面,找到OutBound Request,勾选上Allow requests to the local network from hooks and services ,保存更改即可解决问题
2、gitlab 页面 503 错误 之前好好的,突然503错误
解决: 内存不够了,清理一下缓存, gitlab很占内存,至少得5G以上才可以启动
3、获取gitlabtoken
参考地址 https://blog.csdn.net/u011215669/article/details/80458972
4、修改gitlab密码
转自 https://www.cnblogs.com/kevingrace/p/5985918.html
Gitlab安装后,http://localhost访问,首次访问的时候,如果不知道管理员账号和密码,尽管可以注册用户,但注册的用户都不是管理员。这个时候,可以重置管理员的密码,管理员默认是root。
重置管理员密码(密码要是8位)的方法如下:
[root@gitlab ~]# gitlab-rails console production
Loading production environment (Rails 4.1.1)
irb(main):001:0> user = User.where(id:1).first
irb(main):002:0> user.password='12345678'
irb(main):003:0> user.save!
这样,Gitlab管理员的登录权限就是:root/12345678,管理员的默认邮箱是部署机的本机邮箱,也是从本机发的邮件。这也就是为什么在开头要安装postfix。
6、设置用户、组、权限
参照
http://www.cnblogs.com/zangxueyuan/p/9222014.html
gitlab配置webhook报错解决的更多相关文章
- ubuntu 配置jdk报错解决办法
vi /etc/profile ,添加如下代码 export JAVA_HOME=/home/mark/android/jdk1.8 export JRE_HOME=/home/mark/androi ...
- Jenkins+Gitlab配置Webhook实现提交自动部署
一.概述 在上一篇文章,链接如下: https://www.cnblogs.com/xiao987334176/p/11434849.html 已经实现了 Jenkins+harbor+gitlab+ ...
- sphinx :undefined reference to `libiconv' 报错解决办法
sphinx :undefined reference to `libiconv' 报错解决办法 2013-11-30 21:45:39 安装sphinx时不停报错...郁闷在make时报错,错误 ...
- 安装grid之前检查配置 ,报错如下
centos 5 _x86_64 oracle 11.2 安装grid之前检查配置 ,报错如下 : ./runcluvfy.sh stage -pre crsinst -n rac1,rac2 -fi ...
- MyEclipse Server view报错解决方法
MyEclipse Server view报错解决方法 方法/步骤 启动MyEclipse,弹出一个框,报错. ---------------------------------------- ...
- 【gitlab】首次提交本次代码到gitlab上,报错:Updates were rejected because the remote contains work that you do
首次提交本次代码到gitlab上,报错:Updates were rejected because the remote contains work that you do 报错情况如下: 错误原因: ...
- iOS微信支付demo运行报错解决如下
要接入微信支付的小伙伴,首先要下载一份官方demo(APP微信支付官方Demo下载),然后打开工程,准备大干一场. 1.编译报错 编译的时候居然直接报错了(orz) 错误提示: APP微信支付官方De ...
- PHP配置Configure报错:Please reinstall the libzip distribution
PHP配置Configure报错:Please reinstall the libzip distribution 发生情景: php执行配置命令configure时,报如下错误: checking ...
- jenkins配置SVN报错
jenkins配置SVN报错,如图:
随机推荐
- 【转】优秀的Go开源项目
http://www.mhtclub.com/post/60 目录 优秀的Go开源项目 中文Go语言学习教程 国外的Go语言教程 openbilibili源码 Go作为Google2009年推出的 ...
- conda create 报错解决
1. 输入命令: conda create -n query-scorer-serving python=2.7 报错: Solving environment: failed CondaError: ...
- OSS - 有关于OSSClient的单例化
之前在每个控制层OSSClient都是通过新new的方式创建OSSClientBuilder().build(endpoint,accessKeyId,accessKeySecret)进行创建 后期我 ...
- 6、Spring Boot 2.x 集成 MyBatis
1.6 Spring Boot 2.x 集成 MyBatis 简介 详细介绍如何在Spring Boot中整合MyBatis,并通过注解方式实现映射. 完整源码: 1.6.1 创建 spring-bo ...
- ES 集中式日志分析平台 Elastic Stack(介绍)
一.ELK 介绍 ELK 构建在开源基础之上,让您能够安全可靠地获取任何来源.任何格式的数据,并且能够实时地对数据进行搜索.分析和可视化. 最近查看 ELK 官方网站,发现新一代的日志采集器 File ...
- kernel namespace
reference: https://lwn.net/Articles/531114/
- Codeforces 1221 E Game With String
题面 第一眼以为是SG函数找规律题,然后发现并不是公平游戏.... 不过后来想了想,其实这样反而更好做. 这个游戏的一个显然的特性是,任何时候当场上存在长度 ∈[b,a)的块时,Bob必胜.(考虑贪心 ...
- (WA)BZOJ 4821: [Sdoi2017]相关分析
二次联通门 : BZOJ 4821: [Sdoi2017]相关分析 2017.8.23 Updata 妈妈!!这道题卡我!!!就是不然我过!!!!! #include <cstdio> # ...
- CTS2019自闭记
没想到吧,我竟然还有一篇游记. Day 0 上午开开心心地考完了中考英语听说考试,然后就出发去机场了. 第一次一个人坐飞机还有点小激动? 7点左右到的北京,到酒店就已经9点了,赶紧跟着hz学长学了一下 ...
- MongoDB-查询关键字/排序等
查询关键字 并列查询$and # 条件都成立才可以查询到结果 db.stutent.find({$and:[{name:"小漩涡"},{age:30}]}) 或查询$or # 有一 ...