GitLab.com settings · Gitlab 中文文檔

# GitLab.com settings > 原文：[https://docs.gitlab.com/ee/user/gitlab_com/](https://docs.gitlab.com/ee/user/gitlab_com/) * [SSH host keys fingerprints](#ssh-host-keys-fingerprints) * [SSH `known_hosts` entries](#ssh-known_hosts-entries) * [Mail configuration](#mail-configuration) * [Backups](#backups) * [Alternative SSH port](#alternative-ssh-port) * [GitLab Pages](#gitlab-pages) * [GitLab CI/CD](#gitlab-cicd) * [Repository size limit](#repository-size-limit) * [IP range](#ip-range) * [Maximum number of webhooks](#maximum-number-of-webhooks) * [Shared Runners](#shared-runners) * [Linux Shared Runners](#linux-shared-runners) * [Pre-clone script](#pre-clone-script) * [`config.toml`](#configtoml) * [Windows Shared Runners (beta)](#windows-shared-runners-beta) * [Configuration](#configuration) * [Example](#example) * [Limitations and known issues](#limitations-and-known-issues) * [Sidekiq](#sidekiq) * [PostgreSQL](#postgresql) * [Unicorn](#unicorn) * [GitLab.com-specific rate limits](#gitlabcom-specific-rate-limits) * [HAProxy API throttle](#haproxy-api-throttle) * [Rack Attack initializer](#rack-attack-initializer) * [Protected paths throttle](#protected-paths-throttle) * [Git and container registry failed authentication ban](#git-and-container-registry-failed-authentication-ban) * [Admin Area settings](#admin-area-settings) * [Visibility settings](#visibility-settings) * [SSH maximum number of connections](#ssh-maximum-number-of-connections) * [Import/export](#importexport) * [GitLab.com Logging](#gitlabcom-logging) * [GitLab.com at scale](#gitlabcom-at-scale) * [Elastic Cluster](#elastic-cluster) * [Fluentd](#fluentd) * [Prometheus](#prometheus) * [Grafana](#grafana) * [Sentry](#sentry) * [Consul](#consul) * [HAProxy](#haproxy) # GitLab.com settings[](#gitlabcom-settings "Permalink") 在此頁面中，您將找到有關[GitLab.com](https://about.gitlab.com/pricing/)上使用的設置的信息. ## SSH host keys fingerprints[](#ssh-host-keys-fingerprints "Permalink") 以下是 GitLab.com 的 SSH 主機密鑰的指紋. 首次連接到 GitLab.com 存儲庫時，您將在輸出中看到這些鍵之一. | Algorithm | MD5（已棄用） | SHA256 | | --- | --- | --- | | DSA（已棄用） | `7a:47:81:3a:ee:89:89:64:33:ca:44:52:3d:30:d4:87` | `p8vZBUOR0XQz6sYiaWSMLmh0t9i8srqYKool/Xfdfqw` | | ECDSA | `f1:d0:fb:46:73:7a:70:92:5a:ab:5d:ef:43:e2:1c:35` | `HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw` | | ED25519 | `2e:65:6a:c8:cf:bf:b2:8b:9a:bd:6d:9f:11:5c:12:16` | `eUXGGm1YGsMAS7vkcx6JOJdOGHPem5gQp4taiCfCLB8` | | RSA | `b6:03:0e:39:97:9e:d0:e7:24:ce:a3:77:3e:01:42:09` | `ROQFvPThGrW4RuWLoL9tq9I9zJ42fK4XywyRtbOz/EQ` | ## SSH `known_hosts` entries[](#ssh-known_hosts-entries "Permalink") 將以下內容添加到`.ssh/known_hosts`以跳過 SSH 中的手動指紋確認： ``` gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= ``` ## Mail configuration[](#mail-configuration "Permalink") GitLab.com 通過[Mailgun](https://www.mailgun.com/)從`mg.gitlab.com`域發送電子郵件，并擁有自己的專用 IP 地址（ `192.237.158.143` ）. **注意：** `mg.gitlab.com`的 IP 地址可能隨時更改. ## Backups[](#backups "Permalink") [See our backup strategy](https://about.gitlab.com/handbook/engineering/infrastructure/production/#backups). ## Alternative SSH port[](#alternative-ssh-port "Permalink") 可以通過`git+ssh`的[其他 SSH 端口](https://about.gitlab.com/blog/2016/02/18/gitlab-dot-com-now-supports-an-alternate-git-plus-ssh-port/)訪問 GitLab.com. | Setting | Value | | --- | --- | | `Hostname` | `altssh.gitlab.com` | | `Port` | `443` | 以下是`~/.ssh/config`的示例： ``` Host gitlab.com Hostname altssh.gitlab.com User git Port 443 PreferredAuthentications publickey IdentityFile ~/.ssh/gitlab ``` ## GitLab Pages[](#gitlab-pages "Permalink") 以下是[GitLab 頁面](https://about.gitlab.com/stages-devops-lifecycle/pages/)的設置. | Setting | GitLab.com | Default | | --- | --- | --- | | 域名 | `gitlab.io` | - | | IP 地址 | `35.185.44.232` | - | | 自定義域支持 | yes | no | | TLS 證書支持 | yes | no | | 最大大小（未壓縮） | 1G | 100M | **注意：** Pages 站點的最大大小由[GitLab CI / CD 中](#gitlab-cicd)的工件最大大小決定. ## GitLab CI/CD[](#gitlab-cicd "Permalink") 以下是有關[GitLab CI / CD](../../ci/README.html)的當前設置. | Setting | GitLab.com | Default | | --- | --- | --- | | 工件最大尺寸（未壓縮） | 1G | 100M | | Artifacts [expiry time](../../ci/yaml/README.html#artifactsexpire_in) | 從 2020 年 6 月 22 日開始，除非另有說明，否則在 30 天后刪除（該日期之前創建的工件沒有過期）. | 除非另有說明，否則 30 天后刪除 | | 預定管道計劃 | `*/5 * * * *` | `19 * * * *` | | [Max jobs in active pipelines](../../administration/instance_limits.html#number-of-jobs-in-active-pipelines) | 免費套餐為`500` ，否則為無限制 | Unlimited | | [Max pipeline schedules in projects](../../administration/instance_limits.html#number-of-pipeline-schedules) | 免費套餐`10` `50` ，所有付費套餐`50` | Unlimited | | [Max number of instance level variables](../../administration/instance_limits.html#number-of-instance-level-variables) | `25` | `25` | | [Scheduled Job Archival](../../user/admin_area/settings/continuous_integration.html#archive-jobs-core-only) | 3 個月 | Never | ## Repository size limit[](#repository-size-limit "Permalink") GitLab.com 已啟用以下[帳戶限制](../admin_area/settings/account_and_limit_settings.html) . 如果未列出設置，則將其設置為默認值. 如果您接近或超過存儲庫大小限制，則可以[使用 Git 減小存儲庫大小](../project/repository/reducing_the_repo_size_using_git.html) . | Setting | GitLab.com | Default | | --- | --- | --- | | 資料庫大小，包括 LFS | 10 GB | Unlimited | **注意：**每個請求通過 Cloudflare 的`git push`和 GitLab 項目導入限制為 5 GB. Git LFS 和文件上傳以外的導入不受此限制的影響. ## IP range[](#ip-range "Permalink") GitLab.com 將 IP 范圍`34.74.90.64/28`用于其 Web / API `34.74.90.64/28`的流量. 這整個范圍僅分配給 GitLab. 您可以期望來自 Webhooks 或存儲庫鏡像的連接來自這些 IP 并允許它們. GitLab.com 由 Cloudflare 領導. 對于與 GitLab.com 的傳入連接，您可能需要允許 Cloudflare 的 CIDR 塊（ [IPv4](https://www.cloudflare.com/ips-v4)和[IPv6](https://www.cloudflare.com/ips-v6) ）. 對于 CI / CD 運行程序的傳出連接，我們不提供靜態 IP 地址. 我們所有的運行程序都已部署到 Google Cloud Platform（GCP）中-通過查找[GCP 的](https://cloud.google.com/compute/docs/faq#where_can_i_find_product_name_short_ip_ranges)所有[IP 地址范圍或 CIDR 塊，](https://cloud.google.com/compute/docs/faq#where_can_i_find_product_name_short_ip_ranges)可以配置任何基于 IP 的防火墻. ## Maximum number of webhooks[](#maximum-number-of-webhooks "Permalink") 限制： * 100 個 webhooks 適用于項目. * 50 個 webhooks 適用于組. ## Shared Runners[](#shared-runners "Permalink") GitLab 提供在 GitLab.com 上托管的 Linux 和 Windows 共享運行程序，用于執行管道. **注意：** GitLab 提供的共享運行器**不可**配置. 如果您有特定的配置需求，請考慮[安裝自己的 Runner](https://docs.gitlab.com/runner/install/) . ### Linux Shared Runners[](#linux-shared-runners "Permalink") Linux Shared Runners on GitLab.com run in [autoscale mode](https://docs.gitlab.com/runner/configuration/autoscale.html) and are powered by Google Cloud Platform. Autoscaling means reduced waiting times to spin up CI/CD jobs, and isolated VMs for each project, thus maximizing security. They’re free to use for public open source projects and limited to 2000 CI minutes per month per group for private projects. More minutes [can be purchased](../../subscriptions/index.html#purchasing-additional-ci-minutes), if needed. Read about all [GitLab.com plans](https://about.gitlab.com/pricing/). 您的所有 CI / CD 作業都在具有 3.75GB RAM，CoreOS 和最新 Docker Engine 的[n1-standard-1 實例](https://cloud.google.com/compute/docs/machine-types)上運行. 實例提供 1 個 vCPU 和 25GB 的 HDD 磁盤空間. VM 的默認區域是 US East1\. 每個實例僅用于一項作業，這確保了其他人無法訪問其 CI 作業訪問系統上剩余的任何敏感數據. `gitlab-shared-runners-manager-X.gitlab.com`專用于 GitLab 項目以及它們的社區分支. 它們使用稍大的計算機類型（n1-standard-2），并且具有更大的 SSD 磁盤大小. 它們將不會運行未加標簽的作業，并且與共享賽跑者的一般團隊不同，這些實例最多可重復使用 40 次. 由 GitLab.com（ `shared-runners-manager-X.gitlab.com` ）上的共享 Runner 處理的作業**將在 3 小時后**超時，無論項目中配置的超時時間如何. 檢查問題[4010](https://gitlab.com/gitlab-com/infrastructure/-/issues/4010)和[4070，](https://gitlab.com/gitlab-com/infrastructure/-/issues/4070)以供參考. 以下是共享的"跑步者"設置. | Setting | GitLab.com | Default | | --- | --- | --- | | [GitLab Runner](https://gitlab.com/gitlab-org/gitlab-runner) | [Runner versions dashboard](https://dashboards.gitlab.com/d/000000159/ci?from=now-1h&to=now&refresh=5m&orgId=1&panelId=12&fullscreen&theme=light) | - | | Executor | `docker+machine` | - | | 默認 Docker 映像 | `ruby:2.5` | - | | `privileged` (run [Docker in Docker](https://hub.docker.com/_/docker/)) | `true` | `false` | #### Pre-clone script[](#pre-clone-script "Permalink") 在 Runner 嘗試運行`git init`和`git fetch`下載 GitLab 存儲庫之前，GitLab.com 上的 Linux Shared Runner 提供了一種在 CI 作業中運行命令的方法. [`pre_clone_script`](https://docs.gitlab.com/runner/configuration/advanced-configuration.html)可用于： * 用存儲庫數據播種構建目錄 * 向服務器發送請求 * 從 CDN 下載資產 * `git init`之前必須運行的任何其他命令要使用此功能，請定義一個包含 bash 腳本的[CI / CD 變量](../../ci/variables/README.html#create-a-custom-variable-in-the-ui) `CI_PRE_CLONE_SCRIPT` . [本示例](../../development/pipelines.html#pre-clone-step)演示了如何使用預克隆步驟為構建目錄添加種子. #### `config.toml`[](#configtoml "Permalink") 我們的`config.toml`的完整內容是： **注意：**非公開的設置顯示為`X` **Google Cloud Platform** ``` concurrent = X check_interval = 1 metrics_server = "X" sentry_dsn = "X" [[runners]] name = "docker-auto-scale" request_concurrency = X url = "https://gitlab.com/" token = "SHARED_RUNNER_TOKEN" pre_clone_script = "eval \"$CI_PRE_CLONE_SCRIPT\"" executor = "docker+machine" environment = [ "DOCKER_DRIVER=overlay2", "DOCKER_TLS_CERTDIR=" ] limit = X [runners.docker] image = "ruby:2.5" privileged = true volumes = [ "/certs/client", "/dummy-sys-class-dmi-id:/sys/class/dmi/id:ro" # Make kaniko builds work on GCP. ] [runners.machine] IdleCount = 50 IdleTime = 3600 OffPeakPeriods = ["* * * * * sat,sun *"] OffPeakTimezone = "UTC" OffPeakIdleCount = 15 OffPeakIdleTime = 3600 MaxBuilds = 1 # For security reasons we delete the VM after job has finished so it's not reused. MachineName = "srm-%s" MachineDriver = "google" MachineOptions = [ "google-project=PROJECT", "google-disk-size=25", "google-machine-type=n1-standard-1", "google-username=core", "google-tags=gitlab-com,srm", "google-use-internal-ip", "google-zone=us-east1-d", "engine-opt=mtu=1460", # Set MTU for container interface, for more information check https://gitlab.com/gitlab-org/gitlab-runner/-/issues/3214#note_82892928 "google-machine-image=PROJECT/global/images/IMAGE", "engine-opt=ipv6", # This will create IPv6 interfaces in the containers. "engine-opt=fixed-cidr-v6=fc00::/7", "google-operation-backoff-initial-interval=2" # Custom flag from forked docker-machine, for more information check https://github.com/docker/machine/pull/4600 ] [runners.cache] Type = "gcs" Shared = true [runners.cache.gcs] CredentialsFile = "/path/to/file" BucketName = "bucket-name" ``` ### Windows Shared Runners (beta)[](#windows-shared-runners-beta "Permalink") Windows Shared Runners 當前處于[beta 中](https://about.gitlab.com/handbook/product/#beta) ，不應用于生產工作負載. 在測試版期間， [共享運行程序管道配額](../admin_area/settings/continuous_integration.html#shared-runners-pipeline-minutes-quota-starter-only)將以與 Linux Runners 相同的方式應用于組和項目. 如本[相關問題所述](https://gitlab.com/gitlab-org/gitlab/-/issues/30834) ，當 beta 時期結束時，這可能會改變. 通過在 Google Cloud Platform 上啟動虛擬機，GitLab.com 上的 Windows Shared Runners 可以自動自動縮放. 此解決方案使用 GitLab 為[自定義執行](https://docs.gitlab.com/runner/executors/custom.html) [程序](https://gitlab.com/gitlab-org/ci-cd/custom-executor-drivers/autoscaler/tree/master/docs/readme.md)開發的新[自動縮放驅動程序](https://gitlab.com/gitlab-org/ci-cd/custom-executor-drivers/autoscaler/tree/master/docs/readme.md) . Windows 共享運行程序在具有 2 個 vCPU 和 7.5GB RAM 的`n1-standard-2`實例上執行 CI / CD 作業. 您可以在[軟件包文檔中](https://gitlab.com/gitlab-org/ci-cd/shared-runners/images/gcp/windows-containers/blob/master/cookbooks/preinstalled-software/README.md)找到可用的 Windows 軟件包的完整列表. 我們希望不斷進行迭代，以使 Windows Shared Runners 處于穩定狀態并[普遍可用](https://about.gitlab.com/handbook/product/#generally-available-ga) . 您可以在[相關的史詩中](https://gitlab.com/groups/gitlab-org/-/epics/2162)按照我們的工作朝著這個目標邁進. #### Configuration[](#configuration "Permalink") The full contents of our `config.toml` are: **注意：**非公開的設置顯示為`X` ``` concurrent = X check_interval = 3 [[runners]] name = "windows-runner" url = "https://gitlab.com/" token = "TOKEN" executor = "custom" builds_dir = "C:\\GitLab-Runner\\builds" cache_dir = "C:\\GitLab-Runner\\cache" shell = "powershell" [runners.custom] config_exec = "C:\\GitLab-Runner\\autoscaler\\autoscaler.exe" config_args = ["--config", "C:\\GitLab-Runner\\autoscaler\\config.toml", "custom", "config"] prepare_exec = "C:\\GitLab-Runner\\autoscaler\\autoscaler.exe" prepare_args = ["--config", "C:\\GitLab-Runner\\autoscaler\\config.toml", "custom", "prepare"] run_exec = "C:\\GitLab-Runner\\autoscaler\\autoscaler.exe" run_args = ["--config", "C:\\GitLab-Runner\\autoscaler\\config.toml", "custom", "run"] cleanup_exec = "C:\\GitLab-Runner\\autoscaler\\autoscaler.exe" cleanup_args = ["--config", "C:\\GitLab-Runner\\autoscaler\\config.toml", "custom", "cleanup"] ``` 我們的`autoscaler/config.toml`的完整內容是： ``` Provider = "gcp" Executor = "winrm" OS = "windows" LogLevel = "info" LogFormat = "text" LogFile = "C:\\GitLab-Runner\\autoscaler\\autoscaler.log" VMTag = "windows" [GCP] ServiceAccountFile = "PATH" Project = "some-project-df9323" Zone = "us-east1-c" MachineType = "n1-standard-2" Image = "IMAGE" DiskSize = 50 DiskType = "pd-standard" Subnetwork = "default" Network = "default" Tags = ["TAGS"] Username = "gitlab_runner" [WinRM] MaximumTimeout = 3600 ExecutionMaxRetries = 0 [ProviderCache] Enabled = true Directory = "C:\\GitLab-Runner\\autoscaler\\machines" ``` #### Example[](#example "Permalink") 下面是一個簡單的`.gitlab-ci.yml`文件，以顯示如何開始使用 Windows Shared Runners： ``` .shared_windows_runners: tags: - shared-windows - windows - windows-1809 stages: - build - test before_script: - Set-Variable -Name "time" -Value (date -Format "%H:%m") - echo ${time} - echo "started by ${GITLAB_USER_NAME}" build: extends: - .shared_windows_runners stage: build script: - echo "running scripts in the build job" test: extends: - .shared_windows_runners stage: test script: - echo "running scripts in the test job" ``` #### Limitations and known issues[](#limitations-and-known-issues "Permalink") * [Beta 定義中](https://about.gitlab.com/handbook/product/#beta)提到的所有限制. * 新 Windows VM 的平均配置時間為 5 分鐘. 這意味著在測試期間，您可能會注意到 Windows Shared Runner 機群上的構建開始時間變慢. 在將來的版本中，我們將更新自動縮放器以啟用虛擬機的預配置. 這將大大減少在 Windows 機群上配置 VM 所花費的時間. 您可以按照[相關問題進行操作](https://gitlab.com/gitlab-org/ci-cd/custom-executor-drivers/autoscaler/-/issues/32) . * Windows Shared Runner 艦隊可能偶爾不可用進行維護或更新. * Windows Shared Runner 虛擬機實例不使用 GitLab Docker 執行器. 這意味著您將無法在管道配置中指定[`image`](../../ci/yaml/README.html#image)或[`services`](../../ci/yaml/README.html#services) . * 對于 Beta 版本，我們在基本 VM 映像中包含了一組軟件包. 如果您的 CI 作業需要此列表中未包含的其他軟件，那么您將需要在[`before_script`](../../ci/yaml/README.html#before_script-and-after_script)或[`script`](../../ci/yaml/README.html#script)添加安裝命令以安裝所需的軟件. 請注意，每個作業都在新的 VM 實例上運行，因此需要為管道中的每個作業重復安裝其他軟件包. * 作業在等待狀態中的停留時間可能比 Linux 共享運行器更長. * 我們有可能引入重大更改，這將需要更新使用 Windows Shared Runner 組件的管道. ## Sidekiq[](#sidekiq "Permalink") GitLab.com 使用參數`--timeout=4 --concurrency=4`和以下環境變量運行[Sidekiq](https://sidekiq.org) ： | Setting | GitLab.com | Default | | --- | --- | --- | | `SIDEKIQ_DAEMON_MEMORY_KILLER` | - | - | | `SIDEKIQ_MEMORY_KILLER_MAX_RSS` | `2000000` | `2000000` | | `SIDEKIQ_MEMORY_KILLER_HARD_LIMIT_RSS` | - | - | | `SIDEKIQ_MEMORY_KILLER_CHECK_INTERVAL` | - | `3` | | `SIDEKIQ_MEMORY_KILLER_GRACE_TIME` | - | `900` | | `SIDEKIQ_MEMORY_KILLER_SHUTDOWN_WAIT` | - | `30` | | `SIDEKIQ_LOG_ARGUMENTS` | `1` | - | **注意：**在 Sidekiq 導入節點和 Sidekiq 導出節點上， `SIDEKIQ_MEMORY_KILLER_MAX_RSS`設置為`16000000` . ## PostgreSQL[](#postgresql "Permalink") GitLab.com being a fairly large installation of GitLab means we have changed various PostgreSQL settings to better suit our needs. For example, we use streaming replication and servers in hot-standby mode to balance queries across different database servers. GitLab.com 特定設置（及其默認設置）的列表如下： | Setting | GitLab.com | Default | | --- | --- | --- | | `archive_command` | `/usr/bin/envdir /etc/wal-e.d/env /opt/wal-e/bin/wal-e wal-push %p` | empty | | `archive_mode` | on | off | | `autovacuum_analyze_scale_factor` | 0.01 | 0.01 | | `autovacuum_max_workers` | 6 | 3 | | `autovacuum_vacuum_cost_limit` | 1000 | -1 | | `autovacuum_vacuum_scale_factor` | 0.01 | 0.02 | | `checkpoint_completion_target` | 0.7 | 0.9 | | `checkpoint_segments` | 32 | 10 | | `effective_cache_size` | 338688MB | 基于可用內存量 | | `hot_standby` | on | off | | `hot_standby_feedback` | on | off | | `log_autovacuum_min_duration` | 0 | -1 | | `log_checkpoints` | on | off | | `log_line_prefix` | `%t [%p]: [%l-1]` | empty | | `log_min_duration_statement` | 1000 | -1 | | `log_temp_files` | 0 | -1 | | `maintenance_work_mem` | 2048MB | 16 兆字節 | | `max_replication_slots` | 5 | 0 | | `max_wal_senders` | 32 | 0 | | `max_wal_size` | 5GB | 1GB | | `shared_buffers` | 112896MB | 基于可用內存量 | | `shared_preload_libraries` | pg_stat_statements | empty | | `shmall` | 30146560 | 基于服務器的功能 | | `shmmax` | 123480309760 | 基于服務器的功能 | | `wal_buffers` | 16MB | -1 | | `wal_keep_segments` | 512 | 10 | | `wal_level` | replica | minimal | | `statement_timeout` | 15s | 60s | | `idle_in_transaction_session_timeout` | 60s | 60s | 其中一些設置正在調整過程中. 例如， `shared_buffers`的值很高，因此我們正在考慮對其進行調整. 有關此特定更改的更多信息，請參見[https://gitlab.com/gitlab-com/infrastructure/-/issues/1555](https://gitlab.com/gitlab-com/infrastructure/-/issues/1555) . 可以在[https://gitlab.com/gitlab-com/infrastructure/-/issues?scope=all&utf8=?&state=opened&label_name[]=database&label_name[]=change](https://gitlab.com/gitlab-com/infrastructure/-/issues?scope=all&utf8=?&state=opened&label_name[]=database&label_name[]=change)找到最新的建議更改列表. ## Unicorn[](#unicorn "Permalink") GitLab.com 調整了[獨角獸殺手級](https://rubygems.org/gems/unicorn-worker-killer)寶石的內存限制. 基本默認值： * `memory_limit_min` = 750MiB * `memory_limit_max` = 1024MiB Web 前端： * `memory_limit_min` = 1024MiB * `memory_limit_max` = 1280MiB ## GitLab.com-specific rate limits[](#gitlabcom-specific-rate-limits "Permalink") **注意：**有關管理員文檔，請參閱[速率限制](../../security/rate_limits.html) . 當 GitLab.com 從單個 IP 地址接收到異常流量時，通常會發生 IP 阻止，系統根據速率限制設置將其視為潛在惡意軟件. 在異常流量停止后，IP 地址將根據阻止類型自動釋放，如下所述. 如果您對 GitLab.com 的所有請求均收到`403 Forbidden`錯誤，請檢查是否有任何自動流程可能觸發了阻止. 要獲得幫助，請與[GitLab 支持人員](https://support.gitlab.com/hc/en-us)聯系，以獲取詳細信息，例如受影響的 IP 地址. ### HAProxy API throttle[](#haproxy-api-throttle "Permalink") 對于每個 IP 地址每秒超過 10 個請求的 API 請求，GitLab.com 會以 HTTP 狀態代碼`429`進行響應. 所有 API 請求均包含以下示例標頭： ``` RateLimit-Limit: 600 RateLimit-Observed: 6 RateLimit-Remaining: 594 RateLimit-Reset: 1563325137 RateLimit-ResetTime: Wed, 17 Jul 2019 00:58:57 GMT ``` Source: * 在[GitLab.com 的當前 HAProxy 設置中](https://gitlab.com/gitlab-cookbooks/gitlab-haproxy/blob/master/attributes/default.rb)搜索`rate_limit_http_rate_per_minute`和`rate_limit_sessions_per_second` . ### Rack Attack initializer[](#rack-attack-initializer "Permalink") [機架攻擊](../../security/rack_attack.html)實施的速率限制的詳細信息. #### Protected paths throttle[](#protected-paths-throttle "Permalink") GitLab.com 以 HTTP 狀態代碼`429`響應在每個 IP 地址每**分鐘**超過 10 個請求的受保護路徑上的 POST 請求. 請參閱下面的源，了解哪些路徑受保護. 這包括用戶創建，用戶確認，用戶登錄和密碼重置. 此標頭包含在對阻止的請求的響應中： ``` Retry-After: 60 ``` 有關更多詳細信息，請參見[受保護的路徑](../admin_area/settings/protected_paths.html) . #### Git and container registry failed authentication ban[](#git-and-container-registry-failed-authentication-ban "Permalink") 如果在 3 分鐘內從一個 IP 地址收到 30 個失敗的身份驗證請求，則 GitLab.com 會以 HTTP 狀態代碼`403`響應 1 小時. 這僅適用于 Git 請求和容器注冊表（ `/jwt/auth` ）請求（組合）. 此限制： * 由成功認證的請求重置. 例如，29 個失敗的身份驗證請求后跟 1 個成功的請求，然后再有 29 個失敗的身份驗證請求不會觸發禁止. * 不適用于`gitlab-ci-token`認證的 JWT 請求. 沒有提供響應頭. ### Admin Area settings[](#admin-area-settings "Permalink") GitLab.com: * [將原始端點的速率限制](../../user/admin_area/settings/rate_limits_on_raw_endpoints.html)設置為默認值. * 沒有啟用用戶和 IP 速率限制設置. ### Visibility settings[](#visibility-settings "Permalink") 在 GitLab.com 上，自 GitLab 12.2（2019 年 7 月）起創建的項目，組和代碼段[在 GitLab.com 上禁用](https://gitlab.com/gitlab-org/gitlab/-/issues/12388)了[**內部**可見性](../../public_access/public_access.html#internal-projects)設置. ### SSH maximum number of connections[](#ssh-maximum-number-of-connections "Permalink") GitLab.com 通過使用[MaxStartups 設置](http://man.openbsd.org/sshd_config.5#MaxStartups)來定義并發，未經[身份](http://man.openbsd.org/sshd_config.5#MaxStartups)驗證的 SSH 連接的最大數量. 如果同時發生的連接數超過了允許的最大連接數，則會將其丟棄，并且用戶會收到[`ssh_exchange_identification`錯誤](../../topics/git/troubleshooting_git.html#ssh_exchange_identification-error) . ### Import/export[](#importexport "Permalink") 為了避免濫用，對項目和組的導入，導出和導出下載進行了速率限制. 有關詳細信息，請參見[項目導入/導出速率限制](../../user/project/settings/import_export.html#rate-limits)和[組導入/導出速率限制](../../user/group/settings/import_export.html#rate-limits) . ## GitLab.com Logging[](#gitlabcom-logging "Permalink") 我們使用[Fluentd](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#fluentd)解析日志. Fluentd 將我們的日志發送到 Stackdriver [Logging](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#stackdriver)和[Cloud Pub / Sub](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#cloud-pubsub) . Stackdriver 用于將日志長期存儲在 Google Cold Storage（GCS）中. Cloud Pub / Sub 用于使用[pubsubbeat](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#pubsubbeat-vms)將日志轉發到[Elastic 集群](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#elastic) . 您可以在我們的運行手冊中查看更多信息，例如： * A [detailed list of what we’re logging](https://gitlab.com/gitlab-com/runbooks/-/tree/master/docs/logging#what-are-we-logging) * Our [current log retention policies](https://gitlab.com/gitlab-com/runbooks/-/tree/master/docs/logging#retention) * A [diagram of our logging infrastructure](https://gitlab.com/gitlab-com/runbooks/-/tree/master/docs/logging#logging-infrastructure-overview) ## GitLab.com at scale[](#gitlabcom-at-scale "Permalink") In addition to the GitLab Enterprise Edition Omnibus install, GitLab.com uses the following applications and settings to achieve scale. All settings are publicly available at [chef cookbooks](https://gitlab.com/gitlab-cookbooks). ### Elastic Cluster[](#elastic-cluster "Permalink") 我們使用 Elasticsearch 和 Kibana 作為我們的監控解決方案的一部分： * [`gitlab-cookbooks` / `gitlab-elk` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab-elk) * [`gitlab-cookbooks` / `gitlab_elasticsearch` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab_elasticsearch) ### Fluentd[](#fluentd "Permalink") 我們使用 Fluentd 統一我們的 GitLab 日志： * [`gitlab-cookbooks` / `gitlab_fluentd` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab_fluentd) ### Prometheus[](#prometheus "Permalink") Prometheus 完成了我們的監視堆棧： * [`gitlab-cookbooks` / `gitlab-prometheus` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab-prometheus) ### Grafana[](#grafana "Permalink") 為了可視化監視數據： * [`gitlab-cookbooks` / `gitlab-grafana` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab-grafana) ### Sentry[](#sentry "Permalink") 開源錯誤跟蹤： * [`gitlab-cookbooks` / `gitlab-sentry` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab-sentry) ### Consul[](#consul "Permalink") 服務發現： * [`gitlab-cookbooks` / `gitlab_consul` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab_consul) ### HAProxy[](#haproxy "Permalink") 高性能 TCP / HTTP 負載均衡器： * [`gitlab-cookbooks` / `gitlab-haproxy` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab-haproxy)