ApplicationSettings

If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.

Require administrators to enable Admin Mode by re-authenticating for administrative tasks.

Where to redirect users after logout.

Text shown to the user after signing up.

API key for Akismet spam protection.

(If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.

Set to true to allow group owners to manage LDAP.

Allow requests to the local network from system hooks.

Allow requests to the local network from web hooks and services.

Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.

Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.

(If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.

Shared secret with the asset proxy server. GitLab restart is required to apply changes.

URL of the asset proxy server. GitLab restart is required to apply changes.

By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.

Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.

Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.

Enabling this permits automatic allocation of purchased storage in a namespace.

Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.

Custom hostname (for private commit emails).

Enable cleanup policies for all projects.

The maximum number of tags that can be deleted in a single execution of cleanup policies.

The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.

Caching during the execution of cleanup policies.

Number of workers for cleanup policies.

Container Registry token duration in minutes.

Enable automatic deactivation of dormant users.

Set the default expiration time for each job’s artifacts.

Instance-level custom initial branch name (introduced in GitLab 13.2).

Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.

Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).

What visibility level new groups receive. Can take private, internal and public as a parameter. Default is private.

Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).

Project limit per user. Default is 100000.

What visibility level new projects receive. Can take private, internal and public as a parameter. Default is private.

What visibility level new snippets receive. Can take private, internal and public as a parameter. Default is private.

Enable delayed group deletion. Default is true. Introduced in GitLab 15.0. From GitLab 15.1, disables and locks the group-level setting for delayed protect deletion when set to false.

Enable delayed project deletion by default in new groups. Default is false. From GitLab 15.1, can only be enabled when delayedgroupdeletion is true.

Enable inactive project deletion feature. Default is false. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion, disabled by default).

The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90. Defaults to 7. From GitLab 15.1, a hook on deletionadjournedperiod sets the period to 1 on every update, and sets both delayedprojectdeletion and delayedgroupdeletion to false if the period is 0.

Maximum files in a diff.

Maximum lines in a diff.

Maximum diff patch size, in bytes.

Disabled OAuth sign-in sources.

Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).

Enforce DNS rebinding attack protection.

Force people to use only corporate emails for sign-up. Default is null, meaning there is no restriction.

(If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.

Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.

The minimum allowed bit length of an uploaded DSA key. Default is 0 (no restriction). -1 disables DSA keys.

The minimum allowed curve size (in bits) of an uploaded ECDSA key. Default is 0 (no restriction). -1 disables ECDSA keys.

The minimum allowed curve size (in bits) of an uploaded ECDSASK key. Default is 0 (no restriction). -1 disables ECDSASK keys.

The minimum allowed curve size (in bits) of an uploaded ED25519 key. Default is 0 (no restriction). -1 disables ED25519 keys.

The minimum allowed curve size (in bits) of an uploaded ED25519SK key. Default is 0 (no restriction). -1 disables ED25519SK keys.

AWS IAM access key ID.

Amazon account ID.

Enable integration with Amazon EKS.

AWS IAM secret access key.

Enable the use of AWS hosted Elasticsearch.

AWS IAM access key.

The AWS region the Elasticsearch domain is configured.

AWS IAM secret access key.

Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.

Maximum size of repository and wiki files that are indexed by Elasticsearch.

Enable Elasticsearch indexing.

Limit Elasticsearch to index certain namespaces and projects.

Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.

Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.

The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.

The password of your Elasticsearch instance.

The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.

Enable Elasticsearch search.

The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).

The username of your Elasticsearch instance.

Additional text added to the bottom of every email for legal/auditing/compliance reasons.

Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.

Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.

Enabling this permits enforcement of namespace storage limits.

(If enabled, requires: terms) Enforce application ToS to all users.

(If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.

Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.

Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.

The default classification label to use when requesting authorization and no classification label has been specified on the project.

(If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.

The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).

URL to which authorization requests are directed.

How long to wait for a response from the pipeline validation service. Assumes OK if it times out.

Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.

URL to use for pipeline validation requests.

The ID of a project to load custom file templates from.

Start day of the week for calendar views and date pickers. Valid values are 0 (default) for Sunday, 1 for Monday, and 6 for Saturday.

Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.

The amount of seconds after which a request to get a secondary node status times out.

Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.

Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.

Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.

List of usernames excluded from Git anti-abuse rate limits. Default: [], Maximum: 100 usernames. Introduced in GitLab 15.2.

Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.

Enable Grafana.

Grafana URL.

Enable Gravatar.

Prevent overrides of default branch protection.

Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).

Hide marketing-related entries from help.

Alternate support URL for help page and help dropdown.

Custom text displayed on the help page.

GitLab server administrator information.

Do not display offers from third parties in GitLab.

Redirect to this URL when not logged in.

(If enabled, requires: housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod) Enable or disable Git housekeeping.

Number of Git pushes after which an incremental git repack is run.

Number of Git pushes after which git gc is run.

Number of Git pushes after which an incremental git repack is run.

Enable HTML emails.

Sources to allow project import from, possible values: github, bitbucket, bitbucketserver, gitlab, fogbugz, git, gitlabproject, gitea, manifest, and phabricator.

If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Default is 2. Introduced in GitLab 14.10. Became operational in GitLab 15.0.

If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Default is 0. Introduced in GitLab 14.10. Became operational in GitLab 15.0.

If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Default is 1. Introduced in GitLab 14.10. Became operational in GitLab 15.0.

Enable in-product marketing emails. Enabled by default.

Enable Invisible CAPTCHA spam detection during sign-up. Disabled by default.

Max number of issue creation requests per minute per user. Disabled by default.

Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time. Enabled by default.

Increase this value when any cached Markdown should be invalidated.

Enable Mailgun event receiver.

The Mailgun HTTP webhook signing key for receiving events from webhook.

When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.

Message displayed when instance is in maintenance mode.

Maximum artifacts size in MB.

Limit attachment size in MB.

Maximum export size in MB. 0 for unlimited. Default = 0 (unlimited).

Maximum import size in MB. 0 for unlimited. Default = 0 (unlimited) Modified from 50MB to 0 in GitLab 13.8.

Maximum number of unique repositories a user can download in the specified time period before they are banned. Default: 0, Maximum: 10,000 repositories. Introduced in GitLab 15.1.

Reporting time period (in seconds). Default: 0, Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.

Maximum size of pages repositories in MB.

Maximum allowable lifetime for access tokens in days.

Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.

A method call is only tracked when it takes longer than the given amount of milliseconds.

Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.

Minimum capacity to be available before scheduling more mirrors preemptively.

Maximum number of mirrors that can be synchronizing at the same time.

Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.

Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.

Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.

Number of workers assigned to the packages cleanup policies.

Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.

Enable authentication for Git over HTTP(S) via a GitLab account password. Default is true.

Enable authentication for the web interface via a GitLab account password. Default is true.

Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.

Indicates whether passwords require at least one number. Introduced in GitLab 15.1.

Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.

Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.

Path of the group that is allowed to toggle the performance bar.

Prefix for all generated personal access tokens.

Maximum number of pipeline creation requests per minute per user and commit. Disabled by default.

(If enabled, requires: plantuml_url) Enable PlantUML integration. Default is false.

The PlantUML instance URL for integration.

Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.

Enable project export.

Enable Prometheus metrics.

CI/CD variables are protected by default.

Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.

Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.

Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.

When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.

Max number of requests per minute for each raw path. Default: 300. To disable throttling set to 0.

(If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.

Private key for reCAPTCHA.

Site key for reCAPTCHA.

Maximum push size (MB).

GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.

Size limit per repository (MB).

(GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.

(GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.

When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.

(If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.

Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Default is null which means there is no restriction.

The minimum allowed bit length of an uploaded RSA key. Default is 0 (no restriction). -1 disables RSA keys.

Max number of requests per minute for performing a search while authenticated. Default: 30. To disable throttling set to 0.

Max number of requests per minute for performing a search while unauthenticated. Default: 10. To disable throttling set to 0.

Send confirmation email on sign-up.

Session duration in minutes. GitLab restart is required to apply changes.

(If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.

Set the maximum number of CI/CD minutes that a group can use on shared runners per month.

Shared runners text.

The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis. Default: 100 000 bytes (100KB).

The threshold in bytes at which Sidekiq jobs are rejected. Default: 0 bytes (doesn’t reject any job).

track or compress. Sets the behavior for Sidekiq job size limits. Default: ‘compress’.

Text on the login page.

Enable registration. Default is true.

(If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.

The app ID of the Slack-app.

The app secret of the Slack-app.

The signing secret of the Slack-app.

The verification token of the Slack-app.

Max snippet content size in bytes. Default: 52428800 Bytes (50MB).

The Snowplow site name / application ID. (for example, gitlab)

The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)

The Snowplow cookie domain. (for example, .gitlab.com)

Enable snowplow tracking.

Enables Sourcegraph integration. Default is false. If enabled, requires sourcegraph_url.

Blocks Sourcegraph from being loaded on private and internal projects. Default is true.

The Sourcegraph instance URL for integration.

API key used by GitLab for accessing the Spam Check service endpoint.

Enables spam checking using external Spam Check API endpoint. Default is false.

URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.

Enable pipeline suggestion banner.

Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.

(Required by: enforce_terms) Markdown content for the ToS.

(If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).

Rate limit period (in seconds).

Maximum requests per period per user.

(If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.

Rate limit period (in seconds). View Package Registry rate limits for more details.

Maximum requests per period per user. View Package Registry rate limits for more details.

(If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).

Rate limit period (in seconds).

Maximum requests per period per user.

(If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).

Rate limit period in seconds.

Max requests per period per IP.

(If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.

Rate limit period (in seconds). View Package Registry rate limits for more details.

Maximum requests per period per user. View Package Registry rate limits for more details.

(If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).

Rate limit period in seconds.

Max requests per period per IP.

Limit display of time tracking units to hours. Default is false.

Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.

(If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.

Maximum number of IPs per user.