change the default nginx status listen address from 0.0.0.0 to 127.0.0.1
According to https://docs.gitlab.com/omnibus/settings/nginx.html#enabling-disabling-nginx_status, by default, nginx status should be listening at 127.0.0.1
but its actually listening at 0.0.0.0
. This happens because the /var/opt/gitlab/nginx/conf/nginx-status.conf
configuration file is:
server {
listen *:8060;
server_name localhost;
location /nginx_status {
stub_status on;
server_tokens off;
access_log off;
allow 127.0.0.1;
deny all;
}
}
That listen *:8060
should be listen 127.0.0.1:8060
.
BTW, can you also set server_tokens off;
at the server level?
I'm using gitlab-ce 10.0.3-ce.0 in a ubuntu 16.04.3 vm.
As a workaround, I'm using this on gitlab.rb:
### Nginx status
nginx['status'] = {
"enable" => true,
"listen_addresses" => ["127.0.0.1"],
"fqdn" => "localhost",
"port" => 8060,
"options" => {
"stub_status" => "on", # Turn on stats
"server_tokens" => "off", # Don't show the version of NGINX
"access_log" => "off", # Disable logs for stats
"allow" => "127.0.0.1", # Only allow access from localhost
"deny" => "all" # Deny access to anyone else
}
}