Skip to content

Commit

Permalink
healthcheck: Use IPv4 loopback address instead of localhost
Browse files Browse the repository at this point in the history 
Access to health check resources such as /-/liveness
is restricted to IPs specified in gitlab.monitoring.ip_whitelist
(`GITLAB_MONITORING_IP_WHITELIST`).
The name `localhost` is solved to IPv6 loopback address (::1)
that is not listed in the whitelist by default.

Possible alternate designs:
- Add IPv6 loopback to whitelist
- Disable IPv6 for gitlab container by specifying `net.ipv6.conf.all.disable_ipv6=1`
  in docker-compose.yml for example
  See #2766 (comment)
  • Loading branch information
@Gaibhne @sachilles
Gaibhne authored and sachilles committed Sep 25, 2024
1 parent 5e97a14 commit db2ab53
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion assets/runtime/functions
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1864,7 +1864,7 @@ generate_healthcheck_script() {
fi
cat > /usr/local/sbin/healthcheck <<EOF
#!/bin/bash
url=${HEALTHCHECK_PROTOCOL}://localhost${GITLAB_RELATIVE_URL_ROOT}/-/liveness
url=${HEALTHCHECK_PROTOCOL}://127.0.0.1${GITLAB_RELATIVE_URL_ROOT}/-/liveness
options=( '--insecure' '--silent' )
curl "\${options[@]}" \$url
[[ "\$(curl \${options[@]} -o /dev/null -I -w '%{http_code}' \$url)" == "200" ]]
Expand Down

0 comments on commit db2ab53

Please sign in to comment.