Commit 19af52d6 authored by Nick Gaskill's avatar Nick Gaskill

Merge branch 'sabrams-master-patch-42203' into 'master'

Update dependency proxy docs with JWT expiration notes

See merge request gitlab-org/gitlab!85004
parents c287cb7e 47db2c3f
...@@ -265,6 +265,20 @@ Feature.disable(:dependency_proxy_for_private_groups) ...@@ -265,6 +265,20 @@ Feature.disable(:dependency_proxy_for_private_groups)
Feature.enable(:dependency_proxy_for_private_groups) Feature.enable(:dependency_proxy_for_private_groups)
``` ```
## Changing the JWT expiration
The Dependency Proxy follows the [Docker v2 token authentication flow](https://docs.docker.com/registry/spec/auth/token/),
issuing the client a JWT to use for the pull requests. The token expiration time is a configurable
using the application setting `container_registry_token_expire_delay`. It can be changed from the
rails console:
```ruby
# update the JWT expiration to 30 minutes
ApplicationSetting.update(container_registry_token_expire_delay: 30)
```
The default expiration and the expiration on GitLab.com is 15 minutes.
## Using the dependency proxy behind a proxy ## Using the dependency proxy behind a proxy
1. Edit `/etc/gitlab/gitlab.rb` and add the following lines: 1. Edit `/etc/gitlab/gitlab.rb` and add the following lines:
......
...@@ -96,6 +96,14 @@ You can authenticate using: ...@@ -96,6 +96,14 @@ You can authenticate using:
Users accessing the Dependency Proxy with a personal access token or username and password must Users accessing the Dependency Proxy with a personal access token or username and password must
have at least the Guest role for the group they pull images from. have at least the Guest role for the group they pull images from.
The Dependency Proxy follows the [Docker v2 token authentication flow](https://docs.docker.com/registry/spec/auth/token/),
issuing the client a JWT to use for the pull requests. The JWT issued as a result of authenticating
expires after some time. When the token expires, most Docker clients store your credentials and
automatically request a new token without further action.
The token expiration time is a [configurable setting](../../../administration/packages/dependency_proxy.md#changing-the-jwt-expiration).
On GitLab.com, the expiration time is 15 minutes.
#### SAML SSO #### SAML SSO
When [SSO enforcement](../../group/saml_sso/index.md#sso-enforcement) When [SSO enforcement](../../group/saml_sso/index.md#sso-enforcement)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment