diff --git a/README.md b/README.md index 12f3ff50..4792a4f8 100644 --- a/README.md +++ b/README.md @@ -873,6 +873,7 @@ Below is the complete list of available options that can be used to customize yo | `GITLAB_BACKUP_SKIP` | Specified sections are skipped by the backups. Defaults to empty, i.e. `lfs,uploads`. [See](http://doc.gitlab.com/ce/raketasks/backup_restore.html#create-a-backup-of-the-gitlab-system) | | `GITLAB_SSH_HOST` | The ssh host. Defaults to **GITLAB_HOST**. | | `GITLAB_SSH_LISTEN_PORT` | The ssh port for SSHD to listen on. Defaults to `22` | +| `GITLAB_SSH_MAXSTARTUPS` | The ssh "MaxStartups" parameter, defaults to `10:30:60`. | | `GITLAB_SSH_PORT` | The ssh port number. Defaults to `$GITLAB_SSH_LISTEN_PORT`. | | `GITLAB_RELATIVE_URL_ROOT` | The relative url of the GitLab server, e.g. `/git`. No default. | | `GITLAB_TRUSTED_PROXIES` | Add IP address reverse proxy to trusted proxy list, otherwise users will appear signed in from that address. Currently only a single entry is permitted. No defaults. | diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults index e3a7362c..db1eb56f 100644 --- a/assets/runtime/env-defaults +++ b/assets/runtime/env-defaults @@ -28,6 +28,7 @@ GITLAB_SSH_HOST=${GITLAB_SSH_HOST:-$GITLAB_HOST} GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-$GITLAB_SHELL_SSH_PORT} # for backwards compatibility GITLAB_SSH_LISTEN_PORT=${GITLAB_SSH_LISTEN_PORT:-22} GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-$GITLAB_SSH_LISTEN_PORT} +GITLAB_SSH_MAXSTARTUPS=${GITLAB_SSH_MAXSTARTUPS:-10:30:60} NGINX_HSTS_ENABLED=${NGINX_HSTS_ENABLED:-$GITLAB_HTTPS_HSTS_ENABLED} # backward compatibility NGINX_HSTS_ENABLED=${NGINX_HSTS_ENABLED:-true} diff --git a/assets/runtime/functions b/assets/runtime/functions index e6f83c03..a4e0ef4d 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -1497,6 +1497,7 @@ generate_ssh_key() { } generate_ssh_host_keys() { + sed -i "s|^[#]*MaxStartups 10:30:60|MaxStartups ${GITLAB_SSH_MAXSTARTUPS}|" /etc/ssh/sshd_config sed -i "s|#HostKey /etc/ssh/|HostKey ${GITLAB_DATA_DIR}/ssh/|g" /etc/ssh/sshd_config if [[ ! -e ${GITLAB_DATA_DIR}/ssh/ssh_host_rsa_key ]]; then echo -n "Generating OpenSSH host keys... "