# Server Configuration

## Requirements

* PostLab Local requires GitLab EE 14 (all minors) or GitLab EE 15 up to 15.8.3. No other version is supported.

{% hint style="info" %}
GitLab CE and EE are identical, but GitLab only offers (paid) support for EE. An unlicensed EE instance is the same as CE. However, migrating from CE to EE isn't easy so GitLab recommends installing EE anyway. If for some reason you'd require GitLab support, this way the option is at least on the table. In practice, no support or a license is needed to use GitLab with PostLab.
{% endhint %}

* Make sure your server accepts incoming connections on port `8443`.

## GitLab

GitLab has two ways to manage settings, and those ways partially overlap. Hence, you'll configure some settings in the [`gitlab.rbfile`](#gitlab.rb), and others through [the management console ("website")](#website-settings).

### gitlab.rb

File Location: `/etc/gitlab/gitlab.rb`

Some server settings are only available to configure in `gitlab.rb`. Required settings for PostLab Local are listed below.

<table><thead><tr><th width="188">Setting</th><th>Description</th></tr></thead><tbody><tr><td>external_url</td><td><p>This should be an <code>https</code> address. Use a valid certificate on this server, and use port <code>8443</code>.</p><p></p><p>⚠️ The <code>external_url</code> must contain a subdomain, a second level domain, and a top level domain.</p><p></p><p> <code>external url 'https://myvalid.domain.name:8443'</code></p><p><br>• <code>myvalid</code> - subdomain<br>• <code>domain</code> - second-level domain</p><p>• <code>name</code> - top-level domain</p></td></tr><tr><td>Backups</td><td>Please consider a good backup strategy that allows you to restore your server if needed. More direction is available in GitLab's documentation.</td></tr><tr><td>Emails</td><td><p>Disable emailing in GitLab:<br></p><p><code>gitlab_rails['gitlab_email_enabled'] = false</code></p></td></tr><tr><td>Default project feature settings</td><td><p>This setting will enable/disable certain project features. Disable these settings, as they're unnecessary for PostLab use:</p><p></p><p><code>gitlab_rails['gitlab_default_projects_features_issues'] = true</code> <br><br><code>gitlab_rails['gitlab_default_projects_features_merge_requests'] = false</code> <br><br><code>gitlab_rails['gitlab_default_projects_features_wiki'] = false</code> <br><br><code>gitlab_rails['gitlab_default_projects_features_snippets'] = false</code> <br><br><code>gitlab_rails['gitlab_default_projects_features_builds'] = false</code> <br><br><code>gitlab_rails['gitlab_default_projects_features_container_registry'] = false</code></p></td></tr><tr><td>Default User Settings</td><td><p>In PostLab, a Team is a GitLab root-level group. Typically, users should not be able to create Teams. </p><ul><li>In GitLab 15.4 and earlier, set this configuration in <code>gitlab.rb</code>:<br><code>gitlab_rails['gitlab_default_can_create_group'] = false</code></li><li>In version 15.5 and later, this needs to be configured in the gui, so that's documented further down in this document.</li></ul></td></tr><tr><td>Storage</td><td>It's a best practice to ensure your repositories/projects live on a different volume than your OS. More direction is available in GitLab's documentation.</td></tr><tr><td>LFS</td><td><p>You MUST enable LFS. Direction on enabling LFS is available in GitLab's documentation.</p><p></p><p>If you want to keep LFS storage locally, typically the syntax would look like this:<br></p><p><code>gitlab_rails['lfs_enabled'] = true</code><br><br><code>gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects”</code></p></td></tr></tbody></table>

{% hint style="warning" %}
After modifying `/etc/gitlab/gitlab.rb`, you must issue a `gitlab-ctl reconfigure` command for the new configuration to take effect.
{% endhint %}

### Website settings

These settings are available inside the Admin Area of your GitLab server.

#### General

***Visibility and access controls***

| **Default project creation protection** | Developers + Maintainers                                         |
| --------------------------------------- | ---------------------------------------------------------------- |
| **Default project visibility**          | Private                                                          |
| **Default snippet visibility**          | Private                                                          |
| **Default group visibility**            | Private                                                          |
| **Restricted visibility levels**        | <p>Private: disabled<br>Internal: enabled<br>Public: enabled</p> |
| **Import sources**                      | All disabled                                                     |
| **Enabled Git access protocols**        | Only HTTP(S)                                                     |

***Account and limit***

| **New users set to external**                                         | disabled |
| --------------------------------------------------------------------- | -------- |
| **Prompt users to upload SSH keys**                                   | disabled |
| In GitLab 15.5 and up: **Allow new users to create top-level groups** | disabled |

***Sign-in restrictions***

| **Allow password authentication for the web interface** | enabled  |
| ------------------------------------------------------- | -------- |
| **Enforce two-factor authentication**                   | disabled |

#### Repository

***Default branch***

| **Initial default branch name**       | master              |
| ------------------------------------- | ------------------- |
| **Initial default branch protection** | Partially protected |

***Repository maintenance***

| **Enable repository checks**                 | enabled |
| -------------------------------------------- | ------- |
| **Enable automatic repository housekeeping** | enabled |
| **Incremental repack period**                | 10      |
| **Full repack period**                       | 20      |
| **Git GC period**                            | 30      |

#### CI/CD

***Continuous Integration and Deployment***

| **Default to Auto DevOps pipeline for all projects** | disabled |
| ---------------------------------------------------- | -------- |
| **Enable shared runners for new projects**           | disabled |

### Access Token

PostLab Local requires a license key (or `activation number`), and your license key is linked to a GitLab server. Before we can create a license key, you'll need to create an access token from your GitLab server, which you'll send to us.

1. Create a GitLab user expressly for creating the access token. This user does not have to be an admin.
2. Log in as that user.

{% hint style="warning" %}
You must log into GitLab’s web interface with this user at least once.
{% endhint %}

3. Go to `User Settings > Personal Access Tokens.`

<figure><img src="/files/iKfUwBPSVcB16eIOlqj3" alt=""><figcaption><p>User Settings > Personal Access Tokens</p></figcaption></figure>

4. Add a token, and give it a name in `Token name`.
5. Leave the `Expiration date` blank. Do not add an expiration date, as this token should never expire.
6. Enable the `read_api` permission and nothing more.

{% hint style="warning" %}
Before you click `Create personal access token`, have your password manager ready or have something available to record your access token. Clicking `Create personal access token` displays the access token only once.
{% endhint %}

7. Click `Create personal access token` then record the access token displayed in a safe place, like a password manager.
8. Send us your access token: <postlab@hedge.video>.

Once we receive your access token, we'll process it, then send you your `activation number`, which is your license key for the PostLab Local client.

### Users & Groups

Next, you can start creating users and groups.

PostLab Local only supports local GitLab users. Some GitLab features like LDAP or OmniAuth are currently unsupported in PostLab Local.

#### Groups

*Root-level* groups in GitLab are displayed as Teams in PostLab. Also, users can belong to multiple Teams/groups.

{% hint style="danger" %}
PostLab Local does not support GitLab subgroup or project user permissions, and using these will break PostLab.
{% endhint %}

#### Users

A user can either be a `Maintainer`, `Owner`, or `Guest`.

`Maintainers` can create Folders, `Productions` and add FCP Libraries and Premiere Pro Projects, but aren't allowed to delete `Productions`.

{% hint style="success" %}
A `Maintainer` in GitLab is called an `Editor` in PostLab.&#x20;
{% endhint %}

`Owners` can delete Folders, `Productions`, FCP Libraries, and Premiere Pro Projects. You can also grant `Owners` permission to create and remove Folders within a Team. You can set this up in `Settings > General` of a group.

A `Guest` has read-only access.

{% hint style="info" %}
Setting a user's `Max role` in GitLab to anything other than `Maintainer` or `Owner` will result in a Team Member being assigned a `Guest` role in PostLab.
{% endhint %}

Once you create a user, you (or the new user) must [take these steps before using the PostLab Local Client:](/postlab-classic/postlab-local/client-installation.md#prerequisites)

1. Log into the GitLab server via a Web browser as that user.
2. Reset the password for that user.

[Next, create the self-signed certificate.](/postlab-classic/postlab-local/self-signed-certificates.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.hedge.video/postlab-classic/postlab-local/server-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.