Server Configuration

Requirements

  • PostLab Local requires GitLab EE 14 (all minors) or GitLab EE 15 up to 15.8.3. No other version is supported.

GitLab CE and EE are identical, but GitLab only offers (paid) support for EE. An unlicensed EE instance is the same as CE. However, migrating from CE to EE isn't easy so GitLab recommends installing EE anyway. If for some reason you'd require GitLab support, this way the option is at least on the table. In practice, no support or a license is needed to use GitLab with PostLab.

  • Make sure your server accepts incoming connections on port 8443.

GitLab

GitLab has two ways to manage settings, and those ways partially overlap. Hence, you'll configure some settings in the gitlab.rbfile, and others through the management console ("website").

gitlab.rb

File Location: /etc/gitlab/gitlab.rb

Some server settings are only available to configure in gitlab.rb. Required settings for PostLab Local are listed below.

SettingDescription

external_url

This should be an https address. Use a valid certificate on this server, and use port 8443.

⚠️ The external_url must contain a subdomain, a second level domain, and a top level domain.

external url 'https://myvalid.domain.name:8443'

myvalid - subdomain • domain - second-level domain

• name - top-level domain

Backups

Please consider a good backup strategy that allows you to restore your server if needed. More direction is available in GitLab's documentation.

Emails

Disable emailing in GitLab:

gitlab_rails['gitlab_email_enabled'] = false

Default project feature settings

This setting will enable/disable certain project features. Disable these settings, as they're unnecessary for PostLab use:

gitlab_rails['gitlab_default_projects_features_issues'] = true gitlab_rails['gitlab_default_projects_features_merge_requests'] = false gitlab_rails['gitlab_default_projects_features_wiki'] = false gitlab_rails['gitlab_default_projects_features_snippets'] = false gitlab_rails['gitlab_default_projects_features_builds'] = false gitlab_rails['gitlab_default_projects_features_container_registry'] = false

Default User Settings

In PostLab, a Team is a GitLab root-level group. Typically, users should not be able to create Teams.

  • In GitLab 15.4 and earlier, set this configuration in gitlab.rb: gitlab_rails['gitlab_default_can_create_group'] = false

  • In version 15.5 and later, this needs to be configured in the gui, so that's documented further down in this document.

Storage

It's a best practice to ensure your repositories/projects live on a different volume than your OS. More direction is available in GitLab's documentation.

LFS

You MUST enable LFS. Direction on enabling LFS is available in GitLab's documentation.

If you want to keep LFS storage locally, typically the syntax would look like this:

gitlab_rails['lfs_enabled'] = true gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects”

After modifying /etc/gitlab/gitlab.rb, you must issue a gitlab-ctl reconfigure command for the new configuration to take effect.

Website settings

These settings are available inside the Admin Area of your GitLab server.

General

Visibility and access controls

Default project creation protection

Developers + Maintainers

Default project visibility

Private

Default snippet visibility

Private

Default group visibility

Private

Restricted visibility levels

Private: disabled Internal: enabled Public: enabled

Import sources

All disabled

Enabled Git access protocols

Only HTTP(S)

Account and limit

New users set to external

disabled

Prompt users to upload SSH keys

disabled

In GitLab 15.5 and up: Allow new users to create top-level groups

disabled

Sign-in restrictions

Allow password authentication for the web interface

enabled

Enforce two-factor authentication

disabled

Repository

Default branch

Initial default branch name

master

Initial default branch protection

Partially protected

Repository maintenance

Enable repository checks

enabled

Enable automatic repository housekeeping

enabled

Incremental repack period

10

Full repack period

20

Git GC period

30

CI/CD

Continuous Integration and Deployment

Default to Auto DevOps pipeline for all projects

disabled

Enable shared runners for new projects

disabled

Access Token

PostLab Local requires a license key (or activation number), and your license key is linked to a GitLab server. Before we can create a license key, you'll need to create an access token from your GitLab server, which you'll send to us.

  1. Create a GitLab user expressly for creating the access token. This user does not have to be an admin.

  2. Log in as that user.

You must log into GitLab’s web interface with this user at least once.

  1. Go to User Settings > Personal Access Tokens.

  1. Add a token, and give it a name in Token name.

  2. Leave the Expiration date blank. Do not add an expiration date, as this token should never expire.

  3. Enable the read_api permission and nothing more.

Before you click Create personal access token, have your password manager ready or have something available to record your access token. Clicking Create personal access token displays the access token only once.

  1. Click Create personal access token then record the access token displayed in a safe place, like a password manager.

  2. Send us your access token: postlab@hedge.video.

Once we receive your access token, we'll process it, then send you your activation number, which is your license key for the PostLab Local client.

Users & Groups

Next, you can start creating users and groups.

PostLab Local only supports local GitLab users. Some GitLab features like LDAP or OmniAuth are currently unsupported in PostLab Local.

Groups

Root-level groups in GitLab are displayed as Teams in PostLab. Also, users can belong to multiple Teams/groups.

PostLab Local does not support GitLab subgroup or project user permissions, and using these will break PostLab.

Users

A user can either be a Maintainer, Owner, or Guest.

Maintainers can create Folders, Productions and add FCP Libraries and Premiere Pro Projects, but aren't allowed to delete Productions.

A Maintainer in GitLab is called an Editor in PostLab.

Owners can delete Folders, Productions, FCP Libraries, and Premiere Pro Projects. You can also grant Owners permission to create and remove Folders within a Team. You can set this up in Settings > General of a group.

A Guest has read-only access.

Setting a user's Max role in GitLab to anything other than Maintainer or Owner will result in a Team Member being assigned a Guest role in PostLab.

Once you create a user, you (or the new user) must take these steps before using the PostLab Local Client:

  1. Log into the GitLab server via a Web browser as that user.

  2. Reset the password for that user.

Next, create the self-signed certificate.

Last updated