- Default projects limit
- Max attachment size
- Max push size
- Max export size
- Max import size
- Personal access token prefix
- Repository size limit
- Customize session duration for Git Operations when 2FA is enabled
- Limit the lifetime of SSH keys
- Limit the lifetime of access tokens
- Disable user profile name changes
- Prevent new users from creating top-level groups
- Set profiles of new users to private by default
- Troubleshooting
Account and limit settings
Default projects limit
You can configure the default maximum number of projects new users can create in their personal namespace. This limit affects only new user accounts created after you change the setting. This setting is not retroactive for existing users, but you can separately edit the project limits for existing users.
To configure the maximum number of projects in personal namespaces for new users:
- On the top bar, select Main menu > Admin.
- On the left sidebar, select Settings > General, then expand Account and limit.
- Increase or decrease that Default projects limit value.
If you set Default projects limit to 0, users are not allowed to create projects in their users personal namespace. However, projects can still be created in a group.
Projects limit for a user
You can edit a specific user, and change the maximum number of projects this user can create in their personal namespace:
- On the top bar, select Main menu > Admin.
- On the left sidebar, select Overview > Users.
- From the list of users, select a user.
- Select Edit.
- Increase or decrease the Projects limit value.
Max attachment size
The maximum file size for attachments in GitLab comments and replies is 10 MB. To change the maximum attachment size:
- On the top bar, select Main menu > Admin.
- On the left sidebar, select Settings > General, then expand Account and limit.
- Increase or decrease by changing the value in Maximum attachment size (MB).
If you choose a size larger than the configured value for the web server, you may receive errors. Read the troubleshooting section for more details.
For GitLab.com repository size limits, read accounts and limit settings.
Max push size
You can change the maximum push size for your instance:
- On the top bar, select Main menu > Admin.
- On the left sidebar, select Settings > General, then expand Account and limit.
- Increase or decrease by changing the value in Maximum push size (MB).
For GitLab.com push size limits, read accounts and limit settings.
Max export size
Introduced in GitLab 15.0.
To modify the maximum file size for exports in GitLab:
- On the top bar, select Main menu > Admin.
- On the left sidebar, select Settings > General, then expand Account and limit.
- Increase or decrease by changing the value in Maximum export size (MB).
Max import size
Changed from 50 MB to unlimited in GitLab 13.8.
To modify the maximum file size for imports in GitLab:
- On the top bar, select Main menu > Admin.
- On the left sidebar, select Settings > General, then expand Account and limit.
- Increase or decrease by changing the value in Maximum import size (MB).
This setting applies only to repositories imported from a GitLab export file.
If you choose a size larger than the configured value for the web server, you may receive errors. See the troubleshooting section for more details.
For GitLab.com repository size limits, read accounts and limit settings.
Personal access token prefix
- Introduced in GitLab 13.7.
- Introduced in GitLab 14.5, a default prefix.
You can specify a prefix for personal access tokens. You might use a prefix to find tokens more quickly, or for use with automation tools.
The default prefix is glpat-
but administrators can change it.
Project access tokens and group access tokens also inherit this prefix.
Set a prefix
To change the default global prefix:
- On the top bar, select Main menu > Admin.
- On the left sidebar, select Settings > General.
- Expand the Account and limit section.
- Fill in the Personal Access Token prefix field.
- Select Save changes.
You can also configure the prefix by using the settings API.
Repository size limit
Repositories in your GitLab instance can grow quickly, especially if you are using LFS. Their size can grow exponentially, rapidly consuming available storage. To prevent this from happening, you can set a hard limit for your repositories’ size. This limit can be set globally, per group, or per project, with per project limits taking the highest priority.
There are numerous use cases where you might set up a limit for repository size. For instance, consider the following workflow:
- Your team develops apps which require large files to be stored in the application repository.
- Although you have enabled Git LFS to your project, your storage has grown significantly.
- Before you exceed available storage, you set up a limit of 10 GB per repository.
How it works
Only a GitLab administrator can set those limits. Setting the limit to 0
means
there are no restrictions.
These settings can be found in:
- Each project’s settings:
- From the Project’s homepage, navigate to Settings > General.
- Fill in the Repository size limit (MB) field in the Naming, topics, avatar section.
- Select Save changes.
- Each group’s settings:
- From the Group’s homepage, navigate to Settings > General.
- Fill in the Repository size limit (MB) field in the Naming, visibility section.
- Select Save changes.
- GitLab global settings:
- On the top bar, select Main menu > Admin.
- On the left sidebar, select Settings > General.
- Expand the Account and limit section.
- Fill in the Size limit per repository (MB) field.
- Select Save changes.
The first push of a new project, including LFS objects, is checked for size. If the sum of their sizes exceeds the maximum allowed repository size, the push is rejected.
For details on manually purging files, see reducing the repository size using Git.
Customize session duration for Git Operations when 2FA is enabled
- Introduced in GitLab 13.9.
- It’s deployed behind a feature flag, disabled by default.
two_factor_for_cli
. On GitLab.com, this feature is not available. This feature is not ready for production use. This feature flag also affects 2FA for Git over SSH operations.GitLab administrators can choose to customize the session duration (in minutes) for Git operations when 2FA is enabled. The default is 15 and this can be set to a value between 1 and 10080.
To set a limit on how long these sessions are valid:
- On the top bar, select Main menu > Admin.
- On the left sidebar, select Settings > General.
- Expand the Account and limit section.
- Fill in the Session duration for Git operations when 2FA is enabled (minutes) field.
- Select Save changes.
Limit the lifetime of SSH keys
-
Introduced in GitLab 14.6 with a flag named
ff_limit_ssh_key_lifetime
. Disabled by default. - Enabled on self-managed in GitLab 14.6.
-
Generally available in GitLab 14.7. Feature flag
ff_limit_ssh_key_lifetime
removed.
Users can optionally specify a lifetime for SSH keys. This lifetime is not a requirement, and can be set to any arbitrary number of days.
SSH keys are user credentials to access GitLab. However, organizations with security requirements may want to enforce more protection by requiring the regular rotation of these keys.
Set a lifetime
Only a GitLab administrator can set a lifetime. Leaving it empty means there are no restrictions.
To set a lifetime on how long SSH keys are valid:
- On the top bar, select Main menu > Admin.
- On the left sidebar, select Settings > General.
- Expand the Account and limit section.
- Fill in the Maximum allowable lifetime for SSH keys (days) field.
- Select Save changes.
Once a lifetime for SSH keys is set, GitLab:
- Requires users to set an expiration date that is no later than the allowed lifetime on new SSH keys.
- Applies the lifetime restriction to existing SSH keys. Keys with no expiry or a lifetime greater than the maximum immediately become invalid.
Limit the lifetime of access tokens
Introduced in GitLab 12.6.
Users can optionally specify a lifetime for access tokens, this includes personal, group, and project access tokens. This lifetime is not a requirement, and can be set to any arbitrary number of days.
Access tokens are the only tokens needed for programmatic access to GitLab. However, organizations with security requirements may want to enforce more protection by requiring the regular rotation of these tokens.
Set a lifetime
Only a GitLab administrator can set a lifetime. Leaving it empty means there are no restrictions.
To set a lifetime on how long access tokens are valid:
- On the top bar, select Main menu > Admin.
- On the left sidebar, select Settings > General.
- Expand the Account and limit section.
- Fill in the Maximum allowable lifetime for access tokens (days) field.
- Select Save changes.
Once a lifetime for access tokens is set, GitLab:
- Applies the lifetime for new personal access tokens, and require users to set an expiration date and a date no later than the allowed lifetime.
- After three hours, revoke old tokens with no expiration date or with a lifetime longer than the allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime, or remove it, before revocation takes place.
Disable user profile name changes
Introduced in GitLab 12.7.
To maintain integrity of user details in Audit Events, GitLab administrators can choose to disable a user’s ability to change their profile name.
To do this:
- On the top bar, select Main menu > Admin.
- On the left sidebar, select Settings > General, then expand Account and limit.
- Select the Prevent users from changing their profile name checkbox.
Prevent new users from creating top-level groups
Introduced in GitLab 15.5.
By default, new users can create top-level groups. GitLab administrators can prevent new users from creating top-level groups:
- In GitLab 15.5 and later, using either:
- The GitLab UI using the steps in this section.
- The application setting API.
- In GitLab 15.4 and earlier, a configuration file.
- On the top bar, select Main menu > Admin.
- On the left sidebar, select Settings > General, then expand Account and limit.
- Clear the Allow new users to create top-level groups checkbox.
Set profiles of new users to private by default
Introduced in GitLab 15.8.
By default, newly created users have a public profile. GitLab administrators can set new users to have a private profile by default:
- On the top bar, select Main menu > Admin.
- On the left sidebar, select Settings > General, then expand Account and limit.
- Select the Make new users’ profiles private by default checkbox.
Troubleshooting
413 Request Entity Too Large
When attaching a file to a comment or reply in GitLab displays a 413 Request Entity Too Large
error, the max attachment size
is probably larger than the web server’s allowed value.
To increase the max attachment size to 200 MB in a
Omnibus GitLab install, you may need to
add the line below to /etc/gitlab/gitlab.rb
before increasing the max attachment size:
nginx['client_max_body_size'] = "200m"
This repository has exceeded its size limit
If you receive intermittent push errors in your Rails exceptions log, like this:
Your push has been rejected, because this repository has exceeded its size limit.
Housekeeping tasks may be causing your repository size to grow. To resolve this problem, either of these options helps in the short- to middle-term:
- Increase the repository size limit.
- Reduce the repository size.