reCAPTCHA
GitLab leverages Google’s reCAPTCHA to protect against spam and abuse. GitLab displays the CAPTCHA form on the sign-up page to confirm that a real user, not a bot, is attempting to create an account.
Configuration
To use reCAPTCHA, first you must create a site and private key.
- Go to the URL: https://www.google.com/recaptcha/admin.
- Fill out the form necessary to obtain reCAPTCHA v2 keys.
- Log in to your GitLab server, with administrator credentials.
- Go to Reporting Applications Settings in the Admin Area (
admin/application_settings/reporting). - Fill all recaptcha fields with keys from previous steps.
- Check the
Enable reCAPTCHAcheckbox. - Save the configuration.
Enabling reCAPTCHA for user logins via passwords
By default, reCAPTCHA is only enabled for user registrations. To enable it for
user logins via passwords, the X-GitLab-Show-Login-Captcha HTTP header must
be set. For example, in NGINX, this can be done via the proxy_set_header
configuration variable:
proxy_set_header X-GitLab-Show-Login-Captcha 1;
In GitLab Omnibus, this can be configured via /etc/gitlab/gitlab.rb:
nginx['proxy_set_headers'] = { 'X-GitLab-Show-Login-Captcha' => 1 }
Help and feedback
If there's something you don't like about this feature
If you want something that GitLab does not support
If you didn't find what you were looking for
If you want help with something very specific to your use case, and can use some community support
POST ON GITLAB FORUM
If you have problems setting up or using this feature (depending on your GitLab subscription)
REQUEST SUPPORT
To view all GitLab tiers and features or to upgrade
If you want to try all features available in GitLab.com
If you want to try all features available in GitLab self-managed
If you spot an error or a need for improvement and would like to fix it yourself in a merge request
EDIT THIS PAGE
If you would like to suggest an improvement to this doc
If you want to give quick and simple feedback on this doc