reCAPTCHA
GitLab leverages Google's reCAPTCHA to protect against spam and abuse. GitLab displays the CAPTCHA form on the sign-up page to confirm that a real user, not a bot, is attempting to create an account.
Configuration
To use reCAPTCHA, first you must create a site and private key.
Go to the URL: https://www.google.com/recaptcha/admin
Fill out the form necessary to obtain reCAPTCHA keys.
Login to your GitLab server, with administrator credentials.
Go to Applications Settings on Admin Area (
admin/application_settings)Fill all recaptcha fields with keys from previous steps
Check the
Enable reCAPTCHAcheckboxSave the configuration.
Enabling reCAPTCHA for user logins via passwords
By default, reCAPTCHA is only enabled for user registrations. To enable it for
user logins via passwords, the X-GitLab-Show-Login-Captcha HTTP header must
be set. For example, in NGINX, this can be done via the proxy_set_header
configuration variable:
proxy_set_header X-GitLab-Show-Login-Captcha 1;
In GitLab Omnibus, this can be configured via /etc/gitlab/gitlab.rb:
nginx['proxy_set_headers'] = { 'X-GitLab-Show-Login-Captcha' => 1 }
Was this helpful? Do you think that something is unclear? Use the comments area below and leave your feedback. For support and other enquiries, see getting help.
Any comments that aren't related to documentation feedback will be deleted. Read more on how we handle documentation comments in our handbook.