I have private Gitlab instance running on a private IP. I want to host a website with Gitlab pages that is only visible inside my network and not accessible from the outside. Also I need my private Gitlab instance to not be accessible from the outside.
Gitlab pages can only be used when having the following prerequisites:
Have an exclusive root domain for serving GitLab Pages. Note that you cannot use a subdomain of your GitLab’s instance domain.
Configure a wildcard DNS record.
(Optional) Have a wildcard certificate for that domain if you decide to serve Pages under HTTPS.
(Optional but recommended) Enable Shared runners so that your users don’t have to bring their own.
(Only for custom domains) Have a secondary IP.
I would like to configure it that way but it only serves me if that doesn't open up my Gitlab instance to the public and if my site could be hosted within my network.
Is that possible? Or will it open up my server to the public?
Thanks very much in advance, really appreciate it.
If you use a private IPv4 address for your Gitlab instance, it will not be visible on the Internet.
For example: 192.168.1.125
However, you could set up your Internet router (or whatever it is used for) to allow external access, so you should make sure it is not set up accidentally.
You then have to take care of the domain and name resolution within your network, but without detailed knowledge of your infrastructure you can say nothing about it.
An example domain would be gitlab.local
You then need a DNS server in your network, usually the Internet routers do the same, but are sometimes inflexible here.
Of course, you can also book a domain on the Internet and enter 192.168.1.125 as A-Record, but you must make sure that the domain provider allows the entry of private IPv4 addresses.
If you have an rfc1918 address (eg 192.168..) nothing in DNS will make that directly accessible from the wider Internet.
Using an A record on a public domain could expose that you are running a server, and give an external party hints about your network, but it would not provide a mechanism to allow access to it.
You will not be able to use ACME challenges (ie letsencrypt) for your domains, so you may need to buy one from a provider that does mail based authentication or build your own CA and self-sign.
An alternative to putting an "A" record on your public domain would be to modify your local name server to inject support for the domain in your LAN or to modify each computers hosts file.