5

So this is a reoccurring issue and I'm not qualified to fix it but I need it fixed so I'm going to have to learn. See this question for an outdated / not feasible solution, and for a similar question without answer.

Basic problem, I need to provide documentation for a private python module. The Project is hosted on gitlab and I use the CI to generate the docs. They are visible to the world and that isn't ideal. This is a known issue and gitlab may eventually provide a solution. I can't wait that long. My plan was to use this project (crypto-js) code and include it in the docker runner. Unfortunately I have no clue as to how to go about it or if that is even possible.

My ci.yml is:

image: tsgkadot/sphinx-plantuml

stages:
  - build
pages:
  stage: build
  script:
    #- pip install -r requirements.txt -U
    - sphinx-build -b html ./doc public
  artifacts:
    paths:
      - public
  tags:
    - docker

As far as I can work out crypto-js is interfaced with like so:

var unencrypted = document.getElementById('unencrypted_html').value;
var passphrase = document.getElementById('passphrase').value;
var encrypted = CryptoJS.AES.encrypt(unencrypted, passphrase);
var hmac = CryptoJS.HmacSHA256(encrypted.toString(), CryptoJS.SHA256(passphrase)).toString();
var encryptedMsg = hmac + encrypted;

where the generated html file(s) from sphinx would have to be passed to the js and the output replace the files. Alternatively, i read on SO that it is possible to include js in sphinx, but I don't see how a file could encrypt itself. I don't mind using one password to encrypt all the documentation and then sharing the password with the relevant parties.

I've also posted these ideas on the relevant issue with gitlab but there seems to be little progress there as they are looking for a more complete solution.

If there is a git hosting service like gitlab that offers something like pages that are private for private repositories, I'd also be happy to switch to that. Any ideas or pointers as to how to implement this?

ic_fl2
  • 831
  • 9
  • 29
  • How is it shared with client? Do they view it online or clone and view locally? – Tarun Lalwani Sep 11 '17 at 12:10
  • The module is code for me and my coworkers so the idea is to have ithe docs available online (gitlab pages), the code itself is cloned and ran on local machines. For various reasons a self hosting git on an internal server is currently not possible. – ic_fl2 Sep 11 '17 at 19:46
  • There has been an interesting suggestion on: [GitLab discussion](https://gitlab.com/gitlab-org/gitlab-ce/issues/33422#note_40554673) – ic_fl2 Sep 18 '17 at 08:18

3 Answers3

4

GitLab now supports access control for pages:

https://docs.gitlab.com/ce/administration/pages/#access-control

Pages access control is currently disabled by default. To enable it, you must:

  1. Enable it in /etc/gitlab/gitlab.rb

    gitlab_pages['access_control'] = true

  2. Reconfigure GitLab

Community
  • 1
  • 1
Kyra
  • 245
  • 1
  • 2
  • 8
  • 1
    Only if you have a local install / install you control, not on the cloud version, but yes this is a long overdue feature. – ic_fl2 Oct 31 '18 at 09:01
4

Now GitLab Pages works with the same permissions as in the project. If the project is private, the Pages will also be private.

I've tried this tutorial: https://gitlab.com/pages/sphinx/tree/master

banderlog013
  • 2,207
  • 24
  • 33
2

So I've made a rudimentary fix that works for now:

This gitlab repo shows a working example here.

It uses static password protection and is also discussed in this issue.

ic_fl2
  • 831
  • 9
  • 29
  • 1
    This is now outdated. Check banderlog's answer for the new settings. However, this can still be used with other static sites one might want to protect. – ic_fl2 Nov 19 '19 at 19:53