I have a gitlab server hosted on-prem, using the CE version. Recently, our security team requested us to not to expose the url /.well-known/openid-configuration. My question is how do I block this url or how should I configure gitlab so that this url is not exposed?
GitLab uses NGINX and provides a way to add custom settings in /etc/gitlab/gitlab.rb.
Maybe, adding something like this:
nginx['custom_gitlab_server_config'] = "location ^~ /.well-known/openid-configuration {\n deny all;\n}\n"
Then, reconfigure gitlab:
sudo gitlab-ctl reconfigure