Connecting a self-hosted GitLab repository as your source

Last modified: July 27th, 2023

Working with a specific static site generator?
Customize CloudCannon's documentation to suit your SSG.

Great! We'll show you documentation relevant to .
You can change this any time using the dropdown in the navigation bar.

Connecting to your self-hosted GitLab allows you to work on your websites locally and have the changes sync to CloudCannon. File changes made on CloudCannon also get synced back to your self-hosted GitLab repository.

To connect to a repository instead, follow the instructions listed for GitLab.

Connecting to an instance#

Before syncing with a repository in your self-hosted GitLab, you need to connect CloudCannon to your self-hosted instance. You only need to do this once per account.

To connect to your self-hosted GitLab instance:

  1. Go to Settings / Self Hosted GitLab
  2. Enter the details for your self-hosted instance of GitLab
  3. Click Configure Self Hosted GitLab
Self hosted GitLab entry interface

The details for this page come from the GitLab server under User Settings / Applications.

Settings page from Gitlab

The Redirect URI is The minimal scopes required are:

  1. api
  2. read_user
  3. read_repository
  4. write_repository
  5. openid

Once completed, the key and secret will be available for use in CloudCannon. The URLs should match the form placeholders.

Syncing with a repository#

To connect a self-hosted GitLab repository and start syncing files, follow these instructions:

  1. Go to Site Settings / Source Syncing
  2. Select Self Hosted GitLab repository
  3. Click Authenticate
Settings page from Gitlab

This will open a menu where you can connect to GitLab, via one of two methods.

Connecting with your user account#

You can connect to GitLab by authenticating with your user account. This will give your CloudCannon organization access to the same GitLab repositories you have access to.

This redirects you to your self-hosted GitLab repository. Log in and authorize CloudCannon access to your self-hosted GitLab account, after which you will be redirected back to CloudCannon to pick a repository to connect.

A menu with a button labelled 'Authenticate with GitLab'.

Authenticating with a group access token#

Alternatively, you can create a group access token in GitLab and save that token in CloudCannon. This will give your CloudCannon organization access to all the resources scoped to your token. See GitLab's Group access tokens documentation for how to create and configure a token.

For full functionality on CloudCannon, your group access token should have (at least) the Maintainer role, and the api, read_api, read_repository, and write_repository scopes.

Copy the token into the Group Access Token field. You will also need to provide the expiry date of the token. CloudCannon will send a warning email to all owners of your organization when the token is about to expire.

Click Save and authenticate to finish.

A form with fields for token and expiry date, and a submit button.

Once you've authenticated, you can choose a GitLab repository, and a branch to connect to the site. If you don't have an appropriate branch ready, create a new one in GitLab and refresh this page.

Settings page from Gitlab

Any existing files on your website will be replaced with the contents of the selected repository. Click Backup and Sync to continue, or exit the page to cancel the process.

Your self-hosted GitLab is now connected. Changes you push to the Git repository are pulled in by CloudCannon. Any changes made on CloudCannon are automatically committed and pushed.

Configuring your GitLab connection#

Once you've connected your GitLab server, you can configure CloudCannon to support your particular infrastructure. You can find these configuration options under the Server tab of your Self Hosted GitLab settings. The options you have for configuring CloudCannon are:

  • Minimum Access Level,
  • Custom Headers, and
  • Custom CA Certificate.
Self Hosted GitLab settings interface

The Minimum Access Level setting allows you to change the minimum access CloudCannon requires to a GitLab repo to connect to it. By default CloudCannon requires Maintainer access to a repo before syncing to it. Self Hosted GitLab allows custom access level permissions so a lower access level may be sufficient, depending on your setup.

The Custom Headers setting allows you to configure additional headers for CloudCannon to use when connecting to your GitLab server. Custom headers are passed using Git's http.extraHeader configuration option and in the form key:value.

The Custom CA Certificate allows you to upload a PEM encoded certificate or certificate chain for CloudCannon to trust during Git operations. The certificate is passed using Git's http.sslCAInfo configuration option.

Related Articles

Open in a new tab