Schema Reference
Title: GitProxy configuration file
| Type | object |
| Required | No |
| Additional properties | Not allowed |
Description: Configuration for customizing git-proxy
1. [Optional] Property GitProxy configuration file > proxyUrl
Type stringRequired No Description: Deprecated: Used in early versions of GitProxy to configure the remote host that traffic is proxied to. In later versions, the repository URL is used to determine the domain proxied, allowing multiple hosts to be proxied by one instance.
4. [Optional] Property GitProxy configuration file > serverPort
Type numberRequired No Description: Port the proxy HTTP server listens on. Can also be set with the GIT_PROXY_SERVER_PORT environment variable, which takes precedence over this value.
5. [Optional] Property GitProxy configuration file > httpsServerPort
Type numberRequired No Description: Port the proxy HTTPS server listens on. Can also be set with the GIT_PROXY_HTTPS_SERVER_PORT environment variable, which takes precedence over this value.
6. [Optional] Property GitProxy configuration file > uiHost
Type stringRequired No Description: Host of the GitProxy UI. Can also be set with the GIT_PROXY_UI_HOST environment variable, which takes precedence over this value.
7. [Optional] Property GitProxy configuration file > uiPort
Type numberRequired No Description: Port the GitProxy UI/service HTTP server listens on. Can also be set with the GIT_PROXY_UI_PORT environment variable, which takes precedence over this value.
8. [Optional] Property GitProxy configuration file > httpsUiPort
Type numberRequired No Description: Port the GitProxy UI/service HTTPS server listens on. Can also be set with the GIT_PROXY_HTTPS_UI_PORT environment variable, which takes precedence over this value.
9. [Optional] Property GitProxy configuration file > api
Type objectRequired No Additional properties Not allowed Description: Third party APIs
9.1. [Optional] Property GitProxy configuration file > api > ls
Type objectRequired No Additional properties Not allowed Description: Configuration used in conjunction with ActiveDirectory auth, which relates to a REST API used to check user group membership, as opposed to direct querying via LDAP.
If this configuration is set direct querying of group membership via LDAP will be disabled.9.1.1. [Optional] Property GitProxy configuration file > api > ls > userInADGroup
Type stringRequired No Description: URL template for a GET request that confirms a user's membership of a specific group. Should respond with a non-empty 200 status if the user is a member of the group, an empty response or non-200 status indicates that the user is not a group member. If set, this URL will be queried and direct queries via LDAP will be disabled. The template should contain the following string placeholders, which will be replaced to produce the final URL:
- "<domain>": AD domain,
- "<name>": The group name to check membership of.
- "<id>": The username to check group membership for.
Example:
9.2. [Optional] Property GitProxy configuration file > api > gitleaks
Type objectRequired No Additional properties Any type allowed Description: Configuration for the gitleaks https://github.com/gitleaks/gitleaks plugin
9.2.1. [Optional] Property GitProxy configuration file > api > gitleaks > enabled
Type booleanRequired No 9.2.2. [Optional] Property GitProxy configuration file > api > gitleaks > ignoreGitleaksAllow
Type booleanRequired No
10. [Optional] Property GitProxy configuration file > commitConfig
Title: CommitConfig
Type objectRequired No Additional properties Not allowed Description: Block commits based on rules defined over author/committer e-mail addresses, commit message content and diff content
10.1. [Optional] Property GitProxy configuration file > commitConfig > author
Title: Author
Type objectRequired No Additional properties Not allowed Description: Rules applied to commit authors
10.1.1. [Optional] Property GitProxy configuration file > commitConfig > author > email
Title: Email
Type objectRequired No Additional properties Not allowed Description: Rules applied to author email addresses
10.1.1.1. [Optional] Property GitProxy configuration file > commitConfig > author > email > local
Title: Local
Type objectRequired No Additional properties Not allowed Description: Rules applied to the local portion of the email address (i.e. section before the @ symbol)
10.2. [Optional] Property GitProxy configuration file > commitConfig > message
Title: Message
Type objectRequired No Additional properties Not allowed Description: Rules applied to commit messages
10.2.1. [Optional] Property GitProxy configuration file > commitConfig > message > block
Title: MessageBlock
Type objectRequired No Additional properties Not allowed Description: Block commits where the commit message matches any of the given patterns
10.2.1.1. [Optional] Property GitProxy configuration file > commitConfig > message > block > literals
Title: MessageBlockLiteral
Type array of stringRequired No Description: Block commits where the commit message contains any of the given string literals
Each item of this array must be Description literals items - 10.2.1.1.1. GitProxy configuration file > commitConfig > message > block > literals > literals items
Type stringRequired No 10.2.1.2. [Optional] Property GitProxy configuration file > commitConfig > message > block > patterns
Title: MessageBlockLiteral
Type array of stringRequired No Description: Block commits where the commit message matches any of the given regular expressions
Each item of this array must be Description patterns items - 10.2.1.2.1. GitProxy configuration file > commitConfig > message > block > patterns > patterns items
Type stringRequired No 10.3. [Optional] Property GitProxy configuration file > commitConfig > diff
Title: Diff
Type objectRequired No Additional properties Not allowed Description: Rules applied to commit diff content
10.3.1. [Optional] Property GitProxy configuration file > commitConfig > diff > block
Title: DiffBlock
Type objectRequired No Additional properties Not allowed Description: Block commits where the commit diff matches any of the given patterns
10.3.1.1. [Optional] Property GitProxy configuration file > commitConfig > diff > block > literals
Title: DiffBlockLiteral
Type array of stringRequired No Description: Block commits where the commit diff content contains any of the given string literals
Each item of this array must be Description literals items - 10.3.1.1.1. GitProxy configuration file > commitConfig > diff > block > literals > literals items
Type stringRequired No 10.3.1.2. [Optional] Property GitProxy configuration file > commitConfig > diff > block > patterns
Title: MessageBlockPatterns
Type arrayRequired No Description: Block commits where the commit diff content matches any of the given regular expressions
Each item of this array must be Description patterns items - 10.3.1.2.1. GitProxy configuration file > commitConfig > diff > block > patterns > patterns items
Type objectRequired No Additional properties Any type allowed 10.3.1.3. [Optional] Property GitProxy configuration file > commitConfig > diff > block > providers
Title: MessageBlockProviders
Type objectRequired No Additional properties Each additional property must conform to the schema Description: Block commits where the commit diff content matches any of the given regular expressions, except where the repository path (project/organisation) matches one of the listed privateOrganisations. The keys in this array are listed as the block type in logs.
11. [Optional] Property GitProxy configuration file > attestationConfig
Title: AttestationConfig
Type objectRequired No Additional properties Not allowed Description: Configuration for the attestation form displayed to reviewers. Reviewers will need to check the box next to each question in order to complete the review attestation.
11.1. [Optional] Property GitProxy configuration file > attestationConfig > questions
Title: AttestationQuestions
Type array of objectRequired No Description: Customisable attestation questions to add to attestation form.
Each item of this array must be Description Question - 11.1.1. GitProxy configuration file > attestationConfig > questions > Question
Title: Question
Type objectRequired No Additional properties Not allowed 11.1.1.1. [Required] Property GitProxy configuration file > attestationConfig > questions > Question > label
Title: QuestionLabel
Type stringRequired Yes Description: The text of the question that will be displayed to the reviewer
11.1.1.2. [Required] Property GitProxy configuration file > attestationConfig > questions > Question > tooltip
Title: QuestionTooltip
Type objectRequired Yes Additional properties Not allowed Description: A tooltip and optional set of links that will be displayed on mouseover of the question and used to provide additional guidance to the reviewer.
11.1.1.2.1. [Required] Property GitProxy configuration file > attestationConfig > questions > Question > tooltip > text
Type stringRequired Yes Description: Tooltip text
11.1.1.2.2. [Optional] Property GitProxy configuration file > attestationConfig > questions > Question > tooltip > links
Type array of objectRequired No Description: An array of links to display under the tooltip text, providing additional context about the question
Each item of this array must be Description links items - 11.1.1.2.2.1. GitProxy configuration file > attestationConfig > questions > Question > tooltip > links > links items
Type objectRequired No Additional properties Not allowed
12. [Optional] Property GitProxy configuration file > domains
Type objectRequired No Additional properties Any type allowed Description: Provide custom URLs for the GitProxy interfaces in case it cannot determine its own URL
13. [Optional] Property GitProxy configuration file > rateLimit
Type objectRequired No Additional properties Not allowed Description: API Rate limiting configuration.
13.1. [Required] Property GitProxy configuration file > rateLimit > windowMs
Type numberRequired Yes Description: How long to remember requests for, in milliseconds (default 10 mins).
13.2. [Required] Property GitProxy configuration file > rateLimit > limit
Type numberRequired Yes Description: How many requests to allow (default 150).
14. [Optional] Property GitProxy configuration file > privateOrganizations
Type arrayRequired No Description: Provider searches for listed private organizations are disabled, see commitConfig.diff.block.providers
15. [Optional] Property GitProxy configuration file > urlShortener
Type stringRequired No Description: Customisable URL shortener to share in proxy responses and warnings
16. [Optional] Property GitProxy configuration file > contactEmail
Type stringRequired No Description: Customisable e-mail address to share in proxy responses and warnings
17. [Optional] Property GitProxy configuration file > csrfProtection
Type booleanRequired No Description: Flag to enable CSRF protections for UI
18. [Optional] Property GitProxy configuration file > plugins
Type array of stringRequired No Description: List of plugins to integrate on GitProxy's push or pull actions. Each value is either a file path or a module name.
Each item of this array must be Description plugins items - 18.1. GitProxy configuration file > plugins > plugins items
Type stringRequired No
19. [Optional] Property GitProxy configuration file > authorisedList
Type arrayRequired No Description: List of repositories that are authorised to be pushed to through the proxy.
Each item of this array must be Description authorisedRepo - 19.1. GitProxy configuration file > authorisedList > authorisedRepo
Type objectRequired No Additional properties Any type allowed Defined in #/definitions/authorisedRepo 19.1.1. [Required] Property GitProxy configuration file > authorisedList > authorisedList items > project
Type stringRequired Yes
21. [Optional] Property GitProxy configuration file > sink
Type arrayRequired No Description: List of database sources. The first source in the configuration with enabled=true will be used.
Each item of this array must be Description database Configuration entry for a database 21.1. GitProxy configuration file > sink > database
Type combiningRequired No Additional properties Any type allowed Defined in #/definitions/database Description: Configuration entry for a database
One of(Option) item 0 item 1 21.1.1. Property
GitProxy configuration file > sink > sink items > oneOf > item 0
Type objectRequired No Additional properties Any type allowed Description: Connection properties for mongoDB. Options may be passed in either the connection string or broken out in the options object
21.1.1.1. [Required] Property GitProxy configuration file > sink > sink items > oneOf > item 0 > type
Type constRequired Yes Specific value:
"mongo"21.1.1.2. [Required] Property GitProxy configuration file > sink > sink items > oneOf > item 0 > enabled
Type booleanRequired Yes 21.1.1.3. [Required] Property GitProxy configuration file > sink > sink items > oneOf > item 0 > connectionString
Type stringRequired Yes Description: mongoDB Client connection string, see https://www.mongodb.com/docs/manual/reference/connection-string/
21.1.1.4. [Optional] Property GitProxy configuration file > sink > sink items > oneOf > item 0 > options
Type objectRequired No Additional properties Any type allowed Description: mongoDB Client connection options. Please note that only custom options are described here, see https://www.mongodb.com/docs/drivers/node/current/connect/connection-options/ for all config options.
21.1.1.4.1. [Optional] Property GitProxy configuration file > sink > sink items > oneOf > item 0 > options > authMechanismProperties
Type objectRequired No Additional properties Any type allowed 21.1.1.4.1.1. [Optional] Property GitProxy configuration file > sink > sink items > oneOf > item 0 > options > authMechanismProperties > AWS_CREDENTIAL_PROVIDER
Type booleanRequired No Description: If set to true, the
fromNodeProviderChain()function from @aws-sdk/credential-providers is passed as theAWS_CREDENTIAL_PROVIDER21.1.2. Property
GitProxy configuration file > sink > sink items > oneOf > item 1
Type objectRequired No Additional properties Any type allowed Description: Connection properties for an neDB file-based database
22. [Optional] Property GitProxy configuration file > authentication
Type arrayRequired No Description: List of authentication sources. The first source in the configuration with enabled=true will be used.
Each item of this array must be Description authenticationElement Configuration for an authentication source 22.1. GitProxy configuration file > authentication > authenticationElement
Type combiningRequired No Additional properties Any type allowed Defined in #/definitions/authenticationElement Description: Configuration for an authentication source
One of(Option) Local Auth Config Active Directory Auth Config Open ID Connect Auth Config JWT Auth Config 22.1.1. Property
GitProxy configuration file > authentication > authentication items > oneOf > Local Auth ConfigTitle: Local Auth Config
Type objectRequired No Additional properties Any type allowed Description: Configuration for the use of the local database as the authentication source.
22.1.2. Property
GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth ConfigTitle: Active Directory Auth Config
Type objectRequired No Additional properties Any type allowed Description: Configuration for Active Directory authentication.
22.1.2.1. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > type
Type constRequired Yes Specific value:
"ActiveDirectory"22.1.2.2. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > enabled
Type booleanRequired Yes 22.1.2.3. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > adminGroup
Type stringRequired Yes Description: Group that indicates that a user is an admin
22.1.2.4. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > userGroup
Type stringRequired Yes Description: Group that indicates that a user should be able to login to the GitProxy UI and can work as a reviewer
22.1.2.5. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > domain
Type stringRequired Yes Description: Active Directory domain
22.1.2.6. [Optional] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > adConfig
Type objectRequired No Additional properties Any type allowed Description: Additional Active Directory configuration supporting LDAP connection which can be used to confirm group membership. For the full set of available options see the activedirectory 2 NPM module docs at https://www.npmjs.com/package/activedirectory2#activedirectoryoptions
Please note that if the Third Party APIs configapi.ls.userInADGroupis set then the REST API it represents is used in preference to direct querying of group memebership via LDAP.22.1.2.6.1. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > adConfig > url
Type stringRequired Yes Description: Active Directory server to connect to, e.g.
ldap://ad.example.com.22.1.2.6.2. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > adConfig > baseDN
Type stringRequired Yes Description: The root DN from which all searches will be performed, e.g.
dc=example,dc=com.22.1.2.6.3. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > adConfig > username
Type stringRequired Yes Description: An account name capable of performing the operations desired.
22.1.3. Property
GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth ConfigTitle: Open ID Connect Auth Config
Type objectRequired No Additional properties Any type allowed Description: Configuration for Open ID Connect authentication.
22.1.3.1. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth Config > type
Type constRequired Yes Specific value:
"openidconnect"22.1.3.2. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth Config > enabled
Type booleanRequired Yes 22.1.3.3. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth Config > oidcConfig
Type objectRequired Yes Additional properties Any type allowed Description: Additional OIDC configuration.
22.1.3.3.1. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth Config > oidcConfig > issuer
Type stringRequired Yes 22.1.3.3.2. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth Config > oidcConfig > clientID
Type stringRequired Yes 22.1.3.3.3. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth Config > oidcConfig > clientSecret
Type stringRequired Yes 22.1.4. Property
GitProxy configuration file > authentication > authentication items > oneOf > JWT Auth ConfigTitle: JWT Auth Config
Type objectRequired No Additional properties Any type allowed Description: Configuration for JWT authentication.
22.1.4.1. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > JWT Auth Config > type
Type constRequired Yes Specific value:
"jwt"22.1.4.2. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > JWT Auth Config > enabled
Type booleanRequired Yes 22.1.4.3. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > JWT Auth Config > jwtConfig
Type objectRequired Yes Additional properties Any type allowed Description: Additional JWT configuration.
22.1.4.3.1. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > JWT Auth Config > jwtConfig > clientID
Type stringRequired Yes 22.1.4.3.2. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > JWT Auth Config > jwtConfig > authorityURL
Type stringRequired Yes 22.1.4.3.3. [Optional] Property GitProxy configuration file > authentication > authentication items > oneOf > JWT Auth Config > jwtConfig > expectedAudience
Type stringRequired No
23. [Optional] Property GitProxy configuration file > tempPassword
Type objectRequired No Additional properties Any type allowed Description: Toggle the generation of temporary password for git-proxy admin user
23.1. [Optional] Property GitProxy configuration file > tempPassword > sendEmail
Type booleanRequired No 23.2. [Optional] Property GitProxy configuration file > tempPassword > emailConfig
Type objectRequired No Additional properties Any type allowed Description: Generic object to configure nodemailer. For full type information, please see https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/nodemailer
24. [Optional] Property GitProxy configuration file > apiAuthentication
Type arrayRequired No Description: List of authentication sources for API endpoints. May be empty, in which case all endpoints are public.
Each item of this array must be Description authenticationElement Configuration for an authentication source 24.1. GitProxy configuration file > apiAuthentication > authenticationElement
Type combiningRequired No Additional properties Any type allowed Same definition as authentication_items Description: Configuration for an authentication source
25. [Optional] Property GitProxy configuration file > tls
Type objectRequired No Additional properties Any type allowed Description: TLS configuration for secure connections
26. [Optional] Property GitProxy configuration file > sslKeyPemPath
Type stringRequired No Description: Deprecated: Path to SSL private key file (use tls.key instead)
27. [Optional] Property GitProxy configuration file > sslCertPemPath
Type stringRequired No Description: Deprecated: Path to SSL certificate file (use tls.cert instead)
28. [Optional] Property GitProxy configuration file > configurationSources
Type objectRequired No Additional properties Any type allowed
29. [Optional] Property GitProxy configuration file > uiRouteAuth
Type objectRequired No Additional properties Any type allowed Description: UI routes that require authentication (logged in or admin)
29.2. [Optional] Property GitProxy configuration file > uiRouteAuth > rules
Type arrayRequired No
Each item of this array must be Description routeAuthRule - 29.2.1. GitProxy configuration file > uiRouteAuth > rules > routeAuthRule
Type objectRequired No Additional properties Any type allowed Defined in #/definitions/routeAuthRule 29.2.1.1. [Optional] Property GitProxy configuration file > uiRouteAuth > rules > rules items > pattern
Type stringRequired No
30. [Optional] Property GitProxy configuration file > ssh
Type objectRequired No Additional properties Not allowed Description: SSH proxy server configuration. The proxy uses SSH agent forwarding to authenticate with remote Git servers (GitHub, GitLab, etc.) using the client's SSH keys. The proxy's own host key is auto-generated and only used to identify the proxy to connecting clients.
30.1. [Required] Property GitProxy configuration file > ssh > enabled
Type booleanRequired Yes Description: Enable SSH proxy server. When enabled, clients can connect via SSH and the proxy will forward their SSH agent to authenticate with remote Git servers.
30.2. [Optional] Property GitProxy configuration file > ssh > port
Type numberRequired No Default 2222Description: Port for SSH proxy server to listen on. Clients connect to this port instead of directly to GitHub/GitLab.
30.3. [Optional] Property GitProxy configuration file > ssh > agentForwardingErrorMessage
Type stringRequired No Description: Custom error message shown when SSH agent forwarding is not enabled or no keys are loaded in the client's SSH agent. If not specified, a default message with git config commands will be shown. This allows organizations to customize instructions based on their security policies.
30.4. [Optional] Property GitProxy configuration file > ssh > debug
Type booleanRequired No Default falseDescription: Enable verbose SSH protocol debug logging (both for the local SSH server and for outbound connections to remote Git servers). Emits one log line per SSH packet, so leave disabled in production.
30.5. [Optional] Property GitProxy configuration file > ssh > hostKey
Type objectRequired No Additional properties Not allowed Description: Custom SSH host key paths. If not specified, a host key is auto-generated at .ssh/proxy_host_key.
30.6. [Optional] Property GitProxy configuration file > ssh > knownHosts
Type objectRequired No Additional properties Each additional property must conform to the schema Description: SSH host key fingerprints for verifying remote Git servers, merged with built-in defaults for github.com and gitlab.com.
31. [Optional] Property GitProxy configuration file > upstreamProxy
Type objectRequired No Additional properties Not allowed Description: Configuration for routing outbound requests to upstream Git hosts via an HTTP(S) proxy.
31.1. [Optional] Property GitProxy configuration file > upstreamProxy > enabled
Type booleanRequired No Description: Whether to use an outbound HTTP(S) proxy for upstream Git hosts.
31.2. [Optional] Property GitProxy configuration file > upstreamProxy > url
Type stringRequired No Format uriDescription: Proxy URL used for outbound connections to upstream Git hosts when set.
31.3. [Optional] Property GitProxy configuration file > upstreamProxy > noProxy
Type array of stringRequired No Description: Additional hostnames or domain suffixes that should bypass the upstream proxy.
Each item of this array must be Description noProxy items - 31.3.1. GitProxy configuration file > upstreamProxy > noProxy > noProxy items
Type stringRequired No 31.4. [Optional] Property GitProxy configuration file > upstreamProxy > auth
Type combiningRequired No Additional properties Any type allowed Description: Credentials presented to the upstream proxy. Preferred over embedding credentials in
url.
One of(Option) item 0 item 1 31.4.1. Property
GitProxy configuration file > upstreamProxy > auth > oneOf > item 0
Type objectRequired No Additional properties Not allowed Description: HTTP Basic — sends base64(username:password) in the Proxy-Authorization header on every CONNECT.
31.4.1.1. [Required] Property GitProxy configuration file > upstreamProxy > auth > oneOf > item 0 > type
Type constRequired Yes Specific value:
"basic"31.4.2. Property
GitProxy configuration file > upstreamProxy > auth > oneOf > item 1
Type objectRequired No Additional properties Not allowed Description: Windows NTLM — multi-round CONNECT handshake (Type1/Type2/Type3) on the same TCP connection. Use when the proxy advertises
Proxy-Authenticate: NTLM.31.4.2.1. [Required] Property GitProxy configuration file > upstreamProxy > auth > oneOf > item 1 > type
Type constRequired Yes Specific value:
"ntlm"31.4.2.2. [Required] Property GitProxy configuration file > upstreamProxy > auth > oneOf > item 1 > username
Type stringRequired Yes 31.4.2.3. [Required] Property GitProxy configuration file > upstreamProxy > auth > oneOf > item 1 > password
Type stringRequired Yes
Generated using json-schema-for-humans on 2026-06-15 at 23:22:37 +0200