I will show you how to install Gitlab onto your own Linux server (also known as self-managed Gitlab server). For my example, I will be installing Gitlab on my Linux server running Centos 8 and will activate HTTPS on it.
How to install Gitlab with HTTPS on your own Linux server
1. Install and configure the necessary dependencies
Install and configure the necessary dependencies (we want to open HTTP, HTTPS and SSH access in the system firewall).sudo su
dnf install -y curl policycoreutils openssh-server
systemctl enable sshd
systemctl start sshd
2. Add the GitLab package repository and install the package
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash
MYFQDN=gitlab8.platform9.puppet.netecho $MYDOMAIN
EXTERNAL_URL="https://${MYFQDN}" dnf install -y gitlab-ee
(Optional) you can install your favourite text editor for Linux
yum install vim -y
OR
yum install nano -y
3. Change URL in Config File and set HTTPS redirect
vim /etc/gitlab/gitlab.rb
external_url 'https://${MYFQDN}'
Enable HTTP Redirect to HTTPS (Change this field in the gitlab.rb file)
nginx['redirect_http_to_https'] = true
4. Create Certificate Folder
sudo mkdir -p /etc/gitlab/ssl
sudo chmod 700 /etc/gitlab/ssl
5. Deploy Trusted SSL Cert to GitLab
We want to create a SSL certificate and then add it to our set up.
5.1 Create Private Key and set passphrase
sudo openssl genrsa -des3 -out /etc/gitlab/ssl/${MYFQDN}.key 2048
5.2 Create Certificate Request
sudo openssl req -new -key /etc/gitlab/ssl/${MYFQDN}.key -out /etc/gitlab/ssl/${MYFQDN}.csr
Enter Country Name US
Enter State or Province Full Name
Enter City Name
Enter Organization Name
Enter Company Name
Enter Organizational Unit Name
Enter server hostname i.e. URL ${MYFQDN
}
Enter Admin Email Address
Skip Challenge Password (Hit Enter)
Skip Optional Company Name (Hit Enter)
5.3 Remove Passphrase from Private Key
sudo cp -v /etc/gitlab/ssl/${MYDOMAIN}.{key,original}
sudo openssl rsa -in /etc/gitlab/ssl/${MYDOMAIN}.original -out /etc/gitlab/ssl/${MYFQDN}.key
sudo rm -v /etc/gitlab/ssl/${MYFQDN}.original
5.4 Create SSL Certificate
sudo openssl x509 -req -days 1460 -in /etc/gitlab/ssl/${MYFQDN}.csr -signkey /etc/gitlab/ssl/${MYFQDN}.key -out /etc/gitlab/ssl/${MYFQDN}.crt
5.5 Remove Certificate Request File and set file permissions
sudo rm -v /etc/gitlab/ssl/${MYFQDN}.csr
sudo chmod 600 /etc/gitlab/ssl/${MYFQDN}.*
6. Run Reconfiguration
Run Reconfiguration using the configuration wizard (Chef Solo Setup) and then we will want to restart services.
sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart
7. Check that it is working
We will check if this is working.
gitlab-ctl status
If you are using Ubuntu, here is similar commands for the same outputs:
- Install and configure the necessary dependencies (we want to open HTTP, HTTPS and SSH access in the system firewall)
sudo su
apt-get update
apt-get install -y curl openssh-server ca-certificates tzdata
- Add the GitLab package repository and install the package
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash
MYFQDN=yourgithublocation
echo $MYFQDN
EXTERNAL_URL="https://${MYFQDN}" apt-get install -y gitlab-ee
- Change URL in Config File and set HTTPS redirect
vim /etc/gitlab/gitlab.rb
external_url='https://${MYFQDN}'
Enable HTTP Redirect to HTTPS (Change this field in the gitlab.rb file)
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/${MYFQDN}.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/${MYFQDN}.key"
letsencrypt[‘enable’] = false
- Create Certificate Folder
mkdir -p /etc/gitlab/ssl
chmod 700 /etc/gitlab/ssl
- Deploy Trusted SSL Cert to GitLab
5.1 Create Private Key and set passphrase
openssl genrsa -des3 -out /etc/gitlab/ssl/${MYFQDN}.key 2048
5.2 Create Certificate Request
openssl req -new -key /etc/gitlab/ssl/${MYFQDN}.key -out /etc/gitlab/ssl/${MYFQDN}.csr
- Enter Country Name US
- Enter State or Province Full Name
- Enter City Name
- Enter Organization Name
- Enter Company Name
- Enter Organizational Unit Name
- Enter server hostname i.e. URL
- Enter Admin Email Address
- Skip Challenge Password (Hit Enter)
- Skip Optional Company Name (Hit Enter)
5.3 Remove Passphrase from Private Key
cp -v /etc/gitlab/ssl/${MYFQDN}.{key,original}
openssl rsa -in /etc/gitlab/ssl/${MYFQDN}.original -out /etc/gitlab/ssl/${MYFQDN}.key
rm -v /etc/gitlab/ssl/${MYFQDN}.original
5.4 Create Certificate
openssl x509 -req -days 1460 -in /etc/gitlab/ssl/${MYFQDN}.csr -signkey /etc/gitlab/ssl/${MYFQDN}.key -out /etc/gitlab/ssl/${MYFQDN}.crt
5.5 Remove Certificate Request File and set file permissions
rm -v /etc/gitlab/ssl/${MYFQDN}.csr
chmod 600 /etc/gitlab/ssl/${MYFQDN}.*
- Run Reconfiguration (Run configuration wizard (Chef Solo Setup) and restart services)
gitlab-ctl reconfigure
gitlab-ctl restart
- Check that it is working
gitlab-ctl status
References:
- Gitlab - Install self-managed GitLab https://about.gitlab.com/install/#centos-8
- Setup HTTPS for Gitlab https://www.bonusbits.com/wiki/HowTo:Setup_HTTPS_for_Gitlab
- Generate Self Signed SSL Certificate with OpenSSL https://www.bonusbits.com/wiki/HowTo:Generate_Self-Signed_SSL_Certificate_with_OpenSSL