VLT-Website-Heading

How to install Gitlab with HTTPS on your own Linux server

Dec 1, 2020 9:18:07 PM / by Vu Long Tran

I will show you how to install Gitlab onto your own Linux server (also known as self-managed Gitlab server). For my example, I will be installing Gitlab on my Linux server running Centos 8 and will activate HTTPS on it.

How to install Gitlab with HTTPS on your own Linux server

1. Install and configure the necessary dependencies

Install and configure the necessary dependencies (we want to open HTTP, HTTPS and SSH access in the system firewall).

sudo su

dnf install -y curl policycoreutils openssh-server

 systemctl enable sshd

 systemctl start sshd

2. Add the GitLab package repository and install the package

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash

MYFQDN=gitlab8.platform9.puppet.netecho $MYDOMAIN

EXTERNAL_URL="https://${MYFQDN}" dnf install -y gitlab-ee

(Optional) you can install your favourite text editor for Linux

yum install vim -y

OR

yum install nano -y

3. Change URL in Config File and set HTTPS redirect

vim /etc/gitlab/gitlab.rb

external_url 'https://${MYFQDN}'

Enable HTTP Redirect to HTTPS (Change this field in the gitlab.rb file)

nginx['redirect_http_to_https'] = true

4. Create Certificate Folder

sudo mkdir -p /etc/gitlab/ssl

sudo chmod 700 /etc/gitlab/ssl

5. Deploy Trusted SSL Cert to GitLab

We want to create a SSL certificate and then add it to our set up.

5.1 Create Private Key and set passphrase

sudo openssl genrsa -des3 -out /etc/gitlab/ssl/${MYFQDN}.key 2048

5.2 Create Certificate Request

sudo openssl req -new -key /etc/gitlab/ssl/${MYFQDN}.key -out /etc/gitlab/ssl/${MYFQDN}.csr

Enter Country Name US
Enter State or Province Full Name
Enter City Name
Enter Organization Name
Enter Company Name
Enter Organizational Unit Name
Enter server hostname i.e. URL ${MYFQDN}
Enter Admin Email Address
Skip Challenge Password (Hit Enter)
Skip Optional Company Name (Hit Enter)

5.3 Remove Passphrase from Private Key

sudo cp -v /etc/gitlab/ssl/${MYDOMAIN}.{key,original}

sudo openssl rsa -in /etc/gitlab/ssl/${MYDOMAIN}.original -out /etc/gitlab/ssl/${MYFQDN}.key

sudo rm -v /etc/gitlab/ssl/${MYFQDN}.original

5.4 Create SSL Certificate

sudo openssl x509 -req -days 1460 -in /etc/gitlab/ssl/${MYFQDN}.csr -signkey /etc/gitlab/ssl/${MYFQDN}.key -out /etc/gitlab/ssl/${MYFQDN}.crt

5.5 Remove Certificate Request File and set file permissions

sudo rm -v /etc/gitlab/ssl/${MYFQDN}.csr

sudo chmod 600 /etc/gitlab/ssl/${MYFQDN}.*

6. Run Reconfiguration

Run Reconfiguration using the  configuration wizard (Chef Solo Setup) and then we will want to restart services.

sudo gitlab-ctl reconfigure

sudo gitlab-ctl restart

sudo gitlab-ctl reconfigure

sudo gitlab-ctl restart


7. Check that it is working

We will check if this is working.

gitlab-ctl status

gitlab-ctl-status

If you are using Ubuntu, here is similar commands for the same outputs:

  1. Install and configure the necessary dependencies (we want to open HTTP, HTTPS and SSH access in the system firewall)

sudo su

apt-get update

apt-get install -y curl openssh-server ca-certificates tzdata

  1. Add the GitLab package repository and install the package

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash

MYFQDN=yourgithublocation

echo $MYFQDN

EXTERNAL_URL="https://${MYFQDN}" apt-get install -y gitlab-ee

  1. Change URL in Config File and set HTTPS redirect

vim /etc/gitlab/gitlab.rb

external_url='https://${MYFQDN}'

Enable HTTP Redirect to HTTPS (Change this field in the gitlab.rb file)

nginx['redirect_http_to_https'] = true

nginx['ssl_certificate'] = "/etc/gitlab/ssl/${MYFQDN}.crt"

nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/${MYFQDN}.key"

letsencrypt[‘enable’] = false

  1. Create Certificate Folder

mkdir -p /etc/gitlab/ssl

chmod 700 /etc/gitlab/ssl

  1. Deploy Trusted SSL Cert to GitLab

5.1 Create Private Key and set passphrase

openssl genrsa -des3 -out /etc/gitlab/ssl/${MYFQDN}.key 2048

5.2 Create Certificate Request

openssl req -new -key /etc/gitlab/ssl/${MYFQDN}.key -out /etc/gitlab/ssl/${MYFQDN}.csr

  • Enter Country Name US
  • Enter State or Province Full Name
  • Enter City Name
  • Enter Organization Name
  • Enter Company Name
  • Enter Organizational Unit Name
  • Enter server hostname i.e. URL
  • Enter Admin Email Address
  • Skip Challenge Password (Hit Enter)
  • Skip Optional Company Name (Hit Enter)

 

5.3 Remove Passphrase from Private Key

cp -v /etc/gitlab/ssl/${MYFQDN}.{key,original}

openssl rsa -in /etc/gitlab/ssl/${MYFQDN}.original -out /etc/gitlab/ssl/${MYFQDN}.key

rm -v /etc/gitlab/ssl/${MYFQDN}.original

 

5.4 Create Certificate

openssl x509 -req -days 1460 -in /etc/gitlab/ssl/${MYFQDN}.csr -signkey /etc/gitlab/ssl/${MYFQDN}.key -out /etc/gitlab/ssl/${MYFQDN}.crt

5.5 Remove Certificate Request File and set file permissions

rm -v /etc/gitlab/ssl/${MYFQDN}.csr

chmod 600 /etc/gitlab/ssl/${MYFQDN}.*

  1. Run Reconfiguration (Run configuration wizard (Chef Solo Setup) and restart services)

gitlab-ctl reconfigure

gitlab-ctl restart

  1. Check that it is working

gitlab-ctl status

 

References:

 

Topics: linux, git

Vu Long Tran

Written by Vu Long Tran

Solutions Engineer APAC. ex-@Forrester consultant. Writing on #cloud #howto guides and #tech tinkering!