GitLab Installation

Steps to install a self-managed GitLab instance.

GitLab Installation Guide for Rocky Linux

Tier: Free, Premium, Ultimate

Offering: Self-managed

In this tutorial, you will learn how to install and securely configure a single-node GitLab instance that can accommodate up to 20 RPS or 1,000 users.

Prerequisites

  1. Server: A Rocky/Centos/RHEL server with the following minimum specs:
  • 4 vCPU
  • 8 GB memory
  • 50GB Disk
  1. Domain Name: Optional but recommended for accessing GitLab.
  2. Dependencies: Ensure you have curl, openssh-server, and policycoreutils-python-utils installed.

Required Software for Environment Setup

To automatically create and manage your test environment, please ensure you have the following software installed:

  • VirtualBox: A powerful open-source virtualization software that enables you to run multiple operating systems on your computer seamlessly.

  • Vagrant: A tool designed for building and managing virtualized development environments

  • Git Bash: A command-line interface that allows you to use Git along with Bash commands, providing a robust environment for running scripts and version control.

  • Visual Studio Code (VSCode): A free and feature-rich code editor developed by Microsoft, ideal for writing, debugging, and managing code in various programming languages.

Follow the below steps to create a vm with rocky 9

  • Create a file with name vagrantfile
vi Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
  config.vm.box = "rockylinux/9"
  config.vm.hostname = "gitlab.local.com"

  config.vm.network "public_network"

  config.vm.provider "virtualbox" do |vb|
    vb.memory = "8192"  # Set the VM memory to 8GB.
    vb.cpus = 2         # Set the number of CPUs to 2.
    vb.customize ["modifyvm", :id, "--nic1", "bridged"]
    vb.customize ["modifyvm", :id, "--cpus", "2"]
    vb.customize ["modifyvm", :id, "--memory", "8192"]
    vb.customize ["modifyvm", :id, "--vram", "128"]
  end
end

Steps to Install GitLab

  1. Update your system:

    sudo dnf update -y

  2. Install necessary packages:

    sudo dnf install -y curl openssh-server policycoreutils-python-utils

  3. Enable and start the SSH service:

    sudo systemctl enable sshd
sudo systemctl start sshd

  4. Add the GitLab package repository:

    curl -s https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash

  5. Install GitLab: Replace YOUR_GITLAB_URL with your desired URL.

    sudo EXTERNAL_URL="http://YOUR_GITLAB_URL" dnf install -y gitlab-ee

  6. Configure GitLab: After installation, configure GitLab by running:

    sudo gitlab-ctl reconfigure

  7. Access GitLab: Open a web browser and go to http://YOUR_GITLAB_URL. You’ll be prompted to set up an admin password.

  8. Log in: Use the username root and the password you set to log in.

  9. GitLab Initial Root Password:

After the first-time installation of GitLab, the root password is stored in the following file for only 24 hours:

  • Path: /etc/gitlab/initial_root_password

You can retrieve the password from this file if you need it during the initial setup. However, this file will automatically be deleted after 24 hours for security reasons.

Important Notes:

  • If you lose access to this file or the password, you can always reset the root password using the following command:
sudo gitlab-rake "gitlab:password:reset"

Configuring SSL Certificate for GitLab External URL

This guide explains how to configure Let’s Encrypt for securing your GitLab instance with SSL.

Prerequisites

Before starting, ensure you have:

  • A domain name pointing to your GitLab server.
  • Ports 80 (HTTP) and 443 (HTTPS) open on your firewall.
  • GitLab installed and configured.
  1. Edit GitLab Configuration File

You need to edit the GitLab configuration file to set up Let’s Encrypt.

sudo vi /etc/gitlab/gitlab.rb
  1. Set External URL

In the configuration file, ensure that the external_url is set to your domain, which you want to secure with Let’s Encrypt.

external_url "https://your-domain.com"

Replace "your-domain.com" with your actual domain name.

  1. Enable Let’s Encrypt in GitLab

Enable Let’s Encrypt by adding the following lines in the gitlab.rb file:

letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['your-email@example.com']  # Replace with your email
letsencrypt['auto_renew'] = true  # Automatically renew certificates

This will enable SSL through Let’s Encrypt and ensure automatic renewal.

  1. Optional Let’s Encrypt Settings

You can optionally fine-tune Let’s Encrypt settings, such as specifying when auto-renewal should take place:

letsencrypt['auto_renew_hour'] = 12  # The hour for auto-renewal (0-23)
letsencrypt['auto_renew_minute'] = 30  # The minute for auto-renewal (0-59)
letsencrypt['auto_renew_day_of_month'] = "*/7"  # Attempt auto-renewal every 7 days

These options give you control over when GitLab attempts to renew the certificates.

  1. Reconfigure GitLab

After updating the configuration, run the following command to apply the changes:

sudo gitlab-ctl reconfigure

This will trigger the reconfiguration process and install the Let’s Encrypt SSL certificates.

  1. Verify the Configuration

Once GitLab is reconfigured, open a web browser and visit:

https://your-domain.com

You should now see that the site is secured with an SSL certificate. Check the certificate details to confirm that it was issued by Let’s Encrypt.

Troubleshooting

If you encounter issues with Let’s Encrypt, consider checking the following:

  • DNS Configuration: Ensure your domain name is correctly configured to point to your GitLab instance.
  • Port Accessibility: Make sure ports 80 and 443 are open and accessible from the internet.
  • Firewall: Verify that your firewall or hosting provider does not block the Let’s Encrypt validation process.

In case the certificate does not renew automatically or issues occur, manually check the configuration by running:

sudo gitlab-ctl reconfigure