Haack's Wiki

User Tools

Site Tools

Trace:
computing:gitlab-ce

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computing:gitlab-ce [2018/08/05 03:46] oemb1905computing:gitlab-ce [2024/02/17 19:52] (current) oemb1905
Line 1: Line 1:
- 
 ------------------------------------------- -------------------------------------------
   * **gitlab-ce**    * **gitlab-ce** 
   * **Jonathan Haack**   * **Jonathan Haack**
   * **Haack's Networking**   * **Haack's Networking**
-  * **netcmnd@jonathanhaack.com** +  * **webmaster@haacksnetworking.org** 
  
 ------------------------------------------- -------------------------------------------
Line 20: Line 19:
   * Letsencrypt, using certbot, is established and working   * Letsencrypt, using certbot, is established and working
  
-If you are missing some of these pre-requisites, please visit the [[https://jonathanhaack.com/dokuwiki/doku.php?id=computing:apachesurvival|Apache Survival Tutorial]] I created which covers these topics.  Otherwise, let's begin by installing Gitlab Community Edition and editing the Ruby configuration file to work with the LAMP stack:+If you are missing some of these pre-requisites, please visit the [[computing:apachesurvival]] tutorial I created which covers these topics.   
 + 
 +The first thing you need to do is download and run the script that gitlab provides.  This script will allow you to access the repositories and download gitlab-ce. 
 + 
 +  cd /tmp 
 +  curl -LO https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh 
 +  sudo bash /tmp/script.deb.sh 
 + 
 +Now that that is done, let's begin by installing Gitlab Community Edition and editing the Ruby configuration file to work with the LAMP stack:
  
   sudo apt install gitlab-ce   sudo apt install gitlab-ce
Line 27: Line 34:
 In this file, you need to edit 6 lines.  The [[http://doc.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server|Gitlab Tutorial]] requests an additional line - which I included but commented out - be adjusted and also forgets to specify that gitlab_workhorse should be enabled.  These are the options I used with my LAMP stack to get it up and running: In this file, you need to edit 6 lines.  The [[http://doc.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server|Gitlab Tutorial]] requests an additional line - which I included but commented out - be adjusted and also forgets to specify that gitlab_workhorse should be enabled.  These are the options I used with my LAMP stack to get it up and running:
  
-  external_url 'http://gitlab.example.fr'+  external_url 'https://example.com 
   gitlab_workhorse['enable'] = true   gitlab_workhorse['enable'] = true
   gitlab_workhorse['listen_network'] = "tcp"   gitlab_workhorse['listen_network'] = "tcp"
Line 36: Line 43:
      
 Optionally, if you want your ssh on an alternate port, then configure one more option in the gitlab.rb file.  Of course, you will also need to adjust your sshd_config and you firewall (if applicable) to permit traffic on this port. Optionally, if you want your ssh on an alternate port, then configure one more option in the gitlab.rb file.  Of course, you will also need to adjust your sshd_config and you firewall (if applicable) to permit traffic on this port.
-  
-  gitlab_rails['gitlab_shell_ssh_port'] = 40000 
  
-Ok, now that the configuration file is set up, let's make sure that your Apache Web Server has appropriate configuration files.  There is a [[https://gitlab.com/gitlab-org/gitlab-recipes|Gitlab Recipes]repository dedicated to getting Gitlab-CE up on non-default web servers.  These are REHL templates so I adjusted the logs, commented out the CA line in the SSL config, and ran Certbot on top of the SSL config, yielding the following final configurations which worked:+  gitlab_rails['gitlab_shell_ssh_port'= 222
  
-  * [[https://jonathanhaack.com/stuff/http.conf|http.conf]] +Ok, now that the configuration file is set up, let's make sure that your Apache Web Server has appropriate configuration files.  There is a [[https://gitlab.com/gitlab-org/gitlab-recipes|Gitlab Recipes]] repository dedicated to getting Gitlab-CE up on non-nginx web servers.  Always check the git repo above for the latest recipes, the ones I am using are currently here (2020): 
-  [[https://jonathanhaack.com/stuff/https.conf|https.conf]] +   
 +[[https://repo.haacksnetworking.org/haacknet/haackingclub/-/tree/main/configs/webservers/apache|Reverse Proxy Virtual Host Configs for Apache2]]
  
-These both work in production, so feel free to use and share.  I will post these to the recipes page if they begin to differ enough that I need to do so.  For now, I will keep them here only.  Make sure that you enabled the appropriate mods that allow a proxy webserver, gitlab-ce, to run on the localhost on port 8181, but to be accessible externally using the domain above. That is done in apache as follows:+These both work in production, so feel free to use and share.  Make sure you have appropriate apache mods enabled:
  
-  sudo a2enmod http_proxy+  sudo a2enmod proxy_http
   sudo a2enmod proxy   sudo a2enmod proxy
   sudo a2enmod rewrite   sudo a2enmod rewrite
Line 59: Line 65:
   sudo systemctl restart gitlab-runsvdir.service   sudo systemctl restart gitlab-runsvdir.service
      
-Personally, I do not like to use the default Let's Encrypt tool in the gitlab-ce configuration file and prefer instead to set up https prior to installing or configuring gitlab-ce.  This is especially convenient and helpful if you have more than one virtual host you are runningIf you have a firewall runningdo not forget to allow connections on 8181.  Lastly, please visit the repository at [[https://codetalkers.services/|Code Talkers]] and if you want access, send me an email. +I do not use the default Let's Encrypt tool in ''gitlab.rb'' because it fails.  I work around this issue by building a basic ''.html'' website firstencrypting that, and then changing the configs to reverse proxies specified above.  
  
 +-------------------------------------------
 +
 +Need to migrate your gitlab-ce instance to a new host?  First, prepare the backups and configs on the old host and copy those the new host.
 +
 +  sudo gitlab-ctl stop unicorn
 +  sudo gitlab-ctl stop sidekiq
 +  sudo gitlab-rake gitlab:backup:create
 +  mkdir gitlab-old-host
 +  sudo cp /etc/gitlab/gitlab.rb /root/gitlab-old-host/
 +  sudo cp /etc/gitlab/gitlab-secrets.json /root/gitlab-old-host/
 +  sudo cp -R /etc/gitlab/trusted-certs/ /root/gitlab-old-host/
 +  sudo cp /var/opt/gitlab/backups/XXXXXXXXXX_gitlab_backup.tar /root/gitlab-old-host/
 +  scp -r ~/gitlab-old-host user@10.xx.xx.x:
 +  
 +Now that you have copied those configs and files over the new host, it is time to restore the new host with those backups.  Warning:  I am assuming you already followed the above initial setup steps on the new host that are detailed above, and have left that instance vanilla.  Once that new install is running and accessible and vanilla (no changes), do the following.
 +
 +  sudo cp gitlab-old-host/gitlab-old.rb /etc/gitlab/gitlab.rb
 +  sudo cp -r gitlab-old-host/trusted-certs /etc/gitlab/trusted-certs
 +  sudo gitlab-ctl reconfigure
 +  sudo gitlab-ctl stop unicorn
 +  sudo gitlab-ctl stop sidekiq
 +  sudo cp gitlab-old/XXXXXXXXXX_gitlab_backup.tar /var/opt/gitlab/backups/
 +  sudo chown git:git /var/opt/gitlab/backups/XXXXXXXXXX_gitlab_backup.tar
 +  sudo gitlab-rake gitlab:backup:restore BACKUP=XXXXXXXXX
 +  sudo gitlab-ctl start
 +  sudo gitlab-rake gitlab:check SANITIZE=true
 +  
 +Navigate to your web browser, and all should be restored.  ;)
  
- --- //[[netcmnd@jonathanhaack.com|oemb1905]] 2018/08/04 16:36//+ --- //[[webmaster@haacksnetworking.org|oemb1905]] 2024/02/17 19:48//
computing/gitlab-ce.1533440782.txt.gz · Last modified: 2018/11/25 01:33 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki