This is an old revision of the document!
- gitlab-ce
- Jonathan Haack
- Haack's Networking
- netcmnd@jonathanhaack.com
Installing gitlab-ce on a Debian system.
The pre-requisites:
- Using Debian or similar
- Self Hosted Web Server using Apache 2.4
- Available Domain with DNS set up
- Self-Signed Certificate is established as backup
- Letsencrypt, using certbot, is established and working
If you are missing some of these pre-requisites, please visit the Apache Survival Tutorial I created which covers these topics. Otherwise, let's begin by installing Gitlab Community Edition and editing the Ruby configuration file to work with the LAMP stack:
sudo apt install gitlab-ce sudo nano /etc/gitlab/gitlab.rb
In this file, you need to edit 6 lines. The Gitlab Tutorial requests an additional line - which I included but commented out - be adjusted and also forgets to specify that gitlab_workhorse should be enabled. These are the options I used with my LAMP stack to get it up and running:
external_url 'http://gitlab.example.fr' gitlab_workhorse['enable'] = true gitlab_workhorse['listen_network'] = "tcp" gitlab_workhorse['listen_addr'] = "127.0.0.1:8181" web_server['external_users'] = ['www-data'] nginx['enable'] = false #gitlab_rails['trusted_proxies'] = [ '192.168.1.0/24', '192.168.2.1', '2001:0db8::/32' ]
Optionally, if you want your ssh on an alternate port, then configure one more option in the gitlab.rb file. Of course, you will also need to adjust your sshd_config and you firewall (if applicable) to permit traffic on this port.
gitlab_rails['gitlab_shell_ssh_port'] = 40000
Ok, now that the configuration file is set up, let's make sure that your Apache Web Server has appropriate configuration files. There is a Gitlab Recipes repository dedicated to getting Gitlab-CE up on non-default web servers. These are REHL templates so I adjusted the logs, commented out the CA line in the SSL config, and ran Certbot on top of the SSL config, yielding the following final configurations which worked:
These both work in production, so feel free to use and share. I will post these to the recipes page if they begin to differ enough that I need to do so. For now, I will keep them here only. Make sure that you enabled the appropriate mods that allow a proxy webserver, gitlab-ce, to run on the localhost on port 8181, but to be accessible externally using the domain above. That is done in apache as follows:
sudo a2enmod http_proxy sudo a2enmod proxy sudo a2enmod rewrite
You should now be able to cofnigure gitlab-ce with its built in configuration tool::
sudo gitlab-ctl reconfigure
After you complete these steps, restart both the Apache Web Server and the Gitlab services as follows:
sudo systemctl restart apache2.service sudo systemctl restart gitlab-runsvdir.service
Personally, I do not like to use the default Let's Encrypt tool in the gitlab-ce configuration file and prefer instead to set up https prior to installing or configuring gitlab-ce. This is especially convenient and helpful if you have more than one virtual host you are running. If you have a firewall running, do not forget to allow connections on 8181. Lastly, please visit the repository at Code Talkers and if you want access, send me an email.
— oemb1905 2018/08/04 16:36
