Gitlab community edition - Install and update (on-premise)

Page content

Install GitLab with apt (official way as of 2020/08/11)

sudo apt update
sudo apt upgrade -y
sudo apt-get install -y curl openssh-server ca-certificates tzdata
sudo apt install -y postfix
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
sudo EXTERNAL_URL="https://{{ your_GitLab_server_domain }}" apt install gitlab-ce
## If you are using internal purpose and use your own domain, auto SSL configuration (ACME) would fail.
## Then, try http (not https) like below.
## sudo EXTERNAL_URL="http://{{ your_GitLab_server_domain }}" apt install gitlab-ce

Configure TLS

  1. Create TLS self-sign CA certificate. Refer to [my post]({{< ref “tools/openssl.md” >}})
  2. Replace a private key and a certificate in /etc/gitlab/ssl/.
  3. Edit /etc/gitlab/gitlab.rb as follows.
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/mygitlab.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/mygitlab.key"
letsencrypt['enable'] = false
  1. gitlab-ctl reconfigure. Done!

Update GitLab CE (apt installed)

# as root
# curl --silent https://packages.gitlab.com/gpg.key | sudo apt-key add -
apt-get update
apt-get upgrade
...
# Upgrade complete! If your GitLab server is misbehaving try running
#  sudo gitlab-ctl restart

Initial setup

Set admin password

When you access to the GitLab first, it requests you to input a new root password.

Create users

Admin area (permission required) -> User -> create

Create groups

https://docs.gitlab.com/ee/user/group/

Activate Container Registry

https://docs.gitlab.com/ce/administration/packages/container_registry.html#configure-container-registry-under-an-existing-gitlab-domain

/etc/gitlab/gitlab.rb

/// --- snip ---
################################################################################
## Container Registry settings
##! Docs: https://docs.gitlab.com/ee/administration/container_registry.html
################################################################################

registry_external_url 'https://{{ your_GitLab_server_domain }}:5050'

## If you do configured SSL certificate, write below also.
registry_nginx['ssl_certificate'] = "/path/to/certificate.pem"
registry_nginx['ssl_certificate_key'] = "/path/to/certificate.key"

sudo gitlab-ctl reconfigure and open 5050 port of the GitLab server.

client side (self-sign issue unsolved)

https://docs.docker.com/registry/insecure/#use-self-signed-certificates

OS cert store

Add the self-sign certificate to the trusted CA list under /usr/local/share/ca-certificates/ and sudo update-ca-certificates.

At this point, curl command didn’t return CA cert error.

Docker trusted cert

For snapd installed Docker:

sudo mkdir -p /var/snap/docker/common/etc/certs.d/{{ your_GitLab_server_domain }}:5050
vim /var/snap/docker/common/etc/certs.d/{{ your_GitLab_server_domain }}:5050/ca.crt

login fail

# docker login {{ my_GitLab_server_domain }}:5050
Username: atlex00
Password:
Error response from daemon: Get https://{{ your_GitLab_server_domain }}:5050/v2/: x509: certificate signed by unknown authority

How…

Now you can login to the registry with your gitlab credential.

docker login {{ your_GitLab_server_domain }}:5050

Push an image to the registry.

docker tag me/test:v1 {{ your_GitLab_server_domain }}:5050/group/reponame
docker push {{ your_GitLab_server_domain }}:5050/group/reponame:

Change root password

If the login doesn’t work fine, try it (manually reset the password.)

https://docs.gitlab.com/ee/security/reset_root_password.html

sudo gitlab-rails console -e production
user = User.where(id: 1).first
user.password = 'secret_pass'
user.password_confirmation = 'secret_pass'
user.save!
exit

Configure email

Install sendmail

apt update
apt install sendmail

If you configured firewall, please open port for sendmail (outbound 25 and 587).

In gitlar.rb,

### Email Settings
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'noreply@yourdomain.com'
gitlab_rails['gitlab_email_display_name'] = 'New_GitLab'
gitlab_rails['gitlab_email_reply_to'] = 'noreply@yourdomain.com'

After configuration, run sudo gitlab-ctl reconfigure and sudo gitlab-ctl restart.

Deprecated: On-premise: install on Ubuntu 20.04 (as of 2020/06/05)

We didn’t have a package for Ubuntu 20.04 at the moment. I leave this as a memo.

sudo apt update
sudo apt upgrade -y
# sudo apt install -y curl openssh-server ca-certificates
sudo apt install -y postfix
#  -> Internet site
#  -> mydomain.com

#- curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
#- sudo EXTERNAL_URL="https://mydomain.com" apt install gitlab-ce
# Not supported 20.04 as of 2020/06/05

sudo tee /etc/apt/sources.list.d/gitlab_gitlab-ce.list<<EOF 
deb https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu/ bionic main
deb-src https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu/ bionic main
EOF

sudo apt update
sudo apt install gitlab-ce

sudo vim /etc/gitlab/gitlab.rb
# external_url 'http://{{ your_GitLab_server_domain }}'
sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart

GitLab Pages

Enable

https://docs.gitlab.com/ce/administration/pages/

  1. /etc/gitlab/gitlab.rb:
pages_external_url 'https://{{ your_GitLab_server_domain }}'
  1. sudo gitlab-ctl reconfigure

set

Project -> Settings -> Pages appears

Achtung

  • Server TLS should be wild card.
  • DNS record for https://{{ group }}.{{ your_GitLab_server_domain }}/{{ project_name }}.

export and import

  1. project -> Settings -> General -> Advanced:Export Project
  2. Check email and click the link (download tar,gz) imp
  3. Create new projec -> gitlab export -> chose the tar.gz