Haacking-Club/Gitlab-ce

--- * **gitlab-ce** * **Jonathan Haack** * **Haack's Networking** * **netcmnd@jonathanhaack.com**

---

//Installing gitlab-ce on a Debian system.//

---

The pre-requisites: * Using Debian or similar * Self Hosted Web Server using Apache 2.4 * Available Domain with DNS set up * Self-Signed Certificate is established as backup * Letsencrypt, using certbot, is established and working

If you are missing some of these pre-requisites, please visit the [|Apache Survival Tutorial] I created which covers these topics.

The first thing you need to do is download and run the script that gitlab provides. This script will allow you to access the repositories and download gitlab-ce.

cd /tmp curl -LO https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh sudo bash /tmp/script.deb.sh

Now that that is done, let's begin by installing Gitlab Community Edition and editing the Ruby configuration file to work with the LAMP stack:

sudo apt install gitlab-ce sudo nano /etc/gitlab/gitlab.rb In this file, you need to edit 6 lines. The [|Gitlab Tutorial] requests an additional line - which I included but commented out - be adjusted and also forgets to specify that gitlab_workhorse should be enabled. These are the options I used with my LAMP stack to get it up and running:

external_url 'http://codetalkers.services'

Before I discuss the other configuration options, let me point out that I have to keep this as http and not https, letting my apache vhost redirect to https instead of building it into the gitlab server configuration, in order to work. This is because I already built Let's Encrypt certificates and set up TLS on the website before I installed gitlab. Even though it lists project repositories as "http" within the gitlab instance, it redirects to https as per the vhost in apache. This is a sufficient workaround until this known issue is fixed. The symptom you get if you leave it as https is continual and unstoppable 422 errors, well documented on gitlab's forums. gitlab_workhorse['enable'] = true gitlab_workhorse['listen_network'] = "tcp" gitlab_workhorse['listen_addr'] = "127.0.0.1:8181" web_server['external_users'] = ['www-data'] nginx['enable'] = false #gitlab_rails['trusted_proxies'] = [ '192.168.1.0/24', '192.168.2.1', '2001:0db8::/32' ] Optionally, if you want your ssh on an alternate port, then configure one more option in the gitlab.rb file. Of course, you will also need to adjust your sshd_config and you firewall (if applicable) to permit traffic on this port.

gitlab_rails['gitlab_shell_ssh_port'] = 40000

Ok, now that the configuration file is set up, let's make sure that your Apache Web Server has appropriate configuration files. There is a [|Gitlab Recipes] repository dedicated to getting Gitlab-CE up on non-nginx web servers. These are REHL templates so I adjusted the logs, commented out the CA line in the SSL config, and ran Certbot on top of the SSL config. These templates were instrumental in getting this set-up, but I made so many changes that I forked them at my repository. You can download the file directly or contribute to the public fork here:

* [|http.conf] OR [|codetalkers-http] * [|https.conf] OR [|codetalkers-https]

These both work in production, so feel free to use and share. I will post these to the recipes page if they begin to differ enough that I need to do so. For now, I will keep them here only. Make sure that you enabled the appropriate mods that allow a proxy webserver, gitlab-ce, to run on the localhost on port 8181, but to be accessible externally using the domain above. Apache needs certain modules - that permit the proxy functionality mentioned above - to be enabled as follows:

sudo a2enmod proxy_http sudo a2enmod proxy sudo a2enmod rewrite You should now be able to cofnigure gitlab-ce with its built in configuration tool::

sudo gitlab-ctl reconfigure

After you complete these steps, restart both the Apache Web Server and the Gitlab services as follows:

sudo systemctl restart apache2.service sudo systemctl restart gitlab-runsvdir.service Personally, I do not like to use the default Let's Encrypt tool in the gitlab-ce configuration file and prefer instead to set up https prior to installing or configuring gitlab-ce. This is especially convenient and helpful if you have more than one virtual host you are running. If you have a firewall running, do not forget to allow connections on 8181. Lastly, please visit the repository at [|Code Talkers] and if you want access, send me an email.

This tutorial is a designated "Invariant Section" of the "Technotronic" section of Haack's Wiki as described on the [|Start Page].

--- //oemb1905 2018/11/23 22:43//