How to Install Gitlab on Debian 13 with SSL/TLS

Kifarunix
|
Published:
|
Gitlab, HowTos, Package Installation, Source Code Management
|
Leave a Comment
install gitlab on Debian 13

In this tutorial, you will learn how to install Gitlab on Debian 13. GitLab is an open source end-to-end software development platform with built-in version control, issue tracking, code review, CI/CD, etc. It is is a complete DevOps platform, delivered as a single application.

How to Install Gitlab on Debian 13 with SSL/TLS

System Requirements

Below are the bare minimum software and hardware system requirements to install Gitlab with SSL/TLS certificates on Debian 13.

Hardware Requirements

Ensure the system you want to host with Gitlab has met the following minimum hardware requirements;

  • Storage: Enough storage depending on the size of the repositories you want to store in GitLab.
  • CPU: At least 4 cores. (supports up to 500 users).
  • Memory: At least 4GB RAM (supports up to 500 users).
  • Swap: At least 2GB of swap memory.

For other system requirements, the package installer will take care of it, unless you are doing self compilation.

Read more about the requirements of installing Gitlab on Requirements page.

Install Gitlab on Debian 13

Run system update;

sudo apt update

Run the command below to install some required package dependencies.

sudo apt install curl tzdata ca-certificates

In this tutorial, we are installing Gitlab Community Edition, CE. There are two ways in which you can install Gitlab.

Install Gitlab on Debian 13 using DEB Binary package

To install Gitlab using DEB binary package, download the binary from the Gitlab packages page and install it manually using apt or dpkg commands;

Replace the value of the VER above with the current Gitlab ce release version.

VER=18.8.7

Then download and install the binary.

wget --content-disposition https://packages.gitlab.com/gitlab/gitlab-ce/packages/debian/noble/gitlab-ce_${VER}-ce.0_amd64.deb/download.deb
sudo apt install ./gitlab-ce_${VER}-ce.0_amd64.deb
Note:
To automatically configure Gitlab during installation, you can provide the EXTERNAL URL address. Note that you can also change the URL later after installation and reconfigure Gitlab. Be sure to change the URL, gitlab.kifarunix.com, with your respective domain address.
sudo  EXTERNAL_URL="https://gitlab.kifarunix.com" apt install ./gitlab-ce_${VER}-ce.0_amd64.deb

We will configure Gitlab in the next steps.

Install Gitlab on Debian 13 from APT Repository

To install Gitlab from APT repository on Debian 13, you need to install the Gitlab repo by running the command below;

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash

Once the Gitlab package repo is done, install Gitlab CE on Debian 13;

sudo apt update

Replace the domain name accordingly.

sudo EXTERNAL_URL="https://gitlab.kifarunix.com" apt install gitlab-ce

Configure Gitlab on Debian 13

Set External URL for GitLab Server

If you didn’t specify the Gitlab URL during installation, you can edit the /etc/gitlab/gitlab.rb configuration file and replace the value of the external_url parameter with your Gitlab server URL.

sudo grep "^external_url" /etc/gitlab/gitlab.rb

Output;

external_url 'http://gitlab.example.com'

Replace the Gitlab external URL domain.

sudo vim /etc/gitlab/gitlab.rb
#external_url 'http://gitlab.example.com'
external_url 'https://gitlab.kifarunix.com'

Notice that I also enabled HTTPS for the domain.

Enable Gitlab SSL/TLS Settings

Once the Gitlab package is installed, you can configure it to use SSL/TLS certificates. There are two ways in which you can configure Gitlab with SSL/TLS certificates;

  1. Using free and automated HTTPS with Let’s Encrypt
  2. Manually configuring HTTPS with your own self signed certificates

Assuming you have already have generated Let’s Encrypt SSL certs;

sudo ls -1 /etc/letsencrypt/live/kifarunix.com
cert.pem
chain.pem
fullchain.pem
privkey.pem
README

You can configure Gitlab to use Let’s Encrypt certs as follows;

sudo vim /etc/gitlab/gitlab.rb

Next, scroll down to Gitlab NGINX section and make the following adjustments (as per your setup).

################################################################################
## GitLab NGINX
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
################################################################################

nginx['enable'] = true 
nginx['client_max_body_size'] = '250m'
nginx['redirect_http_to_https'] = true
...
...
nginx['ssl_certificate'] = "/etc/letsencrypt/live/kifarunix.com/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/kifarunix.com/privkey.pem"

...
...
nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"

Save the file and exit.

If you want to use your own self signed SSL/TLS certs, you can generate and use them as follows.

Create a directory to store the SSL certs;

mkdir /etc/gitlab/ssl

Next, generate the self signed SSL certs by running the command below. Be sure to replace the certificates details accordingly in the command below;

openssl req -newkey rsa:4096 -x509 -sha512 -days 3650 \
        -nodes -out /etc/gitlab/ssl/kifarunix-demo.crt \
        -keyout /etc/gitlab/ssl/kifarunix-demo.key \
        -subj "/C=US/ST=California/L=San Francisco/O=Kifarunix-demo Ltd/CN=*.kifarunix-demo.com/"

Copy the public certificate file only into the /etc/gitlab/trusted-certs directory.

mkdir /etc/gitlab/trusted-certs
cp /etc/gitlab/ssl/kifarunix-demo.crt /etc/gitlab/trusted-certs/

Other Gitlab Configurations

There are quite number of configuration options in the /etc/gitlab/gitlab.rb configuration. Go through the configuration and make appropriate changes that suits your needs.

Save and exit the configuration file once you are done with the configurations.

Reconfigure Omnibus GitLab

Once the setup is done, reconfigure Omnibus Gitlab. Reconfiguration is needed whenever there is any configuration changes.

sudo gitlab-ctl reconfigure

Sample command output;

Are you experiencing long wait to time outs waiting for logrotate socket to appear?

...
* ruby_block[wait for logrotate service socket] action run...

Ensure that the Gitlab runit service supervisor (runsvdir) is running;

systemctl status gitlab-runsvdir.service

If it is not running, restart it;

sudo systemctl restart gitlab-runsvdir.service

Confirm status again!

systemctl status gitlab-runsvdir.service

After that, re-run the reconfiguration.

Based on the summary of reconfiguration, Gitlab login username is root and the password is stored in the file, /etc/gitlab/initial_root_password.

sudo grep Password: /etc/gitlab/initial_root_password
Password: 5KLL7fXIMWPuaSf1qANpKs6scO0ZwwOxY6UhvRiG4NQ=

Reset Gitlab User Password

If you want to reset Gitlab user password, run the command below;

sudo gitlab-rake "gitlab:password:reset"

The command will prompt to enter the username and password.

You can specify the username in command line. Replace the username with respective username.

sudo gitlab-rake "gitlab:password:reset[username]"

Like;

sudo gitlab-rake "gitlab:password:reset[root]"

Check Status of Gitlab Services

Check the status of Gitlab services;

gitlab-ctl status
run: alertmanager: (pid 2380) 407s; run: log: (pid 2072) 468s
run: gitaly: (pid 2415) 406s; run: log: (pid 1507) 1209s
run: gitlab-exporter: (pid 2350) 410s; run: log: (pid 2012) 485s
run: gitlab-workhorse: (pid 2327) 411s; run: log: (pid 1917) 545s
run: grafana: (pid 2400) 407s; run: log: (pid 2283) 427s
run: logrotate: (pid 1430) 1222s; run: log: (pid 1438) 1221s
run: nginx: (pid 1951) 511s; run: log: (pid 1962) 507s
run: node-exporter: (pid 2342) 410s; run: log: (pid 1993) 493s
run: postgres-exporter: (pid 2392) 407s; run: log: (pid 2110) 461s
run: postgresql: (pid 1644) 1129s; run: log: (pid 1656) 1126s
run: prometheus: (pid 2364) 409s; run: log: (pid 2049) 475s
run: puma: (pid 1870) 560s; run: log: (pid 1878) 557s
run: redis: (pid 1465) 1216s; run: log: (pid 1476) 1215s
run: redis-exporter: (pid 2352) 409s; run: log: (pid 2037) 480s
run: sidekiq: (pid 1888) 554s; run: log: (pid 1899) 551s

Managing Gitlab Services

If you need to restart all Gitlab services;

sudo gitlab-ctl restart

You can as well use start|stop command options to control Gitlab services.

To start, stop or restart an individual component, eg nginx;

sudo gitlab-ctl start|stop|restart nginx

Accessing Gitlab Web Interface

The basic install of Gitlab on Debian 13 is now done. All you can do now is to access the Gitlab web interface, https://server-IP-or-domain. Of course, just use http:// if you didnt configure Gitlab with SSL/TLS certificates.

If UFW is running, you need to open port 443/80 to allow external access.

sudo ufw allow "Apache Full"

You can also allow access from specific IPs. Replace the IP accordingly.

sudo ufw allow from 203.0.113.25 to any port 443 proto tcp
sudo ufw allow from 203.0.113.25 to any port 80 proto tcp

If you are not using UFW, you can also open ports using iptables.

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Optional: Allow only specific IP. Replace the IP addresses.

sudo iptables -A INPUT -p tcp -s 203.0.113.25 --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp -s 203.0.113.25 --dport 443 -j ACCEPT

Save iptables rules so they persist after reboot:

sudo apt install iptables-persistent -y
sudo netfilter-persistent save

Login to Gitlab web user interface as root user with password provided above.

Upon successful login, such an interface welcomes you.

gitlab default welcome page

Gitlab web dashboard for user root. You can access by clicking Admin Area at the top right;

gitlab ce root dashboard

Gitlab is now installed and setup, basically. That marks the end of our tutorial on how to install Gitlab.

What is next after Installation?

Once Gitlab is up and running, you can now proceed with the next steps outlined on the documentation page.

Steps after installing GitLab

Other Tutorials

Automate OpenShift Deployments with GitLab CI/CD Pipelines

How to Install Gitlab on Rocky Linux 10 with Let’s Encrypt SSL

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
Kifarunix
DevOps Engineer and Linux Specialist with deep expertise in RHEL, Debian, SUSE, Ubuntu, FreeBSD... Passionate about open-source technologies, I specialize in Kubernetes, Docker, OpenShift, Ansible automation, and Red Hat Satellite. With extensive experience in Linux system administration, infrastructure optimization, information security, and automation, I design and deploy secure, scalable solutions for complex environments. Leveraging tools like Terraform and CI/CD pipelines, I ensure seamless integration and delivery while enhancing operational efficiency across Linux-based infrastructures.

Related Posts

Install and Setup Vtiger CRM on Debian 10

Install WonderCMS with Nginx on Debian 10

Logstash: Write Specific Events to Specific Index

Install MariaDB 10.5 on FreeBSD 13

How to Fix Filebeat Glibc Related Errors on Ubuntu 22.04

Useful Facts About Setting Up Mobile Rugged Servers

Leave a Comment

© 2026 kifarunix.com

Home Advertise with us Privacy Policy
document.addEventListener("DOMContentLoaded", function() { document.querySelectorAll(".scroll-box").forEach(function(box) { box.style.position = "relative"; // Needed for absolute positioning of button var button = document.createElement("button"); button.className = "copy-icon-btn"; button.setAttribute("aria-label", "Copy code"); button.innerHTML = ''; box.appendChild(button); button.addEventListener("click", function() { var text = box.innerText; navigator.clipboard.writeText(text).then(function() { button.querySelector("svg").setAttribute("fill", "#4CAF50"); setTimeout(function() { button.querySelector("svg").setAttribute("fill", "white"); }, 1500); }).catch(function(err) { console.error("Copy failed: ", err); }); }); }); });