Install Gitlab with SSL/TLS Certificate on Ubuntu 20.04

|
Last Updated:
|
|

In this tutorial, you will learn how to install Gitlab with SSL/TLS certificate on Ubuntu 20.04. GitLab is an open source end-to-end software development platform with built-in version control, issue tracking, code review, CI/CD, etc. It is is a complete DevOps platform, delivered as a single application.

Read more about what Gitlab offers on Gitlab Features page.

Want to use Debian 11 instead? Check the link below;

Install Gitlab CE on Debian 11

Configure Gitlab with SSL/TLS Certificates

Gitlab Installation Requirements

Below are the bare minimums to install Gitlab with SSL/TLS certificates on Ubuntu 20.04.

Hardware Requirements

Ensure the system you want to host with Gitlab has met the following minimum hardware requirements;

  • Storage: Enough storage depending on the size of the repositories you want to store in GitLab.
  • CPU: At least 4 cores. (supports up to 500 users).
  • Memory: At least 4GB RAM (supports up to 500 users).
  • Swap: At least 2GB of swap memory.

Software Requirements

  • GitLab requires Ruby (MRI) 2.6.
  • The minimum required Go version is 1.13.
  • Node.js 10.13.0 or higher is required. Node 12.x is recommended.
  • GitLab 13.0 and later requires Redis version 4.0 or higher.

Database Requirements

Gitlab supports PostgreSQL database only. With the following being table outlining required version of PostgreSQL database for a specific version of Gitlab;

GitLab versionMinimum PostgreSQL version
10.09.6
13.011
13.612

Read more about the requirements of installing Gitlab on Requirements page.

Install Gitlab with SSL/TLS Certificate

Run System Update

Run system update;

apt update

Install Required package dependencies

Run the command below to install some required package dependencies.

apt install curl tzdata ca-certificates openssh-server

Install Gitlab on Ubuntu 20.04

In this tutorial, we are installing Gitlab Community Edition, CE. Therefore, you can install it using the ready DEB binary package or directly from Gitlab repositories;

To install Gitlab CE on Ubuntu 20.04, you need to install the Gitlab CE repo by running the command below;

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash

Once the Gitlab package repo is done, install Gitlab on Ubuntu 20.04;

apt install gitlab-ce
...
Preparing to unpack .../gitlab-ce_13.5.4-ce.0_amd64.deb ...
Unpacking gitlab-ce (13.5.4-ce.0) ...
Setting up gitlab-ce (13.5.4-ce.0) ...
It looks like GitLab has not been configured yet; skipping the upgrade script.

       *.                  *.
      ***                 ***
     *****               *****
    .******             *******
    ********            ********
   ,,,,,,,,,***********,,,,,,,,,
  ,,,,,,,,,,,*********,,,,,,,,,,,
  .,,,,,,,,,,,*******,,,,,,,,,,,,
      ,,,,,,,,,*****,,,,,,,,,.
         ,,,,,,,****,,,,,,
            .,,,***,,,,
                ,*,.
  


     _______ __  __          __
    / ____(_) /_/ /   ____ _/ /_
   / / __/ / __/ /   / __ `/ __ \
  / /_/ / / /_/ /___/ /_/ / /_/ /
  \____/_/\__/_____/\__,_/_.___/
  

Thank you for installing GitLab!
GitLab was unable to detect a valid hostname for your instance.
Please configure a URL for your GitLab instance by setting `external_url`
configuration in /etc/gitlab/gitlab.rb file.
Then, you can start your GitLab instance by running the following command:
  sudo gitlab-ctl reconfigure

For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md

To install Gitlab using DEB binary package, download the binary from the Gitlab packages page and install it manually using apt or dpkg commands;

wget -O gitlab-ce_13.5.4-ce.0_arm64.deb https://packages.gitlab.com/gitlab/gitlab-ce/packages/ubuntu/focal/gitlab-ce_13.5.4-ce.0_arm64.deb/download.deb

apt install ./gitlab-ce_13.5.4-ce.0_arm64.deb

Configure Gitlab with SSL/TLS Certificate on Ubuntu 20.04

Once the Gitlab CE package is installed, you can install SSL/TLS certificates. There are two ways in which you can configure Gitlab with SSL/TLS certificates;

  1. Using free and automated HTTPS with Let’s Encrypt
  2. Manually configuring HTTPS with your own certificates

In this demo, we are going to manually setup Gitlab with SSL certs using our own self signed certificates. If you are going to expose your gitlab server to public internet, you can consider using the commercial TLS certs.

Create a directory to store the SSL certs;

mkdir /etc/gitlab/ssl

Next, generate the self signed SSL certs by running the command below. Be sure to replace the certificates details accordingly in the command below;

openssl req -newkey rsa:4096 -x509 -sha512 -days 3650 -nodes -out /etc/gitlab/ssl/kifarunix-demo.crt -keyout /etc/gitlab/ssl/kifarunix-demo.key -subj "/C=US/ST=California/L=San Francisco/O=Kifarunix-demo Ltd/CN=*.kifarunix-demo.com/"

Copy the public certificate file only into the /etc/gitlab/trusted-certs directory.

mkdir /etc/gitlab/trusted-certs
cp /etc/gitlab/ssl/kifarunix-demo.crt /etc/gitlab/trusted-certs/

Want to use Let’s Encrypt instead? Check this link.

Configure a URL for GitLab Server on Ubuntu 20.04

Once the certificates are generated, edit the /etc/gitlab/gitlab.rb configuration file and replace the value of the external_url parameter to your Gitlab CE server URL to enable HTTPS for the domain. Replace the domain name appropriately.

vim /etc/gitlab/gitlab.rb
...
## GitLab URL
##! URL on which GitLab will be reachable.
##! For more details on configuring external_url see:
##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
##!
##! Note: During installation/upgrades, the value of the environment variable
##! EXTERNAL_URL will be used to populate/replace this value.
##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP
##! address from AWS. For more details, see:
##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
#external_url 'http://gitlab.example.com'
external_url 'https://gitlab.kifarunix-demo.com'

Enable Gitlab SSL Settings

Next, scroll down to Gitlab NGINX section and make the following adjustments (as per your setup).

################################################################################
## GitLab NGINX
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
################################################################################

nginx['enable'] = true 
nginx['client_max_body_size'] = '250m'
nginx['redirect_http_to_https'] = true 
...
...
nginx['ssl_certificate'] = "/etc/gitlab/ssl/kifarunix-demo.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/kifarunix-demo.key"
...
...
nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"

There are quite number of configuration option options. Go through the configuration and enable ssl for any other service you need.

Save and exit the configuration file once you are done with the configurations.

Reconfigure Omnibus GitLab

Once the setup is done, reconfigure Omnibus Gitlab. Reconfiguration is needed whenever there is any configuration changes.

gitlab-ctl reconfigure

Check the status of Gitlab services;

gitlab-ctl status
run: alertmanager: (pid 16779) 225s; run: log: (pid 16373) 290s
run: gitaly: (pid 16662) 227s; run: log: (pid 15291) 727s
run: gitlab-exporter: (pid 16661) 227s; run: log: (pid 16274) 306s
run: gitlab-workhorse: (pid 16637) 228s; run: log: (pid 15974) 328s
run: grafana: (pid 16856) 207s; run: log: (pid 16564) 247s
run: logrotate: (pid 16033) 321s; run: log: (pid 16041) 319s
run: nginx: (pid 17480) 1s; run: log: (pid 16013) 326s
run: node-exporter: (pid 16652) 227s; run: log: (pid 16167) 312s
run: postgres-exporter: (pid 16791) 225s; run: log: (pid 16406) 283s
run: postgresql: (pid 15460) 688s; run: log: (pid 15473) 686s
run: prometheus: (pid 16763) 226s; run: log: (pid 16343) 293s
run: puma: (pid 15875) 345s; run: log: (pid 15882) 343s
run: redis: (pid 15240) 735s; run: log: (pid 15258) 733s
run: redis-exporter: (pid 16680) 227s; run: log: (pid 16309) 300s
run: sidekiq: (pid 15891) 339s; run: log: (pid 15912) 336s

If you need to restart all Gitlab services;

gitlab-ctl restart

You can as well use start|stop command options to control Gitlab services.

To start, stop or restart an individual component, eg nginx;

gitlab-ctl start|stop|restart nginx

Accessing Gitlab Web Interface

The basic install of Gitlab with SSL/TLS Certificate on Ubuntu 20.04 is now done. All you can do now is to access the Gitlab web interface.

If UFW is running, you need to open port 443/80 to allow external access.

ufw allow "Apache Full"

To allow from specific IPs;

ufw allow from 192.168.57.1 to any port 80 proto tcp
ufw allow from 192.168.57.1 to any port 443 proto tcp

Upon accessing the web interface, you are prompted to set your new root user password.

gitlab ui

Login to Gitlab web user interface as root user with password set above. You can as well register your own account and proceed to login to Gitlab web dashboard.

root login

Gitlab web dashboard for user root;

gitlab dashboard

Gitlab is now installed and setup, basically.

Reference

Download and install Gitlab on Ubuntu

Further Reading

Gitlab Documentation

Other Tutorials

Install latest Apache Solr on CentOS 8

Install latest Apache Solr on Ubuntu 20.04

Visualize WordPress User Activity Logs on ELK Stack

Quick Way to Install and Configure SNMP on Ubuntu 20.04

Easily Install and Setup Cacti on Ubuntu 20.04

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
gen_too
Co-founder of Kifarunix.com, Linux Tips and Tutorials. Linux/Unix admin and author at Kifarunix.com.

Leave a Comment