4.1. How to Install GitLAB on Ubuntu (Tested on 20.04)

4.1.1. 1. Install and configure the dependencies

First you must update your system and add the following dependencies.

1
2
 $ sudo apt-get update
 $ sudo apt-get install -y curl openssh-server ca-certificates tzdata

1b. (OPTIONAL) Install Postfix for e-mail notifications

If you wish to enable e-mail notifications you can install postfix and configure your internal SMTP Relay, but that will not be covered in this document.

$ sudo apt-get install -y postfix

4.1.2. 2. Add the GitLAB package repository and install GitLAB CE

Add the repository by executing a curl in your shell console.

$ curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash

4.1.3. 3. Install GitLAB CE

Enter the following command on the console:

$ sudo EXTERNAL_URL="https://gitlab.yourdomain.com" apt-get install gitlab-ce

Enable SSL and use a custom Certificate

To enable SSL with a custom certificate you’ll need to disable Letsencrypt on the configuration file and reconfigure GitLAB.

Now generate your custom certificate with OpenSSL (or maybe you bought one, use that set of files instead!)

To create a basic certificate you can do the following:

$ openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/gitlab/ssl/gitlab-br.key -out /etc/gitlab/ssl/gitlab-br.crt

Change the NGINX Settings in /etc/gitlab/gitlab.rb and add your certificate and key to the parameters

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 ################################################################################
 ## GitLab NGINX
 ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
 ################################################################################

     nginx['enable'] = true
     nginx['client_max_body_size'] = '250m'
     nginx['redirect_http_to_https'] = false
     nginx['redirect_http_to_https_port'] = 80

 ##! Most root CA's are included by default
 # nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"

 ##! enable/disable 2-way SSL client authentication
 # nginx['ssl_verify_client'] = "off"

 ##! if ssl_verify_client on, verification depth in the client certificates chain
     nginx['ssl_verify_depth'] = "1"

     nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab-br.crt"
     nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab-br.key"
     nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256"
     nginx['ssl_prefer_server_ciphers'] = "on"

 ##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
 ##!                   https://cipherli.st/**
     nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"

 ##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
     nginx['ssl_session_cache'] = "builtin:1000  shared:SSL:10m"

 ##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
     nginx['ssl_session_timeout'] = "5m"

 ##! nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
 ##! nginx['listen_addresses'] = ['*', '[::]']

Change the following Letsencrypt parameter

1
2
3
4
5
 ################################################################################
 # Let's Encrypt integration
 ################################################################################
 letsencrypt['enable'] = false
 [...]

Now you should be able to access your server by going to the URL you’ve setup or the IP address directly.

https://gitlabserverip

OR

https://gitlab.yourdomain.com