4.1. How to Install GitLAB on Ubuntu (Tested on 20.04)¶
4.1.1. 1. Install and configure the dependencies¶
First you must update your system and add the following dependencies.
1 2 | $ sudo apt-get update
$ sudo apt-get install -y curl openssh-server ca-certificates tzdata
|
1b. (OPTIONAL) Install Postfix for e-mail notifications¶
If you wish to enable e-mail notifications you can install postfix and configure your internal SMTP Relay, but that will not be covered in this document.
$ sudo apt-get install -y postfix
4.1.2. 2. Add the GitLAB package repository and install GitLAB CE¶
Add the repository by executing a curl in your shell console.
$ curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
4.1.3. 3. Install GitLAB CE¶
Enter the following command on the console:
$ sudo EXTERNAL_URL="https://gitlab.yourdomain.com" apt-get install gitlab-ce
Enable SSL and use a custom Certificate¶
To enable SSL with a custom certificate you’ll need to disable Letsencrypt on the configuration file and reconfigure GitLAB.
Now generate your custom certificate with OpenSSL (or maybe you bought one, use that set of files instead!)
To create a basic certificate you can do the following:
$ openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/gitlab/ssl/gitlab-br.key -out /etc/gitlab/ssl/gitlab-br.crt
Change the NGINX Settings in /etc/gitlab/gitlab.rb and add your certificate and key to the parameters
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | ################################################################################
## GitLab NGINX
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
################################################################################
nginx['enable'] = true
nginx['client_max_body_size'] = '250m'
nginx['redirect_http_to_https'] = false
nginx['redirect_http_to_https_port'] = 80
##! Most root CA's are included by default
# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
##! enable/disable 2-way SSL client authentication
# nginx['ssl_verify_client'] = "off"
##! if ssl_verify_client on, verification depth in the client certificates chain
nginx['ssl_verify_depth'] = "1"
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab-br.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab-br.key"
nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256"
nginx['ssl_prefer_server_ciphers'] = "on"
##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
##! https://cipherli.st/**
nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"
##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
nginx['ssl_session_timeout'] = "5m"
##! nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
##! nginx['listen_addresses'] = ['*', '[::]']
|
Change the following Letsencrypt parameter
1 2 3 4 5 | ################################################################################
# Let's Encrypt integration
################################################################################
letsencrypt['enable'] = false
[...]
|
Now you should be able to access your server by going to the URL you’ve setup or the IP address directly.
OR