The birth of Git is one of the most celebrated milestones in Open-source world. It has empowered innovations through extensive collaborations by Developers all around the world. Git is a free and open source distributed version control system that can handle small to very large projects with efficiency and speed. GitLab is a Git-based fully integrated platform created specifically for software development teams. it has native Git’s functionalities and more powerful features in addition to enhance your workflow. Our focus in this post is to install GitLab on Rocky Linux 8 and secure the installation using Let’s Encrypt SSL certificates.
GitLab can run on most GNU/Linux distributions – EL systems (RHEL, CentOS, Rocky Linux, Fedora), Debian , Ubuntu, Arch Linux, Gentoo as well as Unix platforms such as FreeBSD. This installation can be done on a virtual machine in your internal infrastructure hypervisor, in a cloud instance of Rocky Linux, or a physical server installation. The basic requirements for this installation are:
- Rocky Linux 8 server with internet access
- Minimum memory of 4GB – (8GB recommended if you have capacity to allocate more)
- Minimum of 2 cpu cores – (4 cores recommended)
- Minimum available disk space of 10GB
We are performing installation of GitLab on Rocky Linux 8 from official rpm packages (also known as Omnibus GitLab). The Omnibus GitLab contain a bundle of GitLab and all of its components that are dependencies, including Redis, PostgreSQL, and Sidekiq.
Follow steps covered in this article to have a working installation of GitLab on Rocky Linux 8 secured using free Let’s Encrypt SSL certificate.
Step 1: Update Rocky Linux System
Let’s begin our installation of GitLab on Rocky Linux 8 by updating all packages in the system. This ensures we’re working on a patched system.
Run the command below to update and upgrade system and installed packages:
sudo dnf -y upgradeIf Kernel packages are updated consider a reboot once the process is complete.
Step 2: Set hostname, timezone and ntp server
We need to configure correct hostname for our Rocky Linux 8 server. Replace git.example.com with desired hostname for your GitLab server.
sudo hostnamectl set-hostname git.example.comAlso set correct timezone. Africa/Nairobi is to be substituted with the correct timezone of your region; You can locate timezone data from the directory /usr/share/zoneinfo/
sudo timedatectl set-timezone Africa/NairobiLastly configure chrony ntp server to make sure time sync is correct on the system:
sudo dnf -y install chrony
sudo systemctl enable chronyd
sudo timedatectl set-ntp yes
sudo timedatectl set-local-rtc 0Sync time from NTP servers:
$ sudo chronyc sources
210 Number of sources = 8
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* ntp2.hetzner.de 2 9 377 334 +3334ns[+8367ns] +/- 23ms
^? tilia.zsx.hu 0 10 0 - +0ns[ +0ns] +/- 0ns
^? littlericket.me 0 10 0 - +0ns[ +0ns] +/- 0ns
^? lucy.thehomeofanime.de 0 10 0 - +0ns[ +0ns] +/- 0ns
^? funky.f5s.de 0 6 0 - +0ns[ +0ns] +/- 0ns
^? ts5.sct.de 0 6 0 - +0ns[ +0ns] +/- 0ns
^? mail.masters-of-cloud.de 0 6 0 - +0ns[ +0ns] +/- 0ns
^? ntp.sauff.online 0 6 0 - +0ns[ +0ns] +/- 0nsConfirm time and date settings on your system:
$ timedatectl
Local time: Tue 2023-04-04 09:36:18 EAT
Universal time: Tue 2023-04-04 06:36:18 UTC
RTC time: Tue 2023-04-04 06:36:18
Time zone: Africa/Nairobi (EAT, +0300)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
Step 3: Add GitLab repository and install deps
Add GitLab YUM repository which contains the GitLab packages required at installation time.
Adding GitLab CE repository:
sudo tee /etc/yum.repos.d/gitlab_gitlab-ce.repo<<EOL
[gitlab_gitlab-ce]
name=gitlab_gitlab-ce
baseurl=https://packages.gitlab.com/gitlab/gitlab-ce/el/8/\$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
EOL
Adding GitLab EE repository:
sudo tee /etc/yum.repos.d/gitlab_gitlab-ee.repo<<EOL
[gitlab_gitlab-ee]
name=gitlab_gitlab-ee
baseurl=https://packages.gitlab.com/gitlab/gitlab-ee/el/8/\$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey
https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey/gitlab-gitlab-ee-3D645A26AB9FBD22.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
EOLUpdate list of configured repositories:
$ sudo dnf repolist
repo id repo name
appstream Rocky Linux 8 - AppStream
baseos Rocky Linux 8 - BaseOS
extras Rocky Linux 8 - Extras
gitlab_gitlab-ce gitlab_gitlab-ceConfirm it is enabled:
$ sudo dnf repolist gitlab_gitlab-ce
repo id repo name status
gitlab_gitlab-ce gitlab_gitlab-ce enabledInstall Postfix
Install and enable postfix mail agent which will be used in sending notifications from GitLab. But if you’ll be using another email send solution you can safely skip this step and configure an external SMTP server after GitLab installation:
sudo dnf -y install postfix
sudo systemctl enable --now postfixConfirm service status:
$ systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2021-07-09 13:06:11 EAT; 1min 31s ago
Process: 13273 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Process: 13270 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 13265 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Main PID: 13341 (master)
Tasks: 3 (limit: 101105)
Memory: 4.6M
CGroup: /system.slice/postfix.service
├─13341 /usr/libexec/postfix/master -w
├─13342 pickup -l -t unix -u
└─13343 qmgr -l -t unix -uInstall other dependencies and configure firewall
Install all other required dependencies
sudo dnf install -y curl openssh-server policycoreutils perlIf OpenSSH server daemon is not enabled please enable it
sudo systemctl enable --now sshdIf you have firewalld service running enable http and https service ports:
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo systemctl reload firewalldStep 4: Install GitLab on Rocky Linux 8 System
You need to make sure you have correctly set up your DNS. My DNS name for this deployment will be:
git.neveropen.techCheck DNS propagation using the following command:
sudo dnf -y install bind-utils
dig A git.example.com +short
#Or from known DNS Server
dig A git.example.com @192.168.254.1 #192.168.254.1 being internal DNS serverInstall GitLab on Rocky Linux 8 Without SSL
We’ll consider two installation scenario, once without SSL and another one using Let’s Encrypt SSL certificate.
For not HTTPS installation use the command below to Install GitLab on Rocky Linux 8:
# For GitLab CE
sudo EXTERNAL_URL="http://gitlab.example.com" dnf install -y gitlab-ce
# For GitLab EE
sudo EXTERNAL_URL="http://gitlab.example.com" dnf install -y gitlab-eeWhere:
- http://gitlab.example.com is the URL at which GitLab instance will be accessible
Install GitLab on Rocky Linux 8 Without Let’s Encrypt SSL
If you have the following requirements met you can use this method:
- Server has public IP address mapped to it – direct external network or through NAT
- DNS is configured with name resolvable through DNS server
The command used to install GitLab with Let’s Encrypt SSL is:
# GitLab CE Installation
sudo EXTERNAL_URL="https://gitlab.example.com" dnf install -y gitlab-ce
# GitLab EE Installation
sudo EXTERNAL_URL="https://gitlab.example.com" dnf install -y gitlab-eeNotice we have https as access protocol and not http. Don’t forget to replace gitlab.example.com with correct domain name.
You also have the option of using your own certificate with GitLab installation.
After installation you’ll get success message:
....
gitlab Reconfigured!
*. *.
*** ***
***** *****
.****** *******
******** ********
,,,,,,,,,***********,,,,,,,,,
,,,,,,,,,,,*********,,,,,,,,,,,
.,,,,,,,,,,,*******,,,,,,,,,,,,
,,,,,,,,,*****,,,,,,,,,.
,,,,,,,****,,,,,,
.,,,***,,,,
,*,.
_______ __ __ __
/ ____(_) /_/ / ____ _/ /_
/ / __/ / __/ / / __ `/ __ \
/ /_/ / / /_/ /___/ /_/ / /_/ /
\____/_/\__/_____/\__,_/_.___/
Thank you for installing GitLab!
GitLab should be available at https://git.example.com
For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
Help us improve the installation experience, let us know how we did with a 1 minute survey:
https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=omnibus&release=14-0
Verifying : gitlab-ce-14.0.5-ce.0.el8.x86_64 1/1
Installed:
gitlab-ce-14.0.5-ce.0.el8.x86_64
Complete!Step 5: Access GitLab Web Dashboard
Depending on your installation choice – http or https; access the dashboard with either of below URLs:
# HTTP installation
http://git.example.com
# HTTPS
https://git.example.comYou’ll get an interface where you’re required to login:
An initial randomly generated login password is stored for 24 hours in /etc/gitlab/initial_root_password:
sudo cat /etc/gitlab/initial_root_passwordLogin with username root and password stored in the file /etc/gitlab/initial_root_password
Change root user password
To change root password go to User profile section, Administrator(root) > Edit Profile
Then click on “Password” link
Provide current and the new password you would like to set for root user:
Disable self user registration
To disable user signup on the web console navigate to Menu > Admin
General > Sign-up restrictions > Expand
Uncheck the Sign-up enabled box
Save the changes
For the next steps after installation visit GitLab official documentation pages. Most common tasks post-installation are covered in the list. Open and see what you’re able to configure further.
Our future articles will go deeper into how GitLab can be used to power your complete DevOps pipelines. Stay connected and bookmark our website for ease of access.
Related articles:
