Wednesday, December 25, 2024
Google search engine
HomeUncategorisedInstall GitLab on Rocky Linux 8 With Let’s Encrypt

Install GitLab on Rocky Linux 8 With Let’s Encrypt

.tdi_3.td-a-rec{text-align:center}.tdi_3 .td-element-style{z-index:-1}.tdi_3.td-a-rec-img{text-align:left}.tdi_3.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_3.td-a-rec-img{text-align:center}}

The birth of Git is one of the most celebrated milestones in Open-source world. It has empowered innovations through extensive collaborations by Developers all around the world. Git is a free and open source distributed version control system that can handle small to very large projects with efficiency and speed. GitLab is a Git-based fully integrated platform created specifically for software development teams. it has native Git’s functionalities and more powerful features in addition to enhance your workflow. Our focus in this post is to install GitLab on Rocky Linux 8 and secure the installation using Let’s Encrypt SSL certificates.

GitLab can run on most GNU/Linux distributions – EL systems (RHEL, CentOS, Rocky Linux, Fedora), Debian , Ubuntu, Arch Linux, Gentoo as well as Unix platforms such as FreeBSD. This installation can be done on a virtual machine in your internal infrastructure hypervisor, in a cloud instance of Rocky Linux, or a physical server installation. The basic requirements for this installation are:

  • Rocky Linux 8 server with internet access
  • Minimum memory of 4GB – (8GB recommended if you have capacity to allocate more)
  • Minimum of 2 cpu cores – (4 cores recommended)
  • Minimum available disk space of 10GB

We are performing installation of GitLab on Rocky Linux 8 from official rpm packages (also known as Omnibus GitLab). The Omnibus GitLab contain a bundle of GitLab and all of its components that are dependencies, including Redis, PostgreSQL, and Sidekiq.

.tdi_2.td-a-rec{text-align:center}.tdi_2 .td-element-style{z-index:-1}.tdi_2.td-a-rec-img{text-align:left}.tdi_2.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_2.td-a-rec-img{text-align:center}}

Follow steps covered in this article to have a working installation of GitLab on Rocky Linux 8 secured using free Let’s Encrypt SSL certificate.

Step 1: Update Rocky Linux System

Let’s begin our installation of GitLab on Rocky Linux 8 by updating all packages in the system. This ensures we’re working on a patched system.

Run the command below to update and upgrade system and installed packages:

sudo dnf -y upgrade

If Kernel packages are updated consider a reboot once the process is complete.

Step 2: Set hostname, timezone and ntp server

We need to configure correct hostname for our Rocky Linux 8 server. Replace git.example.com with desired hostname for your GitLab server.

sudo hostnamectl set-hostname git.example.com

Also set correct timezone. Africa/Nairobi is to be substituted with the correct timezone of your region; You can locate timezone data from the directory /usr/share/zoneinfo/

sudo timedatectl set-timezone Africa/Nairobi

Lastly configure chrony ntp server to make sure time sync is correct on the system:

sudo dnf -y install chrony
sudo systemctl enable  chronyd
sudo timedatectl set-ntp yes
sudo timedatectl set-local-rtc 0

Sync time from NTP servers:

$ sudo chronyc  sources
210 Number of sources = 8
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* ntp2.hetzner.de               2   9   377   334  +3334ns[+8367ns] +/-   23ms
^? tilia.zsx.hu                  0  10     0     -     +0ns[   +0ns] +/-    0ns
^? littlericket.me               0  10     0     -     +0ns[   +0ns] +/-    0ns
^? lucy.thehomeofanime.de        0  10     0     -     +0ns[   +0ns] +/-    0ns
^? funky.f5s.de                  0   6     0     -     +0ns[   +0ns] +/-    0ns
^? ts5.sct.de                    0   6     0     -     +0ns[   +0ns] +/-    0ns
^? mail.masters-of-cloud.de      0   6     0     -     +0ns[   +0ns] +/-    0ns
^? ntp.sauff.online              0   6     0     -     +0ns[   +0ns] +/-    0ns

Confirm time and date settings on your system:

$ timedatectl
               Local time: Tue 2023-04-04 09:36:18 EAT
           Universal time: Tue 2023-04-04 06:36:18 UTC
                 RTC time: Tue 2023-04-04 06:36:18
                Time zone: Africa/Nairobi (EAT, +0300)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

Step 3: Add GitLab repository and install deps

Add GitLab YUM repository which contains the GitLab packages required at installation time.

Adding GitLab CE repository:

sudo tee /etc/yum.repos.d/gitlab_gitlab-ce.repo<<EOL
[gitlab_gitlab-ce]
name=gitlab_gitlab-ce
baseurl=https://packages.gitlab.com/gitlab/gitlab-ce/el/8/\$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
       https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
EOL

Adding GitLab EE repository:

sudo tee /etc/yum.repos.d/gitlab_gitlab-ee.repo<<EOL
[gitlab_gitlab-ee]
name=gitlab_gitlab-ee
baseurl=https://packages.gitlab.com/gitlab/gitlab-ee/el/8/\$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey
       https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey/gitlab-gitlab-ee-3D645A26AB9FBD22.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
EOL

Update list of configured repositories:

$ sudo dnf repolist
repo id                                                                      repo name
appstream                                                                    Rocky Linux 8 - AppStream
baseos                                                                       Rocky Linux 8 - BaseOS
extras                                                                       Rocky Linux 8 - Extras
gitlab_gitlab-ce                                                             gitlab_gitlab-ce

Confirm it is enabled:

$ sudo dnf repolist gitlab_gitlab-ce
repo id                                                                      repo name                                                                     status
gitlab_gitlab-ce                                                             gitlab_gitlab-ce                                                              enabled

Install Postfix

Install and enable postfix mail agent which will be used in sending notifications from GitLab. But if you’ll be using another email send solution you can safely skip this step and configure an external SMTP server after GitLab installation:

sudo dnf -y install postfix
sudo systemctl enable --now postfix

Confirm service status:

$ systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2021-07-09 13:06:11 EAT; 1min 31s ago
  Process: 13273 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
  Process: 13270 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
  Process: 13265 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
 Main PID: 13341 (master)
    Tasks: 3 (limit: 101105)
   Memory: 4.6M
   CGroup: /system.slice/postfix.service
           ├─13341 /usr/libexec/postfix/master -w
           ├─13342 pickup -l -t unix -u
           └─13343 qmgr -l -t unix -u

Install other dependencies and configure firewall

Install all other required dependencies

sudo dnf install -y curl openssh-server policycoreutils perl

If OpenSSH server daemon is not enabled please enable it

sudo systemctl enable --now sshd

If you have firewalld service running enable http and https service ports:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo systemctl reload firewalld

Step 4: Install GitLab on Rocky Linux 8 System

You need to make sure you have correctly set up your DNS. My DNS name for this deployment will be:

git.geeksforgeeks.org

Check DNS propagation using the following command:

sudo dnf -y install bind-utils
dig A git.example.com +short
#Or from known DNS Server
dig A git.example.com  @192.168.254.1 #192.168.254.1 being internal DNS server

Install GitLab on Rocky Linux 8 Without SSL

We’ll consider two installation scenario, once without SSL and another one using Let’s Encrypt SSL certificate.

For not HTTPS installation use the command below to Install GitLab on Rocky Linux 8:

# For GitLab CE
sudo EXTERNAL_URL="http://gitlab.example.com" dnf install -y gitlab-ce

# For GitLab EE
sudo EXTERNAL_URL="http://gitlab.example.com" dnf install -y gitlab-ee

Where:

Install GitLab on Rocky Linux 8 Without Let’s Encrypt SSL

If you have the following requirements met you can use this method:

  1. Server has public IP address mapped to it – direct external network or through NAT
  2. DNS is configured with name resolvable through DNS server

The command used to install GitLab with Let’s Encrypt SSL is:

# GitLab CE Installation
sudo EXTERNAL_URL="https://gitlab.example.com" dnf install -y gitlab-ce

# GitLab EE Installation
sudo EXTERNAL_URL="https://gitlab.example.com" dnf install -y gitlab-ee

Notice we have https as access protocol and not http. Don’t forget to replace gitlab.example.com with correct domain name.

You also have the option of using your own certificate with GitLab installation.

After installation you’ll get success message:

....
gitlab Reconfigured!

       *.                  *.
      ***                 ***
     *****               *****
    .******             *******
    ********            ********
   ,,,,,,,,,***********,,,,,,,,,
  ,,,,,,,,,,,*********,,,,,,,,,,,
  .,,,,,,,,,,,*******,,,,,,,,,,,,
      ,,,,,,,,,*****,,,,,,,,,.
         ,,,,,,,****,,,,,,
            .,,,***,,,,
                ,*,.



     _______ __  __          __
    / ____(_) /_/ /   ____ _/ /_
   / / __/ / __/ /   / __ `/ __ \
  / /_/ / / /_/ /___/ /_/ / /_/ /
  \____/_/\__/_____/\__,_/_.___/


Thank you for installing GitLab!
GitLab should be available at https://git.example.com

For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md

Help us improve the installation experience, let us know how we did with a 1 minute survey:
https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=omnibus&release=14-0


  Verifying        : gitlab-ce-14.0.5-ce.0.el8.x86_64                                                                                                         1/1

Installed:
  gitlab-ce-14.0.5-ce.0.el8.x86_64

Complete!

Step 5: Access GitLab Web Dashboard

Depending on your installation choice – http or https; access the dashboard with either of below URLs:

# HTTP installation
http://git.example.com

# HTTPS
https://git.example.com

You’ll get an interface where you’re required to login:

install gitlab rocky linux 8 01

An initial randomly generated login password is stored for 24 hours in /etc/gitlab/initial_root_password:

sudo cat /etc/gitlab/initial_root_password

Login with username root and password stored in the file /etc/gitlab/initial_root_password

install gitlab rocky linux 8 02

Change root user password

To change root password go to User profile section, Administrator(root) > Edit Profile

install gitlab rocky linux 8 03

Then click on “Password” link

install gitlab rocky linux 8 04

Provide current and the new password you would like to set for root user:

install gitlab rocky linux 8 05

Disable self user registration

To disable user signup on the web console navigate to Menu > Admin

install gitlab rocky linux 8 06

General > Sign-up restrictions > Expand

install gitlab rocky linux 8 07

Uncheck the Sign-up enabled box

install gitlab rocky linux 8 08

Save the changes

install gitlab rocky linux 8 09

For the next steps after installation visit GitLab official documentation pages. Most common tasks post-installation are covered in the list. Open and see what you’re able to configure further.

Our future articles will go deeper into how GitLab can be used to power your complete DevOps pipelines. Stay connected and bookmark our website for ease of access.

Related articles:

.tdi_4.td-a-rec{text-align:center}.tdi_4 .td-element-style{z-index:-1}.tdi_4.td-a-rec-img{text-align:left}.tdi_4.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_4.td-a-rec-img{text-align:center}}

RELATED ARTICLES

Most Popular

Recent Comments