Introduction to Gitlab
GitLab is a web-based DevOps Platform that provides a complete solution for version control, continuous integration and delivery, project management, and collaboration. It offers a centralized repository for managing source code, tracking changes, and coordinating project tasks. GitLab supports the Git version control system, which allows multiple developers to work on the same project simultaneously and efficiently manage code revisions.
2- Benefits of installing and configuring GitLab on Ubuntu:
Installing and configuring GitLab on Ubuntu has many benefits for developers and Infra teams with a powerful platform for version control, project management, and collaboration. It facilitates efficient teamwork, improves code quality, and streamlines the software development lifecycle.
- Centralized Repository: GitLab offers a centralized repository for storing and managing source code, for your project’s code.
- Streamlined Collaboration: GitLab provides a collaborative platform where team members can work together, contribute code, and resolve issues efficiently.
- Project Management Features: GitLab includes project management tools such as issue tracking, milestone tracking, and kanban boards.
- Continuous Integration and Delivery (CI/CD): GitLab has built-in CI/CD capabilities, allowing developers to automate the build, test, and deployment processes.
This article provides a step-by-step installation of GitLab on Ubuntu 22.04. Additionally, you will also learn to configure GitLab on Ubuntu 22.04.
3- Preparing the Ubuntu Server
Before proceeding with the installation of GitLab on your Ubuntu system, it is essential to ensure that your system meets the system minimum requirements. These requirements typically include minimum specifications for CPU (2CPUs), RAM(2GB), and disk space(50GB). Additionally, check the supported Ubuntu versions and any specific hardware or software prerequisites mentioned in the GitLab documentation.
A valid SSL certificate (can be obtained for free using Let’s Encrypt)
1– Updating Ubuntu packages and dependencies:
- Open the terminal on your Ubuntu machine.
- Run the command to update the package lists and upgrade the installed packages:
sudo apt update && sudo apt upgrade
2- Configuring firewall settings and ports for GitLab:
- Identify the ports used by GitLab. By default, GitLab uses ports 80 (HTTP) and 443 (HTTPS) for web access.
- Open the terminal on your Ubuntu machine.
- Use the command to allow incoming connections on the necessary ports. For example, to allow HTTP traffic on port 80
sudo ufw allow 80/tcp OR
sudo ufw allow http
- If you plan to use HTTPS, also allow incoming connections on port 443
$ sudo ufw allow 443/tcp OR
$ sudo ufw allow
- Confirm the changes and restart the firewall
sudo ufw enable
- The firewall settings are now configured to allow traffic on the specified ports, ensuring proper communication with GitLab.
4- Install and configure necessary dependencies:
To download and add the GitLab package repository to your Ubuntu system, follow these steps:
- Open the terminal on your Ubuntu machine.
- Update the system packages:
sudo apt-get update
- Install GitLab dependencies for OpenSSH certificate.
sudo apt install curl openssh-server ca-certificates tzdata perl
- Run the command to download the GitLab package repository for Enterprise Edition. For example:
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
- Run the command to download the GitLab package repository for Community Edition. For example:
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
5- Installing GitLab using the package manager:
Once you have added the GitLab package repository, you can proceed with the installation:
- Update the package lists on your Ubuntu system by running the command:
sudo apt update
- Install GitLab using the package manager. For example, to install the Community Edition (CE) version, run the command:
sudo apt install gitlab-ce
6- Configuring external URL and DNS settings for GitLab
To configure the external URL and DNS settings for GitLab, follow these steps:
- Open the GitLab configuration file using a text editor. For example:
sudo nano /etc/gitlab/gitlab.rb
- Locate the
following
configuration line one by one by pressing CTL+W to find in /etc/gitlab/gitlab.rb. For example:
external_url ‘https://gitlab.example.com’
nginx['redirect_http_to_https'] = true
letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['your@email.com']
- Save and close the file.
- Reconfigure GitLab:
sudo gitlab-ctl reconfigure
7- Performing Initial Configuration Through the Web Interface
Verify GitLab installation
- Open a web browser and navigate to the URL you specified in the configuration file (e.g. https://your.domain.com).
- You should see the GitLab login page.
- GitLab generates an initial secure password for you. It is stored in a folder that you can access as an administrative
sudo
fromsudo nano /etc/gitlab/initial_root_password
- Username: root
- Password: [the password listed on
/etc/gitlab/initial_root_password
]
8- Updating Your Password
Once user login first time logged in successfully then first task is to change your password. To make this change, click on the icon in the upper-right corner of the navigation bar and select Edit Profile:
On the left navigation bar, select Password to change your GitLab generated password, to a secure password, then click on the Save password button when you’re finished with your updates:
You’ll be taken back to the login screen with a notification that your password has been changed. Enter your new password to log back into your GitLab instance:
9- Adjusting your Profile Settings
To make the necessary modifications, click on the user icon in the upper-right corner of the navigation bar and select Edit Profile.
You can adjust the following
- Your Name rom “Administrator” to some more accurate
- your Email address from “admin@example.com” to something more accurate.
- default avatar detection
- notification
- Git actions through the interface, and more:
Click on the Update Profile settings button at the bottom when you are finished with your updates. You’ll be prompted to enter your password to confirm changes. A confirmation email will be sent to the address you provided.
Changing Your Account Name
Next, select Account in the left navigation bar:
Here, you can enable two-factor authentication and change your username. By default, the first administrative account is given the name root. Since this is a known account name, it is more secure to change this to a different name. You will still have administrative privileges; the only thing that will change is the name. Replace root with your preferred username:
Click on the Update username button to make the change. You’ll be prompted to confirm the change thereafter.
10- Adding an SSH Key to your Account
If you already have an SSH key pair created on your local computer, you can view the public key by typing:
cat ~/.ssh/id_rsa.pub
Output
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMuyMtMl6aWwqBCvQx7YXvZd7bCFVDsyln3yh5/8Pu23LW88VXfJgsBvhZZ9W0rPBGYyzE/TDzwwITvVQcKrwQrvQlYxTVbqZQDlmsC41HnwDfGFXg+QouZemQ2YgMeHfBzy+w26/gg480nC2PPNd0OG79+e7gFVrTL79JA/MyePBugvYqOAbl30h7M1a7EHP3IV5DQUQg4YUq49v4d3AvM0aia4EUowJs0P/j83nsZt8yiE2JEYR03kDgT/qziPK7LnVFqpFDSPC3MR3b8B354E9Af4C/JHgvglv2tsxOyvKupyZonbyr68CqSorO2rAwY/jWFEiArIaVuDiR9YM5 admin@xy.com
Copy this text and enter it into the Key text box inside your GitLab instance.
In the left navigation bar, select SSH Keys:
If, instead, you get a different message, you do not yet have an SSH key pair configured on your machine:
Output
cat: /home/sammy/.ssh/id_rsa.pub: No such file or directory
If happened such case, then you can create an SSH key pair by entering the following command:
ssh-keygen
Accept the defaults and optionally provide a password to secure the key locally:
Once you have this, you can display your public key as the previous example by entering this command:
cat ~/.ssh/id_rsa.pub
Output
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMuyMtMl6aWwqBCvQx7YXvZd7bCFVDsyln3yh5/8Pu23LW88VXfJgsBvhZZ9W0rPBGYyzE/TDzwwITvVQcKrwQrvQlYxTVbqZQDlmsC41HnwDfGFXg+QouZemQ2YgMeHfBzy+w26/gg480nC2PPNd0OG79+e7gFVrTL79JA/MyePBugvYqOAbl30h7M1a7EHP3IV5DQUQg4YUq49v4d3AvM0aia4EUowJs0P/j83nsZt8yiE2JEYR03kDgT/qziPK7LnVFqpFDSPC3MR3b8B354E9Af4C/JHgvglv2tsxOyvKupyZonbyr68CqSorO2rAwY/jWFEiArIaVuDiR9YM5 admin@xy.com
11- Restricting or Disabling Public Sign-ups
In default setup Gitlab allows anyone to sign up for an account when you visit your GitLab instance’s landing page. To begin, navigate to the administrative area by clicking on the hamburger menu in the top navigation bar and select Admin from the drop-down:
If you are an administrator of a GitLab instance and would like to restrict or disable public sign-ups, you can do so by adjusting the instance-level sign-up restrictions. Here are the steps:
- Log in to your GitLab instance as an administrator.
- Go to the Admin Area by clicking on the wrench icon in the top-right corner and selecting “Admin Area” from the dropdown menu.
- Navigate to the “Settings” page from the left-hand menu.
- Scroll down to the “Sign-up Restrictions” section.
- Select “Expand” under “Sign-up Restrictions” to enable restrictions.
- Click “Save changes” at the bottom of the page to apply the new settings.
If you choose to require approval from an administrator for new sign-ups, you will receive an email notification whenever a new user attempts to sign up. You can then review their information and decide whether to approve or deny their request.
12- Restricting Sign-ups By Domain
If you are using GitLab as part of an organization that provides email addresses associated with a domain, you can restrict sign-ups by domain instead of completely disabling them.
In the Sign-up Restrictions section, select the Send confirmation email on sign-up box, which will allow users to log in only after they’ve confirmed their email.
Next, add your domain or domains to the Whitelisted domains for sign-ups box, one domain per line. You can use the asterisk “*” to specify wildcard domains:
When you’re finished, click on the Save changes button.
The sign-up section is now removed from the GitLab landing page.
By implementing these sign-up restrictions, you can help prevent unauthorized access to your GitLab instance and ensure that only approved users are able to contribute to your projects.
13- Restricting Project Creation
Gitlab By default allows to new users can create up to 10 projects. If you wish to allow new users from the outside for visibility and participation, but want to restrict their access to creating new projects, you can do so in the Account and Limit Settings section. Inside, you can change the Default projects limit to 0 to completely disable new users from creating projects:
After your updates, remember to click on the Save changes button.
New users will now be able to create accounts, but unable to create projects.
14- Renewing Let’s Encrypt Certificates
By default, GitLab has a scheduled task set up to renew Let’s Encrypt certificates after midnight every fourth day, with the exact minute based on your external_url
. You can modify these settings in the sudo nano /etc/gitlab/gitlab.rb
file.
For example, if you wanted to renew every 7th day at 12:30, you can configure it to do so. First, navigate by searching in gitlab.rb file:
sudo nano /etc/gitlab/gitlab.rb
With auto-renewals in place, you don’t need to worry about service interruptions.
Gitlab Optional Configuration
Enabling HTTPS with SSL/TLS for secure communication
To enable HTTPS with SSL/TLS for secure communication in GitLab, follow these steps:
- Obtain an SSL/TLS certificate from a trusted certificate authority (CA) or generate a self-signed certificate.
- Copy the certificate files to your GitLab server. For example, you can use the following commands to copy the certificate and private key files:
$ sudo cp /path/to/certificate.crt /etc/gitlab/ssl/
$ sudo cp /path/to/private.key /etc/gitlab/ssl/
- Access the GitLab configuration file using a Nano text editor.
sudo nano /etc/gitlab/gitlab.rb
- Uncomment the line that starts with external_url and add https:// before the URL. For example, if your GitLab URL is “http://gitlab.example.com“, modify it to “https://gitlab.example.com“.
- Below the external_url line, add the following lines to specify the paths to the certificate and private key files:
nginx[‘ssl_certificate’] = “/etc/gitlab/ssl/certificate.crt” nginx[‘ssl_certificate_key’] = “/etc/gitlab/ssl/private.key”
- Save the changes and exit the text editor.
- Run the following command to reconfigure GitLab and apply the changes:
sudo gitlab-ctl reconfigure
- GitLab is now configured to use HTTPS with SSL/TLS for secure communication. You can access GitLab using the HTTPS URL, such as “https://gitlab.example.com“.
Remember to replace the file paths and URLs in the example with your specific configurations.
Configuring GitLab backups for data protection
To configure GitLab backups for data protection, follow these steps:
- Access the GitLab configuration file using a text editor. For example, you can use the following command to open the file in the Nano editor:
sudo nano /etc/gitlab/gitlab.rb
- Scroll down to the section that starts with ## GitLab backups.
- Uncomment the lines related to backups by removing the # at the beginning of each line.
- Configure the backup settings according to your requirements. For example, you can specify the backup path, frequency, and number of backups to keep.
- Save the changes and exit the text editor.
- Run the following command to reconfigure GitLab and apply the changes:
sudo gitlab-ctl reconfigure
- GitLab is now configured to perform regular backups of your data, ensuring protection against data loss.
Customizing GitLab appearance and branding with example:
To customize the appearance and branding of GitLab, follow these steps:
- Log in to the GitLab web interface using your administrator account.
- Navigate to the “Admin area” or “Settings” section, usually accessible from the top navigation menu.
- Explore the available options to customize the appearance and branding of GitLab, such as the logo, favicon, and application name.
- Upload your desired logo image and set it as the GitLab logo.
- Adjust other settings, such as the application name or title, to reflect your desired branding.
- Save the changes to apply the customization.
- GitLab will now reflect your customized appearance and branding throughout the interface.
Remember to adapt the examples to your specific setup and branding preferences.
By enabling HTTPS with SSL/TLS, configuring backups for data protection, and customizing GitLab’s appearance, you can enhance the security, reliability, and branding of your GitLab instance.
Conclusion:
That’s it! You now have a fully-functional GitLab server running on your physical machine. You can now create repositories, add users, and manage your code and configure the appropriate level of access for a team. GitLab is regularly adding features and making updates to their platform, so be sure to check out the project’s home page to stay up-to-date on any improvements or important notices.