How to install and configure GitLab on Ubuntu 18.04
Introduction
GitLab CE or Community Edition is an open source application mainly used to host Git repositories and other development-related functions such as issue tracking. It is designed to use your own infrastructure for hosting, and to provide your development team with the flexibility to deploy internal repositories, a public way to interact with users, or to provide contributors with a way to host their own projects.
The GitLab project uses a simple installation mechanism to set up a GitLab instance on your own hardware. In this guide, we will introduce how to install and configure GitLab on an Ubuntu 18.04 server.
Preparation
In this tutorial, you will need:
- An Ubuntu 18.04 server, an Ubuntu** server** with a non-root account that can use the
sudocommand, and the firewall is turned on. Students who don’t have a server can buy it from here, but I personally recommend you to use the free Tencent Cloud Developer Lab for experimentation, and then buy server.
Released GitLab hardware requirements recommends using the server:
- 2 Core
- 8 GB of RAM
Although you can obtain RAM by replacing some swap space, it is not recommended. For this guide, we assume that you have at least the above resources.
- The domain name points to your server.
Step 1-Install dependencies
Before we install GitLab ourselves, it is very important to install some software that we continue to use during the installation process. Fortunately, all the necessary software can be easily installed from Ubuntu's default package repository.
Since this is the first time we use apt during this session, we can refresh the local package index and then type the following to install the dependencies:
sudo apt update
sudo apt install ca-certificates curl openssh-server postfix
You may already have some of this software installed. For the installation of postfix, please select "Internet Site" when prompted. On the next screen, enter the domain name of the server to configure how the system sends mail.
Step 2-Install GitLab
Now that the dependencies are in place, we can install GitLab ourselves. This is a simple process that uses an installation script to configure the system using the GitLab repository.
Enter the /tmp directory and download the installation script:
cd /tmp
curl -LO https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh
Feel free to check the downloaded script to make sure you are satisfied with the required operation. You can also find the hosted version of the script here:
less /tmp/script.deb.sh
Once you are satisfied with the security of the script, run the installer:
sudo bash /tmp/script.deb.sh
This script will set up your server to use the repository maintained by GitLab. This allows you to manage GitLab using the same package management tools as other system packages. Once you are done, you can install the actual GitLab application using the following apt command:
sudo apt install gitlab-ce
This will install the necessary components on your system.
Step 3-Adjust firewall rules
Before configuring GitLab, you need to ensure that the firewall rules are loose enough to allow web traffic. If you follow the guide linked in the prerequisites, the ufw firewall will be enabled.
Type the following to view the current status of the active firewall:
sudo ufw status
Status: active
To Action From
------------
OpenSSH ALLOW Anywhere
OpenSSH(v6) ALLOW Anywhere(v6)
As you can see, the current rules allow SSH traffic to pass, but access to other services is restricted. Since GitLab is a web application, we should allow HTTP access. Because we will use GitLab to request and enable free TLS/SSL certificates from Let's Encrypt, we also allow HTTPS access.
The /etc/services file provides port mapping protocols for HTTP and HTTPS, so we can allow this traffic by name. If you have not enabled OpenSSH traffic, you should also allow it now:
sudo ufw allow http
sudo ufw allow https
sudo ufw allow OpenSSH
Check again ufw status; you should see the access permissions configured for at least these two services:
sudo ufw status
Status: active
To Action From
------------
OpenSSH ALLOW Anywhere
80 /tcp ALLOW Anywhere
443 /tcp ALLOW Anywhere
OpenSSH(v6) ALLOW Anywhere(v6)80/tcp(v6) ALLOW Anywhere(v6)443/tcp(v6) ALLOW Anywhere(v6)
The above output indicates that the GitLab web interface can be accessed after configuring the application.
Step 4-Edit GitLab Configuration File
Before using the application, you need to update the configuration file and run the reconfiguration command. First, open the Gitlab configuration file:
sudo nano /etc/gitlab/gitlab.rb
Near the top is the external_url configuration line. Update it to match your domain. Change http to https so that GitLab will automatically redirect users to a site protected by Let's encryption certificate:
##! For more details on configuring external_url see:
##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
external_url 'https://example.com'
Next, look for the letsencrypt['contact_emails'] setting. This setting defines a list of email addresses. If there is a problem with your domain, Let’s encryption project can be used to contact you. It is a good idea to uncomment and fill in this content so that you are aware of any issues:
letsencrypt['contact_emails']=['[email protected]']
Save and close the file. Run the following command to reconfigure Gitlab:
sudo gitlab-ctl reconfigure
This will initialize GitLab with the information it can find about your server. This is a fully automated process, so you don’t have to answer any prompts. The process will also configure the Let's Encrypt certificate for your domain.
Step 5-Perform initial configuration through the web interface
In the case of allowing GitLab to run and access, we can perform some initial configuration of the application through the web interface.
First login
Access the domain name of the GitLab server in a web browser:
https://example.com
On your first visit, you should see the initial prompt to set a password for the administrative account:
In the initial password prompt, provide and confirm a secure password for the management account. Click the "Change Password" button when finished.
You will be redirected to the traditional GitLab login page:
Here, you can log in with the password you just set. The credentials are:
- Username: root
- Password: [the password you set]
Enter these values in the fields for existing users and click the "Login" button. You will log in to the application and enter the login page, prompting you to start adding items:
You can now make some simple changes to set up GitLab the way you want.
Adjust configuration file settings
The first thing you should do after a clean installation is to make your profile better. GitLab has chosen some reasonable default values, but once you start using the software, these default values are usually inappropriate.
To make the necessary modifications, click the user icon in the upper right corner of the interface. In the drop-down menu that appears, select Settings:
You will enter the "Profile" section of the settings:
Adjust the Name and Email addresses from "Administrator" and "[email protected]" to more accurate names. The name you choose will be displayed to other users, and the email will be used for default avatar detection, notifications, Git operations through the interface, etc.
When finished, click the "**Update Profile Settings" button at the bottom:
A confirmation email will be sent to the address you provided. Follow the instructions in the email to confirm your account so you can start using GitLab.
Change your account name
Next, click on the Account item in the left menu bar:
Here you can find your private API token or configure two-factor authentication. However, the feature we are currently interested in is the Change Username part.
By default, the name of the first administrative account is root. Since this is a known account name, it is safer to change it to another name. You will still have administrative rights; the only thing that will change is the name. Replace root with your preferred username:
Click the "Update Username" button to make changes:
Next time you log in to GitLab, remember to use the new username.
Add SSH key to your account
In most cases, you need to use SSH keys with Git to interact with GitLab projects. To do this, you need to add the SSH public key to your GitLab account.
If you have created an SSH key pair on the local computer, you can usually view the public key by typing:
cat ~/.ssh/id_rsa.pub
You should see a large block of text like this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMuyMtMl6aWwqBCvQx7YXvZd7bCFVDsyln3yh5/8Pu23LW88VXfJgsBvhZZ9W0rPBGYyzE/TDzwwITvVQcKrwQrvQlYxTVbqZQDlmsC41HnwDfGFXg+QouZemQ2YgMeHfBzy+w26/gg480nC2PPNd0OG79+e7gFVrTL79JA/MyePBugvYqOAbl30h7M1a7EHP3IV5DQUQg4YUq49v4d3AvM0aia4EUowJs0P/j83nsZt8yiE2JEYR03kDgT/qziPK7LnVFqpFDSPC3MR3b8B354E9Af4C/JHgvglv2tsxOyvKupyZonbyr68CqSorO2rAwY/jWFEiArIaVuDiR9YM5 sammy@mydesktop
Copy this text and return to the "Profile Settings" page in the GitLab web interface.
On the contrary, if you receive a message like this, it means that the SSH key pair has not been configured on your computer:
cat:/home/sammy/.ssh/id_rsa.pub: No such file or directory
If this is the case, you can create an SSH key pair by typing:
ssh-keygen
Accept the defaults and choose to provide a password to protect the key locally:
Generating public/private rsa key pair.
Enter file in which to save the key(/home/sammy/.ssh/id_rsa):
Enter passphrase(empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in/home/sammy/.ssh/id_rsa.
Your public key has been saved in/home/sammy/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:I8v5/M5xOicZRZq/XRcSBNxTQV2BZszjlWaIHi5chc0 [email protected]
The key's randomart image is:+---[RSA 2048]----+|..%o==B||*.E =.||.++= B || ooo.o .||. S .o ..||.+... o||+.o.o ..|| o .++o .|| oo=+|+----[SHA256]-----+
After this is done, you can display the above public key by typing:
cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMuyMtMl6aWwqBCvQx7YXvZd7bCFVDsyln3yh5/8Pu23LW88VXfJgsBvhZZ9W0rPBGYyzE/TDzwwITvVQcKrwQrvQlYxTVbqZQDlmsC41HnwDfGFXg+QouZemQ2YgMeHfBzy+w26/gg480nC2PPNd0OG79+e7gFVrTL79JA/MyePBugvYqOAbl30h7M1a7EHP3IV5DQUQg4YUq49v4d3AvM0aia4EUowJs0P/j83nsZt8yiE2JEYR03kDgT/qziPK7LnVFqpFDSPC3MR3b8B354E9Af4C/JHgvglv2tsxOyvKupyZonbyr68CqSorO2rAwY/jWFEiArIaVuDiR9YM5 sammy@mydesktop
Copy the displayed text block and return to the configuration file Settings in the GitLab web interface.
Click the SSH Keys item in the left menu:
Paste the public key copied from the local computer in the space provided. Give it a descriptive title and click the "Add" button button:
You should now be able to manage GitLab projects and repositories from your local computer without having to provide GitLab account credentials.
Step 6-Restrict or disable public registration (optional)
You may have noticed that when you visit the login page of a GitLab instance, anyone can register for an account. If you want to host a public project, this may be what you want. However, many times, more restrictive settings are required.
First, click the wrench icon in the main menu bar at the top of the page to enter the management area:
On the following page, you can see an overview of the entire GitLab instance. To adjust the settings, click the **"Settings" item at the bottom of the left menu:
You will enter the global settings of the GitLab instance. Here, you can adjust some settings that affect whether new users can register and their access levels.
Disable registration
If you wish to completely disable registration (you can still manually create accounts for new users), please scroll down to the "Registration Restrictions" section.
Uncheck the Enable Registration checkbox:
Scroll down to the bottom and click the "Save Changes" button:
The registration section should now be removed from the GitLab login page.
Registration by domain restriction
If you use GitLab as part of an organization that provides email addresses associated with domains, you can restrict registrations by domain instead of disabling them completely.
In the "Registration Restrictions" section, select the "Send confirmation email during registration" box so that users can log in only after confirming their email.
Next, add your domain or domains to the whitelist domains for registration, one domain per line. You can use the asterisk "*" to specify wildcard domains:
Scroll down to the bottom and click the "Save Changes" button:
The registration section should now be removed from the GitLab login page.
Restrict project creation
By default, new users can create up to 10 projects. If you want to allow visibility and participation of new users from outside, but you want to restrict their permission to create new projects, you can do so in the "Account and Restriction Settings" section.
Internally, you can change the default project limit to 0 to completely disable project creation by new users:
New users can still be manually added to the project and can access internal or public projects created by other users.
Scroll down to the bottom and click the "Save Changes" button:
New users can now create accounts, but cannot create projects.
Update Let's Encrypt Certificate
By default, GitLab's scheduled task is set to update Let's encryption certificate every four days after midnight, the exact minute is based on your external_url. You can modify these settings in the /etc/gitlab/gitlab.rb file. For example, if you want to update every 7 days at 12:30, you can configure it as follows:
letsencrypt['auto_renew_hour']="12"
letsencrypt['auto_renew_minute']="30"
letsencrypt['auto_renew_day_of_month']="*/7"
You can also disable automatic renewal by adding other settings to /etc/gitlab/gitlab.rb:
letsencrypt['auto_renew']=false
With automatic renewal, you don’t need to worry about service interruption.
in conclusion
You should now host a working GitLab instance on your own server. You can start importing or creating new projects and configure the appropriate level of access for your team. GitLab regularly adds features and updates its platform, so be sure to check the project homepage to keep up to date with any improvements or important notices.
For more Linux tutorials, please go to [Tencent Cloud + Community] (https://cloud.tencent.com/developer?from=10680) to learn more.
Reference: "How To Install and Configure GitLab on Ubuntu 18.04"
Recommended Posts