In this article, we are going to show you how to install GitLab on CentOS 7. GitLab is Rails-based open source repository manager developed by GitLab Inc. GitLab is very useful for teamwork because is web-based git repository manager and it’s easy to deploy, code or test applications. It supports functions such as code reviews, issue tracking and activity feeds and that’s just a few of the features this application has. GitLab comes in Community Edition (self-hosted and free) and Enterprise Edition (self-hosted and paid).
In this article, we are going to use the ‘omnibus’ package for installation provided by GitLab.
Prerequisites
- CentOS 7 server – 64bit
- Min RAM 2GB
- Root privileges
1. Log in to the server and update the system
Login to your CentOS 7 VPS via SSH as user root
ssh root@IP_Address -p Port_number
Update all packages
Once you are logged in to the server you can type the following command for updating the installed packages:
sudo yum -y update
2. Install the necessary dependencies
In this step, we will download and install the packages that are required to install GitLab.
With the following yum command we will install all of this packages:
sudo yum install -y curl policycoreutils-python openssh-server
With the next commands we will enable and start SSH:
sudo systemctl enable sshd sudo systemctl start sshd
If you are using a firewall you should grant HTTP access:
sudo firewall-cmd --permanent --add-service=http sudo systemctl reload firewalld
Next, we will install Postfix so we can send notification emails.
sudo yum install postfix sudo systemctl enable postfix sudo systemctl start postfix
A configuration screen may appear during Postfix installation. Please select “Internet Site” and press Enter. Use an external DNS on your server for ‘mail name’ and press enter. If additional screens appear, continue pressing enter to accept the default values.
3. Add and install the GitLab repository package
We will add the GitLab package repository with the following command:
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash
After we add the package repository we should proceed to install the GitLab package. Change ‘http://your_domain.com’ to the URL that you will use to access the GitLab instance. With setting up this URL installation script will automatically configure and launch GitLab on that URL. With the following yum command install GitLab:
sudo EXTERNAL_URL="http://your_domain.com" yum install -y gitlab-ee
If you followed the upper instruction, now you have installed GitLab CE on your CentOS 7 server.
4. First visit at GitLab
When you browse the you_domian.com for the first time, you will be redirected to the reset password screen. After changing the password for the administrator account and you will be redirected back to the login screen. You can use root as default account username to log in.
5. Generate DHPARAM and Let’s encrypt SSL certificates
We will show you how to install free Let’s Encrypt SSL certificate for our GitLab website and additionally we will generate a DHPARAM certificate to add an additional security layer. First we need the letsencrypt command tool so we can generate Let’s Encrypt certificate. We can install the Letsencrypt tool on CentOS 7 with the following command:
sudo yum -y install letsencrypt
With the command below you can proceed with the generating a new SSL certificate from Let’s Encrypt.
sudo letsencrypt certonly --standalone -d your_domain.com
After you enter this command you should get:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):
You can enter your email address and press Enter to continue.
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
------------------------------------------------------------------------------- Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel:
In this step type ‘A’ so you Agree the Terms of Service and press Enter to continue.
------------------------------------------------------------------------------- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. ------------------------------------------------------------------------------- (Y)es/(N)o:
This last step is optional, you can also select ‘Y’ or ‘N’ and continue so you can allow the script to complete the installation of the Let’s Encrypt SSL certificate for your domain.
Please note: if the installation of the SSL certificate is not successful you can stop for the moment the GitLab application with sudo systemctl stop gitlab-runsvdir and run the script again. After the Let’s Encrypt bot will finish his job, just run the GitLab application again with the command: sudo systemctl start gitlab-runsvdir
Next, we will create new ‘ssl’ directory at location ‘/etc/gitlab/’ which is under the GitLab configuration.
sudo mkdir -p /etc/gitlab/ssl/
Next step is to generate the DHPARAM certificate pem file with OpenSSL. So follow the below command to generate the DHPARAM certificate:
sudo openssl dhparam -out /etc/gitlab/ssl/dhparams.pem 2048
When the process is complete, change the permission to 600 of the certificate file.
sudo chmod 600 /etc/gitlab/ssl/*
Congratulation, now you have generated SSL Letsencrypt and DHPARAM certificate for the GitLab.
6. Enable HTTPS for GitLab
At this stage, we will enable HTTPS and forward HTTP to the HTTPS connection in order to use the certificates we have already generated using the OpenSSL command and Let’s Encrypt.
To configure GitLab, we need to edit the configuration file ‘gitlab.rb’ as the following examples:
cd /etc/gitlab/ nano gitlab.rb
Change the external_url from HTTP to HTTPS:
external_url 'https://your_domain.com'
Now uncomment and modify the following configuration as the example below:
nginx['redirect_http_to_https'] = true nginx['ssl_certificate'] = "/etc/letsencrypt/live/your_domain.com/fullchain.pem" nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/your_domain.com/privkey.pem" nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparams.pem"
Save the changes and exit nano.
Please note: Do not forget to change your_domain.com with the domain you used to configure GitLab.
By using the following command, we will apply the GitLab configuration:
sudo gitlab-ctl reconfigure
In summary, we just finished with the installation of GitLab Community edition. We installed Let’s Encrypt SSL and added an additional layer of security by generating a DHPARAM certificate with OpenSSL and we all finished in the last part by enabling GitLab to work on HTTPS. For more information about GitLab, you can check their official website documentation at https://docs.gitlab.com/
Of course, you don’t have to install GitLab on your CentOS 7 VPS if you use one of our Managed Hosting Services, in which case you can simply ask our expert Linux admins to install GitLab for you. They are available 24×7 and will take care of your request immediately.
PS.
If you liked this post, on How to Install GitLab on CentOS 7, please share it with your friends on the social networks using the buttons below or simply leave a comment in the comments section. Thanks.