Download the latest server updates
sudo apt-get update
sudo apt-get dist-upgrade -y
Dedicated gitlabhq user account
Next we need to create a dedicated gitlabhq user account to run the application, set a password for this account and add it to the admin group so it can perform root actions.
sudo useradd -s /bin/bash -m -G admin gitlabhq
sudo passwd gitlabhq
Now login as the gitlabhq user we just created. When prompted to accept the authenticity of the RSA key fingerprint type “yes”
ssh gitlabhq@localhost
Install Additional Packages
Now we’ll install the git version control system so we can clone repositories and setup the system. We’ll also install the postfix SMTP system so GitLabHQ can send emails to users.
sudo aptitude install git-core postfix -y
Now configure Git with some global variables that will be used when gitlabhq performs a
git push operation. You can change the name and email address below if you wish:
git config --global user.email "admin@local.host"
git config --global user.name "GitLabHQ Admin User"
Generate SSH Keys
The GitLabHQ user will use SSH keys for login and authentication with the git user we’ll create later. So let’s generate our keys. Make sure to do the following: When prompted for the file in which to save the file, press Enter When prompted for a passphrase, press Enter When prompted to confirm the passphrase again, press Enter
ssh-keygen -t rsa
Prepare To Install GitLabHQ
First let’s clone the GitLabHQ installer scripts to help automate the installation
cd ~
git clone https://github.com/gitlabhq/gitlabhq_install.git
Now we’ll run the scripts to install any additional packages. Run the command below and select “Y” to confirm you want to install the packages.
cd ~
gitlabhq_install/ubuntu_packages.sh
Now we’ll run the script to install the ruby language.
cd ~
gitlabhq_install/ubuntu_ruby.sh
Now we’ll run the script to install the gitolite program. This creates a new user “git” on the system, and will store our repositories under this accounts home directory.
cd ~
gitlabhq_install/ubuntu_gitolite.sh
When you run this script it will stop at some point with a warning about the path, just press the “Enter” key to continue. On the next screen is the gitolite configuration screen. Here we need to make one change that’s very important. Find the line that reads:
REPO_UMASK = 0077;
If the install opened VIM, move over the first “7” character, press the “i” key on your keyboard to go into INSERT mode. Type a “0”, then remove the “7” so it now reads:
REPO_UMASK = 0007;
Press the Escape key once, then type the “:” to enter COMMAND mode. Now type “wq” which will Write the changes to the file and Quit.
You now need to change the directory privileges on the /repositories directory so GitLabHQ can use them:
sudo chmod -R g+rwX ~git/repositories/
sudo chown -R git:git ~git/repositories/
Next we need to logout of the system to allow environment settings to be set upon the next time we login.
logout
Install GitLabHQ
Log back into the system so the environment settings take place
ssh gitlabhq@localhost
Now we’ll install GitLabHQ, again using one of the install scripts. When prompted about installing additional packages, type “Y”
cd ~
gitlabhq_install/ubuntu_gitlab.sh
You can configure GitLabHQ by editing the
gitlab.yml file. One of the changes you’ll want to make is to set your computer name that GitLabHQ is running on, if not localhost, so the instructions to users for connecting to repositories is correct.
nano ~gitlabhq/gitlabhq/gitlab.yml
Change the host value to whatever your servers fully qualified domain name (FQDN) is. So for example if I’m running GitLabHQ on a server named “gitlabhq.corp.com” I’d change the value:
# Git Hosting congiguration
git_host:
system: gitolite
admin_uri: git@localhost:gitolite-admin
base_path: /home/git/repositories/
host: localhost
git_user: git
# port: 22
to
# Git Hosting congiguration
git_host:
system: gitolite
admin_uri: git@localhost:gitolite-admin
base_path: /home/git/repositories/
host: gitlabhq.corp.com
git_user: git
# port: 22
Running GitLabHQ
Now that we have GitLabHQ installed, let’s start the application using WEBrick (even if you’ll use something else later) so we can login and accept an RSA key, then confirm it works.
cd ~gitlabhq/gitlabhq
bundle exec rails s -e production
Now you can login to your server by pointing your web browser to http://:3000/ and login using the default credentials
- Login Email: admin@local.host
- Login Password: 5iveL!fe
Important!
You should now create a new
PROJECT. It’s important to note that when you add this project the
FIRST TIME you need to type “yes” on the console where you started the application running.
Installing nginx
Login as the gitlabhq user and then execute the following commands:
sudo gem install passenger
sudo passenger-install-nginx-module
We need to edit the nginx configuration file so it points to the GitLabHQ public folder to run the application. Open the configuration file in the editor:
sudo nano /opt/nginx/conf/nginx.conf
Now locate the section for the server configuration and make the following changes:
- Change the
server_name key to your server’s fully qualified domain name (FQDN), so in this example the server is gitlabhq.corp.com
- Change the
root key to the location of the GitLabHQ public folder, this is important!
- Add the key/value
passenger_enabled on;
server {
listen 80;
server_name gitlabhq.corp.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /home/gitlabhq/gitlabhq/public;
index index.html index.htm;
passenger_enabled on;
}
Also on the very top of the file, add the first line that specifies we’ll run the server as the gitlabhq user account:
user gitlabhq staff;
Now we want to add a system user named
nginx to run the server:
sudo adduser --system --no-create-home --disabled-login --disabled-password --group nginx
Next we want to setup the server to auto-start when the system starts. To do this we’ll:
- Use an existing script to start nginx
- Move the script to the system start directory
- Set the correct permissions
- Start the server.
sudo wget -O init-deb.sh http://library.linode.com/assets/660-init-deb.sh
sudo mv init-deb.sh /etc/init.d/nginx
sudo chmod +x /etc/init.d/nginx
sudo /usr/sbin/update-rc.d -f nginx defaults
sudo /etc/init.d/nginx start
So you want to run nginx over SSL huh? Good choice!
SSL Certificate
First you’ll need an SSL certificate, either self-signed or from a certificate authority like Verisign. You can find directions on using certificates
here
However, to keep it simple and helpful we’ll use a self-signed certificate for our server gitlabhq.corp.com
Let’s create a 2048-bit certificate. When prompted for the passphrase, enter something at least four characters in length.
cd ~
mkdir ssl
cd ssl
openssl genrsa -des3 -out server.key 2048
Now let’s get that passphrase out of the key file just to keep it secret. You’ll be prompted for the passphrase you entered when creating the certificate.
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
openssl req -new -key server.key -out server.csr
Now let’s sign that shiny new certificate for 5 years
openssl x509 -req -days 1825 -in server.csr -signkey server.key -out server.crt
Finally we need to move the files to the correct locations on our Ubuntu server
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private
Open the nginx configuration file, scroll to the bottom and locate the commented out section for the HTTPS. You can uncomment this section and specify your certificate location and server name as well as the location.
# HTTPS server
#
server {
listen 443;
server_name gitlabhq.corp.com;
ssl on;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /home/gitlabhq/gitlabhq/public;
index index.html index.htm;
passenger_enabled on;
}
}
}
Now we need to restart nginx for the configuration changes to take place
sudo /etc/init.d/nginx stop
sudo /etc/init.d/nginx start
Enjoy!
