Download the latest server updates
sudo apt-get update sudo apt-get dist-upgrade -y
Dedicated gitlabhq user account
Next we need to create a dedicated gitlabhq user account to run the application, set a password for this account and add it to the admin group so it can perform root actions.sudo useradd -s /bin/bash -m -G admin gitlabhq sudo passwd gitlabhqNow login as the gitlabhq user we just created. When prompted to accept the authenticity of the RSA key fingerprint type “yes”
ssh gitlabhq@localhost
Install Additional Packages
Now we’ll install the git version control system so we can clone repositories and setup the system. We’ll also install the postfix SMTP system so GitLabHQ can send emails to users.sudo aptitude install git-core postfix -yNow configure Git with some global variables that will be used when gitlabhq performs a
git push operation. You can change the name and email address below if you wish:git config --global user.email "admin@local.host" git config --global user.name "GitLabHQ Admin User"
Generate SSH Keys
The GitLabHQ user will use SSH keys for login and authentication with the git user we’ll create later. So let’s generate our keys. Make sure to do the following: When prompted for the file in which to save the file, press Enter When prompted for a passphrase, press Enter When prompted to confirm the passphrase again, press Enterssh-keygen -t rsa
Prepare To Install GitLabHQ
First let’s clone the GitLabHQ installer scripts to help automate the installationcd ~ git clone https://github.com/gitlabhq/gitlabhq_install.gitNow we’ll run the scripts to install any additional packages. Run the command below and select “Y” to confirm you want to install the packages.
cd ~ gitlabhq_install/ubuntu_packages.shNow we’ll run the script to install the ruby language.
cd ~ gitlabhq_install/ubuntu_ruby.shNow we’ll run the script to install the gitolite program. This creates a new user “git” on the system, and will store our repositories under this accounts home directory.
cd ~ gitlabhq_install/ubuntu_gitolite.shWhen you run this script it will stop at some point with a warning about the path, just press the “Enter” key to continue. On the next screen is the gitolite configuration screen. Here we need to make one change that’s very important. Find the line that reads:
REPO_UMASK = 0077;If the install opened VIM, move over the first “7” character, press the “i” key on your keyboard to go into INSERT mode. Type a “0”, then remove the “7” so it now reads:
REPO_UMASK = 0007;Press the Escape key once, then type the “:” to enter COMMAND mode. Now type “wq” which will Write the changes to the file and Quit.
You now need to change the directory privileges on the /repositories directory so GitLabHQ can use them:
sudo chmod -R g+rwX ~git/repositories/ sudo chown -R git:git ~git/repositories/Next we need to logout of the system to allow environment settings to be set upon the next time we login.
logout
Install GitLabHQ
Log back into the system so the environment settings take placessh gitlabhq@localhostNow we’ll install GitLabHQ, again using one of the install scripts. When prompted about installing additional packages, type “Y”
cd ~ gitlabhq_install/ubuntu_gitlab.sh
Configure GitLabHQ
You can configure GitLabHQ by editing thegitlab.yml file. One of the changes you’ll want to make is to set your computer name that GitLabHQ is running on, if not localhost, so the instructions to users for connecting to repositories is correct.nano ~gitlabhq/gitlabhq/gitlab.ymlChange the host value to whatever your servers fully qualified domain name (FQDN) is. So for example if I’m running GitLabHQ on a server named “gitlabhq.corp.com” I’d change the value:
# Git Hosting congiguration git_host: system: gitolite admin_uri: git@localhost:gitolite-admin base_path: /home/git/repositories/ host: localhost git_user: git # port: 22to
# Git Hosting congiguration git_host: system: gitolite admin_uri: git@localhost:gitolite-admin base_path: /home/git/repositories/ host: gitlabhq.corp.com git_user: git # port: 22
Running GitLabHQ
Now that we have GitLabHQ installed, let’s start the application using WEBrick (even if you’ll use something else later) so we can login and accept an RSA key, then confirm it works.cd ~gitlabhq/gitlabhq bundle exec rails s -e productionNow you can login to your server by pointing your web browser to http://:3000/ and login using the default credentials
- Login Email: admin@local.host
- Login Password: 5iveL!fe
Important!
You should now create a new PROJECT. It’s important to note that when you add this project the FIRST TIME you need to type “yes” on the console where you started the application running.Installing nginx
Login as the gitlabhq user and then execute the following commands:sudo gem install passenger sudo passenger-install-nginx-module
Configure nginx
We need to edit the nginx configuration file so it points to the GitLabHQ public folder to run the application. Open the configuration file in the editor:sudo nano /opt/nginx/conf/nginx.confNow locate the section for the server configuration and make the following changes:
- Change the
server_namekey to your server’s fully qualified domain name (FQDN), so in this example the server is gitlabhq.corp.com - Change the
rootkey to the location of the GitLabHQ public folder, this is important! - Add the key/value
passenger_enabled on;
server {
listen 80;
server_name gitlabhq.corp.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /home/gitlabhq/gitlabhq/public;
index index.html index.htm;
passenger_enabled on;
}
Also on the very top of the file, add the first line that specifies we’ll run the server as the gitlabhq user account:user gitlabhq staff;Now we want to add a system user named
nginx to run the server:sudo adduser --system --no-create-home --disabled-login --disabled-password --group nginxNext we want to setup the server to auto-start when the system starts. To do this we’ll:
- Use an existing script to start nginx
- Move the script to the system start directory
- Set the correct permissions
- Start the server.
sudo wget -O init-deb.sh http://library.linode.com/assets/660-init-deb.sh sudo mv init-deb.sh /etc/init.d/nginx sudo chmod +x /etc/init.d/nginx sudo /usr/sbin/update-rc.d -f nginx defaults sudo /etc/init.d/nginx start
nginx over SSL
So you want to run nginx over SSL huh? Good choice!SSL Certificate
First you’ll need an SSL certificate, either self-signed or from a certificate authority like Verisign. You can find directions on using certificates hereHowever, to keep it simple and helpful we’ll use a self-signed certificate for our server gitlabhq.corp.com
Let’s create a 2048-bit certificate. When prompted for the passphrase, enter something at least four characters in length.
cd ~ mkdir ssl cd ssl openssl genrsa -des3 -out server.key 2048Now let’s get that passphrase out of the key file just to keep it secret. You’ll be prompted for the passphrase you entered when creating the certificate.
openssl rsa -in server.key -out server.key.insecure mv server.key server.key.secure mv server.key.insecure server.key openssl req -new -key server.key -out server.csrNow let’s sign that shiny new certificate for 5 years
openssl x509 -req -days 1825 -in server.csr -signkey server.key -out server.crtFinally we need to move the files to the correct locations on our Ubuntu server
sudo cp server.crt /etc/ssl/certs sudo cp server.key /etc/ssl/private
Configure nginx
Open the nginx configuration file, scroll to the bottom and locate the commented out section for the HTTPS. You can uncomment this section and specify your certificate location and server name as well as the location.
# HTTPS server
#
server {
listen 443;
server_name gitlabhq.corp.com;
ssl on;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /home/gitlabhq/gitlabhq/public;
index index.html index.htm;
passenger_enabled on;
}
}
}
Now we need to restart nginx for the configuration changes to take placesudo /etc/init.d/nginx stop sudo /etc/init.d/nginx startEnjoy!
No comments:
Post a Comment