How to Host Your Own GitLab for free | Gitlab-Part 1

Empower Your Workflow: A Step-by-Step Guide to Hosting Your Own GitLab Server

GitLab is a powerful online platform that helps teams of all sizes manage their entire SDLC from start to finish. It offers a wide range of features, including Version control, Issue tracking, CI/CD, Security, and Collaboration. GitLab stands out as a robust DevOps platform, offering a comprehensive suite of features that cover the entire software development lifecycle. Its open-source Community Edition allows for self-hosting, giving organizations full control over their infrastructure and data. GitLab's scalability enables it to handle projects of any size, while its integrated CI/CD pipelines streamline the development process. This article will show how to host gitlab community edition on a cloud server.

Pre-requisite:

  • a cloud compute instance (>4GB RAM | 8GB preferred and Ubuntu 20.04 preferred).

  • domain name for secure connection (optional)

  • basic firewall setup (included in this article)

Step-1: Installing dependencies

Before you install GitLab, it's crucial to set up the necessary software it relies on, which can be obtained from Ubuntu's default package repositories. SSH to your virtual machine and start by updating the local package index using the command:

sudo apt update

Next, install the required dependencies with the following command:

sudo apt install ca-certificates curl openssh-server postfix tzdata perl

You may be prompted to ask a few questions related to postfix upon installation. Enter your custom domain if you have or leave it as it is to default. Here's a brief description of what we installed:

  1. ca-certificates: Think of this as your system's trusty set of keys. It contains a collection of trusted certificate authorities (CAs) that are used to verify the authenticity of SSL/TLS connections to secure websites and services. These certificates are vital for ensuring secure communication over the internet, and keeping your data safe from prying eyes.

  2. openssh-server: If ca-certificates are the keys, then openssh-server is the secure tunnel. OpenSSH is a powerful suite of tools for secure remote login, file transfer, and tunneling. When you install openssh-server, you're setting up a secure doorway into your system, allowing remote users to connect using the SSH protocol. It's like having a private, encrypted tunnel directly to your server.

  3. postfix: Postfix is a popular mail transfer agent (MTA) that handles the delivery of emails on your server. It's like your system's mailman, responsible for sending and receiving emails. In the context of GitLab, Postfix is used to manage system notifications and alerts, ensuring important messages reach their intended recipients.

  4. tzdata: Keeping time in check. The tzdata package provides essential time zone data files for your system. It's the backbone of your system's clock, ensuring that timestamps and scheduling tasks are based on accurate time zone information. With tzdata, your system stays synchronized with the correct time, crucial for maintaining order in a world that runs on schedules.

Step-2: Installing Gitlab

Once you have all the necessary dependencies installed, you can proceed with installing GitLab. This involves using an installation script to configure your system with the GitLab repositories.

First, navigate to the /tmp directory:

cd /tmp

Next, download the installation script using the following command:

curl -LO https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh

Spin the installer with the command:

sudo bash /tmp/script.deb.sh

This script sets up your server to use GitLab's maintained repositories, enabling you to manage GitLab using the same package management tools as your other system packages. After this setup is complete, you can proceed to install the GitLab application itself using the apt package manager:

sudo apt install gitlab-ce

Step-3: Updating firewall rules

Before configuring GitLab, it's essential to ensure that your firewall rules allow web traffic. If you've followed the prerequisites and have the ufw firewall enabled, you can check its current status by running:

sudo ufw status

The output will show the current rules, which might only allow SSH traffic. Since GitLab is a web application, you'll need to allow HTTP and HTTPS access. You can do this by adding rules for these protocols:

sudo ufw allow http
sudo ufw allow https
sudo ufw allow OpenSSH

Checking the ufw status again should now show that access to HTTP, HTTPS, and SSH is allowed:

sudo ufw status

Once completed, it will output something like this.

OutputStatus: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)

Step-4: Editing Gitlab configuration file

First, open GitLab’s configuration file with your preferred text editor.

sudo nano /etc/gitlab/gitlab.rb

Search for the external_url configuration line. Update it to match your domain and make sure to change http to https to automatically redirect users to the site protected by the Let’s Encrypt certificate if you have custom domain else leave it to http:

external_url ='http://your_domain'

If you don't have domain then enter your server's public IP for example, http://156.67.23.8

...
## GitLab URL
##! URL on which GitLab will be reachable.
##! For more details on configuring external_url see:
##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
##!
##! Note: During installation/upgrades, the value of the environment variable
##! EXTERNAL_URL will be used to populate/replace this value.
##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP
##! address from AWS. For more details, see:
##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
external_url='https://your_domain'
...

Next, locate the letsencrypt['contact_emails'] setting in the /etc/gitlab/gitlab.rb file. If you're using the nano text editor, you can enable the search prompt by pressing CTRL+W, typing letsencrypt['contact_emails'], and pressing ENTER. This setting allows you to define a list of email addresses that Let’s Encrypt can use to contact you if there are any issues with your domain. It's recommended to uncomment this setting and fill it out with your email address to stay informed about any potential problems:

letsencrypt['contact_emails'] = ['']

To apply the configuration changes, run the following command to reconfigure GitLab:

sudo gitlab-ctl reconfigure

Step-5: Logging in with default credentials

Visit the domain name of your GitLab server in your web browser:

http(s)://your_domain

On your first visit, you’ll be greeted with a login page like this:

GitLab initial login page

Congratulations!! You have your own gitlab server now. GitLab generates an initial secure password for you. It is stored in a folder that you can access as an administrative sudo user and can only be used within the first 24 hours when first reconfigure command has been executed:

sudo nano /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
#          1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the firs$
#          2. Password hasn't been changed manually, either via UI or via command line.
#
#          If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.

Password: YOUR_PASSWORD

# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.

Return to the login page of GitLab and enter the following information:

  • Username: root

  • Password: [the password listed in the file /etc/gitlab/initial_root_password]

After entering these credentials, click the "Sign in" button. You will then be logged in to the GitLab application and directed to a landing page where you can start adding projects.

Step-6: Updating your password (mandatory)

Upon logging in, one of the initial steps you should take is to change your password. To do this, click on the profile icon located in the upper-left corner of the navigation bar, and then select "Edit Profile."

After accessing the User Settings page, navigate to the left side of the page and select "Password." Here, you can update your GitLab-generated password to a more secure one. Once you have entered your new password, click the "Save password" button to apply the changes.

The Password setting is in the left navigation bar. You can update your password from here.

Next Steps

Awesome!, now that we have our own gitlab setup, we can create projects, invite collaborators, and set up CI/CD pipelines for automation. Use its issue tracking and code review features for efficient project management and code quality. Leverage integrations and security tools to enhance development and ensure compliance. Stay informed to make the most of GitLab's capabilities and updates. In upcoming articles, we will see how to set up CI/CD runners and utilize docker to run DevOps tasks.

Did you find this article valuable?

Support Shivam's Diagon Alley by becoming a sponsor. Any amount is appreciated!