Gitlab for a homelab repository
What is Gitlab?
Gitlab is a source control management application very similar to Github. The advantage of Gitlab is it can be self-hosted so you can maintain your code locally.
Requirements:
- RHEL / Rocky linux
- SSH connection to your server
Linux package Installation
Install prerequisite packages.
1
dnf install policycoreutils-python-utils openssh-server perl
A restart of sshd is necessary after the install of openssh-server. Also make sure you have it enabled.
1
2
systemctl restart sshd
systemctl enable sshd
Gitlab has a curl script which adds their repository to your server. It’s one command which makes it simple.
1
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash
Install the gitlab community edition
1
dnf install -y gitlab-ce
- Edit the configuration file for Gitlab. There are many possible lines to add. Here are some examples.
1
2
3
4
5
6
7
8
external_url = 'http://gitlab.example.com'
# paste in this pair if you are using a reverse proxy
#nginx['listen_port'] = 80
#nginx['listen_https'] = false
# you can redirect http if you need
#ngnix['redirect_http_to_https'] = true
external_url
is the main URL of your website. It’s important that this match the url you intend to be hitting your website on. The copy paste of your Git repositories from Gitlab will be based off this address. If left as default it will assume http and serve out on port 80. When this is set to an https addres Gitlab automatically serves out content over port 443 instead.
Reference: Gitlab documentation on external_url
#nginx['listen_port'] = 80
#nginx['listen_https'] = false
- If you require your external_url to be served out over http but want the URL to be https (such as a reverse proxy) you can control the built-in ngnix server that Gitlab uses to serve out content with ngnix one liners like these.
Reference: Gitlab documentation on built-in ngnix
Tell Gitlab to start with your current configuration (This is also how you reconfigure Gitlab from here on if you make any changes to the config file)
1
gitlab-ctl reconfigure
Gitlab is now up and running. Retrieve the root password.
1
cat /etc/gitlab/initial_root_password
Login by going to your external_url address or by the default address of http://hostname.com and using the username
root
with the password copied from intial_root_password file.
Configuring Gitlab for HTTPS
Gitlab can be configured for https either manually using your own certificates or automatically using Let’s Encrypt.
Reference: Gitlab documentation on SSL
Before you setup HTTPS
Important note before you setup https you should make sure your server time is in sync. Gitlab uses cookies that are highly dependent upon time. If you have nothing setup here is a basic NTP configuration which is common.
1
2
3
dnf install chrony -y
systemctl enable chrony
chronyc tracking
Config files for chrony are found in /etc/chrony.config
Manual configuration
Make an SSL directory for Gitlab.
1 2 3 4
mkdir -p /etc/gitlab/ssl chmod 755 /etc/gitlab/ssl cp gitlab.example.com.key gitlab.example.com.crt /etc/gitlab/ssl/ chmod 644 /etc/gitlab/ssl/gitlab.example.com.key gitlab.example.com.crt
Set
external_url
inside the gitlab configuration file.1 2
exernal_url = 'https://gitlab.example.com' letsencrypt['enable'] = false
Gracefully restart ngnix to load the certificates
1 2
sudo gitlab-ctl hup nginx sudo gitlab-ctl hup registry
Optional: If your external_url wasn’t previously https you should run a reconfigure as well.
1
gitlab-ctl reconfigure
Automatic configuration with Let’s Encrypt
Configure external_url to be https.
1 2
exernal_url = 'https://gitlab.example.com' letsencrypt['contact_emails'] = ['[email protected]'] # Optional
Reconfigure Gitlab.
1
gitlab-ctl reconfigure
Backup
As long as you don’t have heavy traffic to your Gitlab server backing it up is simple. Here is a one liner.
1
gitlab-backup create BACKUP=$(date +%F_%R)
This will create a backup of your gitlab at /var/opt/gitlab/backups/
with the date and time. It’s important to note you also need to backup your /etc/gitlab
directory to save secrets and TLS certs if using HTTPS.