Setting up Gitlab

gitlab | runner | ci/cd laravel | ci/cd react | sast

tested on debian/buster

Requirements

quite some power (at least 4 cores) and RAM are required (say 4 to 8 G)

make sure you’ve got outbound email alright and also static name resolution so gitlab@ points to itself and triggers the alias

vi /etc/aliases

gitlab: SOME-REAL-ADDRESS

newaliases
grep FQDN /etc/hosts

Install

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | bash
apt install gitlab-ee
ls -lF /opt/gitlab/

New root password

gitlab-rails console -e production

user = User.find_by_username 'root'
user.password = 'SOME-PASSWORD'
user.password_confirmation = 'SOME-PASSWORD'
user.send_only_admin_changed_your_password_notification!
user.save!

rm /etc/gitlab/initial_root_password
ls -lF /opt/gitlab/etc/gitlab-rails-rc

Setup w/ SSL

mv -i /etc/gitlab/gitlab.rb /etc/gitlab/gitlab.rb.dist
vi /etc/gitlab/gitlab.rb

external_url 'https://FQDN'

nginx['enable'] = true
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/DOMAIN.TLD.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/DOMAIN.TLD.crt.key"

moar options

#     allow_username_or_email_login: false
#     block_auto_created_users: false
#     lowercase_usernames: false
#     smartcard_auth: false

Ready to go

gitlab-ctl reconfigure
gitlab-rake gitlab:ldap:check
gitlab-rake gitlab:env:info

netstat -ltup | grep http
nmap -p 636 LDAP-SERVER

Operations

gitlab-ctl tail

Acceptance

openssl s_client -connect localhost:443 > lala.crt
openssl x509 -noout -text < lala.crt | less
rm -f lala.crt

grep FQDN /etc/hosts
curl -i https://FQDN/

Resources

install

https://about.gitlab.com/install/

https://about.gitlab.com/install/#debian

https://docs.gitlab.com/omnibus/installation/

https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab

https://docs.gitlab.com/ee/administration/troubleshooting/gitlab_rails_cheat_sheet.html

https://docs.gitlab.com/ee/security/reset_user_password.html

setup

change the data directory gitlab to store repos elsewhere https://stackoverflow.com/questions/19902417/change-the-data-directory-gitlab-to-store-repos-elsewhere

Repository storage https://docs.gitlab.com/ee/administration/repository_storage_paths.html

Configuration options for the GitLab Linux package https://github.com/gitlabhq/omnibus-gitlab/blob/master/doc/settings/configuration.md

cluster mode

https://docs.gitlab.com/ee/user/clusters/environments.html

https://docs.github.com/en/authentication/managing-commit-signature-verification/checking-for-existing-gpg-keys

ops

https://docs.gitlab.com/ee/administration/operations/rails_console.html

How to restart GitLab https://docs.gitlab.com/ee/administration/restart_gitlab.html

ssl

SSL Configuration https://docs.gitlab.com/omnibus/settings/ssl.html

troubles

Old SSL certificate still being served after renewing it https://forum.gitlab.com/t/old-ssl-certificate-still-being-served-after-renewing-it/5219/5

ee vs. ce

https://docs.gitlab.com/ee/user/admin_area/license.html

https://docs.gitlab.com/ee/install/requirements.html

https://about.gitlab.com/install/ce-or-ee/

ldap

https://docs.gitlab.com/ee/administration/auth/ldap/