Installation & configuration of gitlab with Let’s Encrypt on Ubuntu 18.04

Step.1 Update to latest repos

:~$ sudo apt-get update

Step.2 Now, Install the prerequisites required for gitlab

:~$ sudo apt-get install -y curl openssh-server ca-certificates

Step.3 Download the latest stable package repo from the original source

:~$ curl | sudo bash

Step.4 Now again update the list of repos

:~$ sudo apt-get update

Step.5 Now, set external URL for your project using below command

:~$ sudo EXTERNAL_URL="" apt-get install gitlab-ce
curl | sudo bash

Step.6 Install the gitlab application (choice is yours whether CE or EE)
CE stands “Community Edition”
EE stands “Enterprise Edition”

:~$ sudo apt-get install gitlab-ce

Step.7 Now, restart gitlab service

:~$ sudo gitlab-ctl restart

Step.8 Enter the FQDN entry in host file

:~$ sudo nano /etc/hosts

Step.9 Configure the gitlab

:~$ sudo gitlab-ctl reconfigure

Step.10 Modify the configuration script for addition settings

:~$ sudo nano /etc/gitlab/gitlab.rb
### set url for gitlab project if not done in previous command
   	 external_url ''
### redirect from http to https
   	 nginx['redirect_http_to_https'] = true

###! **Use smtp instead of sendmail/postfix.**

 gitlab_rails['smtp_enable'] = true
 gitlab_rails['smtp_address'] = ""
 gitlab_rails['smtp_port'] = 587
 gitlab_rails['smtp_user_name'] = ""
 gitlab_rails['smtp_password'] = "password"
 gitlab_rails['smtp_domain'] = ""
 gitlab_rails['smtp_authentication'] = "login"
 gitlab_rails['smtp_enable_starttls_auto'] = true
 gitlab_rails['smtp_tls'] = false
 gitlab_rails['gitlab_email_from'] = ''
 gitlab_rails['gitlab_email_reply_to'] = ''

Backup & Restore

Step.1 Switch user to root account or use sudo instead before every command

:~$ sudo -i

Step.2 To perform backup

:~# gitlab-rake gitlab:backup:create

Backup file will be created at the following default location

To restore from the backup file

Step.3 Stop required services as mentioned below

:~# gitlab-ctl stop unicorn
:~# gitlab-ctl stop sidekiq

Now check the status of service

:~# gitlab-ctl status

Step.4 Restoring from a specific backup set

:~# gitlab-rake gitlab:backup:restore Backup:

Choose option (yes or no) as per your preferences.

:~# gitlab-ctl start

Test gitlab service check

# gitlab-rake gitlab:check SANITIZE=true

Step.5 Change the default location of backup sets

:~# vi /etc/gitlab/gitlab.rb

Now, we have to reconfigure the gitlab to take new configuration changes.

:~# gitlab-ctl reconfigure 

Let’s Encrypt Integration with Gitlab

Add the following entries to /etc/gitlab/gitlab.rb to enable Let’s Encrypt support for the primary domain:

letsencrypt['enable'] = true                      # GitLab 10.5 and 10.6 require this option
external_url ""         # Must use https protocol
letsencrypt['contact_emails'] = [''] # Optional

Automatic Let’s Encrypt Renewal

Default installations schedule renewals after midnight on every 4th day. The minute is determined by the value in external_url to help distribute the load on the upstream Let’s Encrypt servers.

We can explicitly set renewal times by adding the following to /etc/gitlab/gitlab.rb:

# This example renews every 9th day at 12:30
letsencrypt['auto_renew_hour'] = "12"
letsencrypt['auto_renew_minute'] = "30"
letsencrypt['auto_renew_day_of_month'] = "*/9"

Manual Let’s Encrypt Renewal

Renew Let’s Encrypt certificates manually using one of the following commands:

# gitlab-ctl reconfigure
# gitlab-ctl renew-le-certs