Installation & configuration of gitlab with Let’s Encrypt on Ubuntu 18.04
Step.1 Update to latest repos
:~$ sudo apt-get update
Step.2 Now, Install the prerequisites required for gitlab
:~$ sudo apt-get install -y curl openssh-server ca-certificates
Step.3 Download the latest stable package repo from the original source
:~$ curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
Step.4 Now again update the list of repos
:~$ sudo apt-get update
Step.5 Now, set external URL for your project using below command
:~$ sudo EXTERNAL_URL="http://gitlab.webnerserver.com" apt-get install gitlab-ce curl http://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
Step.6 Install the gitlab application (choice is yours whether CE or EE)
CE stands “Community Edition”
EE stands “Enterprise Edition”
:~$ sudo apt-get install gitlab-ce
Step.7 Now, restart gitlab service
:~$ sudo gitlab-ctl restart
Step.8 Enter the FQDN entry in host file
:~$ sudo nano /etc/hosts
Step.9 Configure the gitlab
:~$ sudo gitlab-ctl reconfigure
Step.10 Modify the configuration script for addition settings
:~$ sudo nano /etc/gitlab/gitlab.rb ### set url for gitlab project if not done in previous command external_url 'https://gitlab.webners.com' ### redirect from http to https nginx['redirect_http_to_https'] = true ###! **Use smtp instead of sendmail/postfix.** gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.gmail.com" gitlab_rails['smtp_port'] = 587 gitlab_rails['smtp_user_name'] = "git@webners.com" gitlab_rails['smtp_password'] = "password" gitlab_rails['smtp_domain'] = "smtp.gmail.com" gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_tls'] = false gitlab_rails['gitlab_email_from'] = 'git@webners.com' gitlab_rails['gitlab_email_reply_to'] = 'noreply@webners.com'
Backup & Restore
Step.1 Switch user to root account or use sudo instead before every command
:~$ sudo -i
Step.2 To perform backup
:~# gitlab-rake gitlab:backup:create
Backup file will be created at the following default location
/var/opt/gitlab/backups
To restore from the backup file
Step.3 Stop required services as mentioned below
:~# gitlab-ctl stop unicorn :~# gitlab-ctl stop sidekiq
Now check the status of service
:~# gitlab-ctl status
Step.4 Restoring from a specific backup set
:~# gitlab-rake gitlab:backup:restore Backup:
Choose option (yes or no) as per your preferences.
:~# gitlab-ctl start
Test gitlab service check
# gitlab-rake gitlab:check SANITIZE=true
Step.5 Change the default location of backup sets
:~# vi /etc/gitlab/gitlab.rb
Now, we have to reconfigure the gitlab to take new configuration changes.
:~# gitlab-ctl reconfigure
Let’s Encrypt Integration with Gitlab
Add the following entries to /etc/gitlab/gitlab.rb to enable Let’s Encrypt support for the primary domain:
letsencrypt['enable'] = true # GitLab 10.5 and 10.6 require this option external_url "https://gitlab.webners.com" # Must use https protocol letsencrypt['contact_emails'] = ['contact@webners.com'] # Optional
Automatic Let’s Encrypt Renewal
Default installations schedule renewals after midnight on every 4th day. The minute is determined by the value in external_url to help distribute the load on the upstream Let’s Encrypt servers.
We can explicitly set renewal times by adding the following to /etc/gitlab/gitlab.rb:
# This example renews every 9th day at 12:30 letsencrypt['auto_renew_hour'] = "12" letsencrypt['auto_renew_minute'] = "30" letsencrypt['auto_renew_day_of_month'] = "*/9"
Manual Let’s Encrypt Renewal
Renew Let’s Encrypt certificates manually using one of the following commands:
# gitlab-ctl reconfigure # gitlab-ctl renew-le-certs