Deploying Gitlab on your own server
Git surpassed SVN in terms of access control, branch handling, distribution and performance, according to Git SCM Wiki page. Ready SCM cloud provider including Github, Bitbucket provide hassle-free pipeline from SCM to deployment, integrated code review, code management as well as plethora of plugins supporting various testing and report generation. Imagine your company develops solution and software for mission-critical tasks or involves certain granularity and high degree of confidential data, your company may not want to host their codes elsewhere than their own premises. Although these providers do claim that they integrate tight security mechanism,your company may still not storing their code base externally. Therefore, to yield the benefit of Git meanwhile assure security, an internal Git server can be deployed.
What is Gitlab?
Unlike Github or Bitbucket, who store public repositories of open source software as well as private repositories, their system are not open source, there is no way for us to install a local Github or Bitbucket. However, Gitlab is the exception, they provide packages for local installation for free (if you are not opting an enterprise version). It’s the reason we decide to deploy Gitlab on our server.
How to install Gitlab?
Depending on the OS your server currently running, installation guides can be found on their Gitlab official website. In this guide, we will be using Ubuntu LTS 16.04.
Install Gitlab Prerequisite
First, we open a Terminal and run the following commands:
sudo apt install -y curl openssh-server ca-certificates
After installing the OpenSSH server and repository of CA certificates. We will install a email server, Postfix to push notification emails.
sudo apt install -y postfix
We add the Gitlab repository.
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
The script above will add the GPG key of Gitlab repo and perform an update. Next, we install the package.
sudo apt install gitlab-ee
Run the command the configure Gitlab
sudo gitlab-ctl reconfigure
You are ready to go! Browse to the host of your Gitlab, you will be prompted to set an initial password. Your default admin username is root. If you are not redirected to the reset password page, you will have to manually set a password. You can skip the following section if you can login with root account.
Manually override user password
According to Gitlab's documentation, you can fire up a Ruby-on-Rails console to access the database storing user credential, to do so, type:
gitlab-rails console production
After the console has loaded, get the object of the root user by typing:
user = User.where(id:1).first
Change your password, make sure it's at least 8-character long.
user.password = 'your_new_password' user.password_confirmation = 'your_new_password'
Save the changes.
Now back to your browser and login with your new credential.
Extra: Generating and Adding SSH Key
Generating a SSH Key-Pair
Use SSH key can save you from entering credential when pushing to your server. You can use your existing SSH key by adding your public key to Gitlab. You can skip the section 'Generating a SSH Key-Pair' if you have generated a SSH Key-Pair. To generate a new SSH Key-Pair, run:
ssh-keygen -t rsa -C "your_email_address" -b 4096
You will be prompted to enter the location of key stored as well as passphrase, you can leave the passphrase blank.
Adding your SSH public key
After generating it, copy your public key and add into your Gitlab profile. To do so, access your profile settings from the avatar of the top-right corner of your Gitlab Web UI, from the sidebar, choose 'SSH keys'. Copy and paste your public key and 'Add key'.
Cloning Repository using SSH
Get the project repository link from your project overview page and run 'git clone':
git clone firstname.lastname@example.org:melvinkcx/merchant_verifier.git
Why SSH but not HTTP or HTTPS?
Without a proper domain associated with our Gitlab server, there is no way to generate a CA, thus no HTTPS. Using HTTP is insecure as password is not encrypted during transmission. Any packet sniffer within the subnet will easily capture the credential. SSH establish a encrypted tunnel between two parties, for more details about how SSH works, refer to this article article by DigitalOcean.
First published on 2017-10-13