Deploying Gitlab on your own server

Git surpassed SVN in terms of access control, branch handling, distribution and performance, according to Git SCM Wiki page. Ready SCM cloud provider including Github, Bitbucket provide hassle-free pipeline from SCM to deployment, integrated code review, code management as well as plethora of plugins supporting various testing and report generation. Imagine your company develops solution and software for mission-critical tasks or involves certain granularity and high degree of confidential data, your company may not want to host their codes elsewhere than their own premises. Although these providers do claim that they integrate tight security mechanism,your company may still not storing their code base externally. Therefore, to yield the benefit of Git meanwhile assure security, an internal Git server can be deployed.

What is Gitlab?

Unlike Github or Bitbucket, who store public repositories of open source software as well as private repositories, their system are not open source, there is no way for us to install a local Github or Bitbucket. However, Gitlab is the exception, they provide packages for local installation for free (if you are not opting an enterprise version). It’s the reason we decide to deploy Gitlab on our server.

How to install Gitlab?

Depending on the OS your server currently running, installation guides can be found on their Gitlab official website. In this guide, we will be using Ubuntu LTS 16.04.

Install Gitlab Prerequisite

First, we open a Terminal and run the following commands:

sudo apt install -y curl openssh-server ca-certificates

After installing the OpenSSH server and repository of CA certificates. We will install a email server, Postfix to push notification emails.

sudo apt install -y postfix

Install Gitlab

We add the Gitlab repository.

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash

The script above will add the GPG key of Gitlab repo and perform an update. Next, we install the package.

sudo apt install gitlab-ee

Post-Installation

Run the command the configure Gitlab

sudo gitlab-ctl reconfigure

You are ready to go! Browse to the host of your Gitlab, you will be prompted to set an initial password. Your default admin username is root. If you are not redirected to the reset password page, you will have to manually set a password. You can skip the following section if you can login with root account.

Manually override user password

According to Gitlab's documentation, you can fire up a Ruby-on-Rails console to access the database storing user credential, to do so, type:

gitlab-rails console production

After the console has loaded, get the object of the root user by typing:

user = User.where(id:1).first

Change your password, make sure it's at least 8-character long.

user.password = 'your_new_password'
user.password_confirmation = 'your_new_password'

Save the changes.

user.save!

Now back to your browser and login with your new credential.

Extra: Generating and Adding SSH Key

Generating a SSH Key-Pair

Use SSH key can save you from entering credential when pushing to your server. You can use your existing SSH key by adding your public key to Gitlab. You can skip the section 'Generating a SSH Key-Pair' if you have generated a SSH Key-Pair. To generate a new SSH Key-Pair, run:

ssh-keygen -t rsa -C "your_email_address" -b 4096

You will be prompted to enter the location of key stored as well as passphrase, you can leave the passphrase blank.

Adding your SSH public key

After generating it, copy your public key and add into your Gitlab profile. To do so, access your profile settings from the avatar of the top-right corner of your Gitlab Web UI, from the sidebar, choose 'SSH keys'. Copy and paste your public key and 'Add key'.

Cloning Repository using SSH

Get the project repository link from your project overview page and run 'git clone':

For example:

git clone git@192.168.2.53:melvinkcx/merchant_verifier.git

Why SSH but not HTTP or HTTPS?

Without a proper domain associated with our Gitlab server, there is no way to generate a CA, thus no HTTPS. Using HTTP is insecure as password is not encrypted during transmission. Any packet sniffer within the subnet will easily capture the credential. SSH establish a encrypted tunnel between two parties, for more details about how SSH works, refer to this article article by DigitalOcean.

First published on 2017-10-13

No Comments Yet