Skip to content →

How to Install GitLab CE to have your own CI (Continuous Integration) with Source Control on Debian 10

Published November 16, 2020 by phoenix17

Let’s face it,

In these crazy days of programs that span hundreds if not thousands of separate source files; keeping a track of just what changed where and when and which copy is actually the current one without any kind of source control can be a daunting task.

In comes source-control to the rescue, but it(GIT, SVN, Mercurial, etc..) isn’t very user friendly as is. Thus source control repositories with web-interfaces like BitBucket and GitHub have become very popular. These websites let you easily view changes in a graphically friendly environment as well as conduct merges, copies, forks, and various other handy source control operations with a click of a button.

The problem is that these services charge for the privilege of having a private repository, which protects your code from public viewing. That said, the bigger problem is that it is difficult to assure that your code isn’t being viewed from the service provider.

GitLab solves all these problems and adds CI functionality on top of it. Unfortunately GitLab is also quite the configuration monster when you attempt to use it without the bundled Ruby/Puma/Nginx, so we’ll have to proxy it instead of trying to run it directly through LSAPI (trust me I wasted a day going through the nightmare personally of trying to get it to work by manually installing the required ruby gems, setting the paths, etc.. it’s a hopeless cause)

Step 0:

You will need some way of running terminal commands on your machine, in this tutorial I use XSHELL but there are free alternatives such as putty.

First this tutorial assumes that you’ve already gone through the steps in my previous tutorial titled Installation and Configuration of OpenLiteSpeed with PHP, MariaDB, LetsEncrypt SSL, PHPMyAdmin, and NinjaFirewall on Debian 10 Buster

If you haven’t you can still follow the tutorial but note that there may be some divergence

Step 1:

We will need to download the package for our distribution of Linux. Luckily GitLab provides a repository installation script which handles a bunch of things for us, so lets grab that.

wget https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh

We need to set the permission for this script to be executable first, so

chmod +x script.deb.sh

Now to add the repositories simply run the script

sudo bash ./script.deb.sh

Step 2:

Now lets install GitLab CE (Community Edition)

sudo apt-get install gitlab-ce

Step 3:

You may have noticed the error about GitLab not being able to detect a valid hostname, so lets configure the external URL

Open /etc/gitlab/gitlab.rb with your text-editor of choice and make the following changes

First change

external_url 'http://gitlab.example.com'

To

external_url 'http://gitlab.yourwebsite.com:9191'

Optionally, you can change the default theme by UN-commenting this line

#gitlab_rails['gitlab_default_theme'] = 2

Now save and upload the file and run the following command to reconfigure GitLab

sudo gitlab-ctl reconfigure

First run of this command took my machine almost 5 minutes to complete so let it run.

Step 4(OpenLiteSpeed):

Now we need to configure the VHOST for this GitLab installation to coincide with the subdomain we picked earlier

Login to OpenLitspeed and navigate to the VHOST Configuration (If you don’t know where this is check my earlier tutorial).

Click add to add a new Virtual Host

Fill in the following:

Click Save

Note: You may get an error saying the vhost.conf file doesn’t exist; click to create it and click save

Now you should have GitLab in the vhost list

Click to edit it

Now head over to the general tab and modify the document root

Change it to

$VH_ROOT/html

Also run the following commands and upload a test index.html page to the html/ directory

mkdir /var/www/gitlab/html
chown lsadm:lsadm /var/www/gitlab/html

Next go to the Rewrite tab, Enable Rewrite and Auto Load from .htaccess

Next we need to point the subdomain to this vhost configuration before we configure SSL.

To do so go to the Listeners section and modify both HTTP and HTTPs Listeners

Create a new Virtual Host Mapping

Next if your primary website (yourwebsite.com) already has an SSL cert you can use that one (we will be modifying the certificate a bit later in order to add the subdomain). Otherwise you will have to generate a new cert (as is explained in my earlier tutorial).

Hit the refresh configuration button,

Next we need to adjust our DNS records accordingly to point to the new subdomain by adding an A record for that subdomain with the IP address of our server

Now we need to wait a while for the name-server records to update

Now we need to temporarily remove HSTS ( Strict Transport Security) on the main domain as it will force HTTPs but we haven’t extended our certificate yet

Its as simple as removing “includeSubDomains” and clearing your browser cache

After a while we should be able to visit gitlab.yourwebsite.com and see something

You’ll notice that the SSL won’t validate correctly if you don’t have a wildcard certificate

That means we will have to add the subdomain to the existing SSL certificate for it to be valid as well

Run the following command

certbot certonly --webroot -w /var/www/yourwebsite.com/html/ -d yourwebsite.com -d www.yourwebsite.com -w /var/www/gitlab/html/ -d gitlab.yourwebsite.com

Clear your browser’s cache, and refresh the OpenLiteSpeed configuration.

Now you can navigate back to the VHOST Configuration to force HTTPs

Ãdd the following Rewrite Rule

rewriteCond %{HTTPS} !on
rewriteCond %{HTTP:X-Forwarded-Proto} !https
rewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Step 5:

We need to change some more settings in the GitLab.rb file to enable SSL

First, Disable LetsEncrypt (since we already generated a set of certificates for our webserver we don’t want GitLab trying to generate another)

Next, lets modify the External URL we setup at the beginning to point to HTTPS instead of HTTP

Change

external_url 'http://gitlab.yourwebsite.com:9191'

To

external_url 'https://gitlab.yourwebsite.com:9191'

Now, we need to symlink the existing certificates to the directory that GitLab expects them to be in

Your certificate and chain have been saved at: /etc/letsencrypt/live/website.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/website.com/privkey.pem

GitLab expects these to be in /etc/gitlab/trusted-certs instead and named in the following format

gitlab.yourwebsite.com.crt
gitlab.yourwebsite.com.key

Run the following commands

mkdir /etc/gitlab/trusted-certs/
ln -s /etc/letsencrypt/live/website.com/cert.pem /etc/gitlab/trusted-certs/gitlab.yourwebsite.com.crt
ln -s /etc/letsencrypt/live/website.com/privkey.pem /etc/gitlab/trusted-certs/gitlab.yourwebsite.com.key
chmod -R 755 /etc/gitlab/trusted-certs/
sudo gitlab-ctl reconfigure

If you visit https://gitlab.yourwebsite.com:9191 you should now see the GitLab Installation

However this port 9191 business isn’t ideal, so lets proxy this connection

Step 6:

First go to the GitLab VHOST we created earlier, and under External App, we’re going to add our Nginx webserver

Fill in the following settings (note that we are looping back through the external address)

Next, create a new context proxy

Fill in the proxy context definition

Save and Refresh the configuration and you’re done!

Important directories to remember for GitLab

/var/log/gitlab
/opt/gitlab
/etc/gitlab

Published in Uncategorized

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *