Install GitLab
Now that your server is set up, install GitLab:
-
Install and configure the necessary dependencies:
sudo apt update sudo apt install -y curl openssh-server ca-certificates perl locales
-
Configure the system language:
-
Edit
/etc/locale.gen
and make sure
en_US.UTF-8
is uncommented. -
Regenerate the languages:
sudo locale-gen
-
Edit
- Edit
-
Add the GitLab package repository and install the package:
curl "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh" | sudo bash
To see the contents of the script, visit https://packages.gitlab.com/gitlab/gitlab-ee/install.
-
Install the GitLab package. Provide a strong password with
GITLAB_ROOT_PASSWORD
and replace the
EXTERNAL_URL
with your own. Don’t forget to include
https
in the URL, so that a Let’s Encrypt certificate is issued.
sudo GITLAB_ROOT_PASSWORD="strong password" EXTERNAL_URL="https://gitlab.example.com" apt install gitlab-ee
To learn more about the Let’s Encrypt certificate or even use your own, read how to configure GitLab with TLS.
If the password you set wasn’t picked up, read more about resetting the root account password.
-
After a few minutes, GitLab is installed. Sign in using the URL you set up in
EXTERNAL_URL
. Use
root
as the username and the password you set up in
GITLAB_ROOT_PASSWORD
.
Now it’s time to configure GitLab!
Install and configure the necessary dependencies
sudo apt-get update sudo apt-get install -y curl openssh-server ca-certificates tzdata perl
Next, install Postfix (or Sendmail) to send notification emails. If you want to use another solution to send emails please skip this step and configure an external SMTP server after GitLab has been installed
sudo apt-get install -y postfix
During Postfix installation a configuration screen may appear. Select ‘Internet Site’ and press enter. Use your server’s external DNS for ‘mail name’ and press enter. If additional screens appear, continue to press enter to accept the defaults.
Add the GitLab package repository and install the package
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
Next, install the GitLab package. Make sure you have correctly set up your DNS, and change https://gitlab.example.com to the URL at which you want to access your GitLab instance. Installation will automatically configure and start GitLab at that URL.
For https:// URLs, GitLab will automatically request a certificate with Let’s Encrypt, which requires inbound HTTP access and a valid hostname. You can also use your own certificate or just use http:// (without the s ).
If you would like to specify a custom password for the initial administrator user ( root ), check the documentation. If a password is not specified, a random password will be automatically generated.
sudo EXTERNAL_URL="https://gitlab.example.com" apt-get install gitlab-ee # List available versions: apt-cache madison gitlab-ee # Specifiy version: sudo EXTERNAL_URL="https://gitlab.example.com" apt-get install gitlab-ee=16.2.3-ee.0 # Pin the version to limit auto-updates: sudo apt-mark hold gitlab-ee # Show what packages are held back: sudo apt-mark showhold
Browse to the hostname and login
Unless you provided a custom password during installation, a password will be randomly generated and stored for 24 hours in /etc/gitlab/initial_root_password. Use this password with username root to login.
See our documentation for detailed instructions on installing and configuration.
Set up your communication preferences
Visit our email subscription preference center to let us know when to communicate with you. We have an explicit email opt-in policy so you have complete control over what and how often we send you emails.Twice a month, we send out the GitLab news you need to know, including new features, integrations, docs, and behind the scenes stories from our dev teams. For critical security updates related to bugs and system performance, sign up for our dedicated security newsletter.
Important Note If you do not opt-in to the security newsletter, you will not receive security alerts.
Recommended next steps
After completing your installation, consider the recommended next steps, including authentication options and sign-up restrictions.
Configure GitLab
GitLab comes with some sane default configuration options. In this section, we will change them to add more functionality, and make GitLab more secure.
For some of the options you’ll use the Admin Area UI, and for some of them you’ll
edit
/etc/gitlab/gitlab.rb
, the GitLab configuration file.
Configure NGINX
NGINX is used to serve up the web interface used to access the GitLab instance. For more information about configuring NGINX to be more secure, read about hardening NGINX.
Configure emails
Next, you’ll set up and configure an email service. Emails are important for verifying new sign ups, resetting passwords, and notifying you of GitLab activity.
Configure SMTP
In this tutorial, you’ll set up an SMTP server and use the Mailgun SMTP provider.
First, start by creating an encrypted file that will contain the login credentials, and then configure SMTP for the Linux package:
-
Create a YAML file (for example
smtp.yaml
) that contains the credentials for the SMTP server.Your SMTP password must not contain any string delimiters used in Ruby or YAML (for example,
) to avoid unexpected behavior during the processing of configuration settings.
user_name: '
' password: '
-
Encrypt the file:
cat smtp.yaml | sudo gitlab-rake gitlab:smtp:secret:write
By default, the encrypted file is stored under
/var/opt/gitlab/gitlab-rails/shared/encrypted_configuration/smtp.yaml.enc
. -
Remove the YAML file:
rm -f smtp.yaml
-
Edit
/etc/gitlab/gitlab.rb
and set up the rest of the SMTP settings. Make sure
gitlab_rails['smtp_user_name']
and
gitlab_rails['smtp_password']
are not present, as we’ve already set them up as encrypted.
gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.mailgun.org" # or smtp.eu.mailgun.org gitlab_rails['smtp_port'] = 587 gitlab_rails['smtp_authentication'] = "plain" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_domain'] = "
-
Save the file and reconfigure GitLab:
sudo gitlab-ctl reconfigure
You should now be able to send emails. To test that the configuration worked:
-
Enter the Rails console:
sudo gitlab-rails console
-
Run the following command at the console prompt to make GitLab send a test email:
Notify.test_email('
', 'Message Subject', 'Message Body').deliver_now
If you’re unable to send emails, see the SMTP troubleshooting section.
Enable the email verification
Account email verification provides an additional layer of GitLab account security. When some conditions are met, for example, if there are three or more failed sign-in attempts in 24 hours, an account is locked.
This feature is behind a feature flag. To enable it:
-
Enter the Rails console:
sudo gitlab-rails console
-
Enable the feature flag:
Feature.enable(:require_email_verification)
-
Check if it’s enabled (should return
true
):
Feature.enabled?(:require_email_verification)
For more information, read about account email verification.
Sign outgoing email with S/MIME
Notification emails sent by GitLab can be signed with S/MIME for improved security.
A single pair of key and certificate files must be provided:
- Both files must be PEM-encoded.
- The key file must be unencrypted so that GitLab can read it without user intervention.
- Only RSA keys are supported.
- Optional. You can provide a bundle of Certificate Authority (CA) certs (PEM-encoded) to include on each signature. This is typically an intermediate CA.
- Buy your certificate from a CA.
-
Edit
/etc/gitlab/gitlab.rb
and adapt the file paths:
gitlab_rails['gitlab_email_smime_enabled'] = true gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key' gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
-
Save the file and reconfigure GitLab:
sudo gitlab-ctl reconfigure
For more information, read about signing outgoing email with S/MIME.
Enabling SSL
Follow these steps to enable SSL for your fresh instance. These steps reflect those for manually configuring SSL in Omnibus’s NGINX configuration:
-
Make the following changes to
/etc/gitlab/gitlab.rb
:
# Update external_url from "http" to "https" external_url "https://my-host.internal" # Set Let's Encrypt to false letsencrypt['enable'] = false
-
Create the following directories with the appropriate permissions for generating self-signed certificates:
sudo mkdir -p /etc/gitlab/ssl sudo chmod 755 /etc/gitlab/ssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/gitlab/ssl/my-host.internal.key -out /etc/gitlab/ssl/my-host.internal.crt
-
Reconfigure your instance to apply the changes:
sudo gitlab-ctl reconfigure
Introduction
In this article, you will learn how to install GitLab on Ubuntu 22.04.
GitLab is an open-source tool that makes it easy to manage repositories, issues, CI/CD pipelines, and much more. If you use Ubuntu 22.04 or 20.04 and want to set up your own GitLab instance to streamline your DevOps process, you’re in the right place.
This step-by-step tutorial will show you how to install GitLab on Ubuntu 22.04 or 20.04. There are two versions of GitLab: Enterprise Edition (EE) and Community Edition (CE). We’ll talk about the community version in this post.
Step 1: Update the System
Let’s start by updating the list of packages and upgrading any packages that are already installed to their most recent versions.
# apt update -y
# apt upgrade -y
Step 2: Install Dependencies
GitLab needs some other things to work properly. Use the following instructions to set them up:
# apt install -y curl openssh-server ca-certificates postfix
During the postfix installation, there will be a configuration box. Select “Internet Site” and type the hostname of your machine as the mail server name. This will make it possible for GitLab to send emails.
Step 3: Add GitLab Apt Repository
Run the following curl command to add the GitLab project. It will instantly figure out what version of Ubuntu you have and set the repository to match.
# curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | bash
Step 4: Install Gitlab
Run the command below to quickly install and set up gitlab-ce on your Ubuntu system. Replace the server’s hostname with the name of your setup.
# EXTERNAL_URL=”http://gitlab.utho.net” apt install gitlab-ce
Once the command above has been run properly, the output will look something like this:
The output shown above shows that GitLab has been set up correctly. The user name for the gitlab web interface is “root,” and the password is saved at “/etc/gitlab/initial_root_password.”
Step 5: Access GitLab Web Interface
Once GitLab is loaded and set up, open your web browser and type in the IP address or hostname of your server.
Enabling GitLab Runner
Following a similar process to the steps for installing our GitLab Runner as a Docker service, we must first register our runner:
$ sudo docker run --rm -it -v /etc/gitlab-runner:/etc/gitlab-runner gitlab/gitlab-runner register Updating CA certificates... Runtime platform arch=amd64 os=linux pid=7 revision=1b659122 version=12.8.0 Running in system-mode. Please enter the gitlab-ci coordinator URL (for example, https://gitlab.com/): https://my-host.internal Please enter the gitlab-ci token for this runner: XXXXXXXXXXX Please enter the gitlab-ci description for this runner: [eb18856e13c0]: Please enter the gitlab-ci tags for this runner (comma separated): Registering runner... succeeded runner=FSMwkvLZ Please enter the executor: custom, docker, virtualbox, kubernetes, docker+machine, docker-ssh+machine, docker-ssh, parallels, shell, ssh: docker Please enter the default Docker image (for example, ruby:2.6): ruby:2.6 Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
Now we must add some additional configuration to our runner:
Make the following changes to
/etc/gitlab-runner/config.toml
:
-
Add Docker socket to volumes
volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"]
-
Add
pull_policy = "if-not-present"
to the executor configuration
Now we can start our runner:
sudo docker run -d --restart always --name gitlab-runner -v /etc/gitlab-runner:/etc/gitlab-runner -v /var/run/docker.sock:/var/run/docker.sock gitlab/gitlab-runner:latest 90646b6587127906a4ee3f2e51454c6e1f10f26fc7a0b03d9928d8d0d5897b64
Authenticating the registry against the host OS
As noted in Docker registry authentication documentation, certain versions of Docker require trusting the certificate chain at the OS level.
In the case of Ubuntu, this involves using
update-ca-certificates
:
sudo cp /etc/docker/certs.d/my-host.internal\:5000/ca.crt /usr/local/share/ca-certificates/my-host.internal.crt sudo update-ca-certificates
If all goes well, this is what you should see:
1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.
Disable Version Check and Service Ping
Version Check and Service Ping improve the GitLab user experience and ensure that users are on the most up-to-date instances of GitLab. These two services can be turned off for offline environments so that they do not attempt and fail to reach out to GitLab services.
For more information, see Enable or disable service ping.
Configure NTP
In GitLab 15.4 and 15.5, Gitaly Cluster assumes
pool.ntp.org
is accessible. If
pool.ntp.org
is not accessible, customize the time server setting on the Gitaly
and Praefect servers so they can use an accessible NTP server.
On offline instances, the GitLab Geo check Rake task
always fails because it uses
pool.ntp.org
. This error can be ignored but you can
read more about how to work around it.
Enabling the Package Metadata Database
Enabling the Package Metadata Database is required to enable Continuous Vulnerability Scanning and license scanning of CycloneDX files. This process requires the use of License and/or Advisory Data under what is collectively called the Package Metadata Database, which is licensed under the EE License. Note the following in relation to use of the Package Metadata Database:
- We may change or discontinue all or any part of the Package Metadata Database, at any time and without notice, at our sole discretion.
- The Package Metadata Database may contain links to third-party websites or resources. We provide these links only as a convenience and are not responsible for any third-party data, content, products, or services from those websites or resources or links displayed on such websites.
- The Package Metadata Database is based in part on information made available by third parties, and GitLab is not responsible for the accuracy or completeness of content made available.
Package metadata is stored in the following Google Cloud Provider (GCP) buckets:
- License Scanning – prod-export-license-bucket-1a6c642fc4de57d4
- Dependency Scanning – prod-export-advisory-bucket-1a6c642fc4de57d4
Using the gsutil tool to download the package metadata exports
-
Install the
gsutil
tool. -
Find the root of the GitLab Rails directory.
export GITLAB_RAILS_ROOT_DIR="$(gitlab-rails runner 'puts Rails.root.to_s')" echo $GITLAB_RAILS_ROOT_DIR
-
Set the type of data you wish to sync.
# For License Scanning export PKG_METADATA_BUCKET=prod-export-license-bucket-1a6c642fc4de57d4 export DATA_DIR="licenses" # For Dependency Scanning export PKG_METADATA_BUCKET=prod-export-advisory-bucket-1a6c642fc4de57d4 export DATA_DIR="advisories"
-
Download the package metadata exports.
# To download the package metadata exports, an outbound connection to Google Cloud Storage bucket must be allowed. # Skip v1 objects using -y "^v1\/" to only download v2 objects. v1 data is no longer used and deprecated since 16.3. mkdir -p "$GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/$DATA_DIR" gsutil -m rsync -r -d -y "^v1\/" gs://$PKG_METADATA_BUCKET "$GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/$DATA_DIR" # Alternatively, if the GitLab instance is not allowed to connect to the Google Cloud Storage bucket, the package metadata # exports can be downloaded using a machine with the allowed access, and then copied to the root of the GitLab Rails directory. rsync rsync://[email protected]/package_metadata/$DATA_DIR "$GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/$DATA_DIR"
Using the Google Cloud Storage REST API to download the package metadata exports
The package metadata exports can also be downloaded using the Google Cloud Storage API. The contents are available at https://storage.googleapis.com/storage/v1/b/prod-export-license-bucket-1a6c642fc4de57d4/o and https://storage.googleapis.com/storage/v1/b/prod-export-advisory-bucket-1a6c642fc4de57d4/o. The following is an example of how this can be downloaded using cURL and jq.
#!/bin/bash set -euo pipefail DATA_TYPE=$1 GITLAB_RAILS_ROOT_DIR="$(gitlab-rails runner 'puts Rails.root.to_s')" if [ "$DATA_TYPE" == "license" ]; then PKG_METADATA_DIR="$GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/licenses" elif [ "$DATA_TYPE" == "advisory" ]; then PKG_METADATA_DIR="$GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/advisories" else echo "Usage: import_script.sh [licenses|advisories]" exit 1 fi PKG_METADATA_BUCKET="prod-export-$DATA_TYPE-bucket-1a6c642fc4de57d4" PKG_METADATA_MANIFEST_OUTPUT_FILE="/tmp/package_metadata_${DATA_TYPE}_export_manifest.json" PKG_METADATA_DOWNLOADS_OUTPUT_FILE="/tmp/package_metadata_${DATA_TYPE}_object_links.tsv" # Download the contents of the bucket # Filter results using `prefix=v2` to only download v2 objects. v1 data is no longer used and deprecated since 16.3. # Maximum number of objects returned by the API seems to be 5000 and there are currently (2023-12-21) 2650 objects for V2 dataset. curl --silent --show-error --request GET "https://storage.googleapis.com/storage/v1/b/$PKG_METADATA_BUCKET/o?prefix=v2%2f&maxResults=5000" > "$PKG_METADATA_MANIFEST_OUTPUT_FILE" # Parse the links and names for the bucket objects and output them into a tsv file jq -r '.items[] | [.name, .mediaLink] | @tsv' "$PKG_METADATA_MANIFEST_OUTPUT_FILE" > "$PKG_METADATA_DOWNLOADS_OUTPUT_FILE" echo -e "Saving package metadata exports to $PKG_METADATA_DIR\n" # Track how many objects will be downloaded INDEX=1 TOTAL_OBJECT_COUNT="$(wc -l $PKG_METADATA_DOWNLOADS_OUTPUT_FILE | awk '{print $1}')" # Download the objects while IFS= read -r line; do FILE="$(echo -n $line | awk '{print $1}')" URL="$(echo -n $line | awk '{print $2}')" OUTPUT_DIR="$(dirname $PKG_METADATA_DIR/$FILE)" OUTPUT_PATH="$PKG_METADATA_DIR/$FILE" echo "Downloading $FILE" curl --progress-bar --create-dirs --output "$OUTPUT_PATH" --request "GET" "$URL" echo -e "$INDEX of $TOTAL_OBJECT_COUNT objects downloaded\n" let INDEX=(INDEX+1) done < "$PKG_METADATA_DOWNLOADS_OUTPUT_FILE" echo "All objects saved to $PKG_METADATA_DIR"
Automatic synchronization
Your GitLab instance is synchronized regularly with the contents of the
package_metadata
directory.
To automatically update your local copy with the upstream changes, a cron job can be added to periodically download new exports. For example, the following crontabs can be added to setup a cron job that runs every 30 minutes.
For License Scanning:
*/30 * * * * gsutil -m rsync -r -d -y "^v1\/" gs://prod-export-license-bucket-1a6c642fc4de57d4 $GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/licenses
For Dependency Scanning:
*/30 * * * * gsutil -m rsync -r -d gs://prod-export-advisory-bucket-1a6c642fc4de57d4 $GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/advisories
Change note
The directory for package metadata changed with the release of 16.2 from
vendor/package_metadata_db
to
vendor/package_metadata/licenses
. If this directory already exists on the instance and Dependency Scanning needs to be added then you need to take the following steps.
-
Rename the licenses directory:
mv vendor/package_metadata_db vendor/package_metadata/licenses
. -
Update any automation scripts or commands saved to change
vendor/package_metadata_db
to
vendor/package_metadata/licenses
. -
Update any cron entries to change
vendor/package_metadata_db
to
vendor/package_metadata/licenses
.
sed -i '.bckup' -e 's#vendor/package_metadata_db#vendor/package_metadata/licenses#g' [FILE ...]
Troubleshooting
Missing database data
If license or advisory data is missing from the dependency list or MR pages, one possible cause of this is that the database has not been synchronized with the export data.
package_metadata
synchronization is triggered by using cron jobs (advisory sync and license sync) and imports only the package registry types enabled in admin settings.
The file structure in
vendor/package_metadata
must coincide with the package registry type enabled above. For example, to sync
maven
license or advisory data, the package metadata directory under the Rails directory must have the following structure:
-
For licenses:
$GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/licenses/v2/maven/**/*.ndjson
. -
For advisories:
$GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/advisories/v2/maven/**/*.ndjson
.
After a successful run, data under the
pm_
tables in the database should be populated (check using Rails console):
-
For licenses:
sudo gitlab-rails runner "puts \"Package model has #{PackageMetadata::Package.where(purl_type: 'maven').size} packages\""
-
For advisories:
sudo gitlab-rails runner "puts \"Advisory model has #{PackageMetadata::AffectedPackage.where(purl_type: 'maven').size} packages\""
Additionally, checkpoint data should exist for the particular package registry being synchronized. For Maven, for example, there should be a checkpoint created after a successful sync run:
-
For licenses:
sudo gitlab-rails runner "puts \"maven data has been synced up to #{PackageMetadata::Checkpoint.where(data_type: 'licenses', purl_type: 'maven')}\""
-
For advisories:
sudo gitlab-rails runner "puts \"maven data has been synced up to #{PackageMetadata::Checkpoint.where(data_type: 'advisories', purl_type: 'maven')}\""
Finally, you can check the
application_json.log
logs to verify that the
sync job has run and is without error by searching for
DEBUG
messages where the class is
PackageMetadata::SyncService
. Example:
{"severity":"DEBUG","time":"2023-06-22T16:41:00.825Z","correlation_id":"a6e80150836b4bb317313a3fe6d0bbd6","class":"PackageMetadata::SyncService","message":"Evaluating data for licenses:gcp/prod-export-license-bucket-1a6c642fc4de57d4/v2/pypi/1694703741/0.ndjson"}
.
-
Blog
- 5 Best practices for configuring and managing a Load Balancer
- 5 Most Effective Ways to Avoid Cloud Bill Shocks.
- 6 Benefits of Deploying a Load Balancer on your server.
- 6 Cloud Computing Myths, Busted!
- 7 Reasons Why Cloud Infrastructure is Important for Startups
- Advantages and Challenges of Developing Cloud-Native Applications
- Advantages and Challenges of Implementing a Hybrid Cloud Solution
- Advantages and challenges of implementing edge computing in your organization
- Advantages and Challenges of Using AI and Machine Learning in the Cloud
- Advantages and Challenges of Using Cloud-Based Analytics Tools
- Advantages and Challenges of Using Kubernetes and Containers in the Cloud
- Bash vs. CMD: Decoding the Battle of Command Line Titans
- Benefits of Cloud Computing for Small Businesses
- Benefits of using Cloud Servers compared to Physical Servers
- Best Cloud Platform for Your Business
- Best Practices for Implementing Serverless Computing in Your Organization
- Best Practices for Managing and Securing Edge Computing Devices
- Best VPS Hosting Providers in 2023
- Can Artificial Intelligence Replace Teachers? The Future of Education with AI
- Challenges of Cloud Server Compliance
- Cloud Automation: Empowering Business Dynamics
- Cloud Cost Optimization: Maximizing Efficiency and Saving
- Cloud Disaster Recovery: Empowering Business Continuity
- Cloud Operating System: Next Frontier of Technological Evolution
- Cloud or In-House Server: Which is best for your business?
- Collaborating DevOps and SRE for Efficient Cloud Migration
- Compliance in the Cloud: Understanding Your Responsibilities
- Comprehensive Guide to Troubleshoot SSH Connectivity Issue
- Configure Let’s Encrypt SSL on Ubuntu with Certbot
- Connecting Utho’s Object Storage to Your Phone: A Step-by-Step Guide
- Create Your Custom Stack on Utho Cloud Dashboard with These Easy Steps
- Customer-Centric Cloud: How Human Support Enhances User Experience
- Data Guardian: VPC Elevate Cloud Security to New Heights
- Decoding DDoS: Safeguarding Your Network
- Deploying and Managing a Cluster on Utho Kubernetes Engine (UKE)
- Docker vs. Kubernetes: Containerization Solution for Businesses
- Edge Computing: A User-Friendly Explanation
- Empowering Business Success through Strategic Data Backup
- Ethics and Regulation of AI: The Next Frontier for Artificial Intelligence
- Exploring Cloud Computing Scalability: An In-Depth Analysis
- Green Cloud Computing – Sustainability in Cloud Usage
- How Cloud Firewall Can Help You to Avoid Costly Data Breaches.
- How SSL Certificates Keep You and Your Business Secure from Cyber Attacks.
- How to Choose a Best Cloud Hosting Provider
- How to Choose the Right Kubernetes Solution for Your Business
- How to Choose the Right Multi-Cloud Management Tool for Your Business
- How to keep your Business Documents Safe from Online Threats
- Impact of Cloud Server Energy Consumption
- Impact of Cloud Server Location on Latency
- Instructions for Migrating to a Utho Cloud Environment
- Introducing: Autoscaling and how to create one
- Introduction to AI and Machine Learning in the Cloud: What Are They and How Do They Work?
- Introduction to Big Data Analytics in the Cloud: What are the Benefits?
- Making Email Easy: How to Set Up a Mail Server on Ubuntu
- Managing Two-Factor Authentication for Mobile and Email Access
- Microservices vs. Monolith: Choose Right architecture for Business
- Multi-Cloud Strategy: Everything You Need to Know
- Navigating the Data Landscape with Block Storage Solutions
- Object Storage: Gateway to Modern and Streamlined Data Management
- Object Storage: Shaping the Future Landscape of Data Storage
- Pros and Cons of Using Serverless Computing in Your Business
- Public VS Private VS Hybrid Cloud: Which is Right for Your Business?
- Renew with Ease: Let’s Encrypt Certificate Guide
- Reset your forgotten Utho Cloud Instance password
- Revealing SSL: Crafting a Web Connection with Security
- SaaS, PaaS, and IaaS: A Comparison of Business Models
- SaaS: Transforming Business in the Digital Era
- Secure and Govern the Lifecycle of Data with Snapshots Protection
- Securing Cloud Perimeter: Digital Backbone to your Business
- Securing Connectivity: Power of SSH Keys for Network Safety
- serverless computing: What is it and how does it work?
- The Crucial Role of Cloud Monitoring in Business Success
- The Dark Side of Cloud Servers: Risks and Threats
- The Future Landscape of Data Storage: Cloud Data Management
- The Future of Business Apps: Embracing Cloud-Based APIs
- The Future of Cloud Server Management
- The Future of Kubernetes: What to Expect in 2023 ?
- The Impact of Cloud Server Downtime on Business Operations
- The Importance of Hosting Your Website on a Cloud Server
- The Pros and Cons of Multi-Cloud Server strategy
- The Role of Cloud Servers in Edge Computing
- Top 05 Cloud Security Threats in 2023 and Proven Strategies to Mitigate Them
- Top 10 Factors to Consider When Choosing a Cloud Server Provider
- Ultimate UFW: Securing Your Ubuntu 20.04 – Step-by-Step
- Unleash the Magic of VPN in Cloud Security
- Unleashing the Power of Artificial Intelligence: What AI Can Do with Utho Cloud
- Unlock Machine Learning Potential with CUDA Cores
- Unlock Network Magic with Traceroute & MTR
- Utho: Driving IT Modernization via Cloud Adoption
- Utho: Transforming Cloud Technology in India
- VPS Hosting: A Beginner’s Guide to Virtual Private Servers
- What is a Bare Metal Server? An In-Depth Overview
- What is a Cloud Server ?
- What is a Cloud Service Provider?
- What is a Hybrid Cloud and why is it Important?
- What is Cloud-Native Application Development and Why is it Important?
- What is Kubernetes and Why is it important?
- What is VPN and how can it benefit your business?
- When Was Artificial Intelligence Invented?
- Why Artificial Intelligence is Important
- Why Firewalls Are Important For Your Business || Benefits of Using a Firewall
- Why Ransomware Attacks Are Rising and How You Can Protect Your Business.
- Will Artificial Intelligence Replace Humans?
- Show all Docs ( 88 ) Collapse Docs
-
DNS
-
Linux
- 2 Methods for Re-Running Last Executed Commands in Linux
- 4 Effective Ways to Determine the Name of a Plugged USB Device in Linux
- An introduction to the Linux alternatives command
- Archiving and Compressing files with GNU Tar and GNU Zip
- Change SSH Default Port 22 to Custom Port
- Cheat sheet for 15 nmcli commands in Linux (RHEL/CentOS)
- Command-line internet speed tests in CentOS 7
- convert rwx permissions to octal format in Linux
- Create a Zabbix action to deliver an alert message to the user
- Deploy Django Applications Using Nginx and uWSGI on Ubuntu 14.04
- Determine All IP Addresses of Live Hosts Connected to the Network in Linux
- Disable reboot using Ctrl-Alt-Del Keys in RHEL / CentOS 7/8
- Disable SSH root login in Centos 7
- Download Online Resources from the Command Line with wget
- Explanation of iftop command
- Explanation of less, more and most command in Linux
- Explore Metabase data using MySQL
- Find multiple Ways to User Account Info and Login Details in Linux
- For Application Data Storage on Fedora 14, Use MongoDB
- Getting Started with SELinux
- How do I find my Apache version in Plesk
- How do we install MySQL Workbench on Ubuntu 18.04?
- How to access CentOS terminal by browser: Shellinabox
- How to access IBM WAS admin console
- How to access Linux server using SSH in Windows, Linux and Mac OS.
- How to access Ubuntu terminal by browser: Shellinabox
- How to add a swap file in Linux
- How to Add a User and Grant Root Privileges on CentOS 7
- How To Add a User and Grant Root Privileges on Ubuntu 18.04
- How to Add a User to Sudoers in Ubuntu 18.04
- How to add FTP account in plesk
- How To ADD OR DELETE DOMAINS AND SUBDOMAIN IN PLESK
- How to add or remove a User from a Linux Group
- How To Add User to Sudoers or Sudo Group in CentOS 7
- How to Allow Remote Connections to MySQL in centos
- How to Block and unblock Ip in CSF-WHM/Cpanel
- How to Build Brotli From Source on CentOS 7
- How to Build Brotli From Source on Debian 9
- How to Build Brotli From Source on Fedora
- How to Build Brotli From Source on Ubuntu 20.04 LTS
- How to change apache2 web folder in Ubuntu
- How to change date and time in Linux
- How to Change Default Port of Apache On RHEL/CentOS 7
- How to change mysql port number in centOS 7
- How to change SSH port when SELinux policy is enabled
- How to check and analyze packets by tcpdump command
- How to Check Disk Performance (IOPS and Latency) in Linux?
- How to check Disk Speed (Read/Write) HDD, SSD Performance in CentOS 7
- How to check, disable and enable PHP modules.
- How to Compress a.bz2 File and How to Uncompress It
- How to configure an external SMTP server in Plesk
- How To Configure BIND as a Private Network DNS Server on CentOS 7
- How To Configure SFTP Server In Debian
- How to configure SFTP server on Debian 12
- How to Connect Node.js Application with MongoDB on CentOS
- How To Create a New User and Grant Permissions in MySQL
- How to create an email account in Plesk And set email forwarding
- How to Create Email Accounts in cPanel
- How to Create Hard and Symbolic Links
- How To Create Temporary and Permanent Redirects with Apache on Ubuntu
- How to Create, Encrypt, and Decrypt Random Passwords in Linux
- How to enable RDP in Ubuntu OS (Tasksel)
- How to Execute a Command with a Timeout in Linux
- How to Extract and Download Tar Files with a Single Command
- How to Find and Sort Files in Linux Based on Modification Date and Time
- How to fix “Command not found” error in CentOS
- How to host a domain on centos 7
- How to host node.js application on Plesk
- How To Import and Export Databases in MySQL or MariaDB
- How to increase and decrease the LVM size
- How to Install (Linux, Apache, MariaDB, PHP) LAMP Stack on CentOS 7
- How To Install a PHP Version in WHM
- How to install aaPanel on Centos 7 by one click
- How to install aaPanel on Debian by one click
- How to install aaPanel on Fedora by one click
- How to install aaPanel on Ubuntu by one click
- How to Install Anaconda on centos 7
- How to Install Anaconda on Debian
- How to Install Anaconda on Fedora
- How to Install Anaconda on Ubuntu 20.04 LTS
- How To Install and Configure pgAdmin 4 on Ubuntu 22.04
- How to Install and Configure PowerDNS on centos 7 using MariaDB.
- How to install and configure Redis on Ubuntu 22.04
- How To Install and Manage Supervisor
- How to Install and Use AIDE on RHEL/CentOS 7/8
- How to Install and Use Apache Cassandra on Ubuntu 20.04 LTS
- How to install and use ChatGPT in Linux
- How to install Apache on CentOS 7
- How to install Atom Text Editor on Debian 10
- How to install Atom Text Editor on Debian 12
- How to install Atom Text Editor on Ubuntu 22.04
- How to install Certbot on AlmaLinux 8
- How to install Certbot on AlmaLinux 9
- How to install Certbot on CentOS 7
- How to install Certbot on Fedora
- How to Install ClipGrab on Ubuntu 20.04 LTS to Download YouTube Videos
- How to install Cockpit on Debian
- How to install Cockpit on Fedora Server
- How to install Cockpit on Ubuntu server
- How to Install Cockpit Web Console in CentOS 7.7
- How to install Composer on Almalinux 8
- How to install Composer on CentOS server
- How to install Composer on Debian servers
- How to install Composer on Fedora
- How to install Composer on Ubuntu 20.04
- How to install CSF in cPanel
- How to install CWP in Centos 7
- How to Install CyberPanel on CentOS 7
- How to install Django on Debian server
- How to install Django on RockyLinux 8
- How to Install Django on Ubuntu 22.04
- How to install Docker on AlmaLinux 8
- How To Install Docker on Centos 7
- How To Install Docker on Debian
- How To Install Docker on Fedora
- How to install Docker on Fedora
- How To Install Docker on Ubuntu 20.04
- How To Install Docker on Ubuntu 22.04
- How to install Drupal on CentOS server
- How to Install Drupal on Debian
- How to install Drupal on Fedora
- How to Install Drupal on Ubuntu server
- How to Install Elasticsearch on CentOS 7
- How to install Elinks on AlmaLinux
- How to install Elinks on CentOS
- How to install Elinks on Debian
- How to install Elinks on Fedora
- How to install Elinks on Ubuntu
- How to install Flatpak on Debian
- How to install Flatpak on Debian 12
- How to install Flatpak on Fedora 35
- How to install Flutter on Debian
- How to install Flutter on RockyLinux 8
- How to install Flutter on Ubuntu 20.04 LTS (Focal Fossa)
- How to Install FTP on CentOS 7 and access server via Filezilla Client
- How to install Gawk on CentOS
- How to install Gawk on Debian 10
- How to install Gawk on Debian 12
- How to install Gawk on Debian 9
- How to Install Gawk on Ubuntu 20.04
- How to install Gawk on Ubuntu 22.04
- How to install Git on AlmaLinux 8
- How to install Git on CentOS 7
- How to install Git on Debian 10
- How to install Git on Debian 12
- How To Install Git on Fedora
- How to install Git on Fedora
- How to Install Git on Ubuntu 20.04
- How to install Git on Ubuntu 22.04
- How to install GitLab on AlmaLinux 8
- How to install GitLab on CentOS 7
- How to install GitLab on Debian 10
- How to install GitLab on Debian 11
- How to install GitLab on Debian 12
- How to install GitLab on Ubuntu 22.04
- How to install GNOME Desktop (GUI) on CentOS 7
- How to install GO on Alma Linux
- How to install Go on CentOS
- How to install Go on Debian 10
- How to install Go on Debian 12
- How to install GO on Fedora
- How to install GO on Rocky Linux
- How to install Go on Ubuntu 22.04
- How to install Gogs on Debian
- How to install Gogs on Debian 12
- How to install Gogs on Ubuntu 20.04
- How to install Gogs on Ubuntu 22.04
- How to install Google authenticator on Centos
- How to install Gradle on AlmaLinux 8
- How to install Gradle on CentOS 7
- How to install Gradle on Debian 10
- How to install Gradle on Debian 12
- How to install Gradle on Debian 9
- How to install Gradle on Fedora
- How to install Gradle on Ubuntu 20.04
- How to install Grafana On Almalinux 8
- How To Install Grafana on Centos 7
- How To Install Grafana on Fedora 35/34/33/32/31
- How to Install Grafana on Ubuntu 20.04
- How to install Hastebin on Debian 10
- How to Install Hastebin on Ubuntu 20.04
- How to Install HTMLDoc on Centos 7
- How to Install HTMLDoc on Debian 10
- How to install HTMLDoc on Debian 12
- How to Install HTMLDoc on Debian 9
- How to Install HTMLDoc on Fedora
- How to Install HTMLDoc on Ubuntu 20.04
- How to install IBM Installation Manager in Linux
- How to install Java on Almalinux 8
- How To Install Java on CentOS server
- How To Install Java on Fedora server
- How to install Jenkins on CentOS 7
- How to install Jenkins on Debian 10
- How to install Jenkins on Fedora server
- How to install Jenkins on Ubuntu 20.04
- How to Install Jshon on Ubuntu 20.04
- How to Install KDE Desktop(GUI) on CentOS 7
- How to Install KubeSphere on Ubuntu 22.04
- How to install LAMP on Ubuntu 18.10
- How to install Laravel Application on Plesk server
- How to Install Latest MySQL 5.7 on CentOS 7
- How to install latest versions of PHP on CentOS
- How to install LEMP on ubuntu 18.04
- How to install LEMP on Ubuntu 22.04
- How to install LEMP stack on centOS 7
- How to install Lighttpd, MariaDB and PHP on Ubuntu 20.04
- How to install MailCatcher On Ubuntu 22.04
- HOW TO INSTALL MARIADB 10.3 ON CENTOS 7
- How to Install MariaDB 10.3 on Ubuntu 20.04
- How To Install MariaDB 10.7 on CentOS 7
- How to Install MariaDB 10.7 on Fedora
- How to install MariaDB 11 on Debian 10
- How to install MariaDB 11 on Debian 9
- How to install MariaDB 11 on Ubuntu 22.04
- How To Install MariaDB on Debian 10
- How To Install MariaDB on Debian 11
- How To Install MariaDB On Ubuntu 18.04
- How To Install MariaDB on Ubuntu 22.04
- How to install Maven on Debian
- How to install Maven on Ubuntu
- How to install Minikube on CentOS 7 and 8
- How to install Minikube on Debian
- How to install Minikube on Fedora server
- How to Install Minikube on Ubuntu server
- How to install MongoDB on AlmaLinux 8
- How to Install MongoDB on CentOS
- How to Install MongoDB on Debian
- How to Install MongoDB on Fedora 36/35/34
- How to install mongodb on Ubuntu 18.10
- How to Install MongoDB on Ubuntu 20.04
- How to install Multicraft on Ubuntu 20.04
- How to Install MySQL on Ubuntu 20.04
- How to install MySQL Relational Databases on Fedora 12
- How to Install Ncurses Library on Ubuntu 20.04
- How to Install Neofetch on Ubuntu 20.04 LTS
- How to Install netstat on Ubuntu 20.04 LTS
- How to install NGINX Web Server on Debian 10
- How to install NGINX Web Server on Debian 12
- How to Install Node.js and npm on Ubuntu 20.04
- How To Install Node.js on CentOS 8
- How To Install Node.js on Ubuntu 20.04
- How to Install Ntopng on Debian
- How to Install Ntopng on Fedora
- How to Install Ntopng on Ubuntu 20.04
- How to install OwnCloud on CentOS
- How to install OwnCloud on Debian server
- How to install Owncloud on RHEL 8
- How to install OwnCloud on Ubuntu server
- How to Install PHP 7.4 in CentOS 7
- How to install PHP 7.4 on AlmaLinux 8
- How To Install PHP 7.4 on Debian 10
- How to install PHP 7.4 on Debian 12
- How to install PHP 7.4 on Fedora 34
- How To Install PHP 7.4 on Fedora 36/35/34/33/32/31
- How to install PHP 7.4 on Ubuntu 20.04
- How to install PHP 8 on AlmaLinux 8
- How to Install PHP 8 on Centos 7
- How to Install PHP 8 on Debian 10
- How to Install PHP 8 on Debian 12
- How to Install PHP 8 on Debian 9
- How to install PHP 8 on Fedora 38
- How to Install PHP 8 on Ubuntu 20.04
- How to Install PHP 8 on Ubuntu 22.04
- How To Install PHP 8.0 on Fedora 32
- How To Install PHP 8.0 on Fedora 33
- How To Install PHP 8.0 on Fedora 34
- How To Install PHP 8.0 on Fedora 35
- How To Install PHP 8.0 on Fedora 36
- How to install PHP 8.1 on Ubuntu 22.04
- How to install PHP 8.2 on Ubuntu 22.04
- How to Install PHP in CentOS 7
- How to install PHP on CentOS 7
- How to install PHP on Ubuntu 18.04
- How to install phpMyAdmin on CentOS
- How to install phpMyAdmin on Linux
- How to Install Podman on Ubuntu 20.04 LTS
- HOW TO INSTALL POSTGRES DATABASE IN CENTOS 7
- How to Install PostgreSQL 15 on Ubuntu 22.04
- How to install Postman on Centos 7
- How to install Postman on Debian
- How to install Postman on Debian 12
- How to install Postman on Fedora
- How to install Postman on Ubuntu 20.04
- How to install Python on Ubuntu 22.04
- How to install R on Ubuntu 22.04
- How to install Red5 Server on Ubuntu 22.04
- How to install Redis on CentOS
- How to install Redis on Debian
- How to install Redis on Fedora
- How to install Redis on Ubuntu
- How to install Rkhunter on Ubuntu 22.04
- How to install Shellinabox on Debian server
- How to install Shellinabox on Fedora
- How to install Snap on AlmaLinux
- How to install SNAP on Debian 10
- How to install Snap on Fedora
- How to install Snap on RockyLinux
- How to Install Spack on Ubuntu 20.04
- How to install squid proxy on Ubuntu server
- How to Install Squid Proxy Server on CentOS
- How to install SSL on CentOS-7.3 with httpd server
- How to install SSL on Centos-7.3 with Nginx server
- How to install SSL on Ubuntu with Apache2
- How to install SSL through Cpanel .
- How to Install Streamlit on Ubuntu 20.04
- How to install Streamlit on Ubuntu 22.04
- How to install tcpping on AlmaLinux
- How to install tcpping on CentOS
- How to install tcpping on Debian
- How to install tcpping on Fedora
- How to install tcpping on Ubuntu
- How To Install the Latest MySQL on Debian 10
- How to Install the OpenGL Library on Ubuntu 20.04
- How to Install TinyCP on Debian
- How to Install TinyCP on Debian 12
- How to Install TinyCP on Ubuntu 20.04
- How to Install TinyCP on Ubuntu 22.04
- How to install Tomcat 10 on Ubuntu server
- How to Install Vagrant on Ubuntu 20.04 LTS
- How to install Vagrant on Ubuntu 22.04
- How to Install Varnish Cache with Apache on CentOS 7
- How to install Visual Studio Code on Debian 10
- How to install Visual Studio Code on Ubuntu 22.04
- How to install VnStat Network Monitoring on CentOS 7
- How to install Webmin on AlmaLinux 8
- How to install Webmin on Centos 7
- How to install Webmin on Debian
- How to install Webmin on Debian 12
- How to install Webmin on Fedora
- How to install Webmin on Fedora
- How to install Webmin on Ubuntu 20.04
- How to Install Webuzo
- How to Install Webuzo on Debian
- How to Install Webuzo on Fedora
- How to Install Webuzo v3 on Ubuntu 20.04
- How to Install Wekan on Debian 10
- How to Install Wekan on Debian 12
- How to Install Wekan on Ubuntu 20.04
- How to install Wine on Alma Linux
- How to install Wine on RockyLinux 8
- How to Install Wine on Ubuntu 20.04
- How to Install wmclock on Ubuntu 20.04
- How to install WordPress with LEMP on CentOS server
- How to Install WordPress with LEMP on Ubuntu
- How to Install Xrdp Server (Remote Desktop) on Ubuntu 20.04
- How to Install Xrdp Server on Ubuntu 22.04
- How to install Zabbix 4.4 in CentOS 7
- How To Install Zabbix Agent On Centos 7
- How to install Zimbra on Ubuntu 20.04 LTS
- How to Locate Files That Have SUID and SGID Permissions
- How to Make a Large File in Linux
- How to Make a Linux User Change Their Password Upon Login?
- How To Migrate a MySQL Database Between Two Servers
- How to migrate from CentOS 8 to Arch Linux 8.7
- How to Mount Disk in Linux
- How To Move a PostgreSQL Data Directory to a New Location on Ubuntu 22.04
- How To Partition and Format Storage Devices in Linux
- How to prevent a user from login in Linux
- How to Prevent File and Directories from Being Deleted, Even by Root
- How to Protect your Web Sites by using Username and password in Apache on CentOS.
- How to Protect your Web Sites by using Username and password in Apache on Ubuntu.
- How to Real-Time Monitor TCP and UDP Ports
- How to Recognize Active Directories Using Shell Variables and Characters
- How to remove FTP account in plesk
- How to reset forgotten root password in centos 7/8
- How to reset forgotten root password in Debian
- How to reset forgotten root Password in Fedora 34.
- How to reset forgotten root password in ubuntu 16/18
- How to reset the MySQL root password in CentOS 7
- How To Reset Your MySQL or MariaDB Root Password on Ubuntu 18.04
- How to run different websites with different versions of PHP
- How to Save a Command Output to a File in Linux
- How to Schedule an Activity at a Specific Time or at a Time in the Future Using the ‘at’ Command
- How to schedule your task using crontab
- How to send an E-mail from CentOS 7
- How to Set Manual or static IP Address on CentOS
- How to Set Manual or static IP Address on Debian server
- How to Set Manual or static IP Address on Fedora
- How to Set Manual or static IP Address on Ubuntu server
- How To Set or Change Timezone on Ubuntu 20.04
- How to set up a node.js application with apache on CentOS7
- How to Set Up SSH Keys on Ubuntu 20.04
- How to Setup and Configure FirewallD on CentOS 7
- How to Setup Flatpak on Ubuntu 20.04
- HOW TO SETUP LOAD BALANCER FOR APPLICATIONS RUNNING ON CUSTOM PORT
- How to Setup NFS server on CentOS
- How to setup Rsyslog server on Ubuntu 22.04
- How to Setup SFTP User Account on Fedora
- How to Setup SFTP User Account on Ubuntu 20.04
- How to Setup SFTP-only User Account on CentOS 7
- How to setup SSH Tunneling or port forwarding in Linux
- How to solve “Cannot connect to CWP Admin Panel”
- How to solve Zimbra error “message does not meet IPv6 sending guidelines regarding PTR”
- How to Start, Stop, and Restart MySQL Server on centos 7
- How to Switch (su) to a Different User Account Without a Password
- How to Test Internet Speed on Almalinux 8
- How to test internet speed on Debian 10
- How to test internet speed on Debian 12
- How to Test Internet Speed on Fedora
- How to Test Internet Speed on Ubuntu 20.04
- How to Troubleshoot with nmap in centos
- How to Update or Upgrade CentOS 7.1, 7.2, 7.3, 7.4, 7.5, or 7.6 to CentOS 7.7
- How to upgrade mysql 5.7 to 8.0 in Ubuntu 16.04
- How to use ‘chage’ command in Linux
- How to use ‘ps’ command in Linux
- How to Use ‘at’ Command to Schedule a Task in Linux
- How to Use Iperf to Test Network Performance
- How to use IPTABLES firewall in Linux
- How to use lsyncd to sync directories on Centos
- How to use MTR command in Linux
- How To Use Nmap to Scan for Open Ports
- How To Use ps, kill, and nice to Manage Processes in Linux
- How To Use Rsync to Sync Local and Remote Directories
- How to Use the SMTP Server of Google
- How to Verify Your Application is Listening on the Correct Port
- How To View and Update the Linux PATH Environment Variable
- How to View Colored Man Page Documentation in Linux
- How-to-set-up-a-node-js-application with apache on-centos-7
- Install Apache 2 Web Server in CentOS 5
- Install IBM HTTP server in Linux
- Install IBM Websphere Application Server ( IBM WAS) in Linux
- Install multiple version of PHP on Ubuntu server
- Install Plesk on CentOS 7
- Install SSL on Ubuntu server using Nginx
- Install WHM/Cpanel in Centos 7
- INSTALLATION AND CONFIGURATION OF APACHE TOMCAT 9 ON CENTOS 7
- Installing MongoDB on CentOS 7
- Installing PostgreSQL on Ubuntu 20.04: Step-by-Step Instructions
- Introduction to rsync
- Learning the Linux Alias Command and How to Use It
- Linux port test commands(RedHat 7, CentOS 7, and Ubuntu 18.04)
- Linux Top Command
- Linux: How to Execute a Command with a Time Limit or Timeout
- Logical volume manager in linux (LVM) Guide for beginners
- MariaDB installation on CentOS 8
- Methods for Disabling the Root Account in Linux
- Migrate your Google Cloud Platform to Microhost Cloud
- Modify File Permissions with chmod
- Most Common Network Port Numbers for Linux
- Multiple User Account Creation in Linux
- Mysql 1030 got error 28 from storage engine
- MySQL Relational Databases on Ubuntu 12.04
- New
- Nginx and PHP-FastCGI in Arch Linux
- NGINX Installation in CentOS 7
- NTP Server Configuration
- Python 3 Installation and Programming Environment Configuration on an Ubuntu 22.04
- Recover forgotten password of admin user in Jenkins
- Set a date and time for each command in Bash History.
- Setup Software RAID on Linux server
- Speed Test in Ubuntu server
- SSH and SCP command in Linux
- SSH Logins with Banner Messages (Issue.net)
- SSH Logins with Banner Messages (MOTD File)
- Structure Of Apache Configuration
- The ‘cat’ and ‘tac’ Commands in Linux: A Step-by-Step Guide with Examples
- Update DNS records For A Domain Using Plesk
- Update PHP 5.4 version to PHP 7.4
- Upgrading WordPress Manually on Linux sever
- URLs Redirect with Apache Web Server
- User Group and File permission in Linux
- Using Fedora 20 MySQL Relational Databases
- Using mysqldump to Backup MySQL Databases
- Using the Carat () Symbol, you can easily correct a previous command’s typo.
- Using the Terminal in Linux to Examine the Website’s Loading Time
- Using the yum command, install Google Chrome on CentOS 7.
- VirtualHost creation in Tomcat 10/9/8/7
- What are Runlevels in Linux and its understanding
- What is Hugo and How to use it
- What is IAAS, PAAS and SAAS
- What is IOSTAT command and how to use it
- Why less is Faster Than more Command for Effective File Navigation
- Show all Docs ( 457 ) Collapse Docs
-
Other
-
Platform
- Deploy a new server with snapshot
- Deploying and Managing a Cluster on Utho Kubernetes Engine (UKE)
- DNS Management
- How to access a server through password-less authentication
- How to add additional storage in the Microhost Cloud Server
- How to check Bandwidth consumption in Microhost panel
- How to create Microhost cloud server
- How to deploy a cloud server with custom ISO
- How to destroy MicroHost cloud server
- How to enable weekly backup in Microhost Cloud server
- How to install Wine on RHEL 8
- How to rebuild Microhost Cloud Server
- How to resize (upgrade/downgrade) cloud server.
- How to take snapshot of a Cloud Server
- Microhost Cloud Firewall
- Steps to Activate Microhost VPN
- Show all Docs ( 1 ) Collapse Docs
-
Web Servers
-
- How to change SSH port when SELinux policy is enabled
- How to Connect Node.js Application with MongoDB on CentOS
- How To Create Temporary and Permanent Redirects with Apache on Ubuntu
- How to install Lighttpd, MariaDB and PHP on Ubuntu 20.04
- How to install phpMyAdmin on Linux
- How to install SSL on CentOS-7.3 with httpd server
- How to install Tomcat 10 on Ubuntu server
- How to Update or Upgrade CentOS 7.1, 7.2, 7.3, 7.4, 7.5, or 7.6 to CentOS 7.7
- How-to-set-up-a-node-js-application with apache on-centos-7
-
- Deploy Django Applications Using Nginx and uWSGI on Ubuntu 14.04
- How to Configure NGINX
- How to install NGINX in Ubuntu 18.04 LTS
- How to install phpMyAdmin on Linux
- How to install SSL on Centos-7.3 with Nginx server
- How to install WordPress with LEMP on CentOS server
- Install and configure Nginx and PHP-FastCGI in Ubuntu 16.04
- Install SSL on Ubuntu server using Nginx
- NGINX : Enable TLS or HTTPS Connections
- NGINX: Installation and Basic Setup
- Use NGINX as a Reverse Proxy
- What is NGINX?
- Apache Virtual Hosts setup on CentOS 7
- Apache Virtual Hosts setup on CentOS 7
- Basics Information of Apache Configuration
- CHANGE AND UPDATE PASSWORD OF CPANEL ACCOUNT
- How to add A record in Plesk
- How to add CNAME record in Plesk
- How to add components in Plesk
- How to add MX record in Plesk
- How to add TXT record in Plesk
- How to assign permissions to Files and Folders in Plesk
- How to change NGINX port in Linux
- How to change PHP parameter manually through Plesk
- How to change the PHP version on Plesk
- How to change your Plesk password
- How to check current Disk Space in Plesk
- How to Configure ModSecurity in Apache
- How to configure MX record in MAILENABLE
- How to Configure NGINX
- How to Connect Node.js Application with MongoDB on CentOS
- How to Connect Node.js Application with MongoDB on CentOS
- How to create a backup in Plesk
- How to create a MySQL/MariaDB Database and Database User in Plesk
- How to create a user role in Plesk
- How To Create an Account in CPanel with WHM
- How To create and connect an FTP Account in cPanel
- How to delete an Email account in Plesk
- How to do Server-wide blacklist in Plesk
- How to do Server-wide whitelist in Plesk
- How to enable IonCube Loader in Plesk
- How to Export and Import Database Dumps in Plesk
- How to install Joomla in Plesk
- How to install NGINX in Ubuntu 18.04 LTS
- How to Install NGINX Web Server on Ubuntu 22.04 LTS
- How to Install Squid Proxy Server on CentOS
- How to install WordPress in Plesk
- How to manage user roles in Plesk
- How to migrate accounts from CWP to CWP
- How to modify Database user privileges in Plesk
- How to Protect your Web Sites by using Username and password in Apache on Ubuntu.
- How to remove components in Plesk
- How to Set Up the .htaccess File in Apache
- How to setup scheduled tasks in Plesk
- How to Solve “The server requested authentication method unknown to the client” in phpMyAdmin
- How to Start, Stop or Restart System Services in Plesk
- How-to-set-up-a-node-js-application with apache on-centos-7
- Installation of LAMP Stack on Ubuntu 16
- Managing Resources using Apache mod_alias
- NGINX : Enable TLS or HTTPS Connections
- NGINX Installation in CentOS 7
- NGINX: Installation and Basic Setup
- Rewrite URLs using mod_rewrite and Apache
- Rule-based Access Control for Apache
- Structure Of Apache Configuration
- Tuning Of Your Apache Server
- URLs Redirect with Apache Web Server
- URLs Redirect with Apache Web Server
- Use NGINX as a Reverse Proxy
- Use NGINX as a Reverse Proxy
- Show all Docs ( 43 ) Collapse Docs
-
-
Windows
- How to add SSL biniding in windows server
- How to allocate unallocated disk space in Windows Server
- How to allow ICMPv4(PING) in Windows Firewall using PowerShell
- How to allow multiple RDP sessions for the single user in Windows Server
- How to Block or Allow TCP/IP Port in Windows Firewall
- How to Boot Windows Server into Safe Mode
- How to change default shell from cmd to PowerShell in Windows Server
- How to change RDP port in Windows Server
- How to change RDP port via PowerShell in Windows server
- How to configure a DNS Reverse Lookup Zone in Windows Server 2019
- How to Configure FTP Server on Windows Server 2019
- How to configure IP manually on Windows Server
- How to configure MX record in MAILENABLE
- How to connect SFTP using FileZilla
- How to connect to a Windows server using Remote Desktop Protocol (RDP)
- How to Connect Virtual Server Remotely Using RDP in Windows OS
- How to Create Mailbox in MailEnable
- How to create RDP user in Windows Server 2012
- How to host a domain on Windows Server 2019
- How to Initialize and bring a disk online in Window Server
- How to Install & Configure Printer Tool in Windows Server
- How to install Active Directory Domain Service on Windows Server
- How to install Apache Tomcat 9 on Windows Server
- How to install IIS via Powershell in Windows Server
- How to install Java Development kit on Windows Server
- HOW TO INSTALL MAILENABLE ON WINDOWS SERVER
- How to install MsSQL Express Edition 2019 on Windows Server
- How to Install MultiPoint Services in Windows Server 2016
- How to install MySQL on Windows Server 2019
- HOW TO INSTALL ONE SSL CERTIFICATE ON TWO DIFFERENT WINDOWS SERVER
- How to Install OpenSSH on Windows Server
- How to install Python 3.7 on Windows Server 2012 R2, 2016, 2019, 2022 via PowerShell
- How to install SSL in Apache Tomcat in Windows Server
- How to Install SSL on Windows Server
- How to install Telnet Client on a server using Windows PowerShell
- How to Install Windows RDP CAL license in windows servers
- How to install WordPress on IIS in WIndows Server 2019
- How to install XAMPP on Windows Server 2016/2019/2022
- How to make partition from existing drive Windows Server
- HOW TO MIGRATE THE ZIMBRA EMAILS ON PLESK PANEL USING EMAIL MIGRATOR
- How to mount NFS persistently in Windows Server
- How to mount Virtio ISO
- How To open a port in Windows Server Firewall
- How to reset a lost Administrator password in Windows Server
- How to setup Disk Driver while deploying Windows Server with custom ISO
- How to setup Network Driver while deploying Windows Server with custom ISO
- How to setup NTP Client for time synchronization using PowerShell
- How to setup NTP Server for time synchronization using Powershell
- How to Setup OpenVPN Connect in Windows Server
- How to setup SSH Server on Windows Server via PowerShell
- How to share a folder over network in Windows Servers
- How to solve internal server error while connecting to RDP
- How to Turn off Internet Explorer Enhanced Security Configuration on Windows Server
- How to upgrade TLS 1.1 to TLS 1.2 in window server
- How to upgrade Windows Server 2012R2 to Windows Server 2016
- How to use telnet, netstat and wireshark in Windows
- How to Use the SMTP Server of Google
- Install Plesk on Windows Server 2012
- Install SQL Server 2012 Express Edition in Windows Server 2012
- Installation and Configuration of IIS Web Server on Windows Server
- Mssql database backup restore script
- Windows Server Backup feature (2012R2, 2016, 2019)
- Show all Docs ( 47 ) Collapse Docs
How to install GitLab on Ubuntu 22.04
Secure the server
Before installing GitLab, start by configuring your server to be a bit more secure.
Configure the firewall
You need to open ports 22 (SSH), 80 (HTTP), and 443 (HTTPS). You can do this by either using your cloud provider’s console, or at the server level.
In this example, you’ll configure the firewall using
ufw
.
You’ll deny access to all ports, allow ports 80 and 443, and finally, rate limit access to port 22.
ufw
can deny connections from an IP address that has attempted to initiate 6 or more
connections in the last 30 seconds.
-
Install
ufw
:
sudo apt install ufw
-
Enable and start the
ufw
service:
sudo systemctl enable --now ufw
-
Deny all other ports except the required ones:
sudo ufw default deny sudo ufw allow http sudo ufw allow https sudo ufw limit ssh/tcp
-
Finally, activate the settings. The following needs to run only once, the first time you install the package. Answer yes (
) when prompted:
sudo ufw enable
-
Verify that the rules are present:
$ sudo ufw status Status: active To Action From -- ------ ---- 80/tcp ALLOW Anywhere 443 ALLOW Anywhere 22/tcp LIMIT Anywhere 80/tcp (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6) 22/tcp (v6) LIMIT Anywhere (v6)
Configure the SSH server
To further secure your server, configure SSH to accept public key authentication, and disable some features that are potential security risks.
-
Open
/etc/ssh/sshd_config
with your editor and make sure the following are present:
PubkeyAuthentication yes PasswordAuthentication yes UsePAM yes UseDNS no AllowTcpForwarding no X11Forwarding no PrintMotd no PermitTunnel no # Allow client to pass locale environment variables AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server # Protocol adjustments, these would be needed/recommended in a FIPS or # FedRAMP deployment, and use only strong and proven algorithm choices Protocol 2 Ciphers aes128-ctr,aes192-ctr,aes256-ctr HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 Macs hmac-sha2-256,hmac-sha2-512
-
Save the file and restart the SSH server:
sudo systemctl restart ssh
If restarting SSH fails, check that you don’t have any duplicate entries in
/etc/ssh/sshd_config
.
Ensure only authorized users are using SSH for Git access
Next, ensure that users cannot pull down projects using SSH unless they have a valid GitLab account that can perform Git operations over SSH.
To ensure that only authorized users are using SSH for Git access:
-
Add the following to your
/etc/ssh/sshd_config
file:
# Ensure only authorized users are using Git AcceptEnv GIT_PROTOCOL
-
Save the file and restart the SSH server:
sudo systemctl restart ssh
Make some kernel adjustments
Kernel adjustments do not completely eliminate the threat of an attack, but they add an extra layer of security.
-
Open a new file with your editor under
/etc/sysctl.d
, for example
/etc/sysctl.d/99-gitlab-hardening.conf
, and add the following.The naming and source directory decide the order of processing, which is important because the last parameter processed might override earlier ones.
## ## The following help mitigate out of bounds, null pointer dereference, heap and ## buffer overflow bugs, use-after-free etc from being exploited. It does not 100% ## fix the issues, but seriously hampers exploitation. ## # Default is 65536, 4096 helps mitigate memory issues used in exploitation vm.mmap_min_addr=4096 # Default is 0, randomize virtual address space in memory, makes vuln exploitation # harder kernel.randomize_va_space=2 # Restrict kernel pointer access (for example, cat /proc/kallsyms) for exploit assistance kernel.kptr_restrict=2 # Restrict verbose kernel errors in dmesg kernel.dmesg_restrict=1 # Restrict eBPF kernel.unprivileged_bpf_disabled=1 net.core.bpf_jit_harden=2 # Prevent common use-after-free exploits vm.unprivileged_userfaultfd=0 ## Networking tweaks ## ## ## Prevent common attacks at the IP stack layer ## # Prevent SYNFLOOD denial of service attacks net.ipv4.tcp_syncookies=1 # Prevent time wait assassination attacks net.ipv4.tcp_rfc1337=1 # IP spoofing/source routing protection net.ipv4.conf.all.rp_filter=1 net.ipv4.conf.default.rp_filter=1 net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.default.accept_ra=0 net.ipv4.conf.all.accept_source_route=0 net.ipv4.conf.default.accept_source_route=0 net.ipv6.conf.all.accept_source_route=0 net.ipv6.conf.default.accept_source_route=0 # IP redirection protection net.ipv4.conf.all.accept_redirects=0 net.ipv4.conf.default.accept_redirects=0 net.ipv4.conf.all.secure_redirects=0 net.ipv4.conf.default.secure_redirects=0 net.ipv6.conf.all.accept_redirects=0 net.ipv6.conf.default.accept_redirects=0 net.ipv4.conf.all.send_redirects=0 net.ipv4.conf.default.send_redirects=0
-
On the next server reboot, the values will be loaded automatically. To load them immediately:
sudo sysctl --system
Great work, you’ve completed the steps to secure your server! Now you’re ready to install GitLab.
Introduction
Gitlab CE or Community Edition is an open-source application used to host your Git repositories. It offers you the advantage of keeping the data on your server for your team and your clients. It offers you total control of your codebase while providing an easy to use interface for you and your team members.
In this guide, we will cover how to install your Git repository using Gitlab’s free offering, the Community Edition. Gitlab also offers paid versions of the software which offer advanced features like Merge approvals, Roadmaps, Portfolio Management, Disaster recovery, Container scanning and lots more. You can upgrade to it if you want those.
Prerequisites
- An Ubuntu 18.04 based server with a non-root sudo user and a basic firewall. You can follow our tutorial for doing the same. Even though the tutorial was written for Ubuntu 16.04, the steps are the same for 18.04.
- You need a VPS with minimum 2 CPU cores and 8GB RAM according to the specified hardware requirements for Gitlab CE which will support 100 users. Even though you can substitute swap space for RAM, it is not recommended since the application will run slower.
Step 1 – Installing Dependencies
Before we begin to install Gitlab, you will need to make sure your server has certain software installed so that Gitlab can run properly. Run the following commands to install the dependencies.
$ sudo apt update $ sudo apt install ca-certificates curl openssh-server ufw apt-transport-https -y
Some of the software above may be pre-installed for you.
Next, you will need postfix to send notification emails. If you want to use another solution, then skip this step and you can configure an external SMPT server after you have installed Gitlab.
$ sudo apt install postfix -y
For the postfix installation, select Internet Site when prompted. Enter the domain name you are going to use for your Gitlab server on the next screen.
Step 2 – Configure Firewall
Before proceeding ahead, we need to configure the ufw firewall we installed in the previous step. Before we enable and configure the firewall, we need to enable SSH so that we don’t get locked out of our server.
$ sudo ufw allow OpenSSH
It is safe now to enable the firewall. Just enter y when presented with the prompt.
$ sudo ufw enable
We need to enable http, https, and Postfix for Gitlab to operate.
$ sudo ufw allow http $ sudo ufw allow https $ sudo ufw allow Postfix
We need to check the status that everything is working fine.
$ sudo ufw status
You should see the following output which will tell you everything is working fine.
Status: active To Action From — —— —- OpenSSH ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere Postfix ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) Postfix (v6) ALLOW Anywhere (v6)
Step 3 – Add the repository and install Gitlab
Run the following command to add the following repository.
$ curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
Install the Gitlab CE package. Replace example.github.com with the domain you will be using for your Gitlab install. If you want Gitlab to automatically install an HTTPS certificate for you using Let’s Encrypt, choose https in the command below. If you want to use your certificate or don’t want to use https, use HTTP below.
$ sudo EXTERNAL_URL=”https://gitlab-server.example.com” apt-get install gitlab-ee
Even though we talked about the community edition in the beginning, yet we are installing the Enterprise edition here. It is because, if in future you need to upgrade to the paid version, it can be done via a single click. If you install the community edition, then to switch to the enterprise edition you will need to do a manual upgrade which can lead to downtime. Enterprise edition without the license will behave just like the Community edition and is the recommended way to install.
Step 4 – Run the Installer
Navigate to the URL chosen in the previous step in your web browser. You will be redirected to Gitlab’s password reset screen. Provide a password for Gitlab Administrator’s account.
You will be taken to the login screen. Use root as the username and password you just chose to log in.
Step 5 – Configure Postfix
This tutorial will just enable Postfix for sending transactional emails. If you want to run a full-fledged mail server capable of handling incoming and outgoing mails, then you will need to do a lot more configuration which is out of the scope of this tutorial. Gitlab Docs provide a good way to start where you can learn how to configure Postfix for receiving mails.
First, we need to check the hostname for our machine. This is the name you were probably asked before you had set up your server. If you want, you can change it here. We have chosen gitlab-server for our purposes.
$ sudo nano /etc/hostname
Exit the editor by pressing Ctrl + X. Now we need to set a host file.
$ sudo nano /etc/hosts
Replace example.com and 165.22.194.39 with your domain name and IP address respectively.
127.0.0.1 localhost 127.0.0.1 gitlab-server 165.22.194.39 gitlab-server.example.com gitlab-server
Press Ctrl + X to exit when you are done and enter Y for saving the changes.
Install Mailutils. If for some reason you haven’t installed postfix in step 1, this will install it for you. Mailutil will allow us to send mails via command line.
$ sudo apt install mailutils
We need to make few changes to Postfix’s configuration file (/etc/postfix/main.cf). For this, we will use the Postconf tool. The -e parameter tells postconf to make changes in the main.cf file.
$ sudo postconf -e ‘relayhost = [smtprelay.snel.com]:587’ $ sudo postconf -e ‘smtp_tls_security_level = may’ $ sudo postconf -e ‘myhostname = gitlab-server.example.com’
First, all outgoing mails will go via Snel’s SMTP server. Second, the TLS security level is set to may which means TLS will be used if the remote server supports it or else plaintext will be used. This ensures delivery to mail servers that don’t have TLS enabled. And last, the hostname entry is set to the domain name you chose earlier.
Restart Postfix.
$ sudo service postfix restart
Test the email sending functionality.
$ echo “This email confirms that Postfix is working” | mail -s “Testing Postfix” [email protected]
If you receive an email at your domain, it means Postfix is working perfectly. If you don’t want to use Postfix and want to go with a simple SMTP server, proceed to Gitlab Docs on how to configure.
Step 6 – Configure Gitlab Profile
Log in to your Gitlab installation. Click on the user icon on the upper right-hand corner to bring up the drop-down menu and select settings.
You will be taken to your Profile settings page. Add your name and e-mail here. You will need to confirm your email address for it to be updated. You can also add more information here about yourself if you want.
Click Update Profile Settings when you are done.
Step 7 – Change User Name
Next, we need to change our username from root to something else as root is a pretty common guessable username. Click on Account in the left sidebar.
Change the user to whatever username you want to keep. Click on Update username to finish. You should also enable two-factor authentication here for more security.
Step 8 – Restrict Sign-ups
By default, Gitlab installations allow anyone to sign up. If you don’t want that, you should disable it. Click on the wrench looking icon in the top bar to access the Administration area.
To adjust settings, click on Settings in the left sidebar.
Here, scroll down to the Sign-up restrictions and click on the Expand button. Uncheck the Sign-up enabled box and click on Save changes when finished.
You will still be able to add new users via the Admin interface. This will disable only public signups.
Step 9 – Add SSH Key
The last step is adding our SSH key. If you have an SSH key, you can skip the following command. If you don’t have one, you can create one using the following command.
$ ssh-keygen
This command is common to Mac OS, Linux and Git Bash/WSL on Windows. Accept the defaults and provide a password when asked for to secure the key.
Generating public/private rsa key pair. Enter file in which to save the key (/c/Users/
/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /c/Users/
/.ssh/id_rsa. Your public key has been saved in /c/Users/
/.ssh/id_rsa.pub. The key fingerprint is: SHA256:j8Pd5kXM04+tFoppivHaYN5gjYE95Rd4Fc4YXz2MqYE
@WIN10DESKTOP The key’s randomart image is: +—[RSA 3072]—-+ | o o.=. | | E O + o.| | o + * .| | o o . o o . | | . + S . = .| | * = . ..+.| | B = ooo.o.o| | + O .+o…. | | +.=o … | +—-[SHA256]—–+
You can display your public key via the following command
$ cat ~/.ssh/id_rsa.pub
4FwcEp0IE7XW5yHDin/uyt5rxbZzNwQlg33+b453ocBS18tsUbqoJfgS7C2QcP/iWct0QpiY9BcLJ6GL6JolUQQmFm1TV5M29hFjT9pHe95QBXm1MfZH+yO6Fqz9fUf6isFYQbPJyZrJMpTu31opKiU50YB3I2UG6oyIpJedutXDqPln6f+HazL1eK7KqreghnnrN1vpyxPU7qoWT307yknii74zizqUKebfpaePGiFuT/q/MgI5LmV9pSLIz2PWjTxRgrblmEZem847SiBw0JVhm1q2D3wv7EOsQBm1HConl8FEewuQNw5KcQxj4gxuBUWFPmbI7f2cGtjQj9XR6bSSPvowoDmS+BR6r1sT+ppJgS/Oe50MnzlmgJq4joTRUaONJ+Oe0=
@WIN10DESKTOP
Go back to your Profile’s Settings area and access SSH keys from the sidebar.
Paste the SSH key in the box provided and click on Add Key to proceed.
Now you can create and commit to your repositories without having to provide your Gitlab credentials.
Conclusion
Congratulations, you should now be able to create projects and repositories on your own Ubuntu 18.04 server using Gitlab.
- Before you begin
- Secure the server
- Install GitLab
- Configure GitLab
- Next steps
Tutorial: Install and secure a single node GitLab instance
In this tutorial you will learn how to install and securely configure a single node GitLab instance that can accommodate up to 1,000 users.
To install a single node GitLab instance and configure it to be secure:
Allow the Docker daemon to trust the registry and GitLab Runner
Provide your Docker daemon with your certs by following the steps for using trusted certificates with your registry:
sudo mkdir -p /etc/docker/certs.d/my-host.internal:5000 sudo cp /etc/gitlab/ssl/my-host.internal.crt /etc/docker/certs.d/my-host.internal:5000/ca.crt
Provide your GitLab Runner (to be installed next) with your certs by following the steps for using trusted certificates with your runner:
sudo mkdir -p /etc/gitlab-runner/certs sudo cp /etc/gitlab/ssl/my-host.internal.crt /etc/gitlab-runner/certs/ca.crt
GitLab licensing and delivery models
GitLab is based on open, freely accessible source code. In 2013, a separate enterprise edition was introduced for businesses, which is why two delivery models are now available:
- GitLab CE: Community Edition (free)
- GitLab EE: Enterprise Edition (paid)
Both versions are based on the MIT open-source license. The Enterprise Edition has several additional features compared to the free Community Edition. GitLab offers three different subscription models depending on the scope of additional features required.
In addition, the Enterprise Edition can be used free of charge, but it only includes the basic functions of the Community Edition. This model is appropriate if you think you might want to install the Enterprise version at some point as you can upgrade later on. In contrast, it’s much more time-consuming to switch from the Community Edition to the Enterprise Edition.
Gitlab tutorial – first steps in GitLab
After installing GitLab, you can access the graphical user interface at the previously defined URL. To do this, you can use the browser of your choice and then log in as an administrator. The user name and the associated password can be changed later in the Admin Area.
Creating users in GitLab
In the Admin Area, you can select the New User button to create the users who collaborate on GitLab projects. To do this, you define a unique email address and log-in credentials for the user, and then assign the user to the desired project.
In the same area, you can also change user permissions by selecting “Edit” and block or remove users. Note that blocking a user prevents them from logging in while keeping all data (such as commits) intact. Completely removing a user also deletes the information linked to the user. Therefore, always exercise caution when selecting this option.
Creating a new project
The most important step is to create a new project. To do this, select the New project button. This will take to you the page for creating a new project. Enter the name of the project in the “Project name” field. This field may not contain any special characters or spaces. Under Visibility level, you define which users have access to the project. GitLab distinguishes between the following levels:
- Private: Only you have access.
- Internal: Each logged-in user has access.
- Public: Any user can access the project without prior authentication.
After selecting the settings, create the project by selecting Create project. You can then link the project directly to a local Git repository. To do this, select the “HTTPS” option under the project name in the project view and copy the displayed commands to the command line.
In case you don’t have a local copy of the repository on the server, you can add it now by entering the following command:
$ git clone https://server/namespace/project.git
Once you’ve initialized the repository, you can view all information about it on the project page. You can also view recent activities and look at the commit history to see who made which changes to the code and when.
Team collaboration with GitLab
The easiest way to work together with other users on a GitLab project is to grant users direct push access to the repository. To do this, add the users to a project as explained above and provide them with the appropriate access rights.
Users with “developer” authorization or higher can move their commits and branches to the repository without restrictions. Alternatively, you can also use merge requests, which allow you to control access more closely since the master branch is not edited directly. Instead, users can create branches, enter their commits and then make a merge request to connect the branch to the master (or another branch).
Users without access rights can also create forks, meaning they can edit their own copy of the project with pushed commits. They can then submit a merge request to reintegrate the fork into the main project. With this feature, the project owner has full control over what goes into the repository, but he or she can also allow unknown users to make contributions.
As a sophisticated collaboration tool, GitLab has numerous functions that make teamwork easier, such as project wikis or system maintenance tools.
- Installation
- Enabling SSL
- Enabling the GitLab container registry
- Allow the Docker daemon to trust the registry and GitLab Runner
- Enabling GitLab Runner
- Enabling the Package Metadata Database
Install an offline self-managed GitLab instance
This is a step-by-step guide that helps you install, configure, and use a self-managed GitLab instance entirely offline.
Enabling SSL
Follow these steps to enable SSL for your fresh instance. These steps reflect those for manually configuring SSL in Omnibus’s NGINX configuration:
-
Make the following changes to
/etc/gitlab/gitlab.rb
:
# Update external_url from "http" to "https" external_url "https://my-host.internal" # Set Let's Encrypt to false letsencrypt['enable'] = false
-
Create the following directories with the appropriate permissions for generating self-signed certificates:
sudo mkdir -p /etc/gitlab/ssl sudo chmod 755 /etc/gitlab/ssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/gitlab/ssl/my-host.internal.key -out /etc/gitlab/ssl/my-host.internal.crt
-
Reconfigure your instance to apply the changes:
sudo gitlab-ctl reconfigure
Enabling GitLab Runner
Following a similar process to the steps for installing our GitLab Runner as a Docker service, we must first register our runner:
$ sudo docker run --rm -it -v /etc/gitlab-runner:/etc/gitlab-runner gitlab/gitlab-runner register Updating CA certificates... Runtime platform arch=amd64 os=linux pid=7 revision=1b659122 version=12.8.0 Running in system-mode. Please enter the gitlab-ci coordinator URL (for example, https://gitlab.com/): https://my-host.internal Please enter the gitlab-ci token for this runner: XXXXXXXXXXX Please enter the gitlab-ci description for this runner: [eb18856e13c0]: Please enter the gitlab-ci tags for this runner (comma separated): Registering runner... succeeded runner=FSMwkvLZ Please enter the executor: custom, docker, virtualbox, kubernetes, docker+machine, docker-ssh+machine, docker-ssh, parallels, shell, ssh: docker Please enter the default Docker image (for example, ruby:2.6): ruby:2.6 Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
Now we must add some additional configuration to our runner:
Make the following changes to
/etc/gitlab-runner/config.toml
:
-
Add Docker socket to volumes
volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"]
-
Add
pull_policy = "if-not-present"
to the executor configuration
Now we can start our runner:
sudo docker run -d --restart always --name gitlab-runner -v /etc/gitlab-runner:/etc/gitlab-runner -v /var/run/docker.sock:/var/run/docker.sock gitlab/gitlab-runner:latest 90646b6587127906a4ee3f2e51454c6e1f10f26fc7a0b03d9928d8d0d5897b64
Authenticating the registry against the host OS
As noted in Docker registry authentication documentation, certain versions of Docker require trusting the certificate chain at the OS level.
In the case of Ubuntu, this involves using
update-ca-certificates
:
sudo cp /etc/docker/certs.d/my-host.internal\:5000/ca.crt /usr/local/share/ca-certificates/my-host.internal.crt sudo update-ca-certificates
If all goes well, this is what you should see:
1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.
Disable Version Check and Service Ping
Version Check and Service Ping improve the GitLab user experience and ensure that users are on the most up-to-date instances of GitLab. These two services can be turned off for offline environments so that they do not attempt and fail to reach out to GitLab services.
For more information, see Enable or disable service ping.
Configure NTP
In GitLab 15.4 and 15.5, Gitaly Cluster assumes
pool.ntp.org
is accessible. If
pool.ntp.org
is not accessible, customize the time server setting on the Gitaly
and Praefect servers so they can use an accessible NTP server.
On offline instances, the GitLab Geo check Rake task
always fails because it uses
pool.ntp.org
. This error can be ignored but you can
read more about how to work around it.
Configuring GitLab
There is only one file to edit for configuration. Open the file for editing with the command sudo nano /etc/gitlab/gitlab.rb. Within that file, you’re looking for the following line:
external_url 'https://yourdomain'
Modify that to reflect either your server domain or IP address. If you’re using an IP address, make sure to drop the https in favor of http.
If you configure GitLab to use a domain, you’ll have to enable SSL. To do that, locate the following two lines (around line 1519):
# letsencrypt['enable'] = false
# letsencrypt[‘contact_emails’] = [ ]
Uncomment those lines (remove the #) and then change false to true and enter a valid email address inside the empty [ ] characters.
Save and close that file. Reconfigure GitLab with the command:
sudo gitlab-ctl reconfigure
Once the reconfiguration happens, open a browser and point it to either https://DOMAIN or http://IP (Where DOMAIN is the domain of the server or IP is the IP address of the server). You will be prompted to change the administrator account password (Figure A).
Figure A
Once you’ve done that, you’ll be presented with the login screen, where you can register for an account. Create an account, log in, and you are ready to start using GitLab. Create groups, projects, and more.
How does GitLab work?
GitLab is a web-based application with a graphical user interface, but it can also be installed on a private server. Projects are the centerpiece of GitLab. In these projects, the code to be edited is stored in digital archives, which are called repositories. All project content and files can be found in these project directories, such as JavaScript, HTML, CSS or PHP files.
GitLab works like this: First, all team members download their own copy of the central repository to their computer. Changes to the code are initially made using commits. After editing, the changes are then fed into the main repository.
Another important feature is branching – branches that diverge from the main code for independent editing. This lets you add and test new functions without affecting the main line. Built-in continuous delivery and continuous integration mean GitLab is ideal for testing. Useful features like merge requests and forks make it one of the most popular continuous integration tools.
Installation
my-host.internal, which you should replace with your server’s FQDN, and that you have access to a different server with Internet access to download the required package files.
For a video walkthrough of this process, see Offline GitLab Installation: Downloading & Installing.
Download the GitLab package
You should manually download the GitLab package and relevant dependencies using a server of the same operating system type that has access to the Internet.
If your offline environment has no local network access, you must manually transport the relevant package through physical media, such as a USB drive.
In Ubuntu, this can be performed on a server with Internet access using the following commands:
# Download the bash script to prepare the repository curl --silent "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh" | sudo bash # Download the gitlab-ee package and dependencies to /var/cache/apt/archives sudo apt-get install --download-only gitlab-ee # Copy the contents of the apt download folder to a mounted media device sudo cp /var/cache/apt/archives/*.deb /path/to/mount
Install the GitLab package
Prerequisites:
- Before installing the GitLab package on your offline environment, ensure that you have installed all required dependencies first.
If you are using Ubuntu, you can install the dependency
.deb
packages you copied across with
dpkg
. Do not install the GitLab package yet.
# Navigate to the physical media device sudo cd /path/to/mount # Install the dependency packages sudo dpkg -i.deb
Use the relevant commands for your operating system to install the package but make sure to specify an
http
URL for the
EXTERNAL_URL
installation step. Once installed, we can manually
configure the SSL ourselves.
It is strongly recommended to setup a domain for IP resolution rather than bind to the server’s IP address. This better ensures a stable target for our certs’ CN and makes long-term resolution simpler.
The following example for Ubuntu specifies the
EXTERNAL_URL
using HTTP and installs the GitLab package:
sudo EXTERNAL_URL="http://my-host.internal" dpkg -i
.deb
GitLab Basics: Hosting and installing
We generally recommend using GitLab in a Linux environment. Like Git, GitLab software is custom-made for Linux. You can install and use GitLab on Windows, albeit with restrictions. If you want to do this, you can use a virtual machine that simulates a Linux environment on the Windows computer. A simpler option is to install the GitLab Runner, which is required if you want to use continuous integration functionalities in GitLab.
Hosting GitLab yourself or using a cloud solution
Installing GitLab on your own server doesn’t pose any major challenges if you have previous Linux experience, but it’s relatively time-consuming. In addition to the installation itself, you have to factor in the time required for configuration and regular maintenance.
If you want to save yourself this effort, you can also install and use GitLab as Software-as-a-Service (SaaS) on a cloud server (many providers offer this service). This way you can deploy the software quickly without the need for complex installation and configuration. The GitLab Runner is usually already installed so that you can get started right away.
The advantage of manually installing GitLab in your own server environment is greater flexibility. You have complete freedom when it comes to installation: You can make your own decisions about backups, updates or additional resources, and install what you need for a specific application. Nevertheless, the cloud solution is appealing, especially if your system administrator tends to deal with heavy workloads.
IONOS offers powerful, affordable cloud servers and virtual servers so you can set up your own virtual infrastructure to match your needs ASAP. These servers work with standard Linux distributions (Ubuntu, Debian) and Windows.
Installing GitLab on Linux servers
To install GitLab on a Linux server, you first need Git software. We explain how to install Git on a server in our Git tutorial. Next, you should download the GitLab omnibus package from the official GitLab website. This package contains all the necessary files and is recommended for installing GitLab on Linux.
Updating the repository
Next, log in to the server as the root user and update the repository (Ubuntu in this case) to receive all the necessary packages for GitLab. To do this, use the following commands:
sudo ssh root@GitLabServer sudo apt-get update
Then install the packages as follows:
sudo apt install curl openssh-server ca-certificates postfix
A configuration screen appears during Postfix installation. Select Internet site and enter the server domain name that you use to send and receive emails.
Installing GitLab
The next step is to install the GitLab Omnibus package. First, add the GitLab package repository using the following command:
curl https://packages.GitLab.com/install/repositories/GitLab/GitLab-ee/script.deb.sh | sudo bash
Then install GitLab using the apt command. In this example code, GitLab is installed in the Community Edition (CE):
sudo apt install GitLab-ce
Once the data has been entered, the server automatically downloads and installs the GitLab package. After the installation has been confirmed, you should configure the main URL that you use to access the GitLab server.
Change the URL “https://GitLab.example.com” to the URL you actually use. To do this, go to the /etc/GitLab directory where the configuration is located and edit the configuration file GitLab.rb using the default vim text editor.
The commands look like this:
cd /etc/GitLab vim GitLab.rb
In the GitLab.rb file, look for line 9 (“external_url”) and enter the desired URL. GitLab will start and configure the installation at this URL.
When you open GitLab for the first time, you’ll be directed to a password reset screen. Set the password for the administrator; you’ll then be redirected to the login screen. You can initially use the default user “root” to log in. You can change the settings later in the profile settings.
Installing GitLab on Windows
GitLab itself cannot be installed on a Windows server, but you can use a GitLab Runner to access an existing GitLab installation on a Linux server from Windows. This software is installed in Windows and is compatible with the continuous integration functionality of GitLab (GitLab CI/CD). In this way, the runner can send requests and work orders to GitLab.
Downloading Git for Windows and GitLab Runner binary data
You need Git for Windows before you can install GitLab on a Windows server. You can download the software from the official website. You should also assign a unique password for the user account unless you are going to use the default system account.
You will need a token that grants the runner access to the GitLab instance. This access key can be found in the GitLab settings under Settings -> CI / CD.
Next, download the binary file (x86 or amd64) for the GitLab Runner for Windows and create a folder anywhere in your system, for example C:\GitLab-runner.
Paste the file into this folder and rename it to GitLab-runner.exe. Then open Windows PowerShell (or Command Prompt) with advanced administrator access rights.
Registering the GitLab runner in Windows
To register the GitLab runner, enter the following command in the command line:
./GitLab-runner.exe register
Then enter the URL of the GitLab installation (the following is just an example):
https://GitLab.com
In the next window, enter the token in order to link the runner to the GitLab installation. You can then define your own description for the runner. This option can also be changed later in the GitLab interface. In the next window, you can define tags. These tags are useful if you want a runner to process several projects at the same time. You can use the tags to specify exactly which projects are assigned.
In the last step, you define the “executor”, meaning the environment in which the runner runs, for example a VirtualBox instance or a shell environment. Shell is the easiest executor to configure and the default option when you register a GitLab Runner on Windows for the first time.
Please enter the executor: ssh, docker+machine, docker-ssh+machine, kubernetes, docker, parallels, virtualbox, docker-ssh, shell: shell
Installing and starting the GitLab Runner on Windows
To install the GitLab Runner, you can either use the default system account or your own user account. In the PowerShell or Command Prompt, navigate to the directory you created above and type the following commands one at a time:
cd C:\GitLab-Runner .\GitLab-runner.exe install .\GitLab-runner.exe start
Next steps
In this tutorial, you learned how to set up your server to be more secure, how to install GitLab, and how to configure GitLab to meet some security standards. Some other steps you can take to secure GitLab include:
- Disabling sign ups. By default, a new GitLab instance has sign up enabled by default. If you don’t plan to make your GitLab instance public, you should to disable sign ups.
- Allowing or denying sign ups using specific email domains.
- Setting a minimum password length limit for new users.
- Enforcing two-factor authentication for all users.
There are many other things you can configure apart from hardening your GitLab instance, like configuring your own runners to leverage the CI/CD features that GitLab has to offer, or properly backing up your instance.
You can read more about the steps to take after the installation.
By Kong Yang, Justin Ellingwood, and Kathleen Juell
GitLab is an open-source application primarily used to host Git repositories, with additional development-related features like issue tracking. It is designed to be hosted using your own infrastructure, and provides flexibility in deploying as an internal repository store for your development team, a public way to interface with users, or a means for contributors to host their own projects.
The GitLab project enables you to create a GitLab instance on your own hardware with a minimal installation mechanism. In this guide, you will learn how to install and configure GitLab Community Edition on an Ubuntu 20.04 server.
To follow along with this tutorial, you will need:
sudouser and basic firewall. To set this up, follow our Ubuntu 20.04 initial server setup guide.
The published GitLab hardware requirements recommend using a server with a minimum of:
Although you may be able to get by with substituting some swap space for RAM, it is not recommended. The following examples in this guide will use these minimum resources.
your_domainas an example, but be sure to replace this with your actual domain name.
Before installing GitLab, it is important to install the software that it leverages during installation and on an ongoing basis. The required software can be installed from Ubuntu’s default package repositories.
First, refresh the local package index:
sudo apt update
Then install the dependencies by entering this command:
sudo apt install ca-certificates curl openssh-server postfix tzdata perl
You will likely have some of this software installed already. For the
postfix
installation, select Internet Site when prompted. On the next screen, enter your server’s domain name to configure how the system will send mail.
Now that you have the dependencies installed, you’re ready to install GitLab.
With the dependencies in place, you can install GitLab. This process leverages an installation script to configure your system with the GitLab repositories.
First, move into the
/tmp
directory:
cd /tmp
Then download the installation script:
curl -LO https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh
Feel free to examine the downloaded script to ensure that you are comfortable with the actions it will take. You can also find a hosted version of the script on the GitLab installation instructions:
less /tmp/script.deb.sh
Once you are satisfied with the safety of the script, run the installer:
sudo bash /tmp/script.deb.sh
The script sets up your server to use the GitLab maintained repositories. This lets you manage GitLab with the same package management tools you use for your other system packages. Once this is complete, you can install the actual GitLab application with
apt
:
sudo apt install gitlab-ce
This installs the necessary components on your system and may take some time to complete.
Before you configure GitLab, you need to ensure that your firewall rules are permissive enough to allow web traffic. If you followed the guide linked in the prerequisites, you will already have a
ufw
firewall enabled.
View the current status of your active firewall by running:
sudo ufw status
OutputStatus: active To Action From — —— —- OpenSSH ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6)
The current rules allow SSH traffic through, but access to other services is restricted. Since GitLab is a web application, you need to allow HTTP access. Because you will be taking advantage of GitLab’s ability to request and enable a free TLS/SSL certificate from Let’s Encrypt, also allow HTTPS access.
The protocol to port mapping for HTTP and HTTPS are available in the
/etc/services
file, so you can allow that traffic in by name. If you didn’t already have OpenSSH traffic enabled, you should allow that traffic:
sudo ufw allow http
sudo ufw allow https
sudo ufw allow OpenSSH
You can check the
ufw status
again to ensure that you granted access to at least these two services:
sudo ufw status
OutputStatus: active To Action From — —— —- OpenSSH ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6)
This output indicates that the GitLab web interface is now accessible once you configure the application.
Before you can use the application, update the configuration file and run a reconfiguration command. First, open GitLab’s configuration file with your preferred text editor. This example uses
nano
:
sudo nano /etc/gitlab/gitlab.rb
Search for the
external_url
configuration line. Update it to match your domain and make sure to change
http
to
https
to automatically redirect users to the site protected by the Let’s Encrypt certificate:
... ## GitLab URL ##! URL on which GitLab will be reachable. ##! For more details on configuring external_url see: ##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab ##! ##! Note: During installation/upgrades, the value of the environment variable ##! EXTERNAL_URL will be used to populate/replace this value. ##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP ##! address from AWS. For more details, see: ##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html external_url 'https://your_domain' ...
Next, find the
letsencrypt['contact_emails']
setting. If you’re using
nano
, you can enable a search prompt by pressing
CTRL+W
. Write
letsencrypt['contact_emails']
into the prompt, then press
ENTER
. This setting defines a list of email addresses that the Let’s Encrypt project can use to contact you if there are problems with your domain. It’s recommended to uncomment and fill this out to inform yourself of any issues that may occur:
letsencrypt['contact_emails'] = ['[email protected]']
Once you’re done making changes, save and close the file. If you’re using
nano
, you can do this by pressing
CTRL+X
, then , then
ENTER
.
Run the following command to reconfigure GitLab:
sudo gitlab-ctl reconfigure
This will initialize GitLab using the information it can find about your server. This is a completely automated process, so you will not have to answer any prompts. The process will also configure a Let’s Encrypt certificate for your domain.
With GitLab running, you can perform an initial configuration of the application through the web interface.
Visit the domain name of your GitLab server in your web browser:
https://your_domain
On your first visit, you’ll be greeted with a login page:
GitLab generates an initial secure password for you. It is stored in a folder that you can access as an administrative
sudo
user:
sudo nano /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions # 1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the firs$ # 2. Password hasn't been changed manually, either via UI or via command line. # # If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password. Password: YOUR_PASSWORD # NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.
Back on the login page, enter the following:
/etc/gitlab/initial_root_password]
Enter these values into the fields and click the Sign in button. You will be signed in to the application and taken to a landing page that prompts you to begin adding projects:
You can now fine tune your GitLab instance.
One of the first things you should do after logging in, is change your password. To make this change, click on the icon in the upper-right corner of the navigation bar and select Edit Profile:
You’ll then enter a User Settings page. On the left navigation bar, select Password to change your GitLab generated password, to a secure password, then click on the Save password button when you’re finished with your updates:
You’ll be taken back to the login screen with a notification that your password has been changed. Enter your new password to log back into your GitLab instance:
GitLab selects some reasonable defaults, but these are not usually appropriate once you start using the software.
To make the necessary modifications, click on the user icon in the upper-right corner of the navigation bar and select Edit Profile.
You can adjust the Name and Email address from “Administrator” and “[email protected]” to something more accurate. The name you select will be displayed to other users, while the email will be used for default avatar detection, notifications, Git actions through the interface, and more:
Click on the Update Profile settings button at the bottom when you are finished with your updates. You’ll be prompted to enter your password to confirm changes.
A confirmation email will be sent to the address you provided. Follow the instructions in the email to confirm your account so that you can begin using it with GitLab.
Next, select Account in the left navigation bar:
Here, you can enable two-factor authentication and change your username. By default, the first administrative account is given the name root. Since this is a known account name, it is more secure to change this to a different name. You will still have administrative privileges; the only thing that will change is the name. Replace root with your preferred username:
Click on the Update username button to make the change. You’ll be prompted to confirm the change thereafter.
Next time you log into GitLab, remember to use your new username.
You can enable SSH keys with Git to interact with your GitLab projects. To do this, you need to add your SSH public key to your GitLab account.
In the left navigation bar, select SSH Keys:
If you already have an SSH key pair created on your local computer, you can view the public key by typing:
cat ~/.ssh/id_rsa.pub
Outputssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMuyMtMl6aWwqBCvQx7YXvZd7bCFVDsyln3yh5/8Pu23LW88VXfJgsBvhZZ9W0rPBGYyzE/TDzwwITvVQcKrwQrvQlYxTVbqZQDlmsC41HnwDfGFXg+QouZemQ2YgMeHfBzy+w26/gg480nC2PPNd0OG79+e7gFVrTL79JA/MyePBugvYqOAbl30h7M1a7EHP3IV5DQUQg4YUq49v4d3AvM0aia4EUowJs0P/j83nsZt8yiE2JEYR03kDgT/qziPK7LnVFqpFDSPC3MR3b8B354E9Af4C/JHgvglv2tsxOyvKupyZonbyr68CqSorO2rAwY/jWFEiArIaVuDiR9YM5 sammy@mydesktop
Copy this text and enter it into the Key text box inside your GitLab instance.
If, instead, you get a different message, you do not yet have an SSH key pair configured on your machine:
Outputcat: /home/sammy/.ssh/id_rsa.pub: No such file or directory
If this is the case, you can create an SSH key pair by entering the following command:
ssh-keygen
Accept the defaults and optionally provide a password to secure the key locally:
OutputGenerating public/private rsa key pair. Enter file in which to save the key (/home/sammy/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sammy/.ssh/id_rsa. Your public key has been saved in /home/sammy/.ssh/id_rsa.pub. The key fingerprint is: SHA256:I8v5/M5xOicZRZq/XRcSBNxTQV2BZszjlWaIHi5chc0 [email protected] The key’s randomart image is: +—[RSA 2048]—-+ | ..%o==B| | *.E =.| | . ++= B | | ooo.o . | | . S .o . .| | . + .. . o| | + .o.o ..| | o .++o . | | oo=+ | +—-[SHA256]—–+
Once you have this, you can display your public key as the previous example by entering this command:
cat ~/.ssh/id_rsa.pub
Outputssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMuyMtMl6aWwqBCvQx7YXvZd7bCFVDsyln3yh5/8Pu23LW88VXfJgsBvhZZ9W0rPBGYyzE/TDzwwITvVQcKrwQrvQlYxTVbqZQDlmsC41HnwDfGFXg+QouZemQ2YgMeHfBzy+w26/gg480nC2PPNd0OG79+e7gFVrTL79JA/MyePBugvYqOAbl30h7M1a7EHP3IV5DQUQg4YUq49v4d3AvM0aia4EUowJs0P/j83nsZt8yiE2JEYR03kDgT/qziPK7LnVFqpFDSPC3MR3b8B354E9Af4C/JHgvglv2tsxOyvKupyZonbyr68CqSorO2rAwY/jWFEiArIaVuDiR9YM5 sammy@mydesktop
Insert this block of text in the output and enter it into the Key text box inside your GitLab instance. Give it a descriptive title, and click the Add key button.
Now you’re able to manage your GitLab projects and repositories from your local machine without having to provide your GitLab account credentials.
With your current setup, it is possible for anyone to sign up for an account when you visit your GitLab instance’s landing page. This may be what you want if you are seeking to host a public project. However, many times, more restrictive settings are desirable.
To begin, navigate to the administrative area by clicking on the hamburger menu in the top navigation bar and select Admin from the drop-down:
Select Settings from the left navigation bar:
You will be taken to the global settings for your GitLab instance. Here, you can adjust a number of settings that affect whether new users can sign up and their level of access.
If you wish to disable sign-ups completely, scroll to the Sign-up Restrictions section and press Expand to view the options.
Then deselect the Sign-up enabled check box:
Remember to click on the Save changes button after making your changes.
The sign-up section is now removed from the GitLab landing page.
If you are using GitLab as part of an organization that provides email addresses associated with a domain, you can restrict sign-ups by domain instead of completely disabling them.
In the Sign-up Restrictions section, select the Send confirmation email on sign-up box, which will allow users to log in only after they’ve confirmed their email.
Next, add your domain or domains to the Whitelisted domains for sign-ups box, one domain per line. You can use the asterisk “*” to specify wildcard domains:
When you’re finished, click on the Save changes button.
The sign-up section is now removed from the GitLab landing page.
By default, new users can create up to 10 projects. If you wish to allow new users from the outside for visibility and participation, but want to restrict their access to creating new projects, you can do so in the Account and Limit Settings section.
Inside, you can change the Default projects limit to 0 to completely disable new users from creating projects:
New users can still be added to projects manually and have access to internal or public projects created by other users.
After your updates, remember to click on the Save changes button.
New users will now be able to create accounts, but unable to create projects.
By default, GitLab has a scheduled task set up to renew Let’s Encrypt certificates after midnight every fourth day, with the exact minute based on your
external_url
. You can modify these settings in the
/etc/gitlab/gitlab.rb
file.
For example, if you wanted to renew every 7th day at 12:30, you can configure it to do so. First, navigate to the configuration file:
sudo nano /etc/gitlab/gitlab.rb
Then, find the following lines in the file and remove the and update it with following:
... ################################################################################ # Let's Encrypt integration ################################################################################ # letsencrypt['enable'] = nil letsencrypt['contact_emails'] = ['sammy@digitalocean'] # This should be an array of email addresses to add as contacts # letsencrypt['group'] = 'root' # letsencrypt['key_size'] = 2048 # letsencrypt['owner'] = 'root' # letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www' # See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these settings letsencrypt['auto_renew'] = true letsencrypt['auto_renew_hour'] = "12" letsencrypt['auto_renew_minute'] = "30" letsencrypt['auto_renew_day_of_month'] = "*/7" ...
You can also disable auto-renewal by setting the
letsencrypt['auto_renew']
to
false
:
... letsencrypt['auto_renew'] = false ...
With auto-renewals in place, you don’t need to worry about service interruptions.
You now have a working GitLab instance hosted on your own server. You can begin to import or create new projects and configure the appropriate level of access for a team. GitLab is regularly adding features and making updates to their platform, so be sure to check out the project’s home page to stay up-to-date on any improvements or important notices.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Click below to sign up and get $200 of credit to try our products over 60 days!
Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
- Before you begin
- Secure the server
- Install GitLab
- Configure GitLab
- Next steps
Tutorial: Install and secure a single node GitLab instance
In this tutorial you will learn how to install and securely configure a single node GitLab instance that can accommodate up to 1,000 users.
To install a single node GitLab instance and configure it to be secure:
Installation
In order to install GitLab, you will need a server with at least two cores and 4GB of RAM. If you’re running this on a virtual machine, make sure the VM exceeds those resources.
The first thing you must do is run an update or upgrade. Please know that–should the kernel upgrade–a reboot will be necessary. If this is a production machine, make sure to run this process during off hours.
Open up a terminal window on the server and issue the commands:
sudo apt update
sudo apt upgrade
Once those commands run, you are ready to install GitLab (assuming you don’t have to reboot the server).
The first thing that must be installed is the necessary dependencies. This can be handled with the following command:
sudo apt-get install ca-certificates curl openssh-server postfix
During the above installation, you will be asked how to configure Postfix. Select Internet site, and then enter either the domain or the IP address of the server. If you’re users are familiar with Linux, you could always select a local-only Postfix configuration, knowing that all users would have to use the mail command on the server to check to see if they have any mail delivered by GitLab. If you do go that route, you’ll need to install the mailutils package, like so:
sudo apt install mailutils
With the dependencies ready, we must install the necessary repository with the following commands:
curl -LO https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh
cd /tmpsudo bash /tmp/script.deb.sh
Finally, install GitLab with the command:
sudo apt-get install gitlab-ce
Enabling the GitLab container registry
Follow these steps to enable the container registry. These steps reflect those for configuring the container registry under an existing domain:
-
Make the following changes to
/etc/gitlab/gitlab.rb
:
# Change external_registry_url to match external_url, but append the port 4567 external_url "https://gitlab.example.com" registry_external_url "https://gitlab.example.com:4567"
-
Reconfigure your instance to apply the changes:
sudo gitlab-ctl reconfigure
Enabling the Package Metadata Database
Enabling the Package Metadata Database is required to enable Continuous Vulnerability Scanning and license scanning of CycloneDX files. This process requires the use of License and/or Advisory Data under what is collectively called the Package Metadata Database, which is licensed under the EE License. Note the following in relation to use of the Package Metadata Database:
- We may change or discontinue all or any part of the Package Metadata Database, at any time and without notice, at our sole discretion.
- The Package Metadata Database may contain links to third-party websites or resources. We provide these links only as a convenience and are not responsible for any third-party data, content, products, or services from those websites or resources or links displayed on such websites.
- The Package Metadata Database is based in part on information made available by third parties, and GitLab is not responsible for the accuracy or completeness of content made available.
Package metadata is stored in the following Google Cloud Provider (GCP) buckets:
- License Scanning – prod-export-license-bucket-1a6c642fc4de57d4
- Dependency Scanning – prod-export-advisory-bucket-1a6c642fc4de57d4
Using the gsutil tool to download the package metadata exports
-
Install the
gsutil
tool. -
Find the root of the GitLab Rails directory.
export GITLAB_RAILS_ROOT_DIR="$(gitlab-rails runner 'puts Rails.root.to_s')" echo $GITLAB_RAILS_ROOT_DIR
-
Set the type of data you wish to sync.
# For License Scanning export PKG_METADATA_BUCKET=prod-export-license-bucket-1a6c642fc4de57d4 export DATA_DIR="licenses" # For Dependency Scanning export PKG_METADATA_BUCKET=prod-export-advisory-bucket-1a6c642fc4de57d4 export DATA_DIR="advisories"
-
Download the package metadata exports.
# To download the package metadata exports, an outbound connection to Google Cloud Storage bucket must be allowed. # Skip v1 objects using -y "^v1\/" to only download v2 objects. v1 data is no longer used and deprecated since 16.3. mkdir -p "$GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/$DATA_DIR" gsutil -m rsync -r -d -y "^v1\/" gs://$PKG_METADATA_BUCKET "$GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/$DATA_DIR" # Alternatively, if the GitLab instance is not allowed to connect to the Google Cloud Storage bucket, the package metadata # exports can be downloaded using a machine with the allowed access, and then copied to the root of the GitLab Rails directory. rsync rsync://[email protected]/package_metadata/$DATA_DIR "$GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/$DATA_DIR"
Using the Google Cloud Storage REST API to download the package metadata exports
The package metadata exports can also be downloaded using the Google Cloud Storage API. The contents are available at https://storage.googleapis.com/storage/v1/b/prod-export-license-bucket-1a6c642fc4de57d4/o and https://storage.googleapis.com/storage/v1/b/prod-export-advisory-bucket-1a6c642fc4de57d4/o. The following is an example of how this can be downloaded using cURL and jq.
#!/bin/bash set -euo pipefail DATA_TYPE=$1 GITLAB_RAILS_ROOT_DIR="$(gitlab-rails runner 'puts Rails.root.to_s')" if [ "$DATA_TYPE" == "license" ]; then PKG_METADATA_DIR="$GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/licenses" elif [ "$DATA_TYPE" == "advisory" ]; then PKG_METADATA_DIR="$GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/advisories" else echo "Usage: import_script.sh [licenses|advisories]" exit 1 fi PKG_METADATA_BUCKET="prod-export-$DATA_TYPE-bucket-1a6c642fc4de57d4" PKG_METADATA_MANIFEST_OUTPUT_FILE="/tmp/package_metadata_${DATA_TYPE}_export_manifest.json" PKG_METADATA_DOWNLOADS_OUTPUT_FILE="/tmp/package_metadata_${DATA_TYPE}_object_links.tsv" # Download the contents of the bucket # Filter results using `prefix=v2` to only download v2 objects. v1 data is no longer used and deprecated since 16.3. # Maximum number of objects returned by the API seems to be 5000 and there are currently (2023-12-21) 2650 objects for V2 dataset. curl --silent --show-error --request GET "https://storage.googleapis.com/storage/v1/b/$PKG_METADATA_BUCKET/o?prefix=v2%2f&maxResults=5000" > "$PKG_METADATA_MANIFEST_OUTPUT_FILE" # Parse the links and names for the bucket objects and output them into a tsv file jq -r '.items[] | [.name, .mediaLink] | @tsv' "$PKG_METADATA_MANIFEST_OUTPUT_FILE" > "$PKG_METADATA_DOWNLOADS_OUTPUT_FILE" echo -e "Saving package metadata exports to $PKG_METADATA_DIR\n" # Track how many objects will be downloaded INDEX=1 TOTAL_OBJECT_COUNT="$(wc -l $PKG_METADATA_DOWNLOADS_OUTPUT_FILE | awk '{print $1}')" # Download the objects while IFS= read -r line; do FILE="$(echo -n $line | awk '{print $1}')" URL="$(echo -n $line | awk '{print $2}')" OUTPUT_DIR="$(dirname $PKG_METADATA_DIR/$FILE)" OUTPUT_PATH="$PKG_METADATA_DIR/$FILE" echo "Downloading $FILE" curl --progress-bar --create-dirs --output "$OUTPUT_PATH" --request "GET" "$URL" echo -e "$INDEX of $TOTAL_OBJECT_COUNT objects downloaded\n" let INDEX=(INDEX+1) done < "$PKG_METADATA_DOWNLOADS_OUTPUT_FILE" echo "All objects saved to $PKG_METADATA_DIR"
Automatic synchronization
Your GitLab instance is synchronized regularly with the contents of the
package_metadata
directory.
To automatically update your local copy with the upstream changes, a cron job can be added to periodically download new exports. For example, the following crontabs can be added to setup a cron job that runs every 30 minutes.
For License Scanning:
*/30 * * * * gsutil -m rsync -r -d -y "^v1\/" gs://prod-export-license-bucket-1a6c642fc4de57d4 $GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/licenses
For Dependency Scanning:
*/30 * * * * gsutil -m rsync -r -d gs://prod-export-advisory-bucket-1a6c642fc4de57d4 $GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/advisories
Change note
The directory for package metadata changed with the release of 16.2 from
vendor/package_metadata_db
to
vendor/package_metadata/licenses
. If this directory already exists on the instance and Dependency Scanning needs to be added then you need to take the following steps.
-
Rename the licenses directory:
mv vendor/package_metadata_db vendor/package_metadata/licenses
. -
Update any automation scripts or commands saved to change
vendor/package_metadata_db
to
vendor/package_metadata/licenses
. -
Update any cron entries to change
vendor/package_metadata_db
to
vendor/package_metadata/licenses
.
sed -i '.bckup' -e 's#vendor/package_metadata_db#vendor/package_metadata/licenses#g' [FILE ...]
Troubleshooting
Missing database data
If license or advisory data is missing from the dependency list or MR pages, one possible cause of this is that the database has not been synchronized with the export data.
package_metadata
synchronization is triggered by using cron jobs (advisory sync and license sync) and imports only the package registry types enabled in admin settings.
The file structure in
vendor/package_metadata
must coincide with the package registry type enabled above. For example, to sync
maven
license or advisory data, the package metadata directory under the Rails directory must have the following structure:
-
For licenses:
$GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/licenses/v2/maven/**/*.ndjson
. -
For advisories:
$GITLAB_RAILS_ROOT_DIR/vendor/package_metadata/advisories/v2/maven/**/*.ndjson
.
After a successful run, data under the
pm_
tables in the database should be populated (check using Rails console):
-
For licenses:
sudo gitlab-rails runner "puts \"Package model has #{PackageMetadata::Package.where(purl_type: 'maven').size} packages\""
-
For advisories:
sudo gitlab-rails runner "puts \"Advisory model has #{PackageMetadata::AffectedPackage.where(purl_type: 'maven').size} packages\""
Additionally, checkpoint data should exist for the particular package registry being synchronized. For Maven, for example, there should be a checkpoint created after a successful sync run:
-
For licenses:
sudo gitlab-rails runner "puts \"maven data has been synced up to #{PackageMetadata::Checkpoint.where(data_type: 'licenses', purl_type: 'maven')}\""
-
For advisories:
sudo gitlab-rails runner "puts \"maven data has been synced up to #{PackageMetadata::Checkpoint.where(data_type: 'advisories', purl_type: 'maven')}\""
Finally, you can check the
application_json.log
logs to verify that the
sync job has run and is without error by searching for
DEBUG
messages where the class is
PackageMetadata::SyncService
. Example:
{"severity":"DEBUG","time":"2023-06-22T16:41:00.825Z","correlation_id":"a6e80150836b4bb317313a3fe6d0bbd6","class":"PackageMetadata::SyncService","message":"Evaluating data for licenses:gcp/prod-export-license-bucket-1a6c642fc4de57d4/v2/pypi/1694703741/0.ndjson"}
.
If you’re a Git user, you know that having local repositories that can be accessed via a local LAN (or external WAN) is a crucial element of the development process. You can certainly opt to go with GitHub, but that negates the ability to host locally. So when you want to host your own repositories, where do you turn?
In a word, GitLab.
GitLab allows you to host an on-premise Git repository that can be accessed from either your local LAN or (if you have an available public IP address) from outside your company. GitLab is fairly easy to install and incredibly simple to use. I’m going to walk you through the process of installing GitLab on Ubuntu Server 16.04. I will assume you already have Ubuntu Server up and running, and have access to an account with sudo rights.
Let’s install.
Welcome to the Lab
Congratulations, you now have your local GitLab up and running. If you’ve used GitHub, you will be instantly familiar with how GitLab works. Enjoy the power of Git, from within your local network.
Subscribe to the Cloud Insider Newsletter
This is your go-to resource for the latest news and tips on the following topics and more, XaaS, AWS, Microsoft Azure, DevOps, virtualization, the hybrid cloud, and cloud security. Delivered Mondays and Wednesdays
Install GitLab
You can install GitLab on most GNU/Linux distributions, on several cloud providers, and in Kubernetes clusters. To get the best experience, you should balance performance, reliability, ease of administration (backups, upgrades, and troubleshooting) with the cost of hosting.
Installation system requirements
Prerequisites for installation. |
Installation methods
Linux, Helm, Docker, Operator, source, or scripts. |
Install GitLab on a cloud provider
AWS, Google Cloud Platform, Azure. |
Offline GitLab
Isolated installation. |
Reference architectures
Recommended deployments at scale. |
Upgrade GitLab
Latest version instructions. |
Install GitLab Runner
Software for CI/CD jobs. |
Configure GitLab Runner
Config.toml, certificates, autoscaling, proxy setup. |
Install gitlab on your local server
Gitlab is version control web application based on git, it provides many other features and becoming one of the most important devops platforms. But did you know that you can get a local version of gitlab on a local server in your company datacenter or on the cloud because many enterprise companies prefer to have their own instances of the application.
First of all you need a linux machine to install the system on, for this example i am going to use ubuntu and here are the steps:
1- Install the official repository for gitlab :
2- Install gitlab ce pacakge :
3- Open gitlab config file under path :
and edit the external_url to match your domain name.
4- Reconfigure gitlab using the command :
5- Get the password from the file :
6- Open your browser and type your domain name.
Congrats.. you now have local instance of gitlab installed on your local server.
Installation
my-host.internal, which you should replace with your server’s FQDN, and that you have access to a different server with Internet access to download the required package files.
For a video walkthrough of this process, see Offline GitLab Installation: Downloading & Installing.
Download the GitLab package
You should manually download the GitLab package and relevant dependencies using a server of the same operating system type that has access to the Internet.
If your offline environment has no local network access, you must manually transport the relevant package through physical media, such as a USB drive.
In Ubuntu, this can be performed on a server with Internet access using the following commands:
# Download the bash script to prepare the repository curl --silent "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh" | sudo bash # Download the gitlab-ee package and dependencies to /var/cache/apt/archives sudo apt-get install --download-only gitlab-ee # Copy the contents of the apt download folder to a mounted media device sudo cp /var/cache/apt/archives/*.deb /path/to/mount
Install the GitLab package
Prerequisites:
- Before installing the GitLab package on your offline environment, ensure that you have installed all required dependencies first.
If you are using Ubuntu, you can install the dependency
.deb
packages you copied across with
dpkg
. Do not install the GitLab package yet.
# Navigate to the physical media device sudo cd /path/to/mount # Install the dependency packages sudo dpkg -i.deb
Use the relevant commands for your operating system to install the package but make sure to specify an
http
URL for the
EXTERNAL_URL
installation step. Once installed, we can manually
configure the SSL ourselves.
It is strongly recommended to setup a domain for IP resolution rather than bind to the server’s IP address. This better ensures a stable target for our certs’ CN and makes long-term resolution simpler.
The following example for Ubuntu specifies the
EXTERNAL_URL
using HTTP and installs the GitLab package:
sudo EXTERNAL_URL="http://my-host.internal" dpkg -i
.deb
GitLab features at a glance
The main features of GitLab include:
- User-friendly interface
- Branches can remain private or can be shared publicly
- Ability to manage multiple repositories
- Code review
- Built-in bug and issue tracking
- Built-in, free continuous integration/delivery (CI/CD)
- Project wikis
- Easy creation of code snippets for sharing parts of the code
Allow the Docker daemon to trust the registry and GitLab Runner
Provide your Docker daemon with your certs by following the steps for using trusted certificates with your registry:
sudo mkdir -p /etc/docker/certs.d/my-host.internal:5000 sudo cp /etc/gitlab/ssl/my-host.internal.crt /etc/docker/certs.d/my-host.internal:5000/ca.crt
Provide your GitLab Runner (to be installed next) with your certs by following the steps for using trusted certificates with your runner:
sudo mkdir -p /etc/gitlab-runner/certs sudo cp /etc/gitlab/ssl/my-host.internal.crt /etc/gitlab-runner/certs/ca.crt
Install GitLab
Now that your server is set up, install GitLab:
-
Install and configure the necessary dependencies:
sudo apt update sudo apt install -y curl openssh-server ca-certificates perl locales
-
Configure the system language:
-
Edit
/etc/locale.gen
and make sure
en_US.UTF-8
is uncommented. -
Regenerate the languages:
sudo locale-gen
-
Edit
- Edit
-
Add the GitLab package repository and install the package:
curl "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh" | sudo bash
To see the contents of the script, visit https://packages.gitlab.com/gitlab/gitlab-ee/install.
-
Install the GitLab package. Provide a strong password with
GITLAB_ROOT_PASSWORD
and replace the
EXTERNAL_URL
with your own. Don’t forget to include
https
in the URL, so that a Let’s Encrypt certificate is issued.
sudo GITLAB_ROOT_PASSWORD="strong password" EXTERNAL_URL="https://gitlab.example.com" apt install gitlab-ee
To learn more about the Let’s Encrypt certificate or even use your own, read how to configure GitLab with TLS.
If the password you set wasn’t picked up, read more about resetting the root account password.
-
After a few minutes, GitLab is installed. Sign in using the URL you set up in
EXTERNAL_URL
. Use
root
as the username and the password you set up in
GITLAB_ROOT_PASSWORD
.
Now it’s time to configure GitLab!
Next steps
In this tutorial, you learned how to set up your server to be more secure, how to install GitLab, and how to configure GitLab to meet some security standards. Some other steps you can take to secure GitLab include:
- Disabling sign ups. By default, a new GitLab instance has sign up enabled by default. If you don’t plan to make your GitLab instance public, you should to disable sign ups.
- Allowing or denying sign ups using specific email domains.
- Setting a minimum password length limit for new users.
- Enforcing two-factor authentication for all users.
There are many other things you can configure apart from hardening your GitLab instance, like configuring your own runners to leverage the CI/CD features that GitLab has to offer, or properly backing up your instance.
You can read more about the steps to take after the installation.
GitLab Tutorial – installation and first steps in GitLab
GitLab is a popular version control system (VCS) that is mainly used in software development. This web-based software was written and published in the “Ruby on Rails” programming language in 2011 by Dmitri Saparoschez and is now considered an indispensable tool among the developer community.
The main advantage of GitLab is that it makes cross-team, agile software development much easier. Several developers can work on a project at the same time and edit different features in parallel, for example. Continuous logging of processes ensures that changes to the code are not lost or accidentally overwritten. In addition, changes that have already been made can be easily undone.
GitLab is based on the widely used Git version control software. As open source software, Git is freely accessible and is one of the most popular version control systems. GitLab is one of the leading alternatives to GitHub (many users switched to GitLab when GitHub was acquired by Microsoft in 2018).
- How does GitLab work?
- GitLab features at a glance
- GitLab licensing and delivery models
-
GitLab Basics: Hosting and installing
- Hosting GitLab yourself or using a cloud solution
- Installing GitLab on Linux servers
- Installing GitLab on Windows
- Gitlab tutorial – first steps in GitLab
Secure the server
Before installing GitLab, start by configuring your server to be a bit more secure.
Configure the firewall
You need to open ports 22 (SSH), 80 (HTTP), and 443 (HTTPS). You can do this by either using your cloud provider’s console, or at the server level.
In this example, you’ll configure the firewall using
ufw
.
You’ll deny access to all ports, allow ports 80 and 443, and finally, rate limit access to port 22.
ufw
can deny connections from an IP address that has attempted to initiate 6 or more
connections in the last 30 seconds.
-
Install
ufw
:
sudo apt install ufw
-
Enable and start the
ufw
service:
sudo systemctl enable --now ufw
-
Deny all other ports except the required ones:
sudo ufw default deny sudo ufw allow http sudo ufw allow https sudo ufw limit ssh/tcp
-
Finally, activate the settings. The following needs to run only once, the first time you install the package. Answer yes (
) when prompted:
sudo ufw enable
-
Verify that the rules are present:
$ sudo ufw status Status: active To Action From -- ------ ---- 80/tcp ALLOW Anywhere 443 ALLOW Anywhere 22/tcp LIMIT Anywhere 80/tcp (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6) 22/tcp (v6) LIMIT Anywhere (v6)
Configure the SSH server
To further secure your server, configure SSH to accept public key authentication, and disable some features that are potential security risks.
-
Open
/etc/ssh/sshd_config
with your editor and make sure the following are present:
PubkeyAuthentication yes PasswordAuthentication yes UsePAM yes UseDNS no AllowTcpForwarding no X11Forwarding no PrintMotd no PermitTunnel no # Allow client to pass locale environment variables AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server # Protocol adjustments, these would be needed/recommended in a FIPS or # FedRAMP deployment, and use only strong and proven algorithm choices Protocol 2 Ciphers aes128-ctr,aes192-ctr,aes256-ctr HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 Macs hmac-sha2-256,hmac-sha2-512
-
Save the file and restart the SSH server:
sudo systemctl restart ssh
If restarting SSH fails, check that you don’t have any duplicate entries in
/etc/ssh/sshd_config
.
Ensure only authorized users are using SSH for Git access
Next, ensure that users cannot pull down projects using SSH unless they have a valid GitLab account that can perform Git operations over SSH.
To ensure that only authorized users are using SSH for Git access:
-
Add the following to your
/etc/ssh/sshd_config
file:
# Ensure only authorized users are using Git AcceptEnv GIT_PROTOCOL
-
Save the file and restart the SSH server:
sudo systemctl restart ssh
Make some kernel adjustments
Kernel adjustments do not completely eliminate the threat of an attack, but they add an extra layer of security.
-
Open a new file with your editor under
/etc/sysctl.d
, for example
/etc/sysctl.d/99-gitlab-hardening.conf
, and add the following.The naming and source directory decide the order of processing, which is important because the last parameter processed might override earlier ones.
## ## The following help mitigate out of bounds, null pointer dereference, heap and ## buffer overflow bugs, use-after-free etc from being exploited. It does not 100% ## fix the issues, but seriously hampers exploitation. ## # Default is 65536, 4096 helps mitigate memory issues used in exploitation vm.mmap_min_addr=4096 # Default is 0, randomize virtual address space in memory, makes vuln exploitation # harder kernel.randomize_va_space=2 # Restrict kernel pointer access (for example, cat /proc/kallsyms) for exploit assistance kernel.kptr_restrict=2 # Restrict verbose kernel errors in dmesg kernel.dmesg_restrict=1 # Restrict eBPF kernel.unprivileged_bpf_disabled=1 net.core.bpf_jit_harden=2 # Prevent common use-after-free exploits vm.unprivileged_userfaultfd=0 ## Networking tweaks ## ## ## Prevent common attacks at the IP stack layer ## # Prevent SYNFLOOD denial of service attacks net.ipv4.tcp_syncookies=1 # Prevent time wait assassination attacks net.ipv4.tcp_rfc1337=1 # IP spoofing/source routing protection net.ipv4.conf.all.rp_filter=1 net.ipv4.conf.default.rp_filter=1 net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.default.accept_ra=0 net.ipv4.conf.all.accept_source_route=0 net.ipv4.conf.default.accept_source_route=0 net.ipv6.conf.all.accept_source_route=0 net.ipv6.conf.default.accept_source_route=0 # IP redirection protection net.ipv4.conf.all.accept_redirects=0 net.ipv4.conf.default.accept_redirects=0 net.ipv4.conf.all.secure_redirects=0 net.ipv4.conf.default.secure_redirects=0 net.ipv6.conf.all.accept_redirects=0 net.ipv6.conf.default.accept_redirects=0 net.ipv4.conf.all.send_redirects=0 net.ipv4.conf.default.send_redirects=0
-
On the next server reboot, the values will be loaded automatically. To load them immediately:
sudo sysctl --system
Great work, you’ve completed the steps to secure your server! Now you’re ready to install GitLab.
Conclusion
Hopefully, now you have learned how to install GitLab on Ubuntu 22.04.
Also Read: How to Use Iperf to Test Network Performance
Thank You 🙂
- Installation
- Enabling SSL
- Enabling the GitLab container registry
- Allow the Docker daemon to trust the registry and GitLab Runner
- Enabling GitLab Runner
- Enabling the Package Metadata Database
Install an offline self-managed GitLab instance
This is a step-by-step guide that helps you install, configure, and use a self-managed GitLab instance entirely offline.
Adding ssh keys
In order to push or pull to your projects, you must add remote machine account ssh-keys to your new GitLab account. To do this, find the ssh pubkey on the remote machine–on Linux you can do this by issuing the command cat ~/.ssh/id_rsa.pub and copying the output. Back on your GitLab account, click the Profile drop-down in the upper right corner and click Settings. In the Settings window, click SSH Keys (Figure B).
Figure B
Copy the contents of the SSH pubkey in the Key section, give the key a title, and click Add key. With the public key added, you should now be able to push and pull changes to the GitLab server.
Enabling the GitLab container registry
Follow these steps to enable the container registry. These steps reflect those for configuring the container registry under an existing domain:
-
Make the following changes to
/etc/gitlab/gitlab.rb
:
# Change external_registry_url to match external_url, but append the port 4567 external_url "https://gitlab.example.com" registry_external_url "https://gitlab.example.com:4567"
-
Reconfigure your instance to apply the changes:
sudo gitlab-ctl reconfigure
Configure GitLab
GitLab comes with some sane default configuration options. In this section, we will change them to add more functionality, and make GitLab more secure.
For some of the options you’ll use the Admin Area UI, and for some of them you’ll
edit
/etc/gitlab/gitlab.rb
, the GitLab configuration file.
Configure NGINX
NGINX is used to serve up the web interface used to access the GitLab instance. For more information about configuring NGINX to be more secure, read about hardening NGINX.
Configure emails
Next, you’ll set up and configure an email service. Emails are important for verifying new sign ups, resetting passwords, and notifying you of GitLab activity.
Configure SMTP
In this tutorial, you’ll set up an SMTP server and use the Mailgun SMTP provider.
First, start by creating an encrypted file that will contain the login credentials, and then configure SMTP for the Linux package:
-
Create a YAML file (for example
smtp.yaml
) that contains the credentials for the SMTP server.Your SMTP password must not contain any string delimiters used in Ruby or YAML (for example,
) to avoid unexpected behavior during the processing of configuration settings.
user_name: '
' password: '
-
Encrypt the file:
cat smtp.yaml | sudo gitlab-rake gitlab:smtp:secret:write
By default, the encrypted file is stored under
/var/opt/gitlab/gitlab-rails/shared/encrypted_configuration/smtp.yaml.enc
. -
Remove the YAML file:
rm -f smtp.yaml
-
Edit
/etc/gitlab/gitlab.rb
and set up the rest of the SMTP settings. Make sure
gitlab_rails['smtp_user_name']
and
gitlab_rails['smtp_password']
are not present, as we’ve already set them up as encrypted.
gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.mailgun.org" # or smtp.eu.mailgun.org gitlab_rails['smtp_port'] = 587 gitlab_rails['smtp_authentication'] = "plain" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_domain'] = "
-
Save the file and reconfigure GitLab:
sudo gitlab-ctl reconfigure
You should now be able to send emails. To test that the configuration worked:
-
Enter the Rails console:
sudo gitlab-rails console
-
Run the following command at the console prompt to make GitLab send a test email:
Notify.test_email('
', 'Message Subject', 'Message Body').deliver_now
If you’re unable to send emails, see the SMTP troubleshooting section.
Enable the email verification
Account email verification provides an additional layer of GitLab account security. When some conditions are met, for example, if there are three or more failed sign-in attempts in 24 hours, an account is locked.
This feature is behind a feature flag. To enable it:
-
Enter the Rails console:
sudo gitlab-rails console
-
Enable the feature flag:
Feature.enable(:require_email_verification)
-
Check if it’s enabled (should return
true
):
Feature.enabled?(:require_email_verification)
For more information, read about account email verification.
Sign outgoing email with S/MIME
Notification emails sent by GitLab can be signed with S/MIME for improved security.
A single pair of key and certificate files must be provided:
- Both files must be PEM-encoded.
- The key file must be unencrypted so that GitLab can read it without user intervention.
- Only RSA keys are supported.
- Optional. You can provide a bundle of Certificate Authority (CA) certs (PEM-encoded) to include on each signature. This is typically an intermediate CA.
- Buy your certificate from a CA.
-
Edit
/etc/gitlab/gitlab.rb
and adapt the file paths:
gitlab_rails['gitlab_email_smime_enabled'] = true gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key' gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
-
Save the file and reconfigure GitLab:
sudo gitlab-ctl reconfigure
For more information, read about signing outgoing email with S/MIME.
Keywords searched by users: install gitlab on local server
Categories: Tìm thấy 24 Install Gitlab On Local Server
See more here: kientrucannam.vn
See more: https://kientrucannam.vn/vn/