Posts Install and Configure Gitlab CE Server in AWS
Post
Cancel

Install and Configure Gitlab CE Server in AWS

Introduction

Hey there, this is the first part of my blog series Getting started with CI/CD on AWS platform using GitLab CE


GitLab Community Edition (CE) is an open source end-to-end software development platform with built-in version control, issue tracking, code review, CI/CD and much more, check official documentation for more information. Due to security considerations, we have provisioned our own private GitLab-CE server for many of our clients builds even though gitlab.com hosted solution and many pre-configured AMIs are available in AWS. Here are the steps to set-up a Gitlab-CE server.


Provision EC2 Instance


  • Provision a t2.medium instance [ CentOS 7 AMI ]

  • Open HTTP, HTTPS and SSH connections in Security Group settings

  • Enable basic monitoring for the EC2 instance ( StatusCheckFailed )

  • Assign an EIP

  • Set host level firewall rules to allow incoming SSH, HTTP/HTTPS connections only


Basic System setup


  • Install system updates
    1
    
    yum update -y
    
  • Disable SELinux
    1
    
    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
    
  • Install basic system management tools
    1
    
    yum install -y net-tools wget curl lsof screen ntp dstat
    
  • Disable SSH Password Authentification
    1
    
    sed -i 's/PasswordAuthentication\ yes/PasswordAuthentication\ no/g' /etc/ssh/sshd_config
    
  • Set static system hostname
    1
    2
    3
    4
    
    hostnamectl set-hostname gitlab.yourdomain.com
    hostnamectl set-hostname "gitlab.yourdomain.com" --pretty
    hostnamectl set-hostname gitlab.yourdomain.com --static
    hostnamectl set-hostname gitlab.yourdomain.com --transient
    
  • Update /etc/hosts
    1
    
    grep $(hostname) /etc/hosts || echo -e "127.1.0.1\t$(hostname)\t$(hostname -s)" >> /etc/hosts
    
  • Setup NTP Time Synchronization
    1
    2
    3
    
    Edit /etc/ntp.conf and set `server 169.254.169.123 prefer iburst`
    
    systemctl start ntpd; systemctl enable ntpd
    
  • Restart EC2 instance.
    1
    
    reboot
    


Install GitLab CE


  • Install dependencies
    1
    2
    3
    
    yum install -y curl policycoreutils-python openssh-server
    systemctl enable sshd
    systemctl start sshd
    
  • Install and configure Postfix MTA
    1
    2
    3
    
    yum install postfix
    systemctl enable postfix
    systemctl start postfix
    
  • Add the GitLab package repository
    1
    
    curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
    
  • Install Gitlab CE
    1
    
    sudo EXTERNAL_URL="http://gitlab.yourdomain.com" yum install -y gitlab-ce
    
  • Complete the installation

  • Navigate your browser to http://gitlab.yourdomain.com and you will be redirected to reset root password for your installation.


GitLab CE Initial setup


  • Go to http://gitlab.yourdomain.com and login to GitLab using the root credentials you created.

  • Go to profile settings and setup root user’s Email account

  • Go to Admin area - Settings - Sign-up Restrictions and uncheck Sign-up enabled

  • Go to Admin area - Overview: create groups, create users, add users into groups.


GitLab CE Secure using LetsEncrypt Certificates


Let’s secure our GitLab instance using Free LetsEncrypt SSL Certificates

  • Install epel repository
    1
    
    yum install epel-release -y
    
  • Install Certbot
    1
    
    yum install certbot -y
    
  • Create directory for LetsEncrypt verification files
    1
    
    mkdir -p /var/www/public/letsencrypt
    
  • Update Gitlab Nginx Configuration
    1
    2
    3
    
    Edit /etc/gitlab/gitlab.rb and in GitLab NGINX add following line
    
    nginx['custom_gitlab_server_config'] = "location ^~ /.well-known { root /var/www/public/letsencrypt; }"
    
  • Reconfigure GitLab
    1
    
    gitlab-ctl reconfigure
    
  • Request SSL Certificates
    1
    
    certbot certonly --webroot --webroot-path=/var/www/public/letsencrypt -d gitlab.yourdomain.com
    
  • Update Gitlab Nginx Configuration
    1
    
    Edit /etc/gitlab/gitlab.rb and
    
1
2
3
4
5
6
7
8
9
1 Update external_url to use https
  external_url 'https://gitlab.yourdomain.com'

2 Update redirect_http_to_https settings and set to true
  nginx['redirect_http_to_https'] = true

3 Specify SSL Certificates
  nginx['ssl_certificate'] = "/etc/letsencrypt/live/gitlab.yourdomain.com/fullchain.pem"
  nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/gitlab.yourdomain.com/privkey.pem"
  • Reconfigure GitLab
    1
    
    gitlab-ctl reconfigure
    
  • Setup cronjob for SSL renewal
    1
    2
    
    crontab -e
    0 2 1 * * root /usr/bin/certbot renew --quiet --renew-hook "/usr/bin/gitlab-ctl restart nginx"
    




Alright, now we have our GitLab instance up and running.

  • Provisioned EC2 Instance
  • Installed GitLab CE
  • Configured Users and Groups
  • Secured GitLab using LetsEncrypt SSL Certificates
  • Enabled auto renewal for LetsEncrypt SSL Certificates


Tips :

  • Enable backups for GitLab Instance
  • Convert the EC2 instance to a reserverd instance for cost savings.


    Happy Coding !!
This post is licensed under CC BY 4.0 by the author.