Posts Install and Configure Gitlab CE Server in AWS
Post
Cancel

Install and Configure Gitlab CE Server in AWS

Dijeesh Padinharethil Jun 5, 2019 2019-06-05T08:30:00+05:30
May 9, 2021 2021-05-09T16:31:41+05:30 3 min

Introduction

Hey there, this is the first part of my blog series Getting started with CI/CD on AWS platform using GitLab CE


GitLab Community Edition (CE) is an open source end-to-end software development platform with built-in version control, issue tracking, code review, CI/CD and much more, check official documentation for more information. Due to security considerations, we have provisioned our own private GitLab-CE server for many of our clients builds even though gitlab.com hosted solution and many pre-configured AMIs are available in AWS. Here are the steps to set-up a Gitlab-CE server.


Provision EC2 Instance


  • Provision a t2.medium instance [ CentOS 7 AMI ]

  • Open HTTP, HTTPS and SSH connections in Security Group settings

  • Enable basic monitoring for the EC2 instance ( StatusCheckFailed )

  • Assign an EIP

  • Set host level firewall rules to allow incoming SSH, HTTP/HTTPS connections only


Basic System setup


  • Install system updates
    1

    yum update -y
  • Disable SELinux
    1

    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
  • Install basic system management tools
    1

    yum install -y net-tools wget curl lsof screen ntp dstat
  • Disable SSH Password Authentification
    1

    sed -i 's/PasswordAuthentication\ yes/PasswordAuthentication\ no/g' /etc/ssh/sshd_config
  • Set static system hostname
    1
2
3
4

    hostnamectl set-hostname gitlab.yourdomain.com
hostnamectl set-hostname "gitlab.yourdomain.com" --pretty
hostnamectl set-hostname gitlab.yourdomain.com --static
hostnamectl set-hostname gitlab.yourdomain.com --transient
  • Update /etc/hosts
    1

    grep $(hostname) /etc/hosts || echo -e "127.1.0.1\t$(hostname)\t$(hostname -s)" >> /etc/hosts
  • Setup NTP Time Synchronization
    1
2
3

    Edit /etc/ntp.conf and set `server 169.254.169.123 prefer iburst`

systemctl start ntpd; systemctl enable ntpd
  • Restart EC2 instance.
    1

    reboot


Install GitLab CE


  • Install dependencies
    1
2
3

    yum install -y curl policycoreutils-python openssh-server
systemctl enable sshd
systemctl start sshd
  • Install and configure Postfix MTA
    1
2
3

    yum install postfix
systemctl enable postfix
systemctl start postfix
  • Add the GitLab package repository
    1

    curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
  • Install Gitlab CE
    1

    sudo EXTERNAL_URL="http://gitlab.yourdomain.com" yum install -y gitlab-ce

  • Complete the installation

  • Navigate your browser to http://gitlab.yourdomain.com and you will be redirected to reset root password for your installation.


GitLab CE Initial setup


  • Go to http://gitlab.yourdomain.com and login to GitLab using the root credentials you created.

  • Go to profile settings and setup root user’s Email account

  • Go to Admin area - Settings - Sign-up Restrictions and uncheck Sign-up enabled

  • Go to Admin area - Overview: create groups, create users, add users into groups.


GitLab CE Secure using LetsEncrypt Certificates


Let’s secure our GitLab instance using Free LetsEncrypt SSL Certificates

  • Install epel repository
    1

    yum install epel-release -y
  • Install Certbot
    1

    yum install certbot -y
  • Create directory for LetsEncrypt verification files
    1

    mkdir -p /var/www/public/letsencrypt
  • Update Gitlab Nginx Configuration
    1
2
3

    Edit /etc/gitlab/gitlab.rb and in GitLab NGINX add following line

nginx['custom_gitlab_server_config'] = "location ^~ /.well-known { root /var/www/public/letsencrypt; }"
  • Reconfigure GitLab
    1

    gitlab-ctl reconfigure
  • Request SSL Certificates
    1

    certbot certonly --webroot --webroot-path=/var/www/public/letsencrypt -d gitlab.yourdomain.com
  • Update Gitlab Nginx Configuration
    1

    Edit /etc/gitlab/gitlab.rb and

1
2
3
4
5
6
7
8
9

1 Update external_url to use https
  external_url 'https://gitlab.yourdomain.com'

2 Update redirect_http_to_https settings and set to true
  nginx['redirect_http_to_https'] = true

3 Specify SSL Certificates
  nginx['ssl_certificate'] = "/etc/letsencrypt/live/gitlab.yourdomain.com/fullchain.pem"
  nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/gitlab.yourdomain.com/privkey.pem"
  • Reconfigure GitLab
    1

    gitlab-ctl reconfigure
  • Setup cronjob for SSL renewal
    1
2

    crontab -e
0 2 1 * * root /usr/bin/certbot renew --quiet --renew-hook "/usr/bin/gitlab-ctl restart nginx"




Alright, now we have our GitLab instance up and running.

  • Provisioned EC2 Instance
  • Installed GitLab CE
  • Configured Users and Groups
  • Secured GitLab using LetsEncrypt SSL Certificates
  • Enabled auto renewal for LetsEncrypt SSL Certificates


Tips :

  • Enable backups for GitLab Instance
  • Convert the EC2 instance to a reserverd instance for cost savings.


    Happy Coding !!
AWS
devops sysops gitlab-ce git centos7 devops dijeeshpnair
This post is licensed under CC BY 4.0 by the author.
Recent Update
Contents

Juniper SRX DHCP Configuration with Static binding

First look into AWS EKS - Getting started

Comments powered by Disqus.