Skip to content

Deployment Overview of GitLab on Server

Prerequisites and Basic Requirements

The deployment of GitLab on this server requires specific operating system conditions and privileges. The system is designed to support both Debian-based (Ubuntu, Debian) and RHEL-based distributions.

  • Operating System: Ubuntu, Debian, or RHEL-based distributions.

  • Privileges: Root access or sudo privileges are required to install packages, configure services, and manage firewalls.

  • Network Connectivity: The server must have outbound internet access to download packages from the GitLab repository and for Let's Encrypt certificate validation.

  • Ports:

  • External port: 443 (HTTPS) for secure web access.

  • Internal port: 8080 (internal communication, if applicable).

  • Firewall settings must allow traffic on port 443.

FQDN of the Final Panel

The fully qualified domain name (FQDN) for accessing the GitLab instance follows a specific naming convention based on the deployment zone and server identifier.

  • Domain Zone: hostkey.in

  • URL Format: gl<ServerID>.hostkey.in

  • Protocol: https

  • Final Address Example: gl123.hostkey.in

File and Directory Structure

GitLab stores its configuration, data, and certificates in standard system locations. The primary configuration file is located in the /etc/gitlab directory.

  • Main Configuration File: /etc/gitlab/gitlab.rb

  • Package Repositories:

  • Debian/Ubuntu: /etc/apt/sources.list.d/gitlab_gitlab-ce.list

  • RHEL-based: Configured via the installation script from packages.gitlab.com

  • GPG Keyring: /etc/apt/keyrings/gitlab-ce.gpg (Debian/Ubuntu only)

Application Installation Process

GitLab Community Edition (CE) is installed using the native package managers (apt or yum) after adding the official GitLab repository. The installation includes the core application and initializes the necessary services.

  • Package Name: gitlab-ce

  • Repository Source: https://packages.gitlab.com

  • Installation Steps:

  • Install system prerequisites (curl, gnupg, ca-certificates, apt-transport-https for Debian; bind-utils, curl for RHEL).

  • Add the GitLab GPG key to the system keyring.

  • Add the GitLab repository source list to the APT or YUM configuration.

  • Update the package cache.

  • Install the gitlab-ce package.

  • Run the reconfiguration command to apply settings.

Access Rights and Security

The deployment script modifies system security configurations to ensure GitLab can operate without being blocked by default firewall rules.

  • Firewall Configuration:

  • On RHEL-based systems, the firewalld service is stopped and disabled to prevent blocking GitLab traffic.

  • Ensure that port 443 is open on the server's external firewall.

  • Initial Root Password: The initial password for the GitLab root user is set dynamically during the configuration process via the gitlab_rails['initial_root_password'] parameter in the main configuration file.

  • Let's Encrypt: SSL certificates are managed automatically. The letsencrypt['auto_renew'] setting is enabled to ensure certificates are renewed without manual intervention.

Databases

GitLab includes an integrated database (PostgreSQL) as part of the gitlab-ce package installation. The database is configured and initialized automatically during the gitlab-ctl reconfigure process.

  • Database Type: PostgreSQL (bundled)

  • Connection Method: Internal socket or localhost connection managed by GitLab services.

  • Storage Location: Default data directories managed by the GitLab package (typically under /var/opt/gitlab).

Proxy Servers

GitLab uses an internal proxy configuration to handle HTTPS traffic and SSL termination. The gitlab.rb configuration file sets the external_url to enforce HTTPS access.

  • External URL: Configured to https://gl<ServerID>.hostkey.in.

  • SSL/TLS: Managed by Let's Encrypt via the Omnibus GitLab package.

  • Auto-Renewal: Enabled for SSL certificates.

  • Paths:

  • Internal path: /

  • External path: /

Permission Settings

The installation process requires root privileges to modify system files and configure services. Once installed, GitLab manages file permissions for its own data and configuration files.

  • Configuration File Permissions: /etc/gitlab/gitlab.rb is owned by root and writable by the administrator.

  • Service Execution: GitLab services run under specific system users created by the package (e.g., gitlab-psql, gitlab-shell).

Location of Configuration Files and Data

All critical configuration and data files are centralized within the GitLab installation directories.

Component Location Description
Main Config /etc/gitlab/gitlab.rb Primary configuration file for GitLab settings.
Data Directory /var/opt/gitlab Stores repositories, logs, and database files.
Log Files /var/log/gitlab Contains application and service logs.
SSL Certificates /etc/gitlab/ssl Stores Let's Encrypt certificates (managed automatically).

Available Ports for Connection

The server is configured to expose GitLab services on specific ports for external and internal communication.

  • Port 443: HTTPS (External access for users).

  • Port 8080: Internal port (Used for internal service communication if required).

Starting, Stopping, and Updating

GitLab services are managed using the gitlab-ctl command-line utility provided by the Omnibus package.

  • Start Services: 

    gitlab-ctl start

  • Stop Services: 

    gitlab-ctl stop

  • Restart Services: 

    gitlab-ctl restart

  • Reconfigure (Apply changes to /etc/gitlab/gitlab.rb): 

    gitlab-ctl reconfigure

  • Check Service Status: 

    gitlab-ctl status

  • Update GitLab: After updating the gitlab-ce package via the package manager (apt upgrade gitlab-ce or yum update gitlab-ce), always run gitlab-ctl reconfigure to apply new configurations.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×