Debian 10 64 Bits - Installation de Gitlab CE

Gitlab CE avec accès via reverse proxy Nginx

Auteur : Vince Nadus
Date de publication : 9 avril 2024
nginx git gitlab dns

Pré-requis

Configuration machine virtuelle

8GB of Ram 4 vcpus 40GB Disk space

Mise à jour du serveur Debian

apt update apt -y upgrade apt -y install curl ca-certificates

Configure Postfix Send-Only SMTP Server

hostnamectl set-hostname smtp.example.com --static apt install mailutils apt install postfix

Internet Site > smtp.example.com

Configure Postfix MTA Server

/etc/postfix/main.cf

inet_interfaces = loopback-only myhostname=smtp.example.com systemctl restart postfix echo "Postfix Send-Only Server" | mail -s "Postfix Testing" userx@example.com mail -s "Mail Subject" user@example.com < /home/jmutai/file.txt

Installer GitLab CE

Ajouter les dépots de GitLab CE

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | bash

Configuration de base

/etc/gitlab/gitlab.rb
GITLAB_URL="https://git.example.com"

ou alors

export GITLAB_URL="https://git.example.com"
EXTERNAL_URL="${GITLAB_URL}" apt install gitlab-ce

Si vous changer de nom de domaine ou d'URL, réappliquer la commande ci-dessous :

gitlab-ctl reconfigure

Configurer SMTP Gitlab CE

/etc/gitlab/gitlab.rb

gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128', 'X.X.X.X/24']
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.example.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "user@example.com"
gitlab_rails['smtp_password'] = "mdp"
gitlab_rails['smtp_domain'] = "example.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
nginx['real_ip_header'] = 'X-Real-IP'
nginx['real_ip_recursive'] = 'on'

Acceder à l'interface Web de GitLab CE

http://gitlab.example.com

Récupérer le mot de passe par défault

Notes: Default admin account has been configured with following details: Username: root Password: You didn't opt-in to print initial root password to STDOUT. Password stored to /etc/gitlab/initial_root_password. This file will be cleaned up in first reconfigure run after 24 hours. NOTE: Because these credentials might be present in your log files in plain text, it is highly recommended to reset the password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.

Ajout de l'enregistrement DNS dans votre serveur DNS

Rendez-vous chez votre gestionnaire de dns et ajouter votre enregistrement afin de pouvoir résoudre votre nom de domaine en IP. Configuration reverse proxy - Nginx

server {
 listen 80;
 listen [::]:80;
 server_name gitlab.example.com;
}
server {
 listen 443 ssl;
 listen [::]:443 ssl;
 server_name gitlab.example.com;
 access_log /var/log/nginx/gitlab.example.com/access.log;
 error_log /var/log/nginx/gitlab.example.com/error.log debug;
 location / {
 proxy_pass https://X.X.X.X;
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 }
}