Installing Gitlab on Ubuntu Server 20.04

• Preparation
• Compose
• Generate SSL and DHAPARAM Certificates
• Install without an external URL
• Getting Started

Preparation

Create a new directory called gitlab and go into it:

mkdir -p /opt/gitlab && cd /opt/gitlab/

Create a new GitLab data directory /srv/gitlab for storing all our GitLab data:

mkdir -p /srv/gitlab/{config/ssl,logs,data}

and create a new .env file that will be used by Docker:

nano .env

Define the environment variable GITLAB_HOME with the value as GitLab data directory /srv/gitlab:

GITLAB_HOME=/srv/gitlab

Compose

Create the new docker-compose.yml` file:

nano docker-compose.yml

Define the service named web with the image of gitlab-ce latest version, and change the hostname with your GitLab domain name:

web:
  image: 'gitlab/gitlab-ce:latest'
  restart: always
  hostname: 'gitlab.instar.io'

  environment:
    GITLAB_OMNIBUS_CONFIG: |
      # Add any other gitlab.rb configuration here, each on its own line
      external_url 'https://gitlab.instar.io'
      gitlab_rails['gitlab_shell_ssh_port'] = 2224
      nginx['redirect_http_to_https'] = true
      nginx['ssl_certificate'] = "/etc/gitlab/ssl/fullchain.pem"
      nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/privkey.pem"
      nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparams.pem"  

  ports:
    - '80:80'
    - '443:443'
    - '2224:22'

  volumes:
    - '${GITLAB_HOME}/config:/etc/gitlab'
    - '${GITLAB_HOME}/logs:/var/log/gitlab'
    - '${GITLAB_HOME}/data:/var/opt/gitlab'
    - '${GITLAB_HOME}/config/ssl:/etc/gitlab/ssl'

Define the service named web with the image of gitlab-ce latest version, and change the hostname with your GitLab domain name.

Configure the environment for your Gitlab installation as below. And make sure to change the external_url with the HTTPS secure protocol, and change the gitlab_rails['gitlab_shell_ssh_port'] with your alternative SSH port for the container.

Next, define ports for the GitLab container as below. And make sure to change the SSH port 2224 with your custom port and match with the gitlab_shell_ssh_port port on top.

After that, define the volume or your GitLab data directories. All of GitLab data directories are available at the GITLAB_HOME directory, which is set the environment variable on the .env file on top.

Generate SSL and DHAPARAM Certificates

On your server, install the certbot tool:

sudo apt install -y certbot

After that, generate the SSL certificate for GitLab using the certbot command below.

certbot certonly --rsa-key-size 2048 --standalone --agree-tos --no-eff-email --email m.polinowski@instar.com -d gitlab.instar.io

Once all is completed, your certificates will be available at the /etc/letsencrypt/live/gitlab.instar.io directory. Now copy the certificate file fullchain.pem and privkey.pem to the /srv/gitlab/config/ssl/ directory.

cp /etc/letsencrypt/live/gitlab.instar.io/fullchain.pem /srv/gitlab/config/ssl/
cp /etc/letsencrypt/live/gitlab.instar.io/privkey.pem /srv/gitlab/config/ssl/

Next, generate the DHPARAM certificate "dhparam.pem" using the openssl command below.

sudo openssl dhparam -out /srv/gitlab/config/ssl/dhparams.pem 2048

And all certificates for GitLab installation has been generated, and we're ready to build the GitLab container.

Install without an external URL

docker-compose.yml

version: '3'
# See https://docs.docker.com/compose/overview/ for more information.

# If you make changes to this file or any related files, apply them by
# navigating to the directory that holds this file and run this as root:
#   docker-compose down; docker-compose up -d

# Create a network for our containers.
networks:
  gitlab:

# Create persistent Docker volumes to preserve important data.
# We don't want our data to be lost when restarting containers.
volumes:
  # For storing GitLab's configuration files:
  vol-gitlab-config:
  # For storing GitLab's logs:
  vol-gitlab-logs:
  # For storing GitLab's application data:
  vol-gitlab-data:

# Create our containers.
services:
  # Watchtower detects if any linked containers have an new image
  # available, automatically updating & restarting them if needed.
  watchtower:
    # https://hub.docker.com/r/centurylink/watchtower/
    image: v2tec/watchtower:latest
    # https://github.com/v2tec/watchtower#options
    # This schedule applies updates (if available) at midnight.
    command: --cleanup --schedule "0 0 0 * * *"
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

  # The main front-end application.
  gitlab:
    # To stick to a specific version, replace "latest" with a tag from:
    # https://hub.docker.com/r/gitlab/gitlab-ce/tags/
    image: gitlab/gitlab-ce:latest
    restart: always
    hostname: "my.gitlab.domain"
    ports:
      - "2222:22"    # Change to "2222:22" if the host needs port 22.
      - "80:80"
      - "443:443"
    networks:
      - gitlab
    volumes:
      # Ensure GitLab content persist between restarts.
      - vol-gitlab-config:/etc/gitlab
      - vol-gitlab-logs:/var/log/gitlab
      - vol-gitlab-data:/var/opt/gitlab
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        # Add gitlab.rb configuration here, each on its own line.
        # See: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
        external_url 'http://my.gitlab.domain'
        letsencrypt['enable'] = false
        # Configure headers for outgoing email.
        gitlab_rails['gitlab_email_enabled'] = false
        gitlab_rails['gitlab_email_from'] = 'no-reply@my.gitlab.domain'
        gitlab_rails['gitlab_email_display_name'] = 'GitLab'
        gitlab_rails['gitlab_email_reply_to'] = 'no-reply@my.gitlab.domain'
        # Send outgoing email via the SMTP container:
        gitlab_rails['smtp_enable'] = false
        gitlab_rails['smtp_address'] = "mail"
        gitlab_rails['smtp_port'] = 25
        gitlab_rails['smtp_tls'] = false
        # Limit backup lifetime to 7 days (604800 seconds):
        gitlab_rails['backup_keep_time'] = 604800
        registry_external_url 'http://registry.example.com'
        gitlab_rails['registry_enabled'] = true
        registry['enable'] = true
        registry_nginx['enable'] = true
        registry_nginx['listen_port'] = 5001
        registry_nginx['listen_https'] = false

  # This allows GitLab to send email straight out of the box without
  # having to rely on an external provider like SendGrid or MailGun.
  # It makes an SMTP host available at the hostname "mail".
  # mail:
  #   image: bytemark/smtp
  #   restart: always
  #   networks:
  #     - gitlab

.env

# Docker Compose can read environment variables from this file.
# See https://docs.docker.com/compose/env-file/

# Your GitLab site will be available at this domain. If the domain
# has DNS records pointing to your server, it'll get SSL certs.
GITLAB_DOMAIN=server-domain-name

Use server hostname as the domain. This can be changed later in the /opt/gitlab/.env file.

DOMAIN="`hostname -f`"
sed -i -e "s|^GITLAB_DOMAIN=.*|GITLAB_DOMAIN=$DOMAIN|" /opt/gitlab/.env

Getting Started

Start our containers with docker-compose:

cd /opt/gitlab
docker-compose up -d

Change the default password and log in with root and the the password you set in the step before.