Install GitLab with SSL on Fedora 26

This guide will show you how to get GitLab running on a new Fedora 26 VM using your internal PKI for SSL access.

  1. In PowerShell on your Hyper-V Hypervisor:
    New-VHD -Path "E:\Hyper-V\Virtual Hard Disks\gitlabServer.vhdx" -SizeBytes 500GB -Dynamic -BlockSizeBytes 1MB
  2. After Fedora 26 is installed:
    dnf install hyperv-daemons hypervvssd hyperv-tools
  3. Disable network manager (because it usually ruins your life later):
    systemctl stop NetworkManager.service
    systemctl disable NetworkManager.service
    systemctl enable network.service
    reboot now
  4. Install ability to use semanage:
    dnf install policycoreutils-python-utils
  5. Install full cockpit:
    dnf install cockpit
  6. Make sure all is up to date:
    dnf upgrade
  7. Make all space available, resize… easy to do in Cockpit.
  8. Install GitLab dependencies (may already be installed) depending on your OS install:
    dnf install -y curl openssh-server openssh-clients cronie
  9. Open firewall/selinux:
    firewall-cmd --permanent --add-service=http
    firewall-cmd --permanent --add-service=https
    firewall-cmd --reload
    semanage permissive -a httpd_t
  10. More dependencies (I don’t think these are needed, but if they are):
    dnf install -y pygpgme yum-utils
  11. Install GitLab:
    wget https://packages.gitlab.com/gitlab/gitlab-ce/packages/el/7/gitlab-ce-9.4.5-ce.0.el7.x86_64.rpm/download
    mv download gitlab-ce-9.4.5-ce.0.el7.x86_64.rpm
    dnf install -y gitlab-ce-9.4.5-ce.0.el7.x86_64.rpm
  12. Config and start GitLab (may take about 2 minutes):
    gitlab-ctl reconfigure
  13. Add SMTP server config -> vi /etc/gitlab/gitlab.rb:
    gitlab_rails['smtp_enable'] = true
    gitlab_rails['smtp_address'] = "smtpServer.domain.local"
    gitlab_rails['smtp_port'] = 25
    gitlab_rails['smtp_authentication'] = false
    gitlab_rails['smtp_enable_starttls_auto'] = true
    gitlab_rails['gitlab_email_from'] = 'gitlab@example.com'
    gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
    gitlab-ctl reconfigure
  14. Send email test:
    gitlab-rails console
    Notify.test_email('yourEmail@domain.com', 'GitLab Test Email', 'This is a test.').deliver_now
  15. Convert your AD CS wildcard cert.pfx to PEM and KEY for nginx:
    openssl pkcs12 -in domain_wildcard_cert.pfx -out domainwild-encrypted.key
    openssl pkcs12 -in domain_wildcard_cert.pfx -clcerts -nokeys -out domainwild-certificate.crt
    openssl rsa -in domainwild-encrypted.key -out domainwild-decrypted.key
    openssl pkcs12 -in domain_wildcard_cert.pfx -out domain-ca.crt -nodes -nokeys -cacerts
    cat domainwild-certificate.crt domain-ca.crt > full_cert.crt
  16. Create ssl directory for gitlab (extra info – https://docs.gitlab.com/omnibus/settings/nginx.html):
    mkdir -p /etc/gitlab/ssl
    chmod 0700 /etc/gitlab/ssl
    cp /mnt/domainwild-decrypted.key /etc/gitlab/ssl/gitlabServer.domain.local.key
    cp /mnt/full_cert.crt /etc/gitlab/ssl/gitlabServer.domain.local.crt
  17. Edit file to enable https and redirect to https -> vi /etc/gitlab/gitlab.rb:
    external_url "https://gitlabServer.domain.local"
    nginx['redirect_http_to_https'] = true
    sudo gitlab-ctl reconfigure
  18. Now you should be able to access your gitlab via https.

Leave a Reply

Your email address will not be published. Required fields are marked *