Install GitLab on Ubuntu

Install GitLab on Ubuntu

DevOps Let's Encrypt Ubuntu
tutorial - how to install GitLab on Ubuntu

GitLab as an alternative to GitHub

GitHub is a platform on which projects can be edited by several users and each version is retained. This is why it is very popular with developers. If you do not want to have your projects public, but only to share with your team, GitHub will soon be expensive. Therefore, an alternative is often sought.

GitLab is an alternative. GitLab offers a CE (Community Edition), which you can host on your own infrastructure. In this article, I’ll show you step-by-step how to install GitLab CE on an Ubuntu Server 16.04 LTS.

Preparing the installation

Important! I’m assuming you are using a freshly installed Ubuntu 16.04 LTS system. GitLab will set and overwrite many settings. It also provides its own NGINX. Existing systems may become unusable.

As you should do before every installation, update your Ubuntu. Use the following command to start the update process:

apt -y update && apt -y upgrade

Before you start installing programs, adjust your firewall settings to ensure that the programs only build connections that you want to be built. In this article I describe some tools with which you can customize IP tables. For the sake of simplicity I will use UFW in this article. Execute the following commands in this exact order to ensure that you won’t lock yourself out.

ufw allow ssh
ufw allow http
ufw allow https
ufw enable
ufw status

The output should look like this:

UFW Status

Now create a user and give him sudo rights before proceeding with the installation. Execute the following commands:

adduser username
usermod -aG sudo username
su username

After the first command you will be asked for some information as well as the new user’s password. Enter everything. The result should look like this:

Create User

Now some programs, which GitLab requires, must be installed – use the following command. It doesn’t matter if some of them are already installed – APT ignores the installation in that case.

sudo apt -y install ca-certificates curl openssh-server postfix git

When you install Postfix, you are asked what type of server you are running. Select “Internet Site” and confirm. In the next step you define either the IP or the domain from which Postfix is supposed to send e-mails.

Then adjust the config file from Postfix and specify from which domains to send e-mails. Ensure that all domains defined here must be pingable and the IP is resolved correctly. How you can specify a hostname or set an FGDN, I’ll show you in this article.

configure mydestination

Installing GitLab

The installation of GitLab consists of two parts. First a script is executed to store all necessary keys and reps on your server, then the actual GitLab can be downloaded via apt. First execute the following commands:

cd /tmp
curl  -LO

With the command “less” you can view the contents of the script before you install it.

less /tmp/

If you are satisfied with everything, you can execute the following command:

sudo bash /tmp/

If everything went smoothly, you should see the following:

Run Install Script

Now you can install GitLab via apt:

sudo apt -y  install gitlab-ce

If everything has worked, the following screen is displayed:

GitLab Installation complete

Before starting GitLab, you can now control all settings and, if necessary, overwrite them. To take over the default settings, enter the following command:

sudo service gitlab-ctl reconfigure

GitLab is now accessible through your browser. Open a browser and go to http://<your_IP_or_Domain>

Then you should see the following window:

GitLab Webinterface first view

After you have set your password, you can log in with the user name “root” and the password you just set:

GitLab Webinterface SignIn

After a successful login everything should appear as follows:

GitLab Dashboard

Now to secure everything, you should switch from http to https.

Using Let’s Encrypt to secure GitLab

We have already introduced Let’s Encrypt in numerous articles. The platform offers you free certificates, which are recognized by all current browsers and which can be used to encrypt your websites with just a little work.

Since GitLab brings its own NGINX instance, the installation is somewhat more complex.

First install Let’s Encrypt:

sudo apt -y install letsencrypt

Then create a dummy folder for the ACME Challenge:

sudo mkdir -p /var/www/letsencrypt

Then adjust the config of GitLab to link the folder .well-known to the currently created folder:

sudo nano /etc/gitlab/gitlab.rb

Scroll down to the NGINX entries and add the following line:

nginx['custom_gitlab_server_config'] = "location ^~ /.well-known { root /var/www/letsencrypt; }"

Subsequently, end Nano with Ctrl + X and confirm and save the changes with Y.

Then restart GitLab:

sudo service gitlab-ctl reconfigure

Now you can use Let’s Encrypt as usual:

letsencrypt -d <deine-domain.tls> --webroot --webroot-path=/var/www/letsencrypt

After you have specified your e-mail address and have accepted the terms, you will be congratulated to the new certificate. Now only the redirect from HTTP to HTTPS has to be set up and the currently created certificates are stored in GitLab.

Open the config of GitLab with Nano and scroll up again to the NGINX settings.

sudo nano /etc/gitlab/gitlab.rb

Now remove the hash before the following lines and adjust the paths:

nginx[‘redirect_http_to_https’] = true
nginx[‘ssl_certificate’] = “/etc/letsencrypt/live/<deine-domain.tld>/fullchain.pem” 
nginx[‘ssl_certificate_key’] = “/etc/letsencrypt/live/<deine-domain.tld>/privkey.pem”

For me this looks like this:

GitLab Config

Finish Nano and save your changes with Ctrl + X and Y, then restart GitLab:

service gitlab-ctl reconfigure

Switch back to your browser. You should be redirected to HTTPS after a refresh. This is relatively easy to recognize based on the lock symbol. In Chrome, it appears as follows:

Browser Addressbar secure

Certificates from Let’s Encrypt are valid for 90 days, after which they must be renewed. To automate this, enter the following line into the crontab.

sudo crontab -e
15 3 * * * /usr/bin/letsencrypt renew --quiet --renew-hook "/usr/bin/gitlab-ctl restart nginx"

If you use Crontab for the first time, you are asked to choose an editor. I recommend Nano (2) here.

Congratulations. Your GitLab is now ready, encrypted and accessible.


After the installation of GitLab your projects are now ready to go. Even if the complexity of the installation makes the effort relatively high, it is still worthwhile. You can now start importing your existing projects from GitHub and start new projects. Create users for your team and customize GitLab settings.

Zurück zur Tutorial Übersicht Back to Tutorial Overview

GitLab as an alternative to GitHub GitHub is a platform on which projects can be edited by several users and each version is retained. This is why it is very popular with developers. If you do not want to have your projects public, but only to share with your team, GitHub will soon be expensive. Therefore, […]

Schade, dass dir der Artikel nicht gefallen hat.
Was sollten wir deiner Meinung nach besser machen?

Vielen Dank für dein Feedback!
Wir melden uns bei dir, sobald der Artikel zu deinem Wunschthema fertig ist.

Übrigens: kennst du schon unser Tutorial zum Thema Install and set up Foreman on Ubuntu 16.04/18.04?