/gitlabhq_install

DEPRECATED REPO. It will be removed soon. Use main repo for installation info

Primary LanguageShell

THIS REPO IS DEPRECATED AND WILL BE REMOVED SOON

Installing GitLabHQ on Ubuntu Server 11.10

Download the latest server updates

sudo apt-get update
sudo apt-get dist-upgrade -y

Dedicated gitlabhq user account

Next we need to create a dedicated gitlabhq user account to run the application, set a password for this account and add it to the admin group so it can perform root actions.

sudo useradd -s /bin/bash -m -G admin gitlabhq
sudo passwd gitlabhq

Now login as the gitlabhq user we just created. When prompted to accept the authenticity of the RSA key fingerprint type "yes"

ssh gitlabhq@localhost

Install Additional Packages

Now we'll install the git version control system so we can clone repositories and setup the system. We'll also install the postfix SMTP system so GitLabHQ can send emails to users.

sudo aptitude install git-core postfix -y

Now configure Git with some global variables that will be used when gitlabhq performs a git push operation. You can change the name and email address below if you wish:

git config --global user.email "admin@local.host"
git config --global user.name "GitLabHQ Admin User"

Generate SSH Keys

The GitLabHQ user will use SSH keys for login and authentication with the git user we'll create later. So let's generate our keys.

ssh-keygen -f ~/.ssh/id_rsa -N ''

Prepare To Install GitLabHQ

First let's clone the GitLabHQ installer scripts to help automate the installation

cd ~
git clone https://github.com/gitlabhq/gitlabhq_install.git

Now we'll run the scripts to install any additional packages. Run the command below and select "Y" to confirm you want to install the packages.

cd ~ 
gitlabhq_install/ubuntu_packages.sh

Now we'll run the script to install the ruby language.

cd ~ 
gitlabhq_install/ubuntu_ruby.sh

Now we'll run the script to install the gitolite program. This creates a new user "git" on the system, and will store our repositories under this accounts home directory.

cd ~ 
gitlabhq_install/ubuntu_gitolite.sh

When you run this script it will stop at some point with a warning about the path, just press the "Enter" key to continue. On the next screen is the gitolite configuration screen. Here we need to make one change that's very important. Find the line that reads:

REPO_UMASK = 0077;

If the install opened VIM, move over the first "7" character, press the "i" key on your keyboard to go into INSERT mode. Type a "0", then remove the "7" so it now reads:

REPO_UMASK = 0007;

Press the Escape key once, then type the ":" to enter COMMAND mode. Now type "wq" which will Write the changes to the file and Quit.

You now need to change the directory privileges on the /repositories directory so GitLabHQ can use them:

sudo chmod -R g+rwX ~git/repositories/
sudo chown -R git:git ~git/repositories/

Next we need to logout of the system to allow environment settings to be set upon the next time we login.

logout

Install GitLabHQ

Log back into the system so the environment settings take place

ssh gitlabhq@localhost

Now we'll install GitLabHQ, again using one of the install scripts. When prompted about installing additional packages, type "Y"

cd ~ 
gitlabhq_install/ubuntu_gitlab.sh

Configure GitLabHQ

You can configure GitLabHQ by editing the gitlab.yml file. One of the changes you'll want to make is to set your computer name that GitLabHQ is running on, if not localhost, so the instructions to users for connecting to repositories is correct.

nano ~gitlabhq/gitlabhq/config/gitlab.yml

Change the host value to whatever your servers fully qualified domain name (FQDN) is. So for example if I'm running GitLabHQ on a server named "gitlabhq.corp.com" I'd change the value:

# Git Hosting congiguration
git_host:
  system: gitolite
  admin_uri: git@localhost:gitolite-admin
  base_path: /home/git/repositories/
  host: localhost
  git_user: git
  # port: 22

to

# Git Hosting congiguration
git_host:
  system: gitolite
  admin_uri: git@localhost:gitolite-admin
  base_path: /home/git/repositories/
  host: gitlabhq.corp.com
  git_user: git
  # port: 22

Running GitLabHQ

Now that we have GitLabHQ installed, let's start the application using WEBrick (even if you'll use something else later) so we can login and accept an RSA key, then confirm it works.

cd ~gitlabhq/gitlabhq
bundle exec rails s -e production

Now you can login to your server by pointing your web browser to http://<server_name>:3000/ and login using the default credentials

Important!

You should now create a new PROJECT. It's important to note that when you add this project the FIRST TIME you need to type "yes" on the console where you started the application running.

Installing nginx

Login as the gitlabhq user and then execute the following commands:

sudo aptitude install libpcre3-dev
sudo gem install passenger
sudo passenger-install-nginx-module

Configure nginx

We need to edit the nginx configuration file so it points to the GitLabHQ public folder to run the application. Open the configuration file in the editor:

sudo nano /opt/nginx/conf/nginx.conf

Now locate the section for the server configuration and make the following changes:

  • Change the server_name key to your server's fully qualified domain name (FQDN), so in this example the server is gitlabhq.corp.com
  • Change the root key to the location of the GitLabHQ public folder, this is important!
  • Add the key/value passenger_enabled on;
    server {
        listen       80;
        server_name  gitlabhq.corp.com;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   /home/gitlabhq/gitlabhq/public;
            index  index.html index.htm;
            passenger_enabled on;
        }

Also on the very top of the file, add the first line that specifies we'll run the server as the gitlabhq user account:

user gitlabhq staff;

Now we want to add a system user named nginx to run the server:

sudo adduser --system --no-create-home --disabled-login --disabled-password --group nginx

Next we want to setup the server to auto-start when the system starts. To do this we'll:

  • Use an existing script to start nginx
  • Move the script to the system start directory
  • Set the correct permissions
  • Start the server.
sudo wget -O init-deb.sh http://library.linode.com/assets/660-init-deb.sh
sudo mv init-deb.sh /etc/init.d/nginx
sudo chmod +x /etc/init.d/nginx
sudo /usr/sbin/update-rc.d -f nginx defaults
sudo /etc/init.d/nginx start

nginx over SSL

So you want to run nginx over SSL huh? Good choice!

SSL Certificate

First you'll need an SSL certificate, either self-signed or from a certificate authority like Verisign. You can find directions on using certificates here

However, to keep it simple and helpful we'll use a self-signed certificate for our server gitlabhq.corp.com

Let's create a 2048-bit certificate. When prompted for the passphrase, enter something at least four characters in length.

cd ~
mkdir ssl
cd ssl
openssl genrsa -des3 -out server.key 2048

Now let's get that passphrase out of the key file just to keep it secret. You'll be prompted for the passphrase you entered when creating the certificate.

openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
openssl req -new -key server.key -out server.csr

Now let's sign that shiny new certificate for 5 years

openssl x509 -req -days 1825 -in server.csr -signkey server.key -out server.crt

Finally we need to move the files to the correct locations on our Ubuntu server

sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

Configure nginx

Open the nginx configuration file, scroll to the bottom and locate the commented out section for the HTTPS. You can uncomment this section and specify your certificate location and server name as well as the location.

    # HTTPS server
    #
    server {
        listen       443;
        server_name  gitlabhq.corp.com;

        ssl                  on;
        ssl_certificate      /etc/ssl/certs/server.crt;
        ssl_certificate_key  /etc/ssl/private/server.key;

        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

        location / {
            root   /home/gitlabhq/gitlabhq/public;
            index  index.html index.htm;
            passenger_enabled on;
        }
    }

}

Now we need to restart nginx for the configuration changes to take place

sudo /etc/init.d/nginx stop
sudo /etc/init.d/nginx start

Enjoy!