Install

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
yum install gitlab-ce
mkdir /etc/ssl/private/
vi /etc/ssl/certs/example.crt
vi /etc/ssl/private/example.pem
vi /etc/ssl/certs/example-bundle.crt
chmod 600 /etc/ssl/private/example.pem
vi /etc/gitlab/gitlab.rb
gitlab-ctl reconfigure

Configure

/etc/gitlab/gitlab.rb
external_url 'https://git.example.com'
gitlab_rails['gitlab_ssh_host'] = 'git.example.com'
gitlab_rails['time_zone'] = 'Europe/Kiev'
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'root@git.example.com'
gitlab_rails['gitlab_email_display_name'] = 'Test git on git.example.com'
gitlab_rails['gitlab_email_reply_to'] = 'noreply@git.example.com'
nginx['enable'] = true
nginx['client_max_body_size'] = '250m'
nginx['redirect_http_to_https'] = false
nginx['redirect_http_to_https_port'] = 80
nginx['ssl_client_certificate'] = "/etc/ssl/certs/example-bundle.crt" # Most root CA's are included by default
nginx['ssl_certificate'] = "/etc/ssl/certs/example.crt"
nginx['ssl_certificate_key'] = "/etc/ssl/private/example.pem"
nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
nginx['ssl_prefer_server_ciphers'] = "on"
nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" # recommended by https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
nginx['ssl_session_cache'] = "builtin:1000  shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html
nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html
nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
nginx['listen_addresses'] = ['*']
nginx['proxy_read_timeout'] = 3600
nginx['proxy_connect_timeout'] = 300
nginx['proxy_set_headers'] = {
  "Host" => "$http_host",
  "X-Real-IP" => "$remote_addr",
  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
  "X-Forwarded-Proto" => "https",
  "X-Forwarded-Ssl" => "on"
 }
nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
nginx['proxy_cache'] = 'gitlab'
nginx['http2_enabled'] = true

 

Initial default login/password

root
password
  • No labels

Site may be often unavailable due to Russian invasion, but you can Help Ukraine