How To Secure GitLab server with SSL certificate

Windows Articles

How to compress large videos in Windows 10

Hello, how are you? Multimedia resources are definitely used in any system. Indeed, we live in the age of technology. That's why...

How to get Google Opinion Rewards in any Country

Greetings! Google Opinion Rewards is a cool app, which will allow you to earn credit, to spend it on the Google Play...

How to change the hostname on Ubuntu?

This simple tutorial will teach you how to change the hostname on Ubuntu. The steps we will tell you here will work...

How to install Screaming Frog SEO Spider on Ubuntu 20.04 / 18.04?

If you are working with blogs and content creation then you should know about SEO. Or in the best case, you have...

How to Configure a Firewall in Ubuntu 20.04 / Debian 10?

There is nothing safe from hackers on the Internet, however, we can implement security measures to be more protected against an attack. With this...

Recently we have cover the Installation of GitLab CE on CentOS 8. Today we will cover the steps that can be taken to secure your GitLab Server with SSL Certificates. Because SSL certificates provides enhanced security to you and protect from spams.

Here we will discuss two ways to configure GitLab with HTTPS access.

  • Commercial SSL Certificate like DigiCert,Comodo etc
  • Let’s Encrypt SSL

Secure GitLab Server with a Commercial SSL

First of all purchase the SSL from trusted providers like Comodo, DigiCert etc. Then download the Certificate file and put it with the private key to the /etc/gitlab/ssl/ directory.

 /etc/gitlab/ssl/git.example.com.key
/etc/gitlab/ssl/git.example.com.crt

Then configure your SSL settings using /etc/gitlab/gitlab.rb file.

As to use secure connection change External URL from http to https

external_url 'https://git.example.com'

Now, enable Nginx under ##Gitlab NGINX section then provide SSL key & certificate paths.

nginx['enable'] = true
nginx['client_max_body_size'] = '250m'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/git.example.com.key"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/git.example.com.crt"
nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2"

Then do other SSL settings by reading & make the changes that fit for your deployment. When you have finished, run the below command.

sudo gitlab-ctl reconfigure

When the command finishes , visit the URL https://git.example.com to Login to your GitLab dashboard.

Secure GitLab Server with Let’s Encrypt SSL Certificate

Firstly Open the file /etc/gitlab/gitlab.rb & then look for Let’s Encrypt integration section.

To install Let’s Encrypt you must have a Domain name with Valid A record pointing to your GitLab Server. Set your server hostname to DNS name with a valid A record.

sudo hostnamectl set-hostname git.example.com --static

Do the similar configurations

etsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['admin@example.com'] # This should be an array of email addresses to add as contacts
letsencrypt['auto_renew'] = true

Specify the autorenew hour and day of the month for your certificate.

letsencrypt['auto_renew_hour'] = 3
letsencrypt['auto_renew_day_of_month'] = "*/7"

Then run the following command to take the effect of changes.

sudo gitlab-ctl reconfigure

Now, run the below command to Validate GitLab settings

l
$ sudo gitlab-rake gitlab:check
Checking GitLab Shell …
GitLab Shell version >= 8.4.1 ? … OK (8.4.1)
hooks directories in repos are links: … can't check, you have no projects
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Check GitLab API access: OK
Redis available via internal API: OK
Access to /var/opt/gitlab/.ssh/authorized_keys: OK
gitlab-shell self-check successful
Checking GitLab Shell … Finished
Checking Gitaly …
default … OK
Checking Gitaly … Finished
Checking Sidekiq …
Running? … yes
Number of Sidekiq processes … 1
Checking Sidekiq … Finished
Reply by email is disabled in config/gitlab.yml
Checking LDAP …
Server: ldapmain
LDAP authentication… Success
LDAP users with access to your GitLab server (only showing the first 100 results)
Checking LDAP … Finished
Checking GitLab …
Git configured correctly? … yes
Database config exists? … yes
All migrations up? … yes
Database contains orphaned GroupMembers? … no
GitLab config exists? … yes
GitLab config up to date? … yes
Log directory writable? … yes
Tmp directory writable? … yes
Uploads directory exists? … yes
Uploads directory has correct permissions? … yes
Uploads directory tmp has correct permissions? … skipped (no tmp uploads folder yet)
Init script exists? … skipped (omnibus-gitlab has no init script)
Init script up-to-date? … skipped (omnibus-gitlab has no init script)
Projects have namespace: … can't check, you have no projects
Redis version >= 2.8.0? … yes
Ruby version >= 2.3.5 ? … yes (2.4.5)
Git version >= 2.9.5 ? … yes (2.18.1)
Git user has default SSH configuration? … yes
Active users: … 2
Checking GitLab … Finished

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to compress large videos in Windows 10

Hello, how are you? Multimedia resources are definitely used in any system. Indeed, we live in the age of technology. That's why...

How to get Google Opinion Rewards in any Country

Greetings! Google Opinion Rewards is a cool app, which will allow you to earn credit, to spend it on the Google Play...

How to change the hostname on Ubuntu?

This simple tutorial will teach you how to change the hostname on Ubuntu. The steps we will tell you here will work...

How to install Screaming Frog SEO Spider on Ubuntu 20.04 / 18.04?

If you are working with blogs and content creation then you should know about SEO. Or in the best case, you have...

How to Configure a Firewall in Ubuntu 20.04 / Debian 10?

There is nothing safe from hackers on the Internet, however, we can implement security measures to be more protected against an attack. With this...
x