How To Secure GitLab server with SSL certificate

Windows Articles

Windows will run Android applications natively.

Recently there has been speculation that Microsoft will allow the installation and execution of Android apps on Windows 10. In effect, the idea is...

Manages SSH connections from Windows 10 with PuTTY.

Hello! There are many ways to connect remotely to a computer. Indeed, one of the most common is through remote control software. For example,...

Top 8 features for power users in Windows 10

Hello! Windows 10 is full of features and functions. In fact, that's one of the reasons it's so popular and used. Because it can...

How to access System in Windows 10

Perhaps the title of this post is misleading. In previous versions of Windows, it was enough to enter the Control Panel and from there,...

Microsoft reduces the fragmentation of Windows 10

Windows 10 20H2 has been released as a minor operating system update. As a result, it has managed to reduce platform errors. In addition,...

Recently we have cover the Installation of GitLab CE on CentOS 8. Today we will cover the steps that can be taken to secure your GitLab Server with SSL Certificates. Because SSL certificates provides enhanced security to you and protect from spams.

Here we will discuss two ways to configure GitLab with HTTPS access.

  • Commercial SSL Certificate like DigiCert,Comodo etc
  • Let’s Encrypt SSL

Secure GitLab Server with a Commercial SSL

First of all purchase the SSL from trusted providers like Comodo, DigiCert etc. Then download the Certificate file and put it with the private key to the /etc/gitlab/ssl/ directory.

 /etc/gitlab/ssl/git.example.com.key
/etc/gitlab/ssl/git.example.com.crt

Then configure your SSL settings using /etc/gitlab/gitlab.rb file.

As to use secure connection change External URL from http to https

external_url 'https://git.example.com'

Now, enable Nginx under ##Gitlab NGINX section then provide SSL key & certificate paths.

nginx['enable'] = true
nginx['client_max_body_size'] = '250m'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/git.example.com.key"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/git.example.com.crt"
nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2"

Then do other SSL settings by reading & make the changes that fit for your deployment. When you have finished, run the below command.

sudo gitlab-ctl reconfigure

When the command finishes , visit the URL https://git.example.com to Login to your GitLab dashboard.

Secure GitLab Server with Let’s Encrypt SSL Certificate

Firstly Open the file /etc/gitlab/gitlab.rb & then look for Let’s Encrypt integration section.

To install Let’s Encrypt you must have a Domain name with Valid A record pointing to your GitLab Server. Set your server hostname to DNS name with a valid A record.

sudo hostnamectl set-hostname git.example.com --static

Do the similar configurations

etsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['admin@example.com'] # This should be an array of email addresses to add as contacts
letsencrypt['auto_renew'] = true

Specify the autorenew hour and day of the month for your certificate.

letsencrypt['auto_renew_hour'] = 3
letsencrypt['auto_renew_day_of_month'] = "*/7"

Then run the following command to take the effect of changes.

sudo gitlab-ctl reconfigure

Now, run the below command to Validate GitLab settings

l
$ sudo gitlab-rake gitlab:check
Checking GitLab Shell …
GitLab Shell version >= 8.4.1 ? … OK (8.4.1)
hooks directories in repos are links: … can't check, you have no projects
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Check GitLab API access: OK
Redis available via internal API: OK
Access to /var/opt/gitlab/.ssh/authorized_keys: OK
gitlab-shell self-check successful
Checking GitLab Shell … Finished
Checking Gitaly …
default … OK
Checking Gitaly … Finished
Checking Sidekiq …
Running? … yes
Number of Sidekiq processes … 1
Checking Sidekiq … Finished
Reply by email is disabled in config/gitlab.yml
Checking LDAP …
Server: ldapmain
LDAP authentication… Success
LDAP users with access to your GitLab server (only showing the first 100 results)
Checking LDAP … Finished
Checking GitLab …
Git configured correctly? … yes
Database config exists? … yes
All migrations up? … yes
Database contains orphaned GroupMembers? … no
GitLab config exists? … yes
GitLab config up to date? … yes
Log directory writable? … yes
Tmp directory writable? … yes
Uploads directory exists? … yes
Uploads directory has correct permissions? … yes
Uploads directory tmp has correct permissions? … skipped (no tmp uploads folder yet)
Init script exists? … skipped (omnibus-gitlab has no init script)
Init script up-to-date? … skipped (omnibus-gitlab has no init script)
Projects have namespace: … can't check, you have no projects
Redis version >= 2.8.0? … yes
Ruby version >= 2.3.5 ? … yes (2.4.5)
Git version >= 2.9.5 ? … yes (2.18.1)
Git user has default SSH configuration? … yes
Active users: … 2
Checking GitLab … Finished

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Windows will run Android applications natively.

Recently there has been speculation that Microsoft will allow the installation and execution of Android apps on Windows 10. In effect, the idea is...

Manages SSH connections from Windows 10 with PuTTY.

Hello! There are many ways to connect remotely to a computer. Indeed, one of the most common is through remote control software. For example,...

Top 8 features for power users in Windows 10

Hello! Windows 10 is full of features and functions. In fact, that's one of the reasons it's so popular and used. Because it can...

How to access System in Windows 10

Perhaps the title of this post is misleading. In previous versions of Windows, it was enough to enter the Control Panel and from there,...

Microsoft reduces the fragmentation of Windows 10

Windows 10 20H2 has been released as a minor operating system update. As a result, it has managed to reduce platform errors. In addition,...
x