Here we will discuss two ways to configure GitLab with HTTPS access.

• Commercial SSL Certificate like DigiCert,Comodo etc
• Let’s Encrypt SSL

Secure GitLab Server with a Commercial SSL

First of all purchase the SSL from trusted providers like Comodo, DigiCert etc. Then download the Certificate file and put it with the private key to the /etc/gitlab/ssl/ directory.

 /etc/gitlab/ssl/git.example.com.key
/etc/gitlab/ssl/git.example.com.crt

Then configure your SSL settings using /etc/gitlab/gitlab.rb file.

As to use secure connection change External URL from http to https

external_url 'https://git.example.com'

Now, enable Nginx under ##Gitlab NGINX section then provide SSL key & certificate paths.

nginx['enable'] = true
 nginx['client_max_body_size'] = '250m'
 nginx['redirect_http_to_https'] = true
 nginx['ssl_certificate'] = "/etc/gitlab/ssl/git.example.com.key"
 nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/git.example.com.crt"
 nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2"

Then do other SSL settings by reading & make the changes that fit for your deployment. When you have finished, run the below command.

sudo gitlab-ctl reconfigure

When the command finishes , visit the URL https://git.example.com to Login to your GitLab dashboard.

Secure GitLab Server with Let’s Encrypt SSL Certificate

Firstly Open the file /etc/gitlab/gitlab.rb & then look for Let’s Encrypt integration section.

To install Let’s Encrypt you must have a Domain name with Valid A record pointing to your GitLab Server. Set your server hostname to DNS name with a valid A record.

sudo hostnamectl set-hostname git.example.com --static

Do the similar configurations

etsencrypt['enable'] = true
 letsencrypt['contact_emails'] = ['admin@example.com'] # This should be an array of email addresses to add as contacts
 letsencrypt['auto_renew'] = true

Specify the autorenew hour and day of the month for your certificate.

letsencrypt['auto_renew_hour'] = 3
letsencrypt['auto_renew_day_of_month'] = "*/7"

Then run the following command to take the effect of changes.

sudo gitlab-ctl reconfigure

Now, run the below command to Validate GitLab settings

l
 $ sudo gitlab-rake gitlab:check  
 Checking GitLab Shell …
 GitLab Shell version >= 8.4.1 ? … OK (8.4.1)
 hooks directories in repos are links: … can't check, you have no projects
 Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
 Check GitLab API access: OK
 Redis available via internal API: OK
 Access to /var/opt/gitlab/.ssh/authorized_keys: OK
 gitlab-shell self-check successful
 Checking GitLab Shell … Finished
 Checking Gitaly …
 default … OK
 Checking Gitaly … Finished
 Checking Sidekiq …
 Running? … yes
 Number of Sidekiq processes … 1
 Checking Sidekiq … Finished
 Reply by email is disabled in config/gitlab.yml
 Checking LDAP …
 Server: ldapmain
 LDAP authentication… Success
 LDAP users with access to your GitLab server (only showing the first 100 results)
 Checking LDAP … Finished
 Checking GitLab …
 Git configured correctly? … yes
 Database config exists? … yes
 All migrations up? … yes
 Database contains orphaned GroupMembers? … no
 GitLab config exists? … yes
 GitLab config up to date? … yes
 Log directory writable? … yes
 Tmp directory writable? … yes
 Uploads directory exists? … yes
 Uploads directory has correct permissions? … yes
 Uploads directory tmp has correct permissions? … skipped (no tmp uploads folder yet)
 Init script exists? … skipped (omnibus-gitlab has no init script)
 Init script up-to-date? … skipped (omnibus-gitlab has no init script)
 Projects have namespace: … can't check, you have no projects
 Redis version >= 2.8.0? … yes
 Ruby version >= 2.3.5 ? … yes (2.4.5)
 Git version >= 2.9.5 ? … yes (2.18.1)
 Git user has default SSH configuration? … yes
 Active users: … 2
 Checking GitLab … Finished

The post How To Secure GitLab server with SSL certificate appeared first on Linux Windows and android Tutorials.