Fading Coder

One Final Commit for the Last Sprint

Home > Tech > Content

Deploying GitLab CE on CentOS 8 with Self-Signed SSL Certificates

Tech 1 
sudo yum install -y curl openssh-server openssh-clients postfix

Import the GitLab package repository and install the Community Edition:

curl -s https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
sudo dnf install -y gitlab-ce

Create a dedicated directory for TLS assets and generate cryptographic materials:

sudo mkdir -p /etc/gitlab/ssl
sudo chmod 700 /etc/gitlab/ssl
cd /etc/gitlab/ssl

# Create private key
sudo openssl genrsa -out gitlab.local.key 2048

# Generate certificate signing request
sudo openssl req -new -key gitlab.local.key -out gitlab.local.csr \
  -subj "/C=US/ST=State/L=City/O=Organization/CN=gitlab.local"

# Sign the certificate
sudo openssl x509 -req -days 365 -in gitlab.local.csr \
  -signkey gitlab.local.key -out gitlab.local.crt

# Generate Diffie-Hellman parameters
sudo openssl dhparam -out dhparams.pem 2048

# Restrict access to private keys
sudo chmod 600 /etc/gitlab/ssl/*

Update the GitLab configuration file to reference thece certificates. Edit /etc/gitlab/gitlab.rb to include:

external_url 'https://gitlab.local'
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.local.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.local.key"
nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparams.pem"
nginx['redirect_http_to_https'] = true

Apply the configuration changes:

sudo gitlab-ctl reconfigure

For environments requiring manual Nginx adjustments, modify /var/opt/gitlab/nginx/conf/gitlab-http.conf to enforce TLS redirecsion:

server {
  listen *:80;
  server_name gitlab.local;
  return 301 https://$host$request_uri;
}

Restart the GitLab services to activate all changes:

sudo gitlab-ctl restart

To access the instance via domain name without DNS enfrastructure, configure local resolution on client machines.

For Windows clients, edit C:\Windows\System32\drivers\etc\hosts:

192.168.1.100 gitlab.local

For Linux or macOS clients:

echo "192.168.1.100 gitlab.local" | sudo tee -a /etc/hosts

Note on System Resources: GitLab requires substantial memory allocation. Installations on systems with less than 2GB RAM may encounter allocation failures during the reconfiguration phase, typically manifesting as Errno::ENOMEM errors during process forking operations.

Tags: GitLabcentosssldevopsSelf-Hosted
Back to List

Prev: Managing Multiple Character Devices of the Same Type in a Single Driver

Next: Seven Practical Approaches for Using SVG in Frontend Development

Related Articles

Understanding Strong and Weak References in Java

Strong References Strong reference are the most prevalent type of object referencing in Java. When an object has a strong reference pointing to it, the garbage collector will not reclaim its memory. F...

Comprehensive Guide to SSTI Explained with Payload Bypass Techniques

Introduction Server-Side Template Injection (SSTI) is a vulnerability in web applications where user input is improper handled within the template engine and executed on the server. This exploit can r...

Implement Image Upload Functionality for Django Integrated TinyMCE Editor

Django’s Admin panel is highly user-friendly, and pairing it with TinyMCE, an effective rich text editor, simplifies content management significantly. Combining the two is particular useful for bloggi...

Leave a Comment

Anonymous

◎Feel free to join the discussion and share your thoughts.

Copyright © fadingcoder.top