GitLab self-hosted setup in Google Cloud compute engine

In this post, let's check how we can set up a self-hosted GitLab in Google Cloud compute engine.

A) Let's first start with the compute engine setup

Go to your GCP console and create a new instance, The main places where we need to make some decisions are at the Machine configuration & Boot disk sections.

• Machine configuration

Note: If you have a team of 10 - 20 people then you can give the machine configuration mentioned below.

Series: E2
Machine Type: e2-medium (2CPU and 4GB RAM)

This configuration worked perfectly fine and this one is one of the budget-friendly specs we can opt for a GitLab server

• Boot disk configuration

Note: To get a good read-write speed and good UI responsiveness from GitLab we should use an SSD as the boot disk. and we can give 50 GB Disk space

Once after that, we can continue the normal network configuration and SSH key update steps. once everything is done we can spin up the instance and move on to GitLab installation

B) GitLab installation

Here we are following the GitLab installation for Ubuntu 20.04 LTS

You can find steps for other OS types from this URL: https://about.gitlab.com/install/

1) Let's SSH into the server

2) Update the server using the below command

sudo apt-get update

3) Install additional packages needed for GitLab installation

sudo apt-get install -y curl openssh-server ca-certificates tzdata perl

4) Add the GitLab package repository and install the package

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash

5) Install GitLab along with the domain name that you would like to map with the server. Don't get confused.

sudo EXTERNAL_URL="http://domain_name" apt-get install gitlab-ee

Note: here in the section domain_name you can give a domain name that pointed to your server or the server IP itself

-
Example with a domain name:
sudo EXTERNAL_URL="http://artistree.com" apt-get install gitlab-ee

Example with server IP address:
sudo EXTERNAL_URL="http://34.85.253.170" apt-get install gitlab-ee

Once the 5th step command gets executed successfully (normally takes 2 to 3 minutes) we get an output like the below-mentioned screenshot.

Now we can log in to the GitLab UI from the browser by calling the domain/server IP in the browser. Also, you can find the initial login password with the below command.

sudo cat /etc/gitlab/initial_root_password

C) Adding SWAP space for performance improvement

Now we have successfully completed the GitLab installation, we can add some swap space to increase the performance of the GitLab server. The steps for adding swap space are mentioned below.

1) Create a file that will be used for swap:

sudo fallocate -l 4G /swapfile

2) Update the permission of the swap file to only the root user

sudo chmod 600 /swapfile

3) Use the mkswap utility to set up the file as Linux swap area

sudo mkswap /swapfile

4) Enable the swap with the following command

sudo swapon /swapfile

5) To make the change permanent open the /etc/fstab file and append the following line (changes will become persistent over reboots)

sudo vim /etc/fstab

Add the below lines in the file and save

/swapfile swap swap defaults 0 0

D) Securing communication using PAID SSL certificate

We can use an SSL certificate to secure all communication between the user and the GitLab server. (Out of the box free auto SSL support is also available in GitLab)

Here we are going to configure Paid SSL with our GitLab installation, The steps are mentioned below.

1) First we need to edit the file gitlab.rb using the below command

sudo vim /etc/gitlab/gitlab.rb

2) inside the gitlab.rb file we need to make changes in the below files the changes that need to be done are marked in green color.

Note: Set the external_url to your domain. Note the https in the URL:

external_url "https://artistree.com"

Note: Disable the Let’s Encrypt integration, GitLab attempts to renew any Let’s Encrypt certificate with every reconfigure. If you plan to use your own manually created certificate you must disable the Let’s Encrypt integration, otherwise the certificate could be overwritten due to the automatic renewal.

letsencrypt['enable'] = false

3) Create the /etc/gitlab/ssl directory and copy your SSL key and certificate there

sudo mkdir -p /etc/gitlab/ssl
sudo chmod 755 /etc/gitlab/ssl
sudo cp gitlab.example.com.key gitlab.example.com.crt /etc/gitlab/ssl/

Note:

Change gitlab.example.com to your domain name

gitlab.example.com.key  file is the key file that we get during initial CSR code generation and this file will be available on our side.

gitlab.example.com.crt  the file is the one we get after combining the CA bundle and .crt file provided by the SSL provider via mail once we purchase the SSL.

Sometimes we get LFS error if we do not install the SSL certificate in our GitLab server properly, in my case the SSL provider was Namecheap and I contacted their support team for assistance in combining CA bundle and .crt files.

4) Redirect HTTP requests to HTTPS.

By default, when you specify an external_url starting with https, NGINX no longer listens for unencrypted HTTP traffic on port 80. To redirect all HTTP traffic to HTTPS:

sudo vim /etc/gitlab/gitlab.rb

If it's showing false then change it to true.

nginx['redirect_http_to_https'] = true

5) Reconfigure & Restart the GitLab to apply all changes

First, use the below command to Reconfigure the GitLab and wait for re-configuration to complete.

sudo gitlab-ctl reconfigure 

Then Restart GitLab to use the latest configuration, to restart GitLab use the below command

sudo gitlab-ctl restart

It will take a few minutes to completely restart the GitLab services (max 5 minutes so wait for the complete restart)