How To Install GitLab Omnibus on AWS
GitLab is a powerful open-source Git repository manager that provides code management, continuous integration/deployment (CICD), and more. It is used by developers and organizations of all sizes to host and manage their code, test software, and collaborate on projects.
If your organization wants to use GitLab, one option is to install it on your own self-managed infrastructure. Self-managing your GitLab instance allows you to configure to your needs instead of relying on GitLab's SAAS product.
In this article, we’ll walk through how to install GitLab on AWS, on a server running Ubuntu.
This assumes you already have:
A server running Ubuntu or your Linux distribution of choice (a t3.large with extended memory is sufficient).
- A non-root user with sudo privileges.
- A firewall configured to allow access to the following ports: 80 (HTTP) and 443 (HTTPS).
- A certificate for the URL you would like to use for your GitLab instance.
After this article, you will have a working GitLab, self-managed installation and understand how to best maintain it to keep yourself ahead of any issues or vulnerabilities that may arise.
Step 1: Install Dependencies
Setting up GitLab requires a number of dependencies in order to run properly. These include a package manager, a web server, and a database server.
First, update the package manager's package database:
`sudo apt-get update`
Next, install the dependencies using the package manager:
`sudo apt-get install -y curl policycoreutils-python openssh-server postfix`
`sudo systemctl enable postfix`
`sudo systemctl start postfix`
Postfix is GitLab's email solution. Once installed, you may have to run through some configurations.
Select "internet site" from the first choice,use the external DNS of your instance for "mail name," and leave all other choices at default.
Step 2: Add the GitLab Package Repository
To install GitLab, you will need to add the GitLab package repository to your system.
To do this, add the repository configuration file to the /etc/apt-get.repos.d directory:
`sudo curl -o /etc/apt-get.repos.d/gitlab-ce.repo https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/config_file.repo`
Once this is done, you will be able to install GitLab Community Edition Packages!
Step 3: Install GitLab Omnibus
Now that you have added the GitLab package repository, you can install GitLab using the package manager:
`sudo apt-get install -y gitlab-ce`
This step may take awhile. GitLab Community Edition will install to your machine, at the most recent version. As of writing, GitLab is at version 15.6.1.
Step 4: Configure GitLab
GitLab can be configured using the /etc/gitlab/gitlab.rb configuration file.
To configure the URL at which GitLab will be accessible, edit the external_url setting:
`sudo vim /etc/gitlab/gitlab.rb`
For example, if you want GitLab to be accessible at https://gitlab.example.com, you would set the external_url as follows:
Step 5: Run the GitLab Configuration Script
After making any changes to the configuration file, you will need to run the GitLab configuration script to apply the changes:
`sudo gitlab-ctl reconfigure`
After running these steps, you will be able to access GitLab at your configured URL!
Maintaining Your GitLab Installation
After installing GitLab and logging into your GitLab instance, you are now done and able to use GitLab for your needs. Since this is a self-managed instance, all other configurations are up to your discretion.
### Securing Your Instance
When you log into your instance, you will be at a boilerplate installation—by default, security configurations such as 2FA and sign-up restrictions will not be implemented.
To enable 2FA for all users and :
On the top bar, select Main menu and Admin.
On the sidebar, select Settings > General.
Expand the Sign-in restrictions section, where you can enable both 2FA and require admin approval for all new users.
Backing Up GitLab
In case of any problems with your instance, you should maintain constant backups so that you can roll back whenever the need arises.
Configuration details for backups can be found at `gitlab.rb`. The default backup directory is `/var/opt/gitlab/backups` and will be stored as tar files.
Run this command to create a new backup:
`sudo gitlab-backup create`
This will backup the critical components of GitLab such as the database, repository data, CI/CD data, and packages among other things.
What is not stored by a GitLab backup is the `/etc/gitlab` directory. You must find a separate solution to backup this directory—at the minimum `/etc/gitlab/gitlab-secrets.json` and `/etc/gitlab/gitlab.rb` must be stored.
Run this command to store the configuration files:
`sudo gitlab-ctl backup-etc`
By backing up your configuration files and other critical components, you protect your instance against any catastrophic failures.
One responsibility is upgrading your GitLab instance when needed.
On the 22nd of every month, GitLab releases a new version, and maintaining an up-to-date installation is imperative for keeping your instance secure and being able to use new and exciting features.
On the whole, upgrading GitLab is a relatively straight-forward process. However, you should still prepare for any issues that may arise in the upgrade process. One of these is making sure you have adequate backups.
Running this command will make sure that your configuration is working:
`sudo gitlab-rake gitlab:check`
And run this command to make sure that database values can be decrypted:
`sudo gitlab-rake gitlab:doctor:secrets`
With these two values checked and cleared to go, log in to the UI and make certain that all items look as expected.
Pro Tip: Before upgrading GitLab, it is important to understand the changes for the upcoming version. So do look into documentation to see what will change. If you maintain a consistent upgrade process, you will be able to upgrade one version at a time. If you are multiple versions behind, you will need to create an upgrade plan through various minor and major versions. Run this command to update GitLab to the most recent version:
`sudo apt update && sudo apt install gitlab-ee`
And that's all you need to create your own self-managed GitLab instance. By maintaining an up-to-date installation and backups you can be sure that your instance is secure against any issues.
If you have questions about GitLab infrastructure or setting up your own self-managed instance, NextLink Labs can help.
Check out our GitLab Training service to see if it’d be helpful for your team.
Stay in the Loop!
Subscribe to our Newsletter