How to install GitLab on Fedora 26 with AD CS SSL
-
I tried to follow Scott's guide here, but for Fedora 26 it didn't quite work and I had to do things differently.
Here's the steps I logged as I went along. I believe following them exactly will get you from a fresh install to a working https gitlab.
- In PowerShell on your Hyper-V Hypervisor:
New-VHD -Path "E:\Hyper-V\Virtual Hard Disks\gitlabServer.vhdx" -SizeBytes 500GB -Dynamic -BlockSizeBytes 1MB
- After Fedora 26 is installed:
dnf install hyperv-daemons hypervvssd hyperv-tools
- Disable network manager (because it usually ruins your life later):
systemctl stop NetworkManager.service systemctl disable NetworkManager.service systemctl enable network.service reboot now
- Install ability to use semanage:
dnf install policycoreutils-python-utils
- Install full cockpit:
dnf install cockpit
- Make sure all is up to date:
dnf upgrade
- Make all space available, resize... easy to do in Cockpit.
- Install GitLab dependencies (may already be installed) depending on your OS install:
dnf install -y curl openssh-server openssh-clients cronie
- Open firewall/selinux:
firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https firewall-cmd --reload semanage permissive -a httpd_t
- More dependencies (I don't think these are needed, but if they are):
dnf install -y pygpgme yum-utils
- Install GitLab:
wget https://packages.gitlab.com/gitlab/gitlab-ce/packages/el/7/gitlab-ce-9.4.5-ce.0.el7.x86_64.rpm/download mv download gitlab-ce-9.4.5-ce.0.el7.x86_64.rpm dnf install -y gitlab-ce-9.4.5-ce.0.el7.x86_64.rpm
- Config and start GitLab (may take about 2 minutes):
gitlab-ctl reconfigure
- Add SMTP server config -> vi /etc/gitlab/gitlab.rb:
gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtpServer.domain.local" gitlab_rails['smtp_port'] = 25 gitlab_rails['smtp_authentication'] = false gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['gitlab_email_from'] = '[email protected]' gitlab_rails['gitlab_email_reply_to'] = '[email protected]' gitlab-ctl reconfigure
- Send email test:
gitlab-rails console
Notify.test_email('[email protected]', 'GitLab Test Email', 'This is a test.').deliver_now
- Convert your AD CS wildcard cert.pfx to PEM and KEY for nginx:
openssl pkcs12 -in domain_wildcard_cert.pfx -out domainwild-encrypted.key openssl pkcs12 -in domain_wildcard_cert.pfx -clcerts -nokeys -out domainwild-certificate.crt openssl rsa -in domainwild-encrypted.key -out domainwild-decrypted.key openssl pkcs12 -in domain_wildcard_cert.pfx -out domain-ca.crt -nodes -nokeys -cacerts cat domainwild-certificate.crt domain-ca.crt > full_cert.crt
- Create ssl directory for gitlab (extra info - https://docs.gitlab.com/omnibus/settings/nginx.html
mkdir -p /etc/gitlab/ssl chmod 0700 /etc/gitlab/ssl cp /mnt/domainwild-decrypted.key /etc/gitlab/ssl/gitlabServer.domain.local.key cp /mnt/full_cert.crt /etc/gitlab/ssl/gitlabServer.domain.local.crt
- Edit file to enable https and redirect to https -> vi /etc/gitlab/gitlab.rb:
external_url "https://gitlabServer.domain.local" nginx['redirect_http_to_https'] = true sudo gitlab-ctl reconfigure
- Now you should be able to access your gitlab via https.
-
@tim_g
Do you know what tools and scripts that is available when installing hyperv-tools?