Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

How to install GitLab on Fedora 26 with AD CS SSL

IT Discussion

1.9k

Obsolesce

I tried to follow Scott's guide here, but for Fedora 26 it didn't quite work and I had to do things differently.

Here's the steps I logged as I went along. I believe following them exactly will get you from a fresh install to a working https gitlab.

In PowerShell on your Hyper-V Hypervisor:

New-VHD -Path "E:\Hyper-V\Virtual Hard Disks\gitlabServer.vhdx" -SizeBytes 500GB -Dynamic -BlockSizeBytes 1MB

After Fedora 26 is installed:

dnf install hyperv-daemons hypervvssd hyperv-tools

Disable network manager (because it usually ruins your life later):

systemctl stop NetworkManager.service
systemctl disable NetworkManager.service
systemctl enable network.service
reboot now

Install ability to use semanage:

dnf install policycoreutils-python-utils

Install full cockpit:

dnf install cockpit

Make sure all is up to date:

dnf upgrade

Make all space available, resize... easy to do in Cockpit.
Install GitLab dependencies (may already be installed) depending on your OS install:

dnf install -y curl openssh-server openssh-clients cronie

Open firewall/selinux:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
semanage permissive -a httpd_t

More dependencies (I don't think these are needed, but if they are):

dnf install -y pygpgme yum-utils

Install GitLab:

wget https://packages.gitlab.com/gitlab/gitlab-ce/packages/el/7/gitlab-ce-9.4.5-ce.0.el7.x86_64.rpm/download
mv download gitlab-ce-9.4.5-ce.0.el7.x86_64.rpm
dnf install -y gitlab-ce-9.4.5-ce.0.el7.x86_64.rpm

Config and start GitLab (may take about 2 minutes):

gitlab-ctl reconfigure

Add SMTP server config -> vi /etc/gitlab/gitlab.rb:

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtpServer.domain.local"
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_authentication'] = false
gitlab_rails['smtp_enable_starttls_auto'] = true

gitlab_rails['gitlab_email_from'] = '[email protected]'
gitlab_rails['gitlab_email_reply_to'] = '[email protected]'

gitlab-ctl reconfigure

Send email test:

gitlab-rails console

Notify.test_email('[email protected]', 'GitLab Test Email', 'This is a test.').deliver_now

Convert your AD CS wildcard cert.pfx to PEM and KEY for nginx:

openssl pkcs12 -in domain_wildcard_cert.pfx -out domainwild-encrypted.key
openssl pkcs12 -in domain_wildcard_cert.pfx -clcerts -nokeys -out domainwild-certificate.crt
openssl rsa -in domainwild-encrypted.key -out domainwild-decrypted.key
openssl pkcs12 -in domain_wildcard_cert.pfx -out domain-ca.crt -nodes -nokeys -cacerts
cat domainwild-certificate.crt domain-ca.crt > full_cert.crt

Create ssl directory for gitlab (extra info - https://docs.gitlab.com/omnibus/settings/nginx.html

mkdir -p /etc/gitlab/ssl
chmod 0700 /etc/gitlab/ssl
cp /mnt/domainwild-decrypted.key /etc/gitlab/ssl/gitlabServer.domain.local.key
cp /mnt/full_cert.crt /etc/gitlab/ssl/gitlabServer.domain.local.crt

Edit file to enable https and redirect to https -> vi /etc/gitlab/gitlab.rb:

external_url "https://gitlabServer.domain.local"
nginx['redirect_http_to_https'] = true
sudo gitlab-ctl reconfigure

Now you should be able to access your gitlab via https.

B

black3dynamite @Obsolesce
last edited by

@tim_g
Do you know what tools and scripts that is available when installing hyperv-tools?
1 Reply Last reply
Reply Quote 0