Difference between revisions of "Gitlab"

From ArchWiki
Jump to: navigation, search
m (updated backup and restore section)
m (Add copy of default mysql template in /etc/webcapps/gitlab/database.yml)
 
(326 intermediate revisions by 51 users not shown)
Line 1: Line 1:
 
[[Category:Version Control System]]
 
[[Category:Version Control System]]
{{Article summary start}}
+
[[ja:Gitlab]]
{{Article summary text|This page gives guidelines for the installation and configuration of Gitlab on Archlinux.}}
+
{{Related articles start}}
{{Article summary heading|Related}}
+
{{Related|Gitolite}}
{{Article summary wiki|Gitolite}}
+
{{Related|Ruby on Rails}}
{{Article summary wiki|Ruby on Rails}}
+
{{Related articles end}}
{{Article summary end}}
+
[http://gitlab.org/ Gitlab] is a free git repository management application based on [[Ruby on Rails]]. It is distributed under the MIT License and its source code can be found on [https://github.com/gitlabhq/gitlabhq Github]. It is a very active project with a monthly release cycle and ideal for businesses that want to keep their code private. Consider it as a self hosted Github but open source. You can try a demo [http://demo.gitlabhq.com/ here].
+
{{Note|Throughout the article, sudo is heavily used, assuming that the user that is running the commands is root or someone with equal privileges. There is no need to edit the sudoers file whatsoever. It is only used to change to the appropriate user. For more info read {{ic|man sudo}}.}}
+
  
==Required packages==
+
{{Accuracy|Commands are incomplete/incorrect, reported upgrade issues}}
  
Install the packages below as they are needed to proceed further.
+
From [https://about.gitlab.com/ GitLab's homepage:]
  
# pacman -Syu --noconfirm --needed sudo base-devel zlib libyaml openssl gdbm readline ncurses libffi curl git openssh redis libxml2 libxslt icu python2
+
:GitLab offers git repository management, code reviews, issue tracking, activity feeds and wikis. Enterprises install GitLab on-premise and connect it with LDAP and Active Directory servers for secure authentication and authorization. A single GitLab server can handle more than 25,000 users but it is also possible to create a high availability setup with multiple active servers.
  
{{Note| In order to receive mail notifications, make sure to install a mail server. By default, Archlinux does not ship with one. The recommended mail server is [[postfix]], but you can use others such as [[SSMTP]], [[msmtp]], [[sendmail]], [https://wiki.archlinux.org/index.php/Category:Mail_Server etc].}}
+
An example live version can be found at [https://gitlab.com/ GitLab.com].
  
== PKGBUILDs for Gitlab and Gitlab-shell ==
+
== Installation ==
There are some (not fully working) PKGBUILDs available to create installable packages:
+
{{Note|If you want to use RVM refer to the article [[#Running GitLab with rvm]] before starting with the installation}}
  
[https://github.com/mtorromeo/archlinux-packages/tree/master/gitlab Gitlab PKGBUILD on GitHub.com]
+
{{Note|This article covers installing and configuring GitLab without HTTPS at first. If needed, see [[#Advanced Configuration]] to set up SSL}}
  
[https://github.com/mtorromeo/archlinux-packages/tree/master/gitlab-shell Gitlab-shell PKGBUILD on GitHub.com]
+
GitLab requires a database backend. If you plan to run it on the same machine, first install either [[MySQL]] or [[PostgreSQL]].
  
(Please extend/rename this section with further instructions)
+
[[Install]] the {{pkg|gitlab}} package.
  
==Ruby==
+
In order to receive mail notifications, a mail server must be installed and configured. See the following for more information: [[:Category:Mail server]]
  
GitLab supports [[ruby]] >= {{ic|1.9.3}} and {{ic|2.0.0}}, but some dependencies gems work better with ruby {{ic|1.9.3}}. Install it from the official repositories and if you bump into any trouble use [[rvm]] with latest ruby {{ic|1.9.3}}.
+
== Configuration ==
  
{{Note|If you want to use rvm be sure to check out [[Gitlab#Running GitLab with rvm]] before starting with the installation}}
+
=== Notes Before Configuring ===
 +
The {{pkg|gitlab}} package installs GitLab's files in a manner that more closely follows standard Linux conventions:
  
==User accounts==
+
{| class="wikitable"
 +
! Description
 +
! [https://github.com/gitlabhq/gitlabhq/blob/6-5-stable/doc/install/installation.md GitLab's Official]
 +
! {{pkg|gitlab}}
 +
|----------------------------------------------------------
 +
| Configuration File GitShell
 +
| {{ic|/home/git/gitlab-shell/config.yml}}
 +
| {{ic|/etc/webapps/gitlab-shell/config.yml}}
 +
|----------------------------------------------------------
 +
| Configuration File GitLab
 +
| {{ic|/home/git/gitlab/config/gitlab.yml}}
 +
| {{ic|/etc/webapps/gitlab/gitlab.yml}}
 +
|----------------------------------------------------------
 +
| User (Home Directory)
 +
| {{ic|git}} ({{ic|/home/git}})
 +
| {{ic|gitlab}} ({{ic|/var/lib/gitlab}})
 +
|}
  
Add {{ic|git}} user:
+
{{tip|If you are familiar with the [[Arch Build System]] you can edit the PKGBUILD and relevant files to change gitlab's home directory to a place of your liking.}}
  
# useradd -U -m -d /home/git git
+
===Basic configuration===
 +
====GitLab Shell====
 +
{{Note|You can leave the {{ic|gitlab_url}} with default value if you intend to host GitLab on the same host.}}
  
{{Note| {{ic|git}} user must have its initial group set to {{ic|git}} (not {{ic|users}}). If the initial group is not {{ic|git}}, then all files created by the {{ic|git}} user will be owned by {{ic|git:users}} which will prevent GitLab from showing you a newly created repository (it will get stucked at the page where it tells you how to push to the new repository).}}
+
Edit {{ic|/etc/webapps/gitlab-shell/config.yml}} and set {{ic|gitlab_url:}} to the prefer url and port:
 +
{{hc|/etc/webapps/gitlab-shell/config.yml|2=
 +
# GitLab user. git by default
 +
user: gitlab
  
==gitlab-shell==
+
# Url to gitlab instance. Used for api calls. Should end with a slash.
 +
# Default: http://localhost:8080/
 +
# You only have to change the default if you have configured Unicorn
 +
# to listen on a custom port, or if you have configured Unicorn to
 +
# only listen on a Unix domain socket.
 +
gitlab_url: "http://localhost:8080/" # <<-- right here
  
GitLab Shell is an ssh access and repository management software developed specially for GitLab.
+
http_settings:
 +
#  user: someone
 +
#  password: somepass
 +
...
 +
}}
  
Login as git:
+
Update the {{ic|/etc/webapps/gitlab/unicorn.rb}} configuration if the port and/or hostname is different from the default:
+
{{hc|/etc/webapps/gitlab/unicorn.rb|2=
# su - git
+
listen "127.0.0.1:8080", :tcp_nopush => true # <<-- right here
 +
}}
  
Clone gitlab shell:
+
====GitLab====
+
Edit {{ic|/etc/webapps/gitlab/gitlab.yml}} and setup at least the following parameters:
$ git clone https://github.com/gitlabhq/gitlab-shell.git
+
$ cd gitlab-shell
+
  
Switch to the right version:
+
{{Tip|The hostname and port are used for the {{ic|git clone http://hostname:port}} as example.}}
  
$ git checkout v1.4.0
+
'''Hostname:''' In the {{ic|gitlab:}} section set {{ic|host:}} - replacing {{ic|localhost}} to {{ic|yourdomain.com}} ('''note:''' no 'http://' or trailing slash) - into your fully qualified domain name.
  
Edit {{ic|config.yml}} and replace gitlab_url with something like {{ic|http://domain.com/}}:
+
'''Port:''' {{ic|port:}} can be confusing. This is not the port that the gitlab server (unicorn) runs on; it's the port that users will initially access through in their browser. Basically, if you intend for users to visit 'yourdomain.com' in their browser, without appending a port number to the domain name, leave {{ic|port:}} as {{ic|80}}. If you intend your users to type something like 'yourdomain.com:3425' into their browsers, then you'd set {{ic|port:}} to {{ic|3425}}. You will also have to '''configure your webserver''' to listen on that port.
  
$ cp config.yml.example config.yml
+
'''Timezone (optional):''' The {{ic|time_zone:}} parameter is optional, but may be useful to force the zone of GitLab applications.
  
Setup the environment:
+
Those are the minimal changes needed for a working GitLab install. The adventurous may read on in the comment and customize as needed.
  
$ ./bin/install
+
=== Further configuration ===
  
You should see this result:
+
==== Database backend ====
 +
A Database backend will be required before Gitlab can be run. Currently GitLab supports [[MariaDB]] and [[PostgreSQL]]. By default, GitLab assumes you will use MySQL. Extra work is needed if you plan to use PostgreSQL.
  
{{hc|Example output|<nowiki>
+
==== MariaDB ====
mkdir -p /home/git/repositories: true
+
To set up MySQL (MariaDB) you need to create a database called {{ic|gitlabhq_production}} along with a user (default: {{ic|gitlab}}) who has full privileges to the database:
mkdir -p /home/git/.ssh: true
+
chmod 700 /home/git/.ssh: true
+
touch /home/git/.ssh/authorized_keys: true
+
chmod 600 /home/git/.ssh/authorized_keys: true
+
chmod -R ug+rwX,o-rwx /home/git/repositories: true
+
find /home/git/repositories -type d -print0 | xargs -0 chmod g+s: true
+
</nowiki>}}
+
  
==Database selection==
+
{{hc|$ mysql -u root -p|2=
 +
mysql> CREATE DATABASE `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
 +
mysql> CREATE USER 'gitlab'@'localhost' IDENTIFIED BY 'password';
 +
mysql> GRANT ALL ON `gitlabhq_production`.* TO 'gitlab'@'localhost';
 +
mysql> \q
 +
}}
  
Currently GitLab supports [[MySQL]] and [[PostgreSQL]]. [[MariaDB]] has not been officially tested but it works just fine.
+
Try connecting to the new database with the new user:
  
===MariaDB===
+
$ mysql -u '''gitlab''' -p -D gitlabhq_production
  
[[pacman|Install]] {{Pkg|mariadb}} and {{Pkg|libmariadbclient}} from the [[official repositories]] and start the [[daemon]]. Create the database and do not forget to replace {{ic|your_password_here}} with a real one.
+
Copy the MySQL template file before configuring it:
  
  # su - git
+
  # cp /usr/share/doc/gitlab/database.yml.mysql /etc/webapps/gitlab/database.yml
$ mysql -u root -p
+
  
mysql> CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
+
Next you will need to open {{ic|/etc/webapps/gitlab/database.yml}} and set {{ic|username:}} and {{ic|password:}} for the {{ic|gitlabhq_production}}:
mysql> CREATE USER 'gitlab'@'localhost' IDENTIFIED BY 'your_password_here';
+
mysql> GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'gitlab'@'localhost';
+
mysql> \q
+
  
Try connecting to the new database with the new user:
+
{{hc|/etc/webapps/gitlab/database.yml|
 +
#
 +
# PRODUCTION
 +
#
 +
production:
 +
  adapter: mysql2
 +
  encoding: utf8
 +
  collation: utf8_general_ci
 +
  reconnect: false
 +
  database: gitlabhq_production
 +
  pool: 10
 +
  username: '''username'''
 +
  password: '''"password"'''
 +
  # host: localhost
 +
  # socket: /run/mysqld/mysqld.sock # If running MariaDB as socket
 +
...
 +
}}
  
$ mysql -u gitlab -p -D gitlabhq_production
+
It should not be set as world readable, e.g. only processes running under the {{ic|gitlab}} user should have read/write access:
  
===PostgreSQL===
+
# chmod 600 /etc/webapps/gitlab/database.yml
 +
# chown gitlab:gitlab /etc/webapps/gitlab/database.yml
  
[[pacman|Install]] {{Pkg|postgresql}} and {{Pkg|libpqxx}} from the [[official repositories]]. Follow [[PostgreSQL#Installing_PostgreSQL]] to set it up and start the [[daemon]].
+
For more info and other ways to create/manage MySQL databases, see the [https://mariadb.org/docs/ MariaDB documentation] and the [https://github.com/gitlabhq/gitlabhq/blob/6-5-stable/doc/install/installation.md GitLab official (generic) install guide].
  
Login to PostgreSQL and remember to change {{ic|your_password_here}} to a real one:
+
==== PostgreSQL ====
 +
Login to PostgreSQL and create the {{ic|gitlabhq_production}} database with along with it's user. Remember to change {{ic|your_username_here}} and {{ic|your_password_here}} to the real values:
  
  # sudo -u postgres psql -d template1
+
  # psql -d template1
  
template1=# CREATE USER git WITH PASSWORD 'your_password_here';
+
{{bc|1=
template1=# CREATE DATABASE gitlabhq_production OWNER git;
+
template1=# CREATE USER your_username_here WITH PASSWORD 'your_password_here';
template1=# \q
+
template1=# ALTER USER your_username_here SUPERUSER;
 +
template1=# CREATE DATABASE gitlabhq_production OWNER your_username_here;
 +
template1=# \q
 +
}}
  
Try connecting to the new database with the new user:
+
{{Note|The reason for creating the user as a superuser is that GitLab is trying to be "smart" and install extensions (not just create them in it's own userspace). And this is only allowed by superusers in Postgresql.}}
  
# sudo -u git -H psql -d gitlabhq_production
+
Try connecting to the new database with the new user to verify it works:
  
===MySQL===
+
# psql -d gitlabhq_production
  
If you are still in favor of {{AUR|mysql}}, follow the same commands as MariaDB.
+
Copy the PostgreSQL template file before configuring it (overwriting the default MySQL configuration file):
  
==Gitlab==
+
# cp /usr/share/doc/gitlab/database.yml.postgresql /etc/webapps/gitlab/database.yml
  
===Installation===
+
Open the new {{ic|/etc/webapps/gitlab/database.yml}} and set the values for {{ic|username:}} and {{ic|password:}}. For example:
  
Clone GitLab's repository:
+
{{hc|/etc/webapps/gitlab/database.yml|
# su - git
+
#
$ git clone https://github.com/gitlabhq/gitlabhq.git gitlab
+
# PRODUCTION
$ cd gitlab
+
#
$ git checkout 5-2-stable
+
production:
 +
  adapter: postgresql
 +
  encoding: unicode
 +
  database: gitlabhq_production
 +
  pool: 10
 +
  username: your_username_here
 +
  password: "your_password_here"
 +
  # host: localhost
 +
  # port: 5432
 +
  # socket: /tmp/postgresql.sock
 +
...
 +
}}
  
{{Note| You can change {{ic|5-2-stable}} to {{ic|master}} if you want the bleeding edge version, but do so with caution! Check github to see what is the latest stable version and replace above accordingly.}}
+
For our purposes (unless you know what you are doing), you do not need to worry about configuring the other databases listed in {{ic|/etc/webapps/gitlab/database.yml}}. We only need to set up the production database to get GitLab working.
  
===Basic configuration===
+
Finally, open {{ic|/usr/lib/systemd/system/gitlab.target}} and {{ic|/usr/lib/systemd/system/gitlab-unicorn.service}} change all instances of {{ic|mysql.service}} to {{ic|postgresql.service}}.
  
First we need to rename the example file.
+
==== Firewall ====
  
$ cp config/gitlab.yml.example config/gitlab.yml
+
If you want to give direct access to your Gitlab installation through an [[iptables]] firewall, you may need to adjust the port and the network address:
  
The options are pretty straightforward. Open {{ic|config/gitlab.yml}} with your favorite editor and edit where needed.
+
# iptables -A tcp_inbound -p TCP -s '''192.168.1.0/24''' --destination-port '''80''' -j ACCEPT
Make sure to change {{ic|localhost}} to the fully-qualified domain name of your host serving GitLab where necessary.
+
  
Make sure GitLab can write to the {{ic|log/}} and {{ic|tmp/}} directories:
+
To enable API-access:
  
  $ chown -R git log/
+
  # iptables -A tcp_inbound -p TCP -s '''192.168.1.0/24''' --destination-port '''8080''' -j ACCEPT
$ chown -R git tmp/
+
$ chmod -R u+rwX  log/
+
$ chmod -R u+rwX  tmp/
+
  
Create directory for satellites:
+
If you are behind a router, do not forget to forward this port to the running GitLab server host, if you want to allow WAN-access.
+
$ mkdir /home/git/gitlab-satellites
+
  
Create directories for sockets/pids and make sure GitLab can write to them:
+
==== Satellites access ====
  
$ mkdir tmp/{pids,sockets}
+
The folder {{ic|satellites}} should have the following permissions set:
$ chmod -R u+rwX  tmp/{pids,sockets}
+
  
Create the {{ic|public/uploads}} directory otherwise backup will fail:
+
# chmod 750 /var/lib/gitlab/satellites
  
$ mkdir public/uploads
+
==== Initialize Gitlab database ====
$ chmod -R u+rwX  public/uploads
+
  
Copy the example Puma config and edit to your liking:
+
Start the Redis server before we create the database [[start/enable]] the {{ic|redis}} systemd unit.
  
$ cp config/puma.rb.example config/puma.rb
+
Now you have to install bundler and the required gems with:
  
Configure Git global settings for git user, useful when editing via web. Edit {{ic|user.email}} according to what is set in {{ic|gitlab.yml}}:
+
# export PATH=$PATH:/var/lib/gitlab/.gem/ruby/2.3.0/bin
 +
# sudo -u gitlab -H gem install bundler --no-document
 +
# cd /usr/share/webapps/gitlab
 +
# sudo -u gitlab -H bundle install
  
$ git config --global user.name "GitLab"
+
{{Warning|GitLab requires {{ic|bundle}} command, not {{ic|bundle-2.1}}, don't forget to install it.}}
$ git config --global user.email "gitlab@localhost"
+
  
Configure GitLab database settings:
+
{{Note|If you're getting errors later on saying bundle is missing for the user 'gitlab', then this is most likely because ruby is installed in a non-readable folder such as /usr/lib or something similar and this solves that issue:
  
* MariaDB:
+
{{bc|<nowiki>
$ cp config/database.yml.mysql config/database.yml
+
su - gitlab -s /bin/sh -c "export PATH=$PATH:/var/lib/gitlab/.gem/ruby/2.3.0/bin; gem install bundler --no-document"
 +
su - gitlab -s /bin/sh -c "export PATH=$PATH:/var/lib/gitlab/.gem/ruby/2.3.0/bin; cd /usr/share/webapps/gitlab; bundle install"
 +
su - gitlab -s /bin/sh -c "export PATH=$PATH:/var/lib/gitlab/.gem/ruby/2.3.0/bin; cd /usr/share/webapps/gitlab; bundle exec rake gitlab:setup RAILS_ENV=production"
 +
su - gitlab -s /bin/sh -c "export PATH=$PATH:/var/lib/gitlab/.gem/ruby/2.3.0/bin; cd /usr/share/webapps/gitlab; bundle exec rake assets:precompile RAILS_ENV=production"
 +
</nowiki>}}
 +
}}
  
* PostgreSQL:
+
Initialize the database and activate advanced features:
  $ cp config/database.yml.postgresql config/database.yml
+
  # cd /usr/share/webapps/gitlab
 +
# su - gitlab -s /bin/sh -c "cd '/usr/share/webapps/gitlab'; bundle exec rake gitlab:setup RAILS_ENV=production"
  
Make sure to update {{ic|username}}/{{ic|password}} in {{ic|config/database.yml}}.
+
{{bc|<nowiki>
 +
Missing `db_key_base` for 'production' environment. The secrets will be generated and stored in `config/secrets.yml`
 +
This will create the necessary database tables and seed the database.
 +
You will lose any previous data stored in the database.
 +
Do you want to continue (yes/no)? yes
  
 +
gitlabhq_production already exists
 +
-- enable_extension("plpgsql")
 +
  -> 0.0009s
 +
-- create_table("abuse_reports", {:force=>true})
 +
  -> 0.0300s
 +
-- create_table("application_settings", {:force=>true})
 +
  -> 0.0116s
  
===Install gems===
+
...
  
{{Tip| If you do not want to download any gem documentation, add {{ic|gem: --no-rdoc --no-ri}} to {{ic|/home/git/.gemrc}}. Be sure to add it as the {{ic|git}} user in order to acquire the appropriate permissions.}}
+
Administrator account created:
{{Note|See bug #[https://bugs.archlinux.org/task/33327 33327] for about system-wide gems. As a temporary solution the following packages will be installed as {{ic|git}} user, make sure {{ic|/home/git/.gemrc}} contains {{ic|gem: ... --user-install}}. And then add the {{ic|bin}} path to the {{ic|PATH}} variable like so {{ic|1=export PATH="$PATH:~/.gem/ruby/2.0.0/bin"}}.}}
+
  
Install {{ic|bundler}} and {{ic|charlock_holmes}} under {{ic|/git/home/.gem/}} (normally system wide via sudo):
+
login.........root
 +
password......5iveL!fe
 +
</nowiki>}}
  
# su - git
+
Now compile the assets:
$ gem install charlock_holmes --version '0.6.9.4'
+
$ gem install bundler
+
  
Install gems from Gemfile:
+
# su - gitlab -s /bin/sh -c "cd '/usr/share/webapps/gitlab'; bundle exec rake assets:precompile RAILS_ENV=production"
  
$ cd gitlab/
+
Finally, check that {{ic|/etc/webapps/gitlab/secret}} contains a random hex string.
  
{{Note|When executing the below and you recieve `Could not verify the SSL certificate for https://rubygems.org/` see bug #[https://github.com/gitlabhq/gitlabhq/issues/4095 GitHub-4095] most likely because you're behind a proxy that tries to inject a local certificate for SSL domains in order to verify its content}}
+
==== Configure Git User  ====
 +
{{Note|This must match the {{ic|user}} and {{ic|email_from}} defined in {{ic|/usr/share/webapps/gitlab/config/gitlab.yml}}.}}
  
If you used MariaDB:
+
# cd /usr/share/webapps/gitlab
 +
# sudo -u gitlab -H git config --global user.name  "GitLab"
 +
# sudo -u gitlab -H git config --global user.email "example@example.com"
 +
# sudo -u gitlab -H git config --global core.autocrlf "input"
  
$ bundle install --deployment --without development test postgres
+
==== Adjust modifier bits ====
 +
(The gitlab check won't pass if the user and group ownership isn't configured properly)
  
If you used PostgreSQL:
+
# chmod -R ug+rwX,o-rwx /var/lib/gitlab/repositories/
 +
# chmod -R ug-s /var/lib/gitlab/repositories
 +
# find /var/lib/gitlab/repositories/ -type d -print0 | xargs -0 chmod g+s
  
$ bundle install --deployment --without development test mysql
+
== Start and test GitLab ==
 +
{{note|See [[#Troubleshooting]] and log files inside the {{ic|/usr/share/webapps/gitlab/log}} directory for troubleshooting.}}
 +
Make systemd see your new daemon unit files:
  
{{Note|1= Using {{ic|--without group_name}} in bundle command line will ignore required packages for the mentioned groups.}}
+
# systemctl daemon-reload
  
===Initialize Database===
+
Make sure [[MySQL]] or [[PostgreSQL]] and Redis are running and setup correctly.
  
{{Note| Make sure the redis [[daemon]] is enabled and started, otherwise the following command will fail. To check the status and see if it's running execute {{ic|systemctl status redis}}, if it's dead start it as per usual via {{ic|systemctl start redis}}}}
+
If needed see [[#Redis Over Unix Socket]] example if GitLab cannot load {{ic|redis}} correctly.
  
Initialize database and activate advanced features:
+
After starting the database backends, we can start GitLab with its webserver (Unicorn) by [[start]]ing both the {{ic|gitlab-sidekiq}} and {{ic|gitlab-unicorn}} systemd units.
$ bundle exec rake gitlab:setup RAILS_ENV=production
+
  
{{Note|If you recieve a error {{ic|No such file or directory - /home/git/repositories/root}} then most likely you've changed the default configuration for {{ic|GitLab}} and you'll need to modify all static paths in {{ic|config/gitlab.yml}} and run the above command again to initialize the database!}}
+
With the following commands we check if the steps we followed so far are configured properly:
  
===Check status===
+
# cd /usr/share/webapps/gitlab
 +
# sudo -u gitlab bundle exec rake gitlab:env:info RAILS_ENV=production
 +
# sudo -u gitlab bundle exec rake gitlab:check RAILS_ENV=production
  
With the following commands we check if the steps we followed so far are configured properly.  
+
{{note|These gitlab:env:info and gitlab:check commands will show a fatal error related to git. This is OK.}}
  
$ bundle exec rake gitlab:env:info RAILS_ENV=production
+
{{hc|<nowiki>$ sudo -u gitlab bundle exec rake gitlab:env:info RAILS_ENV=production</nowiki>|<nowiki>
$ bundle exec rake gitlab:check RAILS_ENV=production
+
fatal: Not a git repository (or any of the parent directories): .git
  
{{hc|Example output of gitlab:env:info|
 
 
System information
 
System information
System: Arch Linux
+
System: Arch rolling
Current User: git
+
Current User: gitlab
Using RVM: yes
+
Using RVM: no
RVM Version: 1.20.3
+
Ruby Version: 2.2.3p173
Ruby Version: 2.0.0p0
+
Gem Version: 2.4.5.1
Gem Version: 2.0.0
+
Bundler Version:1.10.6
Bundler Version:1.3.5
+
Rake Version: 10.4.2
Rake Version: 10.0.4
+
Sidekiq Version:3.3.0
  
 
GitLab information
 
GitLab information
Version: 5.2.0.pre
+
Version: 7.14.0
Revision: 4353bab
+
Revision: fatal: Not a git repository (or any of the parent directories): .git
Directory: /home/git/gitlab
+
Directory: /usr/share/webapps/gitlab
 
DB Adapter: mysql2
 
DB Adapter: mysql2
 
URL: http://gitlab.arch
 
URL: http://gitlab.arch
Line 245: Line 318:
  
 
GitLab Shell
 
GitLab Shell
Version: 1.4.0
+
Version: 2.6.4
Repositories: /home/git/repositories/
+
Repositories: /var/lib/gitlab/repositories/
Hooks: /home/git/gitlab-shell/hooks/
+
Hooks: /usr/share/webapps/gitlab-shell/hooks/
 
Git: /usr/bin/git
 
Git: /usr/bin/git
}}
+
</nowiki>}}
  
{{Note| {{ic|gitlab:check}} will complain about missing initscripts. Don't worry, we will use ArchLinux' [[systemd]] to manage server start (which GitLab does not recognize).}}
+
{{Note| {{ic|gitlab:check}} will complain about missing initscripts. This is nothing to worry about, as [[systemd]] service files are used instead (which GitLab does not recognize).}}
  
==Web server configuration==
+
{{hc|<nowiki>$ sudo -u gitlab bundle exec rake gitlab:check RAILS_ENV=production</nowiki>|<nowiki>
 +
fatal: Not a git repository (or any of the parent directories): .git
 +
Checking Environment ...
  
 +
Git configured for gitlab user? ... yes
 +
Has python2? ... yes
 +
python2 is supported version? ... yes
  
===Unicorn only===
+
Checking Environment ... Finished
  
{{Note|As of GitLab 5.1 Unicorn is no longer the default server as it got replaced by Puma. You can therefore ignore this section.}}
+
Checking GitLab Shell ...
  
Edit {{ic|/home/gitlab/gitlab/config/unicorn.rb}} uncomment:
+
GitLab Shell version >= 1.7.9 ? ... OK (1.8.0)
 +
Repo base directory exists? ... yes
 +
Repo base directory is a symlink? ... no
 +
Repo base owned by gitlab:gitlab? ... yes
 +
Repo base access is drwxrws---? ... yes
 +
update hook up-to-date? ... yes
 +
update hooks in repos are links: ... can't check, you have no projects
 +
Running /srv/gitlab/gitlab-shell/bin/check
 +
Check GitLab API access: OK
 +
Check directories and files:
 +
        /srv/gitlab/repositories: OK
 +
        /srv/gitlab/.ssh/authorized_keys: OK
 +
Test redis-cli executable: redis-cli 2.8.4
 +
Send ping to redis server: PONG
 +
gitlab-shell self-check successful
  
listen 8080 # listen to port 8080 on all TCP interfaces
+
Checking GitLab Shell ... Finished
  
Create {{ic|/etc/rc.d/unicorn-gitlab}}.
+
Checking Sidekiq ...
<pre>
+
#!/bin/bash
+
  
. /etc/rc.conf
+
Running? ... yes
. /etc/rc.d/functions
+
Number of Sidekiq processes ... 1
  
 +
Checking Sidekiq ... Finished
  
PID=`pidof -o %PPID /usr/bin/ruby`
+
Checking LDAP ...
case "$1" in
+
  start)
+
    stat_busy "Starting unicorn"
+
    [ -z "$PID" ] && sudo -u gitlab bash  -c  "source /home/gitlab/.bash_profile && cd /home/gitlab/gitlab/ && bundle exec unicorn_rails -c config/unicorn.rb -E production -D"
+
    if [ $? -gt 0 ]; then
+
      stat_fail
+
    else
+
      add_daemon unicorn
+
      stat_done
+
    fi
+
    ;;
+
  stop)
+
    stat_busy "Stopping unicorn"
+
    [ ! -z "$PID" ]  && kill $PID &> /dev/null
+
    if [ $? -gt 0 ]; then
+
      stat_fail
+
    else
+
      rm_daemon unicorn
+
      stat_done
+
    fi
+
    ;;
+
  restart)
+
    $0 stop
+
    sleep 1
+
    $0 start
+
    ;;
+
  *)
+
    echo "usage: $0 {start|stop|restart}"
+
esac
+
exit 0
+
</pre>
+
  
Start '''unicorn''':
+
LDAP is disabled in config/gitlab.yml
  
# /etc/rc.d/unicorn-gitlab start
+
Checking LDAP ... Finished
  
Test it http://localhost:8080
+
Checking GitLab ...
  
Add it to DAEMONS array in /etc/rc.conf
+
Database config exists? ... yes
 +
Database is SQLite ... no
 +
All migrations up? ... fatal: Not a git repository (or any of the parent directories): .git
 +
yes
 +
GitLab config exists? ... yes
 +
GitLab config outdated? ... no
 +
Log directory writable? ... yes
 +
Tmp directory writable? ... yes
 +
Init script exists? ... no
 +
  Try fixing it:
 +
  Install the init script
 +
  For more information see:
 +
  doc/install/installation.md in section "Install Init Script"
 +
  Please fix the error above and rerun the checks.
 +
Init script up-to-date? ... can't check because of previous errors
 +
projects have namespace: ... can't check, you have no projects
 +
Projects have satellites? ... can't check, you have no projects
 +
Redis version >= 2.0.0? ... yes
 +
Your git bin path is "/usr/bin/git"
 +
Git version >= 1.7.10 ? ... yes (1.8.5)
  
Redirect http port to unicorn server
+
Checking GitLab ... Finished
 +
</nowiki>}}
  
# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
+
To automatically launch GitLab at startup, enable the {{ic|gitlab.target}}, {{ic|gitlab-sidekiq}} and {{ic|gitlab-unicorn}} services.
  
And test again, now http://localhost
+
Now test your GitLab instance by visiting http://localhost:8080 or http://yourdomain.com and login with the default credentials:
  
===Nginx and unicorn===
+
{{bc|
 +
username: root
 +
password: 5iveL!fe
 +
}}
  
[[pacman|Install]] {{Pkg|nginx}} from the [[official repositories]].
+
{{note|1=If your browser runs not on the machine where gitlab is running, modify your unicorn.rb in order to be able to test your setup without the use of a proxy. The corresponding line looks like this:
 +
<pre>listen "127.0.0.1:8080, :tcp_nopush => true</pre>
 +
you should replace that with:
 +
<pre>listen "example.yourhost.com:8080, :tcp_nopush => true</pre>
 +
}}
  
Run these commands to setup nginx:
+
== Advanced Configuration ==
  
# wget https://raw.github.com/gitlabhq/gitlab-recipes/master/nginx/gitlab -P /etc/nginx/sites-available/
+
=== Custom SSH Connection ===
# ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab
+
If you are running SSH on a non-standard port, you must change the GitLab user's SSH config:
 +
{{hc|/var/lib/gitlab/.ssh/config|2=
 +
host localhost      # Give your setup a name (here: override localhost)
 +
user gitlab         # Your remote git user
 +
port 2222          # Your port number
 +
hostname 127.0.0.1; # Your server name or IP
 +
}}
  
Edit {{ic|/etc/nginx/sites-enabled/gitlab}} and change YOUR_SERVER_IP and YOUR_SERVER_FQDN to the IP address and fully-qualified domain name of the host serving Gitlab. As you can see nginx needs to access {{ic|/home/gitlab/gitlab/tmp/sockets/gitlab.socket}} socket file. You have to be able to run {{ic|sudo -u http ls /home/gitlab/gitlab/tmp/sockets/gitlab.socket}} successfully. Otherwise setup access to the directory:
+
You also need to change the corresponding options (e.g. ssh_user, ssh_host, admin_uri) in the {{ic|/etc/webapps/gitlab/gitlab.yml}} file.
+
# chgrp http /home/gitlab
+
# chmod u=rwx,g=rx,o= /home/gitlab
+
  
Restart gitlab.service, resque.service and nginx.
+
=== HTTPS/SSL ===
  
[http://unicorn.bogomips.org/ Unicorn] is an HTTP server for Rack applications designed to only serve fast clients on low-latency, high-bandwidth connections and take advantage of features in Unix/Unix-like kernels. First we rename the example file and then we start unicorn:
+
==== Change GitLab configs ====
 +
Modify {{ic|/etc/webapps/gitlab/shell.yml}} so the url to your GitLab site starts with {{ic|https://}}.
 +
Modify {{ic|/etc/webapps/gitlab/gitlab.yml}} so that {{ic|https:}} setting is set to {{ic|true}}.
  
# cd /home/gitlab/gitlab
+
See also [[Apache HTTP Server#TLS/SSL]] and [[Let’s Encrypt]].
# sudo -u gitlab cp config/unicorn.rb.orig config/unicorn.rb
+
# sudo -u gitlab bundle exec unicorn_rails -c config/unicorn.rb -E production -D
+
  
===Apache and unicorn===
+
==== Let's Encrypt ====
  
[[pacman|Install]] {{Pkg|apache}} from the [[official repositories]].  
+
To validate your URL, the Let's Encrypt process will try to access your gitlab server with something like {{ic|<nowiki>https://gitlab.</nowiki>''YOUR_SERVER_FQDN''/.well-known/''A_LONG_ID''}}. But, due to gitlab configuration, every request to {{ic|gitlab.''YOUR_SERVER_FQDN''}} will be redirected to a proxy (gitlab-workhorse) that will not be able to deal with this URL.
  
====Configure Unicorn====
+
To bypass this issue, you can use the Let's Encrypt webroot configuration, setting the webroot at {{ic|/srv/http/letsencrypt/}}.
  
{{Note|If the default path is not {{ic|/home/git}} for your installation, change the below path accordingly}}
+
Additionally, force the Let's Encrypt request for gitlab to be redirected to this webroot by adding the following:
  
As the official installation guide instructs, copy the unicorn configuration file:
+
{{hc|/etc/http/conf/extra/gitlab.conf|
# sudo -u git -H cp /home/git/gitlab/config/unicorn.rb.example /home/git/gitlab/config/unicorn.rb
+
Alias "/.well-known"  "/srv/http/letsencrypt/.well-known"
 +
RewriteCond  %{REQUEST_URI}  !/\.well-known/.*
 +
}}
  
Now edit {{ic|config/unicorn.rb}} and add a listening port by uncommenting the following line:
+
===Web server configuration===
listen "127.0.0.1:8080"
+
If you want to integrate Gitlab into a running web server instead of using its build-in http server Unicorn, then follow these instructions.
  
{{Tip| You can set a custom port if you want. Just remember to also include it in Apache's virtual host. See below.}}
+
===== Node.js =====
 +
You can easily set up an http proxy on port 443 to proxy traffic to the GitLab application on port 8080 using http-master for Node.js. After you have creates your domain's OpenSSL keys and have gotten you CA certificate (or self signed it), then go to https://github.com/CodeCharmLtd/http-master to learn how easy it is to proxy requests to GitLab using HTTPS. http-master is built on top of [https://github.com/nodejitsu/node-http-proxy node-http-proxy].
  
====Create a virtual host for Gitlab====
+
====Nginx and unicorn====
  
Create a configuration file for Gitlab’s virtual host and insert the lines below adjusted accordingly. For the ssl section see [[LAMP#SSL]]. If you do not need it, remove it. Notice that the SSL virtual host needs a specific IP instead of generic. Also if you set a custom port for Unicorn, do not forget to set it at the BalanceMember line.
+
=====AUR Installation=====
 +
Setup [[Nginx]], and create the following directories (if not exist already):
  
  # mkdir -pv /etc/httpd/conf/vhosts/
+
  # mkdir /etc/nginx/servers-available
 +
# mkdir /etc/nginx/servers-enabled
  
{{hc|/etc/httpd/conf/vhosts/gitlab|
+
{{Note|You may need to change {{ic|localhost:8080}} with the correct gitlab address and {{ic|example.com}} to your desired server name.}}
<VirtualHost *:80>
+
{{Tip|See [[Nginx#TLS.2FSSL|Nginx#TLS/SSL]] before enabling SSL.}}
  ServerName gitlab.myserver.com
+
Create a file {{ic|/etc/nginx/servers-available/gitlab}} with the following content:
  ServerAlias www.gitlab.myserver.com
+
  DocumentRoot /home/gitlab/gitlab/public
+
  ErrorLog /var/log/httpd/gitlab_error_log
+
  CustomLog /var/log/httpd/gitlab_access_log combined
+
  
  <Proxy balancer://unicornservers>
+
{{hc|/etc/nginx/servers-available/gitlab|2=
      BalancerMember http://127.0.0.1:8080
+
# Created by: Sameer Naik
  </Proxy>
+
# Contributor: francoism90
 +
# Source: https://gist.github.com/sameersbn/becd1c976c3dc4866ef8
 +
upstream gitlab {
 +
  server localhost:8080 fail_timeout=0;
 +
}
  
   <Directory /home/gitlab/gitlab/public>
+
server {
    AllowOverride All
+
  listen 80;
    Options -MultiViews
+
  #listen 443 ssl; # uncomment to enable ssl
   </Directory>
+
  keepalive_timeout 70;
 +
  server_name example.com
 +
  server_tokens off;
 +
   #ssl_certificate ssl/example.com.crt;
 +
  #ssl_certificate_key ssl/example.com.key;
 +
  charset utf-8;
 +
  root /dev/null;
 +
 
 +
  # Increase this if you want to upload larger attachments
 +
   client_max_body_size 20m;
 +
 
 +
  location / {
 +
      proxy_read_timeout 300;
 +
      proxy_connect_timeout 300;
 +
      proxy_redirect off;
 +
     
 +
      proxy_set_header X-Forwarded-Proto $scheme;
 +
      proxy_set_header Host $http_host;
 +
      proxy_set_header X-Real-IP $remote_addr;
 +
      proxy_set_header X-Forwarded-Ssl on;
 +
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +
      proxy_set_header X-Forwarded-Proto $scheme;
 +
      proxy_set_header X-Frame-Options SAMEORIGIN;
 +
     
 +
      proxy_pass http://localhost:8080;
 +
  } 
 +
}
 +
}}
  
  RewriteEngine on
+
Make sure the following line exists at the end of the {{ic|http}} block in {{ic|/etc/nginx/nginx.conf}}:
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
+
  RewriteRule ^/(.*)$ balancer://unicornservers%{REQUEST_URI} [P,QSA,L]
+
  
  ProxyPass /uploads !
+
include servers-enabled/*;
  ProxyPass / balancer://unicornservers/
+
  ProxyPassReverse / balancer://unicornservers/
+
  ProxyPreserveHost on
+
  
  <Proxy *>
+
Enable the {{ic|github}} configuration:
      Order deny,allow
+
      Allow from all
+
  </Proxy>
+
</VirtualHost>
+
  
<VirtualHost MY_IP:443>
+
# ln -s /etc/nginx/servers-available/gitlab /etc/nginx/servers-enabled/gitlab
  ServerName gitlab.myserver.com
+
  ServerAlias www.gitlab.myserver.com
+
  DocumentRoot /home/gitlab/gitlab/public
+
  ErrorLog /var/log/httpd/gitlab_error_log
+
  CustomLog /var/log/httpd/gitlab_access_log combined
+
  
  <Proxy balancer://unicornservers>
+
Verify the new configuration:
      BalancerMember http://127.0.0.1:8080
+
  </Proxy>
+
  
  <Directory /home/gitlab/gitlab/public>
+
# nginx -t
    AllowOverride All
+
    Options -MultiViews
+
  </Directory>
+
  
  RewriteEngine on
+
Finally, (re)start the {{ic|gitlab.target}}, {{ic|resque.target}} and {{ic|nginx.service}}.
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
+
  RewriteRule ^/(.*)$ balancer://unicornservers%{REQUEST_URI} [P,QSA,L]
+
  
  ProxyPass /uploads !
+
=====Manual Installation=====
  ProxyPass / balancer://unicornservers/
+
If you did not use AUR, you need to copy {{ic|/usr/lib/support/nginx/gitlab}} to {{ic|/etc/nginx/sites-available/}}.
  ProxyPassReverse / balancer://unicornservers/
+
  ProxyPreserveHost on
+
  
  <Proxy *>
+
Run these commands to setup nginx:
      Order deny,allow
+
      Allow from all
+
  </Proxy>
+
  
  SSLEngine on
+
# ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab
  SSLCertificateFile /home/gitlab/gitlab/ssl.cert
+
  SSLCertificateKeyFile /home/gitlab/gitlab/ssl.key
+
</VirtualHost>
+
}}
+
  
====Enable host and start unicorn====
+
Edit {{ic|/etc/nginx/sites-enabled/gitlab}} and change YOUR_SERVER_IP and YOUR_SERVER_FQDN to the IP address and fully-qualified domain name of the host serving Gitlab.
  
Enable your Gitlab virtual host and reload [[Apache]]:
+
Make sure the following line exists at the end of the {{ic|http}} block in {{ic|/etc/nginx/nginx.conf}}:
{{hc|/etc/httpd/conf/httpd.conf|Include conf/vhosts/gitlab}}
+
  
Finally start unicorn:
+
include sites-enabled/*;
  
# cd /home/gitlab/gitlab
+
Enable the {{ic|github}} configuration:
# sudo -u gitlab bundle exec unicorn_rails -c config/unicorn.rb -E production -D
+
  
==systemd support==
+
# ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab
  
Note that you don't need the systemd units to launch shell scripts as suggested by the gitlab authors. Just make sure the ExecStart line points to the full path of the **bundle** executable.
+
Verify the new configuration:
  
Create:
+
# nginx -t
{{hc|gitlab.service|<nowiki>
+
  
[Unit]
+
Finally, (re)start the {{ic|gitlab.target}}, {{ic|resque.target}} and {{ic|nginx.service}}.
Description=GitLab Puma Server
+
  
[Service]
+
====Apache and unicorn====
User=git
+
WorkingDirectory=/home/git/gitlab
+
Environment=RAILS_ENV=production
+
SyslogIdentifier=gitlab-puma
+
Type=forking
+
TimeoutStartSec=600
+
PIDFile=/home/git/gitlab/tmp/pids/puma.pid
+
  
ExecStart=/usr/bin/bundle exec "puma -C /home/git/gitlab/config/puma.rb -e production"
+
[[Install]] {{Pkg|apache}} from the [[official repositories]].
ExecReload=/bin/kill -HUP $MAINPID
+
ExecStop=/bin/kill -QUIT $MAINPID
+
  
 +
=====Configure Unicorn=====
  
[Install]
+
As the official installation guide instructs, copy the unicorn configuration file:
WantedBy=gitlab.target
+
# sudo -u git -H cp /usr/share/webapps/gitlab/config/unicorn.rb.example /usr/share/webapps/gitlab/config/unicorn.rb
</nowiki>
+
 
 +
Now edit {{ic|config/unicorn.rb}} and add a listening port by uncommenting the following line:
 +
listen "127.0.0.1:8080"
 +
 
 +
{{Tip| You can set a custom port if you want. Just remember to also include it in Apache's virtual host. See below.}}
 +
 
 +
=====Create a virtual host for Gitlab=====
 +
 
 +
Create a configuration file for Gitlab’s virtual host and insert the lines below adjusted accordingly. For the ssl section see [[LAMP#SSL]]{{Broken section link}}. If you do not need it, remove it. Notice that the SSL virtual host needs a specific IP instead of generic. Also if you set a custom port for Unicorn, do not forget to set it at the BalanceMember line.
 +
 
 +
You can use these [https://gitlab.com/gitlab-org/gitlab-recipes/blob/079f70dd2c091434a8dd04ed5b1a0d0e937cd361/web-server/apache/gitlab-ssl-apache2.4.conf examples] to get you started.
 +
 
 +
=====Enable host and start unicorn=====
 +
 
 +
Enable your Gitlab virtual host and reload [[Apache]]:
 +
{{hc|/etc/httpd/conf/httpd.conf| Include /etc/httpd/conf/extra/gitlab.conf}}
 +
 
 +
Copy the Apache  gitlab.conf file
 +
 
 +
# cp /etc/webapps/gitlab/apache.conf.example /etc/httpd/conf/extra/gitlab.conf
 +
 
 +
Finally [[start]] {{ic|gitlab-unicorn.service}}.
 +
 
 +
=== Redis ===
 +
Using a Redis setup different from default (e.g. different address, port, unix socket) requires the environment variable ''REDIS_URL'' to be set accordingly for unicorn. This can be achieved by extending the systemd service file. Create a file ''/etc/systemd/system/gitlab-unicorn.service.d/redis.conf'' that injects the ''REDIS_URL'' environment variable:
 +
[Service]
 +
Environment=REDIS_URL=unix:///run/gitlab/redis.sock
 +
 
 +
==== Redis Over Unix Socket ====
 +
 
 +
If Redis is set to listen on socket, you may want to adjust the default configuration:
 +
 
 +
{{hc|/etc/redis.conf|2=
 +
...
 +
# Accept connections on the specified port, default is 6379.
 +
# If port 0 is specified Redis will not listen on a TCP socket.
 +
port 0
 +
...
 +
# By default Redis listens for connections from all the network interfaces
 +
# available on the server. It is possible to listen to just one or multiple
 +
# interfaces using the "bind" configuration directive, followed by one or
 +
# more IP addresses.
 +
#
 +
# Examples:
 +
#
 +
# bind 192.168.1.100 10.0.0.1
 +
bind 127.0.0.1
 +
 
 +
# Specify the path for the Unix socket that will be used to listen for
 +
# incoming connections. There is no default, so Redis will not listen
 +
# on a unix socket when not specified.
 +
#
 +
unixsocket /var/run/redis/redis.sock
 +
unixsocketperm 770
 
}}
 
}}
  
{{hc|gitlab-sidekiq.service|<nowiki>
+
Create the directory {{ic|/var/run/redis}} and set the correct permissions:
[Unit]
+
# mkdir /var/run/redis
Description=GitLab Sidekiq Server
+
# chown redis:redis /var/run/redis
 +
# chmod 755 /var/run/redis
  
[Service]
+
Add the user {{ic|git}} and {{ic|gitlab}} to the {{ic|redis}} group:
User=git
+
WorkingDirectory=/home/git/gitlab
+
Environment=RAILS_ENV=production
+
SyslogIdentifier=gitlab-sidekiq
+
Type=forking
+
PIDFile=/home/git/gitlab/tmp/pids/sidekiq.pid
+
  
 +
# usermod -a -G redis git
 +
# usermod -a -G redis gitlab
  
ExecStart=/usr/bin/bundle exec rake sidekiq:start
+
Update {{ic|/etc/webapps/gitlab-shell/config.yml}} and {{ic|/etc/webapps/gitlab/resque.yml}} files:
ExecStop=/usr/bin/bundle exec rake sidekiq:stop
+
  
[Install]
+
{{hc|/etc/webapps/gitlab/resque.yml|2=
WantedBy=gitlab.target</nowiki>
+
development: unix:/var/run/redis/redis.sock
 +
test: unix:/run/redis/redis.sock
 +
production: unix:/run/redis/redis.sock
 
}}
 
}}
  
Also see: https://github.com/gitlabhq/gitlab-recipes/issues/14
+
{{hc|/etc/webapps/gitlab-shell/config.yml|2=
 +
...
 +
# Redis settings used for pushing commit notices to gitlab
 +
redis:
 +
  bin: /usr/bin/redis-cli
 +
  host: 127.0.0.1
 +
  port: 6379
 +
  # pass: redispass # Allows you to specify the password for Redis
 +
  database: 5 # Use different database, default up to 16
 +
  socket: /var/run/redis/redis.sock # uncomment this line
 +
  namespace: resque:gitlab
 +
...
 +
}}
 +
 
 +
Finally restart the {{ic|redis}}, {{ic|gitlab-sidekiq}} and {{ic|gitlab-unicorn}} services.
 +
 
 +
For more information, please see issue [https://github.com/gitlabhq/gitlabhq/issues/6100 #6100].
 +
 
 +
=== Gitlab-workhorse ===
 +
 
 +
{{Expansion|This section needs configuration instructions.}}
 +
 
 +
Since 8.0 GitLab uses separate HTTP server {{ic|gitlab-workhorse}} for large HTTP requests like Git push/pull. If you want to use this instead of SSH, install the {{Pkg|gitlab-workhorse}} package, enable {{ic|gitlab-workhorse.service}} and configure web server for this.
 +
 
 +
=== GitLab CI ===
 +
 
 +
{{Expansion|This section needs configuration instructions (for example, valid builds directory path).}}
  
 
==Useful Tips==
 
==Useful Tips==
 +
 +
===Fix Rake Warning===
 +
When running rake tasks for the gitlab project, this error will occur: {{ic|fatal: Not a git repository (or any of the parent directories): .git}}. This is a bug in bundler, and it can be safely ignored. However, if you want to git rid of the error, the following method can be used:
 +
 +
{{bc|1=
 +
# cd /usr/share/webapps/gitlab
 +
# sudo -u gitlab git init
 +
# sudo -u gitlab git commit -m "initial commit" --allow-empty
 +
}}
 +
 
===Hook into /var===
 
===Hook into /var===
  sudo mkdir -m700 /var/log/gitlab /var/tmp/gitlab
+
{{bc|1=
  sudo chown gitlab:gitlab /var/log/gitlab /var/tmp/gitlab
+
# mkdir -m700 /var/log/gitlab /var/tmp/gitlab
  sudo -u gitlab -i
+
# chown gitlab:gitlab /var/log/gitlab /var/tmp/gitlab
  cd ~/gitlab
+
# sudo -u gitlab -i
  d=log; mv $d/* /var/$d/gitlab; rm -f $d/.gitkeep; rm -r $d && ln -s /var/$d/gitlab $d
+
# cd ~/gitlab
  d=tmp; mv $d/* /var/$d/gitlab; rm -f $d/.gitkeep; rm -r $d && ln -s /var/$d/gitlab $d
+
# d=log; mv $d/* /var/$d/gitlab; rm -f $d/.gitkeep; rm -r $d && ln -s /var/$d/gitlab $d
 +
# d=tmp; mv $d/* /var/$d/gitlab; rm -f $d/.gitkeep; rm -r $d && ln -s /var/$d/gitlab $d
 +
}}
  
 
===Hidden options===
 
===Hidden options===
Go to Gitlab's home directory
+
Go to Gitlab's home directory:
  # cd /home/gitlab/gitlab
+
  # cd /usr/share/webapps/gitlab
  
and run
+
and run:
# rake -T | grep gitlab
+
{{hc|<nowiki># rake -T | grep gitlab</nowiki>|<nowiki>
 
+
rake gitlab:app:check                        # GITLAB | Check the configuration of the GitLab Rails app
These are the options so far:
+
rake gitlab:backup:create                    # GITLAB | Create a backup of the GitLab system
rake gitlab:app:backup_create      # GITLAB | Create a backup of the gitlab system
+
rake gitlab:backup:restore                    # GITLAB | Restore a previously created backup
rake gitlab:app:backup_restore    # GITLAB | Restore a previously created backup
+
rake gitlab:check                            # GITLAB | Check the configuration of GitLab and its environment
  rake gitlab:app:enable_automerge  # GITLAB | Enable auto merge
+
rake gitlab:cleanup:block_removed_ldap_users # GITLAB | Cleanup | Block users that have been removed in LDAP
  rake gitlab:app:setup             # GITLAB | Setup production application
+
rake gitlab:cleanup:dirs                      # GITLAB | Cleanup | Clean namespaces
rake gitlab:app:status            # GITLAB | Check gitlab installation status
+
rake gitlab:cleanup:repos                    # GITLAB | Cleanup | Clean repositories
rake gitlab:gitolite:update_hooks  # GITLAB | Rewrite hooks for repos
+
rake gitlab:env:check                        # GITLAB | Check the configuration of the environment
rake gitlab:gitolite:update_keys  # GITLAB | Rebuild each key at gitolite config
+
rake gitlab:env:info                          # GITLAB | Show information about GitLab and its environment
rake gitlab:gitolite:update_repos  # GITLAB | Rebuild each project at gitolite config
+
rake gitlab:generate_docs                    # GITLAB | Generate sdocs for project
rake gitlab:test                   # GITLAB | Run both cucumber & rspec
+
rake gitlab:gitlab_shell:check                # GITLAB | Check the configuration of GitLab Shell
 +
rake gitlab:import:all_users_to_all_groups    # GITLAB | Add all users to all groups (admin users are added as owners)
 +
rake gitlab:import:all_users_to_all_projects # GITLAB | Add all users to all projects (admin users are added as masters)
 +
rake gitlab:import:repos                      # GITLAB | Import bare repositories from gitlab_shell -> repos_path into GitLab project instance
 +
rake gitlab:import:user_to_groups[email]      # GITLAB | Add a specific user to all groups (as a developer)
 +
rake gitlab:import:user_to_projects[email]    # GITLAB | Add a specific user to all projects (as a developer)
 +
rake gitlab:satellites:create                # GITLAB | Create satellite repos
 +
rake gitlab:setup                             # GITLAB | Setup production application
 +
rake gitlab:shell:build_missing_projects      # GITLAB | Build missing projects
 +
rake gitlab:shell:install[tag,repo]          # GITLAB | Install or upgrade gitlab-shell
 +
rake gitlab:shell:setup                      # GITLAB | Setup gitlab-shell
 +
rake gitlab:sidekiq:check                    # GITLAB | Check the configuration of Sidekiq
 +
rake gitlab:test                             # GITLAB | Run all tests
 +
rake gitlab:web_hook:add                      # GITLAB | Adds a web hook to the projects
 +
rake gitlab:web_hook:list                    # GITLAB | List web hooks
 +
rake gitlab:web_hook:rm                      # GITLAB | Remove a web hook from the projects
 +
rake setup                                    # GITLAB | Setup gitlab db
 +
</nowiki>}}
  
 
===Backup and restore===
 
===Backup and restore===
Line 528: Line 714:
  
 
{{Note| Backup folder is set in {{ic|config/gitlab.yml}}. GitLab backup and restore is documented [https://github.com/gitlabhq/gitlabhq/blob/master/doc/raketasks/backup_restore.md here].}}
 
{{Note| Backup folder is set in {{ic|config/gitlab.yml}}. GitLab backup and restore is documented [https://github.com/gitlabhq/gitlabhq/blob/master/doc/raketasks/backup_restore.md here].}}
 
===Update Gitlab===
 
 
When a new version is out follow the instructions at [https://github.com/gitlabhq/gitlabhq/wiki Github wiki]. A new release is out every 22nd of a month.
 
  
 
===Migrate from sqlite to mysql===
 
===Migrate from sqlite to mysql===
  
Get latest code as described in [[#Update_Gitlab]].
+
Get latest code as described in [[#Update Gitlab]]{{Broken section link}}.
 
Save data.
 
Save data.
 
  # cd /home/gitlab/gitlab
 
  # cd /home/gitlab/gitlab
 
  # sudo -u gitlab bundle exec rake db:data:dump RAILS_ENV=production
 
  # sudo -u gitlab bundle exec rake db:data:dump RAILS_ENV=production
  
Follow [[#Mysql]] instructions and then setup the database.
+
Follow [[#Mysql]]{{Broken section link}} instructions and then setup the database.
 
  # sudo -u gitlab bundle exec rake db:setup RAILS_ENV=production
 
  # sudo -u gitlab bundle exec rake db:setup RAILS_ENV=production
  
Line 559: Line 741:
 
   source "$HOME/.rvm/scripts/rvm"
 
   source "$HOME/.rvm/scripts/rvm"
  
Then continue with the installation instructions from above. However, the systemd scripts will not work this way, because the environment for the rvm is not activated. The recommendation here is to create to separate shell scripts for {{ic|puma}} and {{ic|sidekiq}} to activate the environment and then start the service:
+
Then continue with the installation instructions from above. However, the systemd scripts will not work this way, because the environment for the rvm is not activated. The recommendation here is to create to separate shell scripts for {{ic|unicorn}} and {{ic|sidekiq}} to activate the environment and then start the service:
  
 
{{hc|gitlab.sh|<nowiki>
 
{{hc|gitlab.sh|<nowiki>
 
#!/bin/sh
 
#!/bin/sh
 
source `/home/git/.rvm/bin/rvm 1.9.3 do rvm env --path`
 
source `/home/git/.rvm/bin/rvm 1.9.3 do rvm env --path`
RAILS_ENV=production bundle exec puma -C "/home/git/gitlab/config/puma.rb"</nowiki>
+
bundle exec "unicorn_rails -c /usr/share/webapps/gitlab/config/unicorn.rb -E production"</nowiki>
 
}}
 
}}
  
Line 591: Line 773:
 
ExecStop=/home/git/bin/sidekiq.sh stop
 
ExecStop=/home/git/bin/sidekiq.sh stop
 
</nowiki>}}
 
</nowiki>}}
 +
 +
===Sending mails from Gitlab via SMTP===
 +
 +
You might want to use a gmail (or other mail service) to send mails from your gitlab server. This avoids the need to install a mail daemon on the gitlab server.
 +
 +
Adjust {{ic|smtp_settings.rb}} according to your mail server settings:
 +
 +
{{hc|/usr/share/webapps/gitlab/config/initializers/smtp_settings.rb|<nowiki>
 +
if Rails.env.production?
 +
  Gitlab::Application.config.action_mailer.delivery_method = :smtp
 +
 +
  Gitlab::Application.config.action_mailer.smtp_settings = {
 +
    address:              'smtp.gmail.com',
 +
    port:                587,
 +
    domain:              'gmail.com',
 +
    user_name:            'username@gmail.com',
 +
    password:            'application password',
 +
    authentication:      'plain',
 +
    enable_starttls_auto: true
 +
  }
 +
end</nowiki>}}
 +
 +
Gmail will reject mails received this way (and send you a mail that it did). You will need to disable secure authentication (follow the link in the rejection mail) to work around this. The more secure approach is to enable two-factor authentication for username@gmail.com and to set up an application password for this configuration file.
  
 
==Troubleshooting==
 
==Troubleshooting==
  
 
Sometimes things may not work as expected. Be sure to visit the [https://github.com/gitlabhq/gitlab-public-wiki/wiki/Trouble-Shooting-Guide Trouble Shooting Guide].
 
Sometimes things may not work as expected. Be sure to visit the [https://github.com/gitlabhq/gitlab-public-wiki/wiki/Trouble-Shooting-Guide Trouble Shooting Guide].
 +
 +
=== HTTPS is not green (gravatar not using https) ===
 +
Redis caches gravatar images, so if you have visited your GitLab with http, then enabled https, gravatar will load up the non-secure images. You can clear the cache by doing
 +
 +
cd /usr/share/webapps/gitlab
 +
RAILS_ENV=production bundle exec rake cache:clear
 +
 +
as the gitlab user.
 +
 +
=== Error at push bad line length character: API ===
 +
If you get the following error while trying to push
 +
fatal: protocol error: bad line length character: API
 +
 +
Check that your {{ic|/etc/webapps/gitlab-shell/secret}} matches {{ic|/usr/share/webapps/gitlab/.gitlab_shell_secret}}
 +
 +
If it is not the same, recreate the file with the following command
 +
ln -s /etc/webapps/gitlab-shell/secret /usr/share/webapps/gitlab/.gitlab_shell_secret
 +
 +
=== Errors after updating ===
 +
After updating the package from the AUR, the database migrations and asset updates will sometimes fail. These steps may resolve the issue, if a simple reboot does not.
 +
 +
First, move to the gitlab installation directory.
 +
# cd /usr/share/webapps/gitlab
 +
 +
If every gitlab page gives a 500 error, then the database migrations and the assets are probably stale. If not, skip this step.
 +
# sudo -u gitlab -H bundle exec rake db:migrate RAILS_ENV=production
 +
 +
If gitlab is constantly waiting for the deployment to finish, then the assets have probably not been recompiled.
 +
# sudo -u gitlab -H bundle exec rake assets:clean assets:precompile cache:clear RAILS_ENV=production
 +
 +
Finally, restart the gitlab services and test your site.
 +
# systemctl restart gitlab-unicorn gitlab-sidekiq gitlab-workhorse
 +
 +
=== /etc/webapps/gitlab/secret is empty ===
 +
This file is usually generated while installing the {{pkg|gitlab-shell}} and the {{pkg|gitlab}} packages, but in some cases it may need to be generated manually.
 +
# hexdump -v -n 64 -e '1/1 "%02x"' /dev/urandom > /etc/webapps/gitlab-shell/secret
 +
# chown root:gitlab /etc/webapps/gitlab-shell/secret
 +
# chmod 640 /etc/webapps/gitlab-shell/secret
 +
 +
# hexdump -v -n 64 -e '1/1 "%02x"' /dev/urandom > /etc/webapps/gitlab/secret
 +
# chown root:gitlab /etc/webapps/gitlab/secret
 +
# chmod 640 /etc/webapps/gitlab/secret
  
 
==See also==
 
==See also==
*[https://github.com/gitlabhq/gitlabhq/blob/stable/doc/install/installation.md Official Documentation]
+
*[https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/install/installation.md Official Documentation]
*[https://github.com/gitlabhq/gitlab-recipes Gitlab recipes for setup on different platforms, update etc.]
+
*[https://gitlab.com/gitlab-org/gitlab-recipes Gitlab recipes with further documentation on running it with several webservers]
*[http://www.andmarios.com/en/2012/06/gitlab-on-an-ubuntu-10-04-server-with-apache/ GitLab on an Ubuntu 10.04 server with Apache]
+
*[https://github.com/gitlabhq/gitlabhq GitLab source code]
*[http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/ Setting up gitlab on Debian 6]
+
*[http://howto.basjes.nl/linux/installing-gitlab-on-centos-6 Installing Gitlab on CentOS 6]
+
*[https://gist.github.com/2440768 Gist: Install Gitlab on Debian Squeeze]
+
*[https://gist.github.com/3305554 Gist: Install Gitlab on Archlinux]
+

Latest revision as of 13:47, 21 September 2016

Related articles

Tango-inaccurate.pngThe factual accuracy of this article or section is disputed.Tango-inaccurate.png

Reason: Commands are incomplete/incorrect, reported upgrade issues (Discuss in Talk:Gitlab#)

From GitLab's homepage:

GitLab offers git repository management, code reviews, issue tracking, activity feeds and wikis. Enterprises install GitLab on-premise and connect it with LDAP and Active Directory servers for secure authentication and authorization. A single GitLab server can handle more than 25,000 users but it is also possible to create a high availability setup with multiple active servers.

An example live version can be found at GitLab.com.

Installation

Note: If you want to use RVM refer to the article #Running GitLab with rvm before starting with the installation
Note: This article covers installing and configuring GitLab without HTTPS at first. If needed, see #Advanced Configuration to set up SSL

GitLab requires a database backend. If you plan to run it on the same machine, first install either MySQL or PostgreSQL.

Install the gitlab package.

In order to receive mail notifications, a mail server must be installed and configured. See the following for more information: Category:Mail server

Configuration

Notes Before Configuring

The gitlab package installs GitLab's files in a manner that more closely follows standard Linux conventions:

Description GitLab's Official gitlab
Configuration File GitShell /home/git/gitlab-shell/config.yml /etc/webapps/gitlab-shell/config.yml
Configuration File GitLab /home/git/gitlab/config/gitlab.yml /etc/webapps/gitlab/gitlab.yml
User (Home Directory) git (/home/git) gitlab (/var/lib/gitlab)
Tip: If you are familiar with the Arch Build System you can edit the PKGBUILD and relevant files to change gitlab's home directory to a place of your liking.

Basic configuration

GitLab Shell

Note: You can leave the gitlab_url with default value if you intend to host GitLab on the same host.

Edit /etc/webapps/gitlab-shell/config.yml and set gitlab_url: to the prefer url and port:

/etc/webapps/gitlab-shell/config.yml
# GitLab user. git by default
user: gitlab

# Url to gitlab instance. Used for api calls. Should end with a slash.
# Default: http://localhost:8080/
# You only have to change the default if you have configured Unicorn
# to listen on a custom port, or if you have configured Unicorn to
# only listen on a Unix domain socket.
gitlab_url: "http://localhost:8080/" # <<-- right here

http_settings:
#  user: someone
#  password: somepass
...

Update the /etc/webapps/gitlab/unicorn.rb configuration if the port and/or hostname is different from the default:

/etc/webapps/gitlab/unicorn.rb
listen "127.0.0.1:8080", :tcp_nopush => true # <<-- right here

GitLab

Edit /etc/webapps/gitlab/gitlab.yml and setup at least the following parameters:

Tip: The hostname and port are used for the git clone http://hostname:port as example.

Hostname: In the gitlab: section set host: - replacing localhost to yourdomain.com (note: no 'http://' or trailing slash) - into your fully qualified domain name.

Port: port: can be confusing. This is not the port that the gitlab server (unicorn) runs on; it's the port that users will initially access through in their browser. Basically, if you intend for users to visit 'yourdomain.com' in their browser, without appending a port number to the domain name, leave port: as 80. If you intend your users to type something like 'yourdomain.com:3425' into their browsers, then you'd set port: to 3425. You will also have to configure your webserver to listen on that port.

Timezone (optional): The time_zone: parameter is optional, but may be useful to force the zone of GitLab applications.

Those are the minimal changes needed for a working GitLab install. The adventurous may read on in the comment and customize as needed.

Further configuration

Database backend

A Database backend will be required before Gitlab can be run. Currently GitLab supports MariaDB and PostgreSQL. By default, GitLab assumes you will use MySQL. Extra work is needed if you plan to use PostgreSQL.

MariaDB

To set up MySQL (MariaDB) you need to create a database called gitlabhq_production along with a user (default: gitlab) who has full privileges to the database:

$ mysql -u root -p
mysql> CREATE DATABASE `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
mysql> CREATE USER 'gitlab'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL ON `gitlabhq_production`.* TO 'gitlab'@'localhost';
mysql> \q

Try connecting to the new database with the new user:

$ mysql -u gitlab -p -D gitlabhq_production

Copy the MySQL template file before configuring it:

# cp /usr/share/doc/gitlab/database.yml.mysql /etc/webapps/gitlab/database.yml

Next you will need to open /etc/webapps/gitlab/database.yml and set username: and password: for the gitlabhq_production:

/etc/webapps/gitlab/database.yml
#
# PRODUCTION
#
production:
  adapter: mysql2
  encoding: utf8
  collation: utf8_general_ci
  reconnect: false
  database: gitlabhq_production
  pool: 10
  username: username
  password: "password"
  # host: localhost
  # socket: /run/mysqld/mysqld.sock # If running MariaDB as socket
...

It should not be set as world readable, e.g. only processes running under the gitlab user should have read/write access:

# chmod 600 /etc/webapps/gitlab/database.yml
# chown gitlab:gitlab /etc/webapps/gitlab/database.yml

For more info and other ways to create/manage MySQL databases, see the MariaDB documentation and the GitLab official (generic) install guide.

PostgreSQL

Login to PostgreSQL and create the gitlabhq_production database with along with it's user. Remember to change your_username_here and your_password_here to the real values:

# psql -d template1
template1=# CREATE USER your_username_here WITH PASSWORD 'your_password_here';
template1=# ALTER USER your_username_here SUPERUSER;
template1=# CREATE DATABASE gitlabhq_production OWNER your_username_here;
template1=# \q
Note: The reason for creating the user as a superuser is that GitLab is trying to be "smart" and install extensions (not just create them in it's own userspace). And this is only allowed by superusers in Postgresql.

Try connecting to the new database with the new user to verify it works:

# psql -d gitlabhq_production

Copy the PostgreSQL template file before configuring it (overwriting the default MySQL configuration file):

# cp /usr/share/doc/gitlab/database.yml.postgresql /etc/webapps/gitlab/database.yml

Open the new /etc/webapps/gitlab/database.yml and set the values for username: and password:. For example:

/etc/webapps/gitlab/database.yml
#
# PRODUCTION
#
production:
  adapter: postgresql
  encoding: unicode
  database: gitlabhq_production
  pool: 10
  username: your_username_here
  password: "your_password_here"
  # host: localhost
  # port: 5432
  # socket: /tmp/postgresql.sock
...

For our purposes (unless you know what you are doing), you do not need to worry about configuring the other databases listed in /etc/webapps/gitlab/database.yml. We only need to set up the production database to get GitLab working.

Finally, open /usr/lib/systemd/system/gitlab.target and /usr/lib/systemd/system/gitlab-unicorn.service change all instances of mysql.service to postgresql.service.

Firewall

If you want to give direct access to your Gitlab installation through an iptables firewall, you may need to adjust the port and the network address:

# iptables -A tcp_inbound -p TCP -s 192.168.1.0/24 --destination-port 80 -j ACCEPT

To enable API-access:

# iptables -A tcp_inbound -p TCP -s 192.168.1.0/24 --destination-port 8080 -j ACCEPT

If you are behind a router, do not forget to forward this port to the running GitLab server host, if you want to allow WAN-access.

Satellites access

The folder satellites should have the following permissions set:

# chmod 750 /var/lib/gitlab/satellites

Initialize Gitlab database

Start the Redis server before we create the database start/enable the redis systemd unit.

Now you have to install bundler and the required gems with:

# export PATH=$PATH:/var/lib/gitlab/.gem/ruby/2.3.0/bin
# sudo -u gitlab -H gem install bundler --no-document
# cd /usr/share/webapps/gitlab
# sudo -u gitlab -H bundle install
Warning: GitLab requires bundle command, not bundle-2.1, don't forget to install it.
Note: If you're getting errors later on saying bundle is missing for the user 'gitlab', then this is most likely because ruby is installed in a non-readable folder such as /usr/lib or something similar and this solves that issue:
su - gitlab -s /bin/sh -c "export PATH=$PATH:/var/lib/gitlab/.gem/ruby/2.3.0/bin; gem install bundler --no-document"
su - gitlab -s /bin/sh -c "export PATH=$PATH:/var/lib/gitlab/.gem/ruby/2.3.0/bin; cd /usr/share/webapps/gitlab; bundle install"
su - gitlab -s /bin/sh -c "export PATH=$PATH:/var/lib/gitlab/.gem/ruby/2.3.0/bin; cd /usr/share/webapps/gitlab; bundle exec rake gitlab:setup RAILS_ENV=production"
su - gitlab -s /bin/sh -c "export PATH=$PATH:/var/lib/gitlab/.gem/ruby/2.3.0/bin; cd /usr/share/webapps/gitlab; bundle exec rake assets:precompile RAILS_ENV=production"

Initialize the database and activate advanced features:

# cd /usr/share/webapps/gitlab
# su - gitlab -s /bin/sh -c "cd '/usr/share/webapps/gitlab'; bundle exec rake gitlab:setup RAILS_ENV=production"
Missing `db_key_base` for 'production' environment. The secrets will be generated and stored in `config/secrets.yml`
This will create the necessary database tables and seed the database.
You will lose any previous data stored in the database.
Do you want to continue (yes/no)? yes

gitlabhq_production already exists
-- enable_extension("plpgsql")
   -> 0.0009s
-- create_table("abuse_reports", {:force=>true})
   -> 0.0300s
-- create_table("application_settings", {:force=>true})
   -> 0.0116s

...

Administrator account created:

login.........root
password......5iveL!fe

Now compile the assets:

# su - gitlab -s /bin/sh -c "cd '/usr/share/webapps/gitlab'; bundle exec rake assets:precompile RAILS_ENV=production"

Finally, check that /etc/webapps/gitlab/secret contains a random hex string.

Configure Git User

Note: This must match the user and email_from defined in /usr/share/webapps/gitlab/config/gitlab.yml.
# cd /usr/share/webapps/gitlab
# sudo -u gitlab -H git config --global user.name  "GitLab"
# sudo -u gitlab -H git config --global user.email "example@example.com"
# sudo -u gitlab -H git config --global core.autocrlf "input"

Adjust modifier bits

(The gitlab check won't pass if the user and group ownership isn't configured properly)

# chmod -R ug+rwX,o-rwx /var/lib/gitlab/repositories/
# chmod -R ug-s /var/lib/gitlab/repositories
# find /var/lib/gitlab/repositories/ -type d -print0 | xargs -0 chmod g+s

Start and test GitLab

Note: See #Troubleshooting and log files inside the /usr/share/webapps/gitlab/log directory for troubleshooting.

Make systemd see your new daemon unit files:

# systemctl daemon-reload

Make sure MySQL or PostgreSQL and Redis are running and setup correctly.

If needed see #Redis Over Unix Socket example if GitLab cannot load redis correctly.

After starting the database backends, we can start GitLab with its webserver (Unicorn) by starting both the gitlab-sidekiq and gitlab-unicorn systemd units.

With the following commands we check if the steps we followed so far are configured properly:

# cd /usr/share/webapps/gitlab
# sudo -u gitlab bundle exec rake gitlab:env:info RAILS_ENV=production
# sudo -u gitlab bundle exec rake gitlab:check RAILS_ENV=production
Note: These gitlab:env:info and gitlab:check commands will show a fatal error related to git. This is OK.
$ sudo -u gitlab bundle exec rake gitlab:env:info RAILS_ENV=production
fatal: Not a git repository (or any of the parent directories): .git

System information
System:		Arch rolling
Current User:	gitlab
Using RVM:	no
Ruby Version:	2.2.3p173
Gem Version:	2.4.5.1
Bundler Version:1.10.6
Rake Version:	10.4.2
Sidekiq Version:3.3.0

GitLab information
Version:	7.14.0
Revision:	fatal: Not a git repository (or any of the parent directories): .git
Directory:	/usr/share/webapps/gitlab
DB Adapter:	mysql2
URL:		http://gitlab.arch
HTTP Clone URL:	http://gitlab.arch/some-project.git
SSH Clone URL:	git@gitlab.arch:some-project.git
Using LDAP:	no
Using Omniauth:	no

GitLab Shell
Version:	2.6.4
Repositories:	/var/lib/gitlab/repositories/
Hooks:		/usr/share/webapps/gitlab-shell/hooks/
Git:		/usr/bin/git
Note: gitlab:check will complain about missing initscripts. This is nothing to worry about, as systemd service files are used instead (which GitLab does not recognize).
$ sudo -u gitlab bundle exec rake gitlab:check RAILS_ENV=production
fatal: Not a git repository (or any of the parent directories): .git
Checking Environment ...

Git configured for gitlab user? ... yes
Has python2? ... yes
python2 is supported version? ... yes

Checking Environment ... Finished

Checking GitLab Shell ...

GitLab Shell version >= 1.7.9 ? ... OK (1.8.0)
Repo base directory exists? ... yes
Repo base directory is a symlink? ... no
Repo base owned by gitlab:gitlab? ... yes
Repo base access is drwxrws---? ... yes
update hook up-to-date? ... yes
update hooks in repos are links: ... can't check, you have no projects
Running /srv/gitlab/gitlab-shell/bin/check
Check GitLab API access: OK
Check directories and files:
        /srv/gitlab/repositories: OK
        /srv/gitlab/.ssh/authorized_keys: OK
Test redis-cli executable: redis-cli 2.8.4
Send ping to redis server: PONG
gitlab-shell self-check successful

Checking GitLab Shell ... Finished

Checking Sidekiq ...

Running? ... yes
Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Checking LDAP ...

LDAP is disabled in config/gitlab.yml

Checking LDAP ... Finished

Checking GitLab ...

Database config exists? ... yes
Database is SQLite ... no
All migrations up? ... fatal: Not a git repository (or any of the parent directories): .git
yes
GitLab config exists? ... yes
GitLab config outdated? ... no
Log directory writable? ... yes
Tmp directory writable? ... yes
Init script exists? ... no
  Try fixing it:
  Install the init script
  For more information see:
  doc/install/installation.md in section "Install Init Script"
  Please fix the error above and rerun the checks.
Init script up-to-date? ... can't check because of previous errors
projects have namespace: ... can't check, you have no projects
Projects have satellites? ... can't check, you have no projects
Redis version >= 2.0.0? ... yes
Your git bin path is "/usr/bin/git"
Git version >= 1.7.10 ? ... yes (1.8.5)

Checking GitLab ... Finished

To automatically launch GitLab at startup, enable the gitlab.target, gitlab-sidekiq and gitlab-unicorn services.

Now test your GitLab instance by visiting http://localhost:8080 or http://yourdomain.com and login with the default credentials:

username: root
password: 5iveL!fe
Note: If your browser runs not on the machine where gitlab is running, modify your unicorn.rb in order to be able to test your setup without the use of a proxy. The corresponding line looks like this:
listen "127.0.0.1:8080, :tcp_nopush => true

you should replace that with:

listen "example.yourhost.com:8080, :tcp_nopush => true

Advanced Configuration

Custom SSH Connection

If you are running SSH on a non-standard port, you must change the GitLab user's SSH config:

/var/lib/gitlab/.ssh/config
host localhost      # Give your setup a name (here: override localhost)
user gitlab         # Your remote git user
port 2222           # Your port number
hostname 127.0.0.1; # Your server name or IP

You also need to change the corresponding options (e.g. ssh_user, ssh_host, admin_uri) in the /etc/webapps/gitlab/gitlab.yml file.

HTTPS/SSL

Change GitLab configs

Modify /etc/webapps/gitlab/shell.yml so the url to your GitLab site starts with https://. Modify /etc/webapps/gitlab/gitlab.yml so that https: setting is set to true.

See also Apache HTTP Server#TLS/SSL and Let’s Encrypt.

Let's Encrypt

To validate your URL, the Let's Encrypt process will try to access your gitlab server with something like https://gitlab.YOUR_SERVER_FQDN/.well-known/A_LONG_ID. But, due to gitlab configuration, every request to gitlab.YOUR_SERVER_FQDN will be redirected to a proxy (gitlab-workhorse) that will not be able to deal with this URL.

To bypass this issue, you can use the Let's Encrypt webroot configuration, setting the webroot at /srv/http/letsencrypt/.

Additionally, force the Let's Encrypt request for gitlab to be redirected to this webroot by adding the following:

/etc/http/conf/extra/gitlab.conf
Alias "/.well-known"  "/srv/http/letsencrypt/.well-known"
RewriteCond   %{REQUEST_URI}  !/\.well-known/.*

Web server configuration

If you want to integrate Gitlab into a running web server instead of using its build-in http server Unicorn, then follow these instructions.

Node.js

You can easily set up an http proxy on port 443 to proxy traffic to the GitLab application on port 8080 using http-master for Node.js. After you have creates your domain's OpenSSL keys and have gotten you CA certificate (or self signed it), then go to https://github.com/CodeCharmLtd/http-master to learn how easy it is to proxy requests to GitLab using HTTPS. http-master is built on top of node-http-proxy.

Nginx and unicorn

AUR Installation

Setup Nginx, and create the following directories (if not exist already):

# mkdir /etc/nginx/servers-available
# mkdir /etc/nginx/servers-enabled
Note: You may need to change localhost:8080 with the correct gitlab address and example.com to your desired server name.
Tip: See Nginx#TLS/SSL before enabling SSL.

Create a file /etc/nginx/servers-available/gitlab with the following content:

/etc/nginx/servers-available/gitlab
# Created by: Sameer Naik
# Contributor: francoism90
# Source: https://gist.github.com/sameersbn/becd1c976c3dc4866ef8
upstream gitlab {
  server localhost:8080 fail_timeout=0;
}

server {
  listen 80;
  #listen 443 ssl; # uncomment to enable ssl
  keepalive_timeout 70;
  server_name example.com
  server_tokens off;
  #ssl_certificate ssl/example.com.crt;
  #ssl_certificate_key ssl/example.com.key;
  charset utf-8;
  root /dev/null;
  
  # Increase this if you want to upload larger attachments
  client_max_body_size 20m;
  
  location / {
      proxy_read_timeout 300;
      proxy_connect_timeout 300;
      proxy_redirect off;
      
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-Ssl on;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Frame-Options SAMEORIGIN;
      
      proxy_pass http://localhost:8080;
  }  
}

Make sure the following line exists at the end of the http block in /etc/nginx/nginx.conf:

include servers-enabled/*;

Enable the github configuration:

# ln -s /etc/nginx/servers-available/gitlab /etc/nginx/servers-enabled/gitlab

Verify the new configuration:

# nginx -t

Finally, (re)start the gitlab.target, resque.target and nginx.service.

Manual Installation

If you did not use AUR, you need to copy /usr/lib/support/nginx/gitlab to /etc/nginx/sites-available/.

Run these commands to setup nginx:

# ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab

Edit /etc/nginx/sites-enabled/gitlab and change YOUR_SERVER_IP and YOUR_SERVER_FQDN to the IP address and fully-qualified domain name of the host serving Gitlab.

Make sure the following line exists at the end of the http block in /etc/nginx/nginx.conf:

include sites-enabled/*;

Enable the github configuration:

# ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab

Verify the new configuration:

# nginx -t

Finally, (re)start the gitlab.target, resque.target and nginx.service.

Apache and unicorn

Install apache from the official repositories.

Configure Unicorn

As the official installation guide instructs, copy the unicorn configuration file:

# sudo -u git -H cp /usr/share/webapps/gitlab/config/unicorn.rb.example /usr/share/webapps/gitlab/config/unicorn.rb

Now edit config/unicorn.rb and add a listening port by uncommenting the following line:

listen "127.0.0.1:8080"
Tip: You can set a custom port if you want. Just remember to also include it in Apache's virtual host. See below.
Create a virtual host for Gitlab

Create a configuration file for Gitlab’s virtual host and insert the lines below adjusted accordingly. For the ssl section see LAMP#SSL[broken link: invalid section]. If you do not need it, remove it. Notice that the SSL virtual host needs a specific IP instead of generic. Also if you set a custom port for Unicorn, do not forget to set it at the BalanceMember line.

You can use these examples to get you started.

Enable host and start unicorn

Enable your Gitlab virtual host and reload Apache:

/etc/httpd/conf/httpd.conf
 Include /etc/httpd/conf/extra/gitlab.conf

Copy the Apache gitlab.conf file

# cp /etc/webapps/gitlab/apache.conf.example /etc/httpd/conf/extra/gitlab.conf

Finally start gitlab-unicorn.service.

Redis

Using a Redis setup different from default (e.g. different address, port, unix socket) requires the environment variable REDIS_URL to be set accordingly for unicorn. This can be achieved by extending the systemd service file. Create a file /etc/systemd/system/gitlab-unicorn.service.d/redis.conf that injects the REDIS_URL environment variable:

[Service]
Environment=REDIS_URL=unix:///run/gitlab/redis.sock

Redis Over Unix Socket

If Redis is set to listen on socket, you may want to adjust the default configuration:

/etc/redis.conf
...
# Accept connections on the specified port, default is 6379.
# If port 0 is specified Redis will not listen on a TCP socket.
port 0
...
# By default Redis listens for connections from all the network interfaces
# available on the server. It is possible to listen to just one or multiple
# interfaces using the "bind" configuration directive, followed by one or
# more IP addresses.
#
# Examples:
#
# bind 192.168.1.100 10.0.0.1
bind 127.0.0.1

# Specify the path for the Unix socket that will be used to listen for
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
#
unixsocket /var/run/redis/redis.sock
unixsocketperm 770

Create the directory /var/run/redis and set the correct permissions:

# mkdir /var/run/redis
# chown redis:redis /var/run/redis
# chmod 755 /var/run/redis

Add the user git and gitlab to the redis group:

# usermod -a -G redis git
# usermod -a -G redis gitlab

Update /etc/webapps/gitlab-shell/config.yml and /etc/webapps/gitlab/resque.yml files:

/etc/webapps/gitlab/resque.yml
development: unix:/var/run/redis/redis.sock
test: unix:/run/redis/redis.sock
production: unix:/run/redis/redis.sock
/etc/webapps/gitlab-shell/config.yml
...
# Redis settings used for pushing commit notices to gitlab
redis:
  bin: /usr/bin/redis-cli
  host: 127.0.0.1
  port: 6379
  # pass: redispass # Allows you to specify the password for Redis
  database: 5 # Use different database, default up to 16
  socket: /var/run/redis/redis.sock # uncomment this line
  namespace: resque:gitlab
...

Finally restart the redis, gitlab-sidekiq and gitlab-unicorn services.

For more information, please see issue #6100.

Gitlab-workhorse

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: This section needs configuration instructions. (Discuss in Talk:Gitlab#)

Since 8.0 GitLab uses separate HTTP server gitlab-workhorse for large HTTP requests like Git push/pull. If you want to use this instead of SSH, install the gitlab-workhorse package, enable gitlab-workhorse.service and configure web server for this.

GitLab CI

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: This section needs configuration instructions (for example, valid builds directory path). (Discuss in Talk:Gitlab#)

Useful Tips

Fix Rake Warning

When running rake tasks for the gitlab project, this error will occur: fatal: Not a git repository (or any of the parent directories): .git. This is a bug in bundler, and it can be safely ignored. However, if you want to git rid of the error, the following method can be used:

# cd /usr/share/webapps/gitlab
# sudo -u gitlab git init
# sudo -u gitlab git commit -m "initial commit" --allow-empty

Hook into /var

# mkdir -m700 /var/log/gitlab /var/tmp/gitlab
# chown gitlab:gitlab /var/log/gitlab /var/tmp/gitlab
# sudo -u gitlab -i
# cd ~/gitlab
# d=log; mv $d/* /var/$d/gitlab; rm -f $d/.gitkeep; rm -r $d && ln -s /var/$d/gitlab $d
# d=tmp; mv $d/* /var/$d/gitlab; rm -f $d/.gitkeep; rm -r $d && ln -s /var/$d/gitlab $d

Hidden options

Go to Gitlab's home directory:

# cd /usr/share/webapps/gitlab

and run:

# rake -T | grep gitlab
rake gitlab:app:check                         # GITLAB | Check the configuration of the GitLab Rails app
rake gitlab:backup:create                     # GITLAB | Create a backup of the GitLab system
rake gitlab:backup:restore                    # GITLAB | Restore a previously created backup
rake gitlab:check                             # GITLAB | Check the configuration of GitLab and its environment
rake gitlab:cleanup:block_removed_ldap_users  # GITLAB | Cleanup | Block users that have been removed in LDAP
rake gitlab:cleanup:dirs                      # GITLAB | Cleanup | Clean namespaces
rake gitlab:cleanup:repos                     # GITLAB | Cleanup | Clean repositories
rake gitlab:env:check                         # GITLAB | Check the configuration of the environment
rake gitlab:env:info                          # GITLAB | Show information about GitLab and its environment
rake gitlab:generate_docs                     # GITLAB | Generate sdocs for project
rake gitlab:gitlab_shell:check                # GITLAB | Check the configuration of GitLab Shell
rake gitlab:import:all_users_to_all_groups    # GITLAB | Add all users to all groups (admin users are added as owners)
rake gitlab:import:all_users_to_all_projects  # GITLAB | Add all users to all projects (admin users are added as masters)
rake gitlab:import:repos                      # GITLAB | Import bare repositories from gitlab_shell -> repos_path into GitLab project instance
rake gitlab:import:user_to_groups[email]      # GITLAB | Add a specific user to all groups (as a developer)
rake gitlab:import:user_to_projects[email]    # GITLAB | Add a specific user to all projects (as a developer)
rake gitlab:satellites:create                 # GITLAB | Create satellite repos
rake gitlab:setup                             # GITLAB | Setup production application
rake gitlab:shell:build_missing_projects      # GITLAB | Build missing projects
rake gitlab:shell:install[tag,repo]           # GITLAB | Install or upgrade gitlab-shell
rake gitlab:shell:setup                       # GITLAB | Setup gitlab-shell
rake gitlab:sidekiq:check                     # GITLAB | Check the configuration of Sidekiq
rake gitlab:test                              # GITLAB | Run all tests
rake gitlab:web_hook:add                      # GITLAB | Adds a web hook to the projects
rake gitlab:web_hook:list                     # GITLAB | List web hooks
rake gitlab:web_hook:rm                       # GITLAB | Remove a web hook from the projects
rake setup                                    # GITLAB | Setup gitlab db

Backup and restore

Create a backup of the gitlab system:

# sudo -u gitlab -H rake RAILS_ENV=production gitlab:backup:create

Restore the previously created backup file /home/gitlab/gitlab/tmp/backups/20130125_11h35_1359131740_gitlab_backup.tar:

# sudo -u gitlab -H rake RAILS_ENV=production gitlab:backup:restore BACKUP=/home/gitlab/gitlab/tmp/backups/20130125_11h35_1359131740
Note: Backup folder is set in config/gitlab.yml. GitLab backup and restore is documented here.

Migrate from sqlite to mysql

Get latest code as described in #Update Gitlab[broken link: invalid section]. Save data.

# cd /home/gitlab/gitlab
# sudo -u gitlab bundle exec rake db:data:dump RAILS_ENV=production

Follow #Mysql[broken link: invalid section] instructions and then setup the database.

# sudo -u gitlab bundle exec rake db:setup RAILS_ENV=production

Finally restore old data.

# sudo -u gitlab bundle exec rake db:data:load RAILS_ENV=production

Running GitLab with rvm

To run gitlab with rvm first you have to set up an rvm:

 curl -L https://get.rvm.io | bash -s stable --ruby=1.9.3
Note: Version 1.9.3 is currently recommended to avoid some compatibility issues.

For the complete installation you will want to be the final user (e.g. git) so make sure to switch to this user and activate your rvm:

 su - git
 source "$HOME/.rvm/scripts/rvm"

Then continue with the installation instructions from above. However, the systemd scripts will not work this way, because the environment for the rvm is not activated. The recommendation here is to create to separate shell scripts for unicorn and sidekiq to activate the environment and then start the service:

gitlab.sh
#!/bin/sh
source `/home/git/.rvm/bin/rvm 1.9.3 do rvm env --path`
bundle exec "unicorn_rails -c /usr/share/webapps/gitlab/config/unicorn.rb -E production"
sidekiq.sh
#!/bin/sh
source `/home/git/.rvm/bin/rvm 1.9.3 do rvm env --path`
case $1 in
    start)
        bundle exec rake sidekiq:start RAILS_ENV=production
        ;;
    stop)
        bundle exec rake sidekiq:stop RAILS_ENV=production
        ;;
    *)
        echo "Usage $0 {start|stop}"
esac

Then modify the above systemd files so they use these scripts. Modify the given lines:

gitlab.service
ExecStart=/home/git/bin/gitlab.sh
sidekiq.service
ExecStart=/home/git/bin/sidekiq.sh start
ExecStop=/home/git/bin/sidekiq.sh stop

Sending mails from Gitlab via SMTP

You might want to use a gmail (or other mail service) to send mails from your gitlab server. This avoids the need to install a mail daemon on the gitlab server.

Adjust smtp_settings.rb according to your mail server settings:

/usr/share/webapps/gitlab/config/initializers/smtp_settings.rb
if Rails.env.production?
  Gitlab::Application.config.action_mailer.delivery_method = :smtp

  Gitlab::Application.config.action_mailer.smtp_settings = {
    address:              'smtp.gmail.com',
    port:                 587,
    domain:               'gmail.com',
    user_name:            'username@gmail.com',
    password:             'application password',
    authentication:       'plain',
    enable_starttls_auto: true
  }
end

Gmail will reject mails received this way (and send you a mail that it did). You will need to disable secure authentication (follow the link in the rejection mail) to work around this. The more secure approach is to enable two-factor authentication for username@gmail.com and to set up an application password for this configuration file.

Troubleshooting

Sometimes things may not work as expected. Be sure to visit the Trouble Shooting Guide.

HTTPS is not green (gravatar not using https)

Redis caches gravatar images, so if you have visited your GitLab with http, then enabled https, gravatar will load up the non-secure images. You can clear the cache by doing

cd /usr/share/webapps/gitlab
RAILS_ENV=production bundle exec rake cache:clear

as the gitlab user.

Error at push bad line length character: API

If you get the following error while trying to push

fatal: protocol error: bad line length character: API

Check that your /etc/webapps/gitlab-shell/secret matches /usr/share/webapps/gitlab/.gitlab_shell_secret

If it is not the same, recreate the file with the following command

ln -s /etc/webapps/gitlab-shell/secret /usr/share/webapps/gitlab/.gitlab_shell_secret

Errors after updating

After updating the package from the AUR, the database migrations and asset updates will sometimes fail. These steps may resolve the issue, if a simple reboot does not.

First, move to the gitlab installation directory.

# cd /usr/share/webapps/gitlab

If every gitlab page gives a 500 error, then the database migrations and the assets are probably stale. If not, skip this step.

# sudo -u gitlab -H bundle exec rake db:migrate RAILS_ENV=production

If gitlab is constantly waiting for the deployment to finish, then the assets have probably not been recompiled.

# sudo -u gitlab -H bundle exec rake assets:clean assets:precompile cache:clear RAILS_ENV=production

Finally, restart the gitlab services and test your site.

# systemctl restart gitlab-unicorn gitlab-sidekiq gitlab-workhorse

/etc/webapps/gitlab/secret is empty

This file is usually generated while installing the gitlab-shell and the gitlab packages, but in some cases it may need to be generated manually.

# hexdump -v -n 64 -e '1/1 "%02x"' /dev/urandom > /etc/webapps/gitlab-shell/secret
# chown root:gitlab /etc/webapps/gitlab-shell/secret
# chmod 640 /etc/webapps/gitlab-shell/secret
# hexdump -v -n 64 -e '1/1 "%02x"' /dev/urandom > /etc/webapps/gitlab/secret
# chown root:gitlab /etc/webapps/gitlab/secret
# chmod 640 /etc/webapps/gitlab/secret

See also