GitLab on an Ubuntu 10.04 server with Apache

Posted on Jun 24, 2012 in Όλα τα Άρθρα, Linux και Ανοιχτό Λογισμικό, Τεχνολογία

Recently I saw the light, or something very bright at least, and decided it is time to use a central git repository to store my personal projects which span across many categories (code, documentation, translations, scripts, etc). Alas, as it usually is the case when you decide to change your workflow, you have to give it a bit more thought.

The thing about personal projects, is that there are too many of them and none has a known or at least certain development timeline. I may work on my backup script (mrbStudio) today and touch it again after two years, when I’ll need a new feature. Thus, the need for project management: documentation, issues, code snippets, etc. Anything that can help me get on track with a project I abandoned for some months -or more.

The simple (and probably correct) way would be to use a flat file policy, just add a README, ISSUES etc text file in the project’s directory. But I thought a dedicated solution could be better at this, making my workflow more efficient. It would make my projects index better looking too.

I checked some open source project management solutions, like Redmine and its fork, the ChiliProject, as well as indefero and others, but decided that for what would mostly be personal use, GitLab is the best choice out there.

GitLab is essentially a personal GitHub. You set up git and gitolite, and then GitLab sits on top of that, managing gitolite (users, projects, ssh keys), giving you a nice web interface and providing you some extra features, like wiki pages, a wall, issues management and others. It even recognizes and formats documents written in markdown (like the README.md files you see on GitHub) which is great for documentation writing.

To the code!

GitLab has a very good installation documentation but in order to keep it simple, the writers describe the process of installing GitLab mostly on a dedicated to GitLab server.

I chose to install it on a normal Ubuntu 10.04 based webserver which hosts some domains and is using Apache. So I will show you how to set (and manage) GitLab for such a setup while maintaining your style.

Through this guide, no reboots nor Apache downtime will occur.

Disclaimer: To use this guide, you must have the super power of… thinking. If you want to just copy – paste, it will probably not work for you and certainly you shouldn’t perform administration tasks on a public server. At every step check the possible variables of each command and set them for your setup.

1. Installing gitolite and GitLab

The developers of GitLab did a great job writing their installation guide and do their best to keep it updated. So it would be foul of me to just copy paste their work.

Just head over their GitHub page and read their installation instructions apart from the parts for the resque process and the web server (nginx, unicorn, init script) for the time being.

At the time of the writing of this article, GitLab is at version 2.6.0. You can find the installation instructions for the most recent stable release at the project’s wiki.

2. Deviating from the official guide for GitLab installation

As good as the above guide may be, you may have to deviate a bit or perform additional steps. Here are some I can think of.

Important: These steps would be better to be performed before you reach the Setup DB step of the official installation guide.

2.1. Installing the latest version of Ruby

The latest Ruby version for now is 1.9.3-p194, so you could use that instead of the 1.9.2-p290.

$ wget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p194.tar.gz $ tar xzvf ruby-1.9.3-p194.tar.gz $ cd ruby-1.9.3-p194 $ ./configure $ make $ sudo make install

2.2. Configure gitlab.yml

You should edit your gitlab/config/gitlab.yml to at least reflect your real host under the git_host section. This is useful because it sets how GitLab will show your project’s URIs. Also set anything else you think of use.

2.3. If you use a custom ssh port

Usually in public servers we don’t use the default ssh port (22) in order to avoid some of the automated attacks out there, targeting known ports.

If that’s your case, start by setting your ssh port in gitlab.yml under the git_host section.

Then create the file:

/home/gitlab/gitlab/.ssh/config

And set it like this (assuming your ssh port is 10001):
Host localhost Port 100001

2.4. Create a MySQL database if you need one

GitLab’s installation guide doesn’t deal with that but you probably should know how to create a MySQL database and a user for it.

In case you don’t remember, you run MySQL:

$ mysql -u root -p

In the MySQL prompt that will appear, you type (change any variable you may need, like *password*):

mysql> create database gitlabdb; mysql> create user 'gitlab'@'localhost' identified by 'password'; mysql> grant all privileges on gitlabdb.* to 'gitlab'@'localhost' with grant option; mysql> exit;

Set your database credentials in gitlab/config/database.yml

3. Apache setup

Update: Originally this guide suggested to use Phusion Passenger to serve GitLab instead of Unicorn. Since then (yesterday that would be) I’ve found that Unicorn performs considerably faster and maybe consumes a bit less RAM. So we are going to use Unicorn.

3.1. Configure Unicorn

As the official installation guide instructs, create the unicorn configuration file:

$ sudo -u gitlab -H cp /home/gitlab/gitlab/config/unicorn.rb.orig /home/gitlab/gitlab/config/unicorn.rb

Now edit gitlab/config/unicorn.rb and add a listening port. Just uncomment the following line and set a custom port if you want:

listen "127.0.0.1:8080"

3.2. Enable and load needed Apache modules

We need the proxy, proxy_balancer and proxy_http Apache modules. Enable them:

$ sudo a2enmod proxy proxy_balancer proxy_http

In order for Apache to load the new modules, it has to be restarted. This is the only restart of the Apache service we are going to need:

$ sudo /etc/init.d/apache2 restart

3.3. Create a virtualhost for GitLab

Create a configuration file for GitLab’s virtualhost:

/etc/apache2/sites-available/gitlab.myserver.conf

Insert the lines below (adjusted accordingly) to your GitLab site’s configuration file (the one we created). If you don’t need a ssl section, remove it. If you want to keep it, I assume you know where your ssl certificates are. Notice that the SSL virtualhost needs a specific IP instead of generic. Also if you set a custom port for Unicorn, do not forget to set it at the BalanceMember line.

<VirtualHost *:80>
  ServerName gitlab.myserver.com
  ServerAlias www.gitlab.myserver.com
  DocumentRoot /home/gitlab/gitlab/public
  ErrorLog /var/log/apache2/gitlab.myserver.com_error_log
  CustomLog /var/log/apache2/gitlab.myserver.com_access_log combined

  <Proxy balancer://unicornservers>
      BalancerMember http://127.0.0.1:8080
  </Proxy>

  <Directory /home/gitlab/gitlab/public>
    AllowOverride All
    Options -MultiViews
  </Directory>

  RewriteEngine on
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
  RewriteRule ^/(.*)$ balancer://unicornservers%{REQUEST_URI} [P,QSA,L]

  ProxyPass /uploads !
  ProxyPass / balancer://unicornservers/
  ProxyPassReverse / balancer://unicornservers/
  ProxyPreserveHost on

   <Proxy *>
      Order deny,allow
      Allow from all
   </Proxy>
</VirtualHost>

<VirtualHost MY_IP:443>
  ServerName gitlab.myserver.com
  ServerAlias www.gitlab.myserver.com
  DocumentRoot /home/gitlab/gitlab/public
  ErrorLog /var/log/apache2/gitlab.myserver.com_error_log
  CustomLog /var/log/apache2/gitlab.myserver.com_access_log combined

  <Proxy balancer://unicornservers>
      BalancerMember http://127.0.0.1:8080
      Header add X-Forwarded-Proto "https"
  </Proxy>

  <Directory /home/gitlab/gitlab/public>
    AllowOverride All
    Options -MultiViews
  </Directory>

  RewriteEngine on
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
  RewriteRule ^/(.*)$ balancer://unicornservers%{REQUEST_URI} [P,QSA,L]

  ProxyPass /uploads !
  ProxyPass / balancer://unicornservers/
  ProxyPassReverse / balancer://unicornservers/
  ProxyPreserveHost on

   <Proxy *>
      Order deny,allow
      Allow from all
   </Proxy>

  SSLEngine on
  SSLCertificateFile /home/gitlab/gitlab/ssl.cert
  SSLCertificateKeyFile /home/gitlab/gitlab/ssl.key
</VirtualHost>

Enable your GitLab virtual host for Apache:

$ sudo a2ensite gitlab.myserver.conf

Reload Apache for your GitLab virtualhost to start:

$ sudo /etc/init.d/apache2 reload

While your GitLab virtual host is up now, it doesn’t work as GitLab hasn’t started yet. To the next section!

4. GitLab Unicorn and Resque init script

This part is almost identical to the official guide except the insserv directive which doesn’t work for Ubuntu.

Create the file:

/etc/init.d/gitlab

Put these lines inside it. They are copied from the official installation guide, so check the official installation guide for possible updates.

#! /bin/bash ### BEGIN INIT INFO # Provides: gitlab # Required-Start: $local_fs $remote_fs $network $syslog redis-server # Required-Stop: $local_fs $remote_fs $network $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: GitLab git repository management # Description: GitLab git repository management ### END INIT INFO

DAEMON_OPTS="-c /home/gitlab/gitlab/config/unicorn.rb -E production -D" NAME=unicorn DESC="Gitlab service" PID=/home/gitlab/gitlab/tmp/pids/unicorn.pid RESQUE_PID=/home/gitlab/gitlab/tmp/pids/resque_worker.pid

case "$1" in start) CD_TO_APP_DIR="cd /home/gitlab/gitlab" START_DAEMON_PROCESS="bundle exec unicorn_rails $DAEMON_OPTS" START_RESQUE_PROCESS="./resque.sh"

echo -n "Starting $DESC: " if [ `whoami` = root ]; then sudo -u gitlab sh -l -c "$CD_TO_APP_DIR > /dev/null 2>&1 && $START_DAEMON_PROCESS && $START_RESQUE_PROCESS" else $CD_TO_APP_DIR > /dev/null 2>&1 && $START_DAEMON_PROCESS && $START_RESQUE_PROCESS fi echo "$NAME." ;; stop) echo -n "Stopping $DESC: " kill -QUIT `cat $PID` kill -QUIT `cat $RESQUE_PID` echo "$NAME." ;; restart) echo -n "Restarting $DESC: " kill -USR2 `cat $PID` kill -USR2 `cat $RESQUE_PID` echo "$NAME." ;; reload) echo -n "Reloading $DESC configuration: " kill -HUP `cat $PID` kill -HUP `cat $RESQUE_PID` echo "$NAME." ;; *) echo "Usage: $NAME {start|stop|restart|reload}" >&2 exit 1 ;; esac

exit 0

Make the script executable:

$ sudo chmod +x /etc/init.d/gitlab

For this time only, start GitLab manually by invoking our init script:

$ sudo /etc/init.d/gitlab start

Set GitLab’s init script to start automatically upon boot:

$ sudo update-rc.d gitlab defaults

Note: For the above script, I think the reload and restart commands won’t probably work. You don’t need them anyway, just do a start/stop when you need to.

Congratulations! Your GitLab is up and running!

5. Updating GitLab without interrupting the web server

Since you are on a proper webserver, hosting more than one sites, you cannot afford downtime.

The official guide about upgrading GitLab goes like this (official way to upgrade from 2.5.0 to 2.6.0).

For our setup, we can avoid Apache downtime and only have GitLab downtime which should be ok.

Just follow the commands below while adjusting for your setup if needed, they are easy to understand. They are the commands from the official upgrade guide but first we stop only the GitLab virtualhost and service, make the upgrade and restart them.

Update: While the commands below serve as a nice “update skeleton”, it would be sane to check gitlab’s documentation for version specific upgrade tasks. For example during the upgrade from 2.6.x to 2.7.0, the gitlab.yml format changed, so on top of the commands below, you had to update this file.

$ sudo su # you just became root, be careful $ a2dissite gitlab.myserver.conf $ /etc/init.d/apache2 reload $ /etc/init.d/gitlab stop $ cd /home/gitlab/gitlab $ sudo -u gitlab -H git pull origin stable $ sudo -u gitlab -H bundle install --without development test $ sudo -u gitlab -H bundle exec rake db:migrate RAILS_ENV=production $ a2ensite gitlab.myserver.conf $ /etc/init.d/apache2 reload $ /etc/init.d/gitlab start

That’s all folks, hope I helped some of you.

Share

29 Comments

  1. Thanks so much. This worked great for me on Ubuntu 12.04.

    One question though: When I create a local repo and then try to push to my remote Ubuntu git/Gitlab install, tortoiseGit keeps asking for a password for user “git”, but I notice in Gitlab’s instructions the git user password is “–disabled-password” . My SSH keys are setup fine and working. What have I missed?

  2. Hi Brian, thanks for the comment.

    git user indeed doesn’t have a password so you have to login using your ssh key. We usually encrypt ssh keys with a password (called a passphrase) and you have to unlock them before you are able to use them.
    So maybe tortoiseGit asks you for the passphrase you used when you created your ssh key.

    I can’t be of much help because I am on Linux and ssh is kind of a native function for us.

    Provided that you added your public ssh key to your gitlab account, I would suggest to google for a ssh – tortoiseGit guide, maybe in conjunction with github.

    I found this one which may help you:
    http://dbanck.de/2009/10/08/github-windows-and-tortoisegit-part-1-installing-pulling/

  3. Thanks again Marios for your advice.

    I sorted it out. Rookie mistake. I pasted the wrong format of my public key into gitlab ssh keys section. The answer was documented here https://github.com/gitlabhq/gitlabhq/issues/293#issuecomment-5125487

  4. Thanks! I just finished the set up and all work well! I just want to ask one thing though. I want all the traffic streamed through ssl but when I log in, firefox “complains” that the page is partially encrypted. Could it be that something is missing in gitlab vhost?

  5. I just tried with the nginx config example provided in the wiki and I hadn’t this problem.

  6. I didn’t show this in my guide but it is simple. You can add a rewrite rule to the non ssl virtual host to request the ssl versions of the URIs.

    So, in the guide the non SSL virtual host is:

    <VirtualHost *:80>
    ServerName gitlab.myserver.com
    ServerAlias www.gitlab.myserver.com
    DocumentRoot /home/gitlab/gitlab/public
    ErrorLog /var/log/apache2/gitlab.myserver.com_error_log
    CustomLog /var/log/apache2/gitlab.myserver.com_access_log combined

    <Proxy balancer://unicornservers>
    BalancerMember http://127.0.0.1:8080
    </Proxy>

    <Directory /home/gitlab/gitlab/public>
    AllowOverride All
    Options -MultiViews
    </Directory>

    RewriteEngine on
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
    RewriteRule ^/(.*)$ balancer://unicornservers%{REQUEST_URI} [P,QSA,L]

    ProxyPass / balancer://unicornservers/
    ProxyPassReverse / balancer://unicornservers/
    ProxyPreserveHost on

    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>
    </VirtualHost>

    Replace proxy directives with a rewrite rule to change every URI request to https like this:

    <VirtualHost *:80>
    ServerName gitlab.myserver.com
    ServerAlias www.gitlab.myserver.com
    DocumentRoot /home/gitlab/gitlab/public
    ErrorLog /var/log/apache2/gitlab.myserver.com_error_log
    CustomLog /var/log/apache2/gitlab.myserver.com_access_log combined

    <Directory /home/gitlab/gitlab/public>
    AllowOverride All
    Options -MultiViews
    </Directory>

    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    </VirtualHost>

  7. It seems it doesn’t redirect all the traffic to ssl. I had already put a rewrite rule, I even tried your example but again I get the same output. Here’s what I mean

    with apache > http://i.imgur.com/B27ux.png
    with nginx > http://i.imgur.com/Mwv9R.png

  8. I would guess that the problem exists because of gravatar. If you check, this is the only unencrypted URI in your pages. Even if you haven’t a gravatar, your browser will download the default. I don’t think this as a serious problem, so I won’t try fixing it, but I reckon you could do a grep in your gitlab installation to find where gravatar is mentioned and change these lines to use https.

  9. You are right! This is gravatar’s fault! This was supposed to have been fixed with this commit https://github.com/ariejan/gitlabhq/commit/4dbed7ca88c2fe8f127deb752f82a5ee9ab4cade but that’s not the case (at least with apache). I replaced “http://www.gravatar.com” with “https://secure.gravatar.com” and problem solved :) Thanks for your time!

  10. The virtualhost config in 3.3 seems to have lost the various tags that look like HTML tags, probably stripped away automatically for that same reason.

    I think I managed to insert them correctly:

    ServerName gitlab.devserver.local
    ServerAlias gitlab.devserver.local
    DocumentRoot /home/gitlab/gitlab/public
    ErrorLog /var/log/apache2/gitlab.myserver.com_error_log
    CustomLog /var/log/apache2/gitlab.myserver.com_access_log combined

    BalancerMember http://127.0.0.1:8000

    AllowOverride All
    Options -MultiViews

    RewriteEngine on
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
    RewriteRule ^/(.*)$ balancer://unicornservers%{REQUEST_URI} [P,QSA,L]

    ProxyPass / balancer://unicornservers/
    ProxyPassReverse / balancer://unicornservers/
    ProxyPreserveHost on

    Order deny,allow
    Allow from all

    But anyway this guide probably saved me a lot of time, thanks!

  11. The virtualhost config in 3.3 seems to have lost the various tags that look like HTML tags, probably stripped away automatically for that same reason.

    I think I managed to insert them correctly:


    <VirtualHost *:8000--
    ServerName gitlab.devserver.local
    ServerAlias gitlab.devserver.local
    DocumentRoot /home/gitlab/gitlab/public
    ErrorLog /var/log/apache2/gitlab.myserver.com_error_log
    CustomLog /var/log/apache2/gitlab.myserver.com_access_log combined
    <Proxy balancer://unicornservers--
    BalancerMember http://127.0.0.1:8000
    </Proxy--
    <Directory /home/gitlab/gitlab/public--
    AllowOverride All
    Options -MultiViews
    </Directory--
    RewriteEngine on
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
    RewriteRule ^/(.*)$ balancer://unicornservers%{REQUEST_URI} [P,QSA,L]

    ProxyPass / balancer://unicornservers/
    ProxyPassReverse / balancer://unicornservers/
    ProxyPreserveHost on
    <Proxy *--
    Order deny,allow
    Allow from all
    </Proxy--
    </VirtualHost--

    But anyway this guide probably saved me a lot of time, thanks!

    *Repost: Yup, mine got stripped away just now, even when wrapping it all in a code block. Replacing the > in the tags with — this time.

  12. Ok, now I feel silly for not having read the comments thoroughly.. Feel free to delete all of my comments, including this one.

  13. No, you are correct indeed! Because there are some special characters for html (like greater > and less < than symbols) in the code section, wordpress destroyed them when I updated the article.

    Thank you. I’ll fix them. :)

  14. For some reason your page isn’t displaying any content in my browser, the article is just empty. I’m running the latest version of Google Chrome, just thought I’d let you know. I’m going to try it with another browser.

  15. Interestingly, when I added that comment the article appeared in full. I’m not sure what would be causing this.

  16. I’m getting a 404 not found error when trying to view Gitlab attachments. I found this gitlab issue https://github.com/gitlabhq/gitlabhq/issues/348#issuecomment-5645250 and added ProxyPass /uploads ! to VirtualHost then restarted apache, but it made no difference. Any ideas?

  17. I have the same problem. I hadn’t use this functionality until now and only because of your comment I checked it out.

    The link you gave though, works for me. I just added the ProxyPass /uploads ! directive before the other ProxyPass directives for both http and https.

    So, Apache’s virtualhost configuration part:
    ProxyPass / balancer://unicornservers/
    ProxyPassReverse / balancer://unicornservers/
    ProxyPreserveHost on

    Became:
    ProxyPass /uploads !
    ProxyPass / balancer://unicornservers/
    ProxyPassReverse / balancer://unicornservers/
    ProxyPreserveHost on

    I updated the article too with this. Thank you!

  18. Thanks Marios. I had the directives in the wrong order. When I put the negate first it worked. The relevant info I found under “Ordering ProxyPass Directives” in http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass “exclusions must come before the general ProxyPass directives”.

  19. Thanks for the post. This helped me set up for hosting through Apache httpd. I thought I’d drop one more comment in here on the git user asking for password. By default on Ubuntu 12.04 server, only users in the SSH group can connect. After I added the git and gitlab users to this group and restarted sshd, the password prompt went away for me. Hopefully this helps someone else out there.

  20. The current setup seems to dump on my box. I can run GitLab just fine with Thin, but as soon as I do the setup with unicorn and Apache it doesn’t do much of anything.

    In the Apache error log I get:

    [Wed Aug 29 06:14:41 2012] [error] [client 50.113.62.116] (20014)Internal error: proxy: error reading status line from remote server 127.0.0.1:4242
    [Wed Aug 29 06:14:41 2012] [error] [client 50.113.62.116] proxy: Error reading from remote server returned by /

  21. Ian, a bit late maybe but I ran into the same errors.
    I solved it by changing this line in my virtualhost config file

    DocumentRoot /home/gitlab/gitlab/public

    changed to :

    DocumentRoot /home/gitlab/gitlab

  22. Hi, sorry I didn’t respond to the last messages, got a bit distracted with work.

    Anyway, you may noticed that Gitlab 3 is out. For you who want to upgrade, I would suggest to upgrade first gitolite. I think many of us installed gitolite v2, but now this is bumped too at v3.

    Check these links from GitLab’s official documentation:
    Update gitolite: https://github.com/gitlabhq/gitlabhq/wiki/Update-gitolite
    Update GitLab from 2.9 to 3.0: https://github.com/gitlabhq/gitlabhq/wiki/From-2.9-to-3.0
    Update GitLab from 2.6 to 3.0: https://github.com/gitlabhq/gitlabhq/wiki/From-2.6-to-3.0

    Also the last sed commands of the upgrade guide may have some problems, so check this gist too: https://gist.github.com/3946188

    Cheers! :D

  23. Thanks for your instructions, they worked perfectly!
    I created an issue at gitlabhq to update installation instructions to cover both nginx/apache.

  24. Glad I helped! My next milestone is to transfer my installation to a Gentoo system and maybe convert the database from MySQL to sqlite.

    PS. I think Gitlab 3.1 just got out.

  25. Hi, I just installed Gitlab (latest stable version) on my dedicated server (Debian 6 Squeeze). I have followed the gitlabhq installation guide and your guide but I always have this message from apache :

    Proxy Error

    The proxy server received an invalid response from an upstream server.
    The proxy server could not handle the request GET /users/sign_in.

    Reason: Error reading from remote server

    Any idea ?

    Thank you.

  26. Worked perfectly. Thanks.

  27. Thanks Andrew! Ismael sorry but I can’t think of something. :-/

    A small update that probably interests axil.
    We had a problem, where gravatars were served always from the non-ssl gravatar host, thus the browser SSL notification warned the user for mixed ssl and non-ssl content.

    We fixed it by hardcoding the SSL gravatar host to Gitlab but this isn’t the best solution as the problem lies elsewhere; Gitlab doesn’t know that it is being served through SSL.
    The proper solution is to configure Apache to set a https header, so that Gitlab will know that it is being served through SSL.

    On Apache’s SSL configuration section, we have this code:

    <Proxy balancer://unicornservers>
    BalancerMember http://127.0.0.1:8080
    </Proxy>

    So, we just add a https header:

    <Proxy balancer://unicornservers>
    BalancerMember http://127.0.0.1:8080
    Header add X-Forwarded-Proto "https"
    </Proxy>

  28. Am getting error “Error, unicorn not running!” after following the steps mentioned above.

  29. This guide is old. At the time of the writing, we had Gitlab 2.6.0. Now we are at 5.3 and many – many things have changed. Amongst the changes is that the Gitlab team now uses Puma instead of unicorn.

    Have a look at the official instructions for the currently latest stable version: https://github.com/gitlabhq/gitlabhq/blob/5-3-stable/doc/install/installation.md

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>