How to install GitLab on Fedora 26 with AD CS SSL

  • I tried to follow Scott's guide here, but for Fedora 26 it didn't quite work and I had to do things differently.

    Here's the steps I logged as I went along. I believe following them exactly will get you from a fresh install to a working https gitlab.

    1. In PowerShell on your Hyper-V Hypervisor:
    New-VHD -Path "E:\Hyper-V\Virtual Hard Disks\gitlabServer.vhdx" -SizeBytes 500GB -Dynamic -BlockSizeBytes 1MB
    1. After Fedora 26 is installed:
    dnf install hyperv-daemons hypervvssd hyperv-tools
    1. Disable network manager (because it usually ruins your life later):
    systemctl stop NetworkManager.service
    systemctl disable NetworkManager.service
    systemctl enable network.service
    reboot now
    1. Install ability to use semanage:
    dnf install policycoreutils-python-utils
    1. Install full cockpit:
    dnf install cockpit
    1. Make sure all is up to date:
    dnf upgrade
    1. Make all space available, resize... easy to do in Cockpit.
    2. Install GitLab dependencies (may already be installed) depending on your OS install:
    dnf install -y curl openssh-server openssh-clients cronie
    1. Open firewall/selinux:
    firewall-cmd --permanent --add-service=http
    firewall-cmd --permanent --add-service=https
    firewall-cmd --reload
    semanage permissive -a httpd_t
    1. More dependencies (I don't think these are needed, but if they are):
    dnf install -y pygpgme yum-utils
    1. Install GitLab:
    mv download gitlab-ce-9.4.5-ce.0.el7.x86_64.rpm
    dnf install -y gitlab-ce-9.4.5-ce.0.el7.x86_64.rpm
    1. Config and start GitLab (may take about 2 minutes):
    gitlab-ctl reconfigure
    1. Add SMTP server config -> vi /etc/gitlab/gitlab.rb:
    gitlab_rails['smtp_enable'] = true
    gitlab_rails['smtp_address'] = "smtpServer.domain.local"
    gitlab_rails['smtp_port'] = 25
    gitlab_rails['smtp_authentication'] = false
    gitlab_rails['smtp_enable_starttls_auto'] = true
    gitlab_rails['gitlab_email_from'] = '[email protected]'
    gitlab_rails['gitlab_email_reply_to'] = '[email protected]'
    gitlab-ctl reconfigure
    1. Send email test:
    gitlab-rails console
    Notify.test_email('[email protected]', 'GitLab Test Email', 'This is a test.').deliver_now
    1. Convert your AD CS wildcard cert.pfx to PEM and KEY for nginx:
    openssl pkcs12 -in domain_wildcard_cert.pfx -out domainwild-encrypted.key
    openssl pkcs12 -in domain_wildcard_cert.pfx -clcerts -nokeys -out domainwild-certificate.crt
    openssl rsa -in domainwild-encrypted.key -out domainwild-decrypted.key
    openssl pkcs12 -in domain_wildcard_cert.pfx -out domain-ca.crt -nodes -nokeys -cacerts
    cat domainwild-certificate.crt domain-ca.crt > full_cert.crt
    1. Create ssl directory for gitlab (extra info -😞
    mkdir -p /etc/gitlab/ssl
    chmod 0700 /etc/gitlab/ssl
    cp /mnt/domainwild-decrypted.key /etc/gitlab/ssl/gitlabServer.domain.local.key
    cp /mnt/full_cert.crt /etc/gitlab/ssl/gitlabServer.domain.local.crt
    1. Edit file to enable https and redirect to https -> vi /etc/gitlab/gitlab.rb:
    external_url "https://gitlabServer.domain.local"
    nginx['redirect_http_to_https'] = true
    sudo gitlab-ctl reconfigure
    1. Now you should be able to access your gitlab via https.

  • @tim_g
    Do you know what tools and scripts that is available when installing hyperv-tools?