GitLab/Yunohost (Debian Jessie)

Installation et paramétrage GitLab+Nginx

Installation gitlab avec utilisation du serveur nginx existant sur yunohost

Gitlab Gitlab-ce APT/YUM repository for GitLab Community Edition packages

curl -LJO https://packages.gitlab.com/gitlab/gitlab-ce/packages/debian/jessie/gitlab-ce_9.2.2-ce.0_amd64.deb/download
sudo dpkg -i gitlab-ce_9.2.2-ce.0_amd64.deb

GitLab-Using a non-bundled web-server
Config nginx
Configuration , on n'utilise pas le serveur nginx embarqué dans gitlab-ce

sudo nano /etc/gitlab/gitlab.rb
nginx['enable'] = false
web_server['external_users'] = ['www-data']

Valider la configuration

sudo gitlab-ctl reconfigure

Ajout www-data au groupe gitlab-www

sudo usermod -aG gitlab-www www-data

Le fichier de configuration nginx /etc/nginx/conf.d/gitlab.xeuyakzas.xyz.conf

sudo nano /etc/nginx/conf.d/gitlab.xeuyakzas.xyz.conf
## GitLab
##
## Modified from nginx http version
## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
##
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
##################################
##        CONTRIBUTING          ##
##################################
##
## If you change this file in a Merge Request, please also create
## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
##
###################################
##         configuration         ##
###################################
##
## See installation.md#using-https for additional HTTPS configuration details.

upstream gitlab-workhorse {
  server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name gitlab.xeuyakzas.xyz;

    ssl_certificate /etc/yunohost/certs/xeuyakzas.xyz/crt.pem;
    ssl_certificate_key /etc/yunohost/certs/xeuyakzas.xyz/key.pem;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;

    add_header Strict-Transport-Security "max-age=31536000;";

    ssl_dhparam /etc/ssl/private/dh4096.pem;

  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    client_max_body_size 0;
    gzip off;

    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_pass http://gitlab-workhorse;
  }

}

Vérifier et relancer le serveur nginx

sudo nginx -t
sudo service nginx restart

Certificat gitlab.xeuyakzas.xyz

Pour le domaine xeuyakzas.xyz et sous-domaine gitlab.xeuyakzas.xyz
Modifier /etc/ssowat/conf.json.persistent

sudo nano /etc/ssowat/conf.json.persistent
{
    unprotected_urls : [
        "xeuyakzas.xyz/.well-known/acme-challenge",
        "gitlab.xeuyakzas.xyz/.well-known/acme-challenge"
    ]
}

Modifier /usr/local/etc/letsencrypt/xeuyakzas.xyz.ini

sudo nano /usr/local/etc/letsencrypt/xeuyakzas.xyz.ini
#################################
#  Let's encrypt configuration  #
#################################

# Taille de la clef
rsa-key-size = 4096

# Email de notification / contact si nécessaire dans le futur
email = webmaster@xeuyakzas.xyz

# domaine(s)
domains = xeuyakzas.xyz,gitlab.xeuyakzas.xyz 

# Utiliser la méthode d'authentification webroot
# avec le contenu dans /tmp/letsencrypt-auto
webroot-path = /tmp/letsencrypt-auto

Créer ou renevouler les certificats

sudo -s
cd /opt/certbot
./certbot-auto certonly -a webroot --renew-by-default --config /usr/local/etc/letsencrypt/xeuyakzas.xyz.ini

Les certificats sont sous /etc/letsencrypt/live/xeuyakzas.xyz/

Gitlab , première utilisation

A la première connexion au site https://gitlab.xeuyakzas.xyz , il faut renseigné le mot de passe “admin”
Créer un utilisateur et son mot de passe : xyz@xeuyakzas.xyz xxxxx
Se connecter et créer un groupe spm avec accès Public
Créer un projet wikistatic dans le groupe spm avec accès Public

Sur l’ordinateur local , créer l’utilisateur pour git

git config --global user.name "xyz"
git config --global user.email "xyz@xeuyakzas.xyz"

Dépôt local ~/media/devel/git/wikistatic existe , mise à jour du dépôt distant par git

# se positionner dans le dossier du dépot local
cd ~/media/devel/git/wikistatic
# effacer si nécessaire toutes traces
sudo rm -r .git
# initialisation du dépôt 
git init
# initialisation du dépôt distant
git remote add origin https://gitlab.xeuyakzas.xyz/spm/wikistatic.git
# lister tous les dossiers et fichiers
git add .
# mettre à jour le dépôt distant
git commit -m "Initial commit"
git push -u origin master
# login et mot de passe demandés pour accès au site gitlab.xeuyakzas.xyz
Username for 'https://gitlab.xeuyakzas.xyz': xyz
Password for 'https://xyz@gitlab.xeuyakzas.xyz': 

Si tout se déroule correctement , message suivant :

La branche master est paramétrée pour suivre la branche distante master depuis origin.

Le groupe spm et les dépots sont en accès Public pour le clonage :
git clone https://gitlab.xeuyakzas.xyz/spm/wikistatic.git

How to remove/uninstall Gitlab completely

There are many instructions and tutorials available, providing a step-by-step guidance, on how to install Gitlab on your Linux system. But what if you completely want to remove it from your system? Let me help you out with this: How to completely remove/uninstall Gitlab

As described by Gitlab you normally install it by extending your sources with the Gitlab repository using the provided script. This extension allows you to use apt-get to install Gitlab as any application. Furthermore this also applies for removing Gitlab. Check out this step-by-step instruction for how to uninstall Gitlab:

1 – Stop the gitlab service

If Gitlab is running you first have to stop its service to correctly remove it later. Use the Gitlab own command to stop the Gitlab service completely. Gitlab will confirm it and shut down with some console output.

sudo gitlab-ctl stop

2 – Self-Uninstall using the Gitlab control script

Gitlab comes with a self-contained uninstall script removing some files, dependencies and services. It will also automatically backup your configuration files and provide them as archive in your home folder. Use the following command to self-uninstall Gitlab. Gitlab will confirm the execution with some console output.

sudo gitlab-ctl uninstall

3 – Delete the package of gitlab

To fully delete Gitlab you have to use the apt-get packaging tool and remove the Gitlab package from your system. If you purge Gitlab from your system you will remove everything. This especially means your configuration files and user data.
Command to fully remove:

sudo apt-get purge gitlab-ce

Command to save-remove:

sudo apt-get remove gitlab-ce

4 – Remove the remaining files and folders

After removing the gitlab-ce package the system warns you which folder could not be deleted successfully. Normally that should be /opt/gitlab/ , /var/opt/gitlab/ and /var/log/gtitlab . To remove them you have to execute the systems remove command to recursively remove the remaining folders.
Command (may replace the path):

sudo rm -rf /org/gitlab/
sudo rm -rf /var/opt/gitlab/

5 – Remove gitlab from your sources

Gitlab creates a custom source list entry for your machine to seamlessly work with apt-get. You should consider to remove this entry after uninstalling Gitlab. I wrote a short post about this topic here: Remove apt respository sources

6 – Restart your machine

You do not have to but if your system behaves not like usual you should consider to restart. Just in case.