The installation of a self hosted Gitlab instance using SSL certificates from Let’sEncrypt on a Centos 7 is simple and straightforward.
Run as root the following, remember to change Gitlab.example.com with the domain you intend to use for your Gitlab installation
yum install -y curl policycoreutils-python openssh-server postfix certbot
systemctl enable sshd
systemctl start sshd
systemctl enable postfix
systemctl start postfix
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
systemctl reload firewalld
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | bash
yum update -y
EXTERNAL_URL="http://gitlab.example.com" yum install -y gitlab-ce
Go grab a coffee, the installation will take a while.
After the installation is complete, you can go to the URL you used as EXTERNAL_URL and make the first steps in configuring your GitLab installation.
Now we have to configure a few exceptions before we can create our certificate, again open the file ‘/etc/gitlab/gitlab.rb’ and add to the end.
#Gitlab letsencrypt configuration
mattermost_nginx['custom_gitlab_server_config']="location ^~ /.well-known {\n alias /etc/letsencrypt/www/.well-known;\n}\n"
After this you need to regenerate your GitLab configuration with:
gitlab-ctl reconfigure && gitlab-ctl restart
Now you can generate your certificate with the command:
certbot certonly --webroot -w /etc/letsencrypt/www/ -d gitlab.example.com
All that is left now is to open ‘/etc/gitlab/gitlab.rb’ and add to the end of the file the last bits of configuration, taking care to substitute gitlab.example.com with the domain of your chat server.
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate']= "/etc/letsencrypt/live/gitlab.example.com/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/gitlab.example.com/privkey.pem"
The last step is to regenerate your GitLab configuration with:
gitlab-ctl reconfigure && gitlab-ctl restart
All is set, now you have a self hosted GitLab installation server working with SSL
Sources:
https://about.gitlab.com/install/#centos-7
https://docs.gitlab.com/omnibus/settings/nginx.html#enable-https