Your Complete Guide to Installing GitLab CE on Debian 11
Deploying a self-hosted Git repository and a complete DevOps platform provides unparalleled control over your source code and development lifecycle. GitLab Community Edition (CE) is a powerful, open-source solution perfect for teams of all sizes. This guide will walk you through a clean, step-by-step installation of GitLab CE on a Debian 11 “Bullseye” server.
By following these instructions, you will have a fully functional, secure, and private GitLab instance ready for your projects.
Prerequisites: Preparing Your Debian 11 Server
Before beginning the installation, ensure your server meets the minimum requirements and is fully up to date. For a smooth experience, a server with at least 4 CPU cores and 4 GB of RAM is recommended.
First, connect to your server via SSH and update the system’s package index and installed packages to their latest versions.
sudo apt update && sudo apt upgrade -y
Step 1: Install Essential Dependencies
GitLab requires a few key software packages to function correctly, including tools for downloading scripts and a mail transfer agent for sending email notifications (like password resets and pipeline alerts).
Install these dependencies with a single command:
sudo apt install -y curl ca-certificates postfix
During the postfix installation, you will be prompted for a configuration type. Select ‘Internet Site’ and press Enter. For the system mail name, enter the domain name you plan to use for your GitLab instance (e.g., gitlab.yourdomain.com). This ensures that notification emails are sent from a recognized source.
Step 2: Add the Official GitLab Repository
GitLab maintains its own official package repository, which makes installation and future updates incredibly simple. We will add this repository to our system using a script provided by GitLab.
Download and execute the script with the following command:
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
This script automatically detects your operating system (Debian 11), adds the appropriate repository configuration, and imports the necessary GPG key to verify the packages.
Step 3: Install GitLab Community Edition
With the repository configured, installing GitLab CE is now as simple as installing any other package. The following command will download and install the latest version of the platform.
sudo apt install gitlab-ce
This step can take several minutes to complete, as it downloads and unpacks a large number of components. Be patient and allow the process to finish without interruption.
Step 4: Initial Configuration and Setting Your URL
After the installation is complete, you must configure GitLab with the URL you will use to access it. This is the most critical configuration step.
Open the main GitLab configuration file with a text editor like nano:
sudo nano /etc/gitlab/gitlab.rb
Inside this file, find the line that begins with external_url. Change the default value to the domain name or IP address of your server. It is highly recommended to use a fully qualified domain name (FQDN).
If you are using a domain name, your configuration should look like this:
external_url 'http://gitlab.yourdomain.com'
If you are only using an IP address for now, use this format:
external_url 'http://your_server_ip'
Save the file and exit the editor (in nano, press CTRL+X, then Y, then Enter).
Now, apply the new configuration by running the reconfigure command. This will start all the necessary services and configure them based on your external_url.
sudo gitlab-ctl reconfigure
This command also takes a few minutes to run as it configures every component of the GitLab ecosystem, from the web server to the database.
Step 5: Securing Your Server with a Firewall
To ensure your GitLab instance is accessible from the internet while remaining secure, you need to configure your firewall. If you are using ufw (Uncomplicated Firewall), you must allow traffic on ports for SSH, HTTP, and HTTPS.
Run the following commands to set up the firewall rules:
sudo ufw allow OpenSSH
sudo ufw allow http
sudo ufw allow https
sudo ufw enable
This configuration ensures you can still access your server via SSH while allowing web traffic to reach your GitLab instance.
Step 6: Accessing the GitLab Web Interface and First Login
Your GitLab instance is now running. Open a web browser and navigate to the external_url you configured in Step 4.
For security reasons, an initial random password is automatically generated for the root user. To retrieve this password, run the following command on your server:
sudo cat /etc/gitlab/initial_root_password
Copy the password from the output. Now, go back to your browser, log in with the username root and the password you just retrieved. You will be immediately prompted to change this password. Choose a strong, unique password and save it securely.
Congratulations! You now have a fully operational private GitLab server.
Next Steps: Secure Your GitLab with a Free SSL Certificate
Running a production service over plain HTTP is not secure. GitLab has excellent built-in support for Let’s Encrypt, allowing you to automatically obtain and renew a free SSL/TLS certificate.
To enable this:
- Ensure you have a domain name pointing to your server’s IP address. Let’s Encrypt does not issue certificates for IP addresses.
- Edit the configuration file again:
sudo nano /etc/gitlab/gitlab.rb. - Change your
external_urlto usehttps:
ruby
external_url 'https://gitlab.yourdomain.com'
- Uncomment (remove the
#) and enable the Let’s Encrypt integration:
ruby
letsencrypt['enable'] = true
- Save the file and run
sudo gitlab-ctl reconfigureone last time.
GitLab will now handle the entire SSL certificate process, and your instance will be accessible securely over HTTPS. You can now start creating projects, adding users, and building your CI/CD pipelines.
Source: https://kifarunix.com/install-gitlab-ce-on-debian-11/
