1080*80 ad
Home » Blog » Installing GitLab on AlmaLinux 10 with Let’s Encrypt SSL

Installing GitLab on AlmaLinux 10 with Let’s Encrypt SSL

Benhcmark Administrator Benhcmark Administrator
28/07/2025
0 Views 0
Installing GitLab on AlmaLinux 10 with Let’s Encrypt SSL

A Step-by-Step Guide to Installing GitLab on AlmaLinux 10 with Let’s Encrypt SSL

Self-hosting your own DevOps platform offers unparalleled control, security, and customization. GitLab is a premier choice, providing a complete solution for source code management, CI/CD pipelines, and project collaboration. This guide will walk you through the process of installing GitLab Community Edition (CE) or Enterprise Edition (EE) on a server running AlmaLinux 10, complete with a free and secure SSL certificate from Let’s Encrypt.

By following these steps, you can deploy a robust, private GitLab instance for your personal projects or your entire team.

Prerequisites: What You’ll Need

Before we begin, ensure you have the following resources ready. Proper preparation is key to a smooth installation process.

  • A Server: A fresh installation of AlmaLinux 10 is recommended.
  • System Resources: GitLab recommends at least 4 GB of RAM and 2 CPU cores for optimal performance. More resources will be needed for larger teams.
  • A Domain Name: You need a fully qualified domain name (e.g., gitlab.yourdomain.com) that points to your server’s public IP address.
  • Sudo Privileges: You will need access to a user account with sudo rights or the root user itself.

Step 1: Prepare Your System and Install Dependencies

First, it’s essential to update your system’s packages to their latest versions. This ensures all security patches and software updates are applied. We will also install the necessary dependency packages that GitLab requires to function correctly.

Open your terminal and run the following commands:

# Update all system packages
sudo dnf update -y

# Install essential dependencies
sudo dnf install -y curl policycoreutils openssh-server perl

These packages include curl for downloading files, policycoreutils for managing SELinux policies, and openssh-server for secure remote access.

Step 2: Configure Your Firewall

Your server’s firewall protects it from unauthorized access. We need to configure it to allow web traffic so users can access the GitLab interface. We will open ports for HTTP (80) and HTTPS (443), as well as SSH (22) for server management.

Execute these commands to permanently add the new firewall rules and reload the service:

# Allow HTTP, HTTPS, and SSH traffic
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=httpss
sudo firewall-cmd --permanent --add-service=ssh

# Reload the firewall to apply changes
sudo firewall-cmd --reload

Step 3: Add the Official GitLab Repository

GitLab maintains its own package repository, which makes installation and future updates incredibly simple. We’ll use a script provided by GitLab to add this repository to our system’s package manager.

This single command downloads and executes the repository setup script:

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash

Note: This script adds the repository for GitLab Enterprise Edition (EE). It can be used for free without a license and has the same core features as the Community Edition (CE), with the added benefit of an easy upgrade path to paid features if needed.

Step 4: Install the GitLab Package

With the repository configured, you can now install GitLab. During this step, you must specify the domain name you prepared earlier. Setting the EXTERNAL_URL environment variable tells GitLab how it will be accessed.

Remember to replace gitlab.yourdomain.com with your actual domain name.

sudo EXTERNAL_URL="https://gitlab.yourdomain.com" dnf install -y gitlab-ee

The package manager will now download and install GitLab and all its components. This process may take several minutes to complete.

Step 5: Enable Let’s Encrypt SSL

Now that GitLab is installed, we need to configure it to use your domain and automatically fetch a secure SSL certificate from Let’s Encrypt. This is handled in GitLab’s primary configuration file.

  1. Open the configuration file using a text editor like nano or vim:

    sudo nano /etc/gitlab/gitlab.rb

  2. Find the external_url line and ensure it matches the one you used during installation. It should look like this:

    external_url 'https://gitlab.yourdomain.com'

  3. Scroll down to find the Let’s Encrypt settings. Uncomment and set letsencrypt['enable'] to true. This is the most critical step for enabling SSL.

    letsencrypt['enable'] = true

  4. (Optional but Recommended) You can also provide an email address for Let’s Encrypt notifications, such as expiry warnings.

    letsencrypt['contact_emails'] = ['[email protected]']

  5. Save the file and exit the editor (in nano, press CTRL+X, then Y, then Enter).

Step 6: Run the Reconfiguration Command

With the configuration updated, you must apply the changes. GitLab provides a control utility for this purpose. The reconfigure command will set up all the necessary services, databases, and web servers based on the settings in /etc/gitlab/gitlab.rb.

This command will also trigger the Let’s Encrypt process to obtain your SSL certificate.

sudo gitlab-ctl reconfigure

This process is resource-intensive and can take 5-15 minutes to finish. You will see a lot of output as it configures each component. Once it completes without errors, your GitLab instance is live.

Step 7: Your First Login and Security Setup

Your GitLab instance is now running securely at your domain.

  1. Open a web browser and navigate to https://gitlab.yourdomain.com.

  2. You will be prompted for a username and password. The default username is root.

  3. GitLab generates a secure, temporary password for the root user. To retrieve it, run the following command on your server:

    sudo cat /etc/gitlab/initial_root_password

    This file is only readable by the root user and is automatically deleted after the first reconfiguration, 24 hours after installation. Copy the password displayed.

  4. Use this password to log in. You will be immediately prompted to change your password. Choose a strong, unique password and save it in a secure location.

Security Best Practices and Next Steps

Your GitLab instance is installed, but the work isn’t over. Here are some crucial next steps for maintaining a secure and efficient platform:

  • Disable New Sign-ups: To prevent unauthorized users from creating accounts, navigate to Admin Area > Settings > General and uncheck the “Sign-up enabled” box.
  • Enable Two-Factor Authentication (2FA): Encourage or enforce 2FA for all users to add a critical layer of security to their accounts.
  • Configure Backups: GitLab has built-in tools for creating backups. Set up a regular backup schedule to protect your data from loss.
  • Keep GitLab Updated: Regularly run sudo dnf update -y and sudo gitlab-ctl reconfigure to apply the latest security patches and feature updates from GitLab.

You now have a fully functional, secure, and private GitLab server on AlmaLinux 10. You are in complete control of your source code and development lifecycle.

Source: https://kifarunix.com/how-to-install-gitlab-on-almalinux-10-with-ssl/

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket