Easy guide to set up Self-Managed GitLab Docker

GitLab Self Managed with Docker and AWS EC2 Server

19th of October, 2022, is the date when GitLab SaaS will start applying limits for free usage. I know this can be heartbreaking news for small to moderate scale enterprises because the new boundaries are pretty much smaller compared to older ones. And that’s why you would be interested install self managed GitLab docker on your server.

Let’s take a glance at what needs to be considered before continuing with the updated FREE PLAN of GitLab.

  • Data Storage Limit: 10 GB per project to 5 GB per top-level namespace
  • Data Transfer Limit: Unlimited to 10 GB per month
  • User Access Limit: Unlimited to 5 Users per top-level namespace

So now, the renewal of the free tier limit will make the GitLab services costlier. But the good news is that these limits do not apply to the GitLab Self-Managed (or Self-Hosted) server. If you are unaware, I’d like to clarify that GitLab is an open-source project. That means you can clone the GitLab project on your server and keep using it without considering recurring payments of GitLab SaaS. Yes, I agree that GitLab self-hosting will be a bit costlier but way lower than the GitLab SaaS. And the better part is, GitLab self-hosting is easy to set up on the server. It is all due GitLab docker-image they are providing.

Here, I’m posting steps that can be helpful for you to set up your own GitLab Self-Hosted service. These steps include the following:

1. Setup AWS EC2 Instance

2. Docker Installation with Docker Compose

3. Create GitLab Container

4. Configure GitLab Self-Managed Instance

1. Setup AWS EC2 Instance:

If you want to install GitLab on your other than AWS EC2 server, you can ignore this and jump to the next step.

This GitLab Self-Managed can work with the t3a.small Instance. Though, the recommended Instance is t3a.medium or above to keep it smoother.
To create the AWS instance, you need to follow the below steps:

  • Log in to your existing AWS account or create the AWS Account if you don’t have any by clicking here.
  • At AWS Dashboard, go to Services > EC2 page and find the “Launch Instances” button and click it.
AWS EC2 Dashboard
AWS EC2 Dashboard
  • There, you need to fill up the details to create the Instance. Below are the suggested details you can use, or you can modify them as per your need.
    • Name: My GitLab
    • Application and OS Images: Amazon Linux
    • Amazon Machine Image (AMI): Amazon Linux 2 AMI
    • Instance type: t3a.medium
    • Key Pair: Create a new or select existed key pair. The “Create New” option will provide you a .pem access key to connect with your newly created EC2 Instance.
    • Network Setting > security groups: The suggested security condition can be, open In Bound traffic of 22 (SSH) and 443 (HTTPS) ports. And open all ports for Out Bound traffic.
    • Configure storage: Recommended 30 GB. You can increase it later as per the need.
Create AWS EC2 t3a Instance
Create AWS EC2 t3a Instance
  • After setting up these details, press the “Launch Instance” button to create the Instance.
  • You can return to the Services > EC2 Instances page, where you will find the “My GitLab” instance. Wait until the Instance state gets “Running” for a couple of minutes.
AWS EC2 Instance State
AWS EC2 Instance State
  • Until the Instance is up, you can Allocate and Associate Elastic IP by finding an “Elastic IP” option in the left menu bar of your Services > EC2 page.
AWS EC2 Elastic IP
AWS EC2 Elastic IP
  • This will open a page; you need to press the “Allocate” button to allocate the IP to your server.
  • Now, you can associate that IP by selecting it and choosing the Actions > ‘Associate Elastic IP address’ option from the top right corner. Then select the ‘My GitLab’ instance for the ‘Instance’ dropdown and press the “Associate” button to link it with your early created option.
  • I believe now the ‘My GitLab’ Instance will be up with the state “Running”, and you can connect your server with SSH using the .pem file generated above.

Once you are connected to your Instance console, we are ready to move further with the next step of Docker Installation.

2. Docker Installation

Suppose you have selected other than Amazon Linux for this GitLab setup. In that case, you can refer to the official setup documentation of Install Docker Engine and Install Docker Compose and then continue with the 3rd step of “Create GitLab Container”.

Those ready with Amazon Linux can follow the same process as below to set up the Docker with Compose.

  • Update Packages the command.
    sudo yum update
  • Install Docker Engine with the command.
    sudo yum install docker
  • To install Docker Compose, use the below commands.
    sudo yum install python3-pip
    pip3 install --user docker-compose
  • You can verify both of these installations by checking their versions:
    docker -v
    docker-compose -v
  • The default user (ec2-user in the case of Amazon Linux OS) won’t access the ‘docker’ command. You can execute these commao make the ec2-user capable of accessing ‘docker’ commands.
    sudo usermod -a -G docker ec2-user
    id ec2-user
    newgrp docker
  • You just need to keep docker up and running even after rebooting your system. Follow the below commands for the same:
    sudo systemctl enable docker.service
    sudo systemctl start docker.service
  • The below command will give your confirmation of the docker service’s running state.
    sudo systemctl status docker.service

This is all to set up the Docker with Docker Compose in your server, and we are ready to start the next step of Creating a GitLab Container.

3. Create GitLab Docker Container

We are about to create a GitLab Container, and we will do this with the docker-compose.yml file. This file will contain GitLab’s Docker Image and initial configuration to start Self-Managed GitLab.

You can create a blank docker-compose.yml file at your comfortable location on the server. Let’s create it at /home/ec2-user/my-gitlab/docker-compose.yml and refer to the below content to set it inside the file.

version: '3.7'
services:
  gitlab:
    image: 'gitlab/gitlab-ce:15.4.0-ce.0'
    container_name: 'my-gitlab'
    restart: always
    hostname: 'localhost'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url '<https://gitlab.DOMAIN>'
        pages_external_url '<http://pages.DOMAIN>'

        # SMTP Mail Configuration
        gitlab_rails['smtp_pool'] = true
        gitlab_rails['smtp_enable'] = true
        gitlab_rails['smtp_address'] = "smtp.gmail.com"
        gitlab_rails['smtp_port'] = 587
        gitlab_rails['smtp_user_name'] = "<EMAIL>"
        gitlab_rails['smtp_password'] = "<PASSWORD>"
        gitlab_rails['smtp_domain'] = "smtp.gmail.com"
        gitlab_rails['smtp_authentication'] = "login"
        gitlab_rails['smtp_enable_starttls_auto'] = true
        gitlab_rails['smtp_tls'] = false
        gitlab_rails['smtp_openssl_verify_mode'] = 'peer'

        # Gmail Incoming Mail Configuration
        gitlab_rails['incoming_email_enabled'] = true
        gitlab_rails['incoming_email_address'] = "income+%{key}@gmail.com"
        gitlab_rails['incoming_email_email'] = "<EMAIL>"
        gitlab_rails['incoming_email_password'] = "<PASSWORD>"
        gitlab_rails['incoming_email_host'] = "imap.gmail.com"
        gitlab_rails['incoming_email_port'] = 993
        gitlab_rails['incoming_email_ssl'] = true
        gitlab_rails['incoming_email_start_tls'] = false
        gitlab_rails['incoming_email_mailbox_name'] = "inbox"
        gitlab_rails['incoming_email_idle_timeout'] = 60
        gitlab_rails['incoming_email_expunge_deleted'] = true

        gitlab_pages['enable'] = true
        letsencrypt['contact_emails'] = ['<CONTACT-EMAIL>']
        alertmanager['admin_email'] = '<ADMIN-EMAIL>'
        gitlab_rails['gitlab_shell_ssh_port'] = <PORT>
        # Add any other gitlab.rb configuration here, each on its own line

    ports:
      - '80:80'
      - '443:443'
      - '<PORT>:22'

    volumes:
      - './gitlab-data/config:/etc/gitlab'
      - './gitlab-data/logs:/var/log/gitlab'
      - './gitlab-data/data:/var/opt/gitlab'

In this file, you need to update all the details mentioned with <> (angle brackets).

If you want to use Gmail with SMTP, you can refer to this link to create SMTP credentials: Sign in with App Passwords. If you want to use the POSTFIX service provided by default in GitLab Image, you should remove # SMTP Mail Configuration & # Gmail Incoming Mail Configuration and share the port by adding a line -'25:25' in the ‘ports’ section.

Once you are ready with the .yml file, run the command docker-compose up -d in the directory where you placed the .yml file. This command will create the container within approx 5 minutes, and you will find a new directory, ‘gitlab-data’, beside the .yml file. This file will contain useful data like configuration, logs, and actual data generated by repositories.

As soon as the container works, you can open the GitLab page on the URL specified with the external_url configuration.

Once you are at the login page, you will be able to login with the user name ‘root’ password will be available in the file inside the newly created gitlab-data/config/initial_root_password file.

With this step, you are done with setup the GitLab Docker and ready to use it. But before that, I recommend to get aware of “how to configure” this setup.

4. Configure GitLab Self Managed Project

After setting up the GitLab docker instance, you will have admin access to manage your GitLab settings, services, and securities. To access the configuration section, find the “Admin” option inside the top-left menu list. By clicking that button, you will be redirected to a detailed Admin Area to manage GitLab configuration.

GitLab Docker
gitlab docker

In the Admin Area, you will find more than expected configuration settings. This will help you to keep your repository management tool as per your need. Here, I’m listing some pages with their usage so that you can quickly go through the Admin Area.

Overview: This section has detailed information regarding projects, groups, and users. Also, you will find out top-level statistics and service details like job, runners, and the Gitaly Servers.

Monitoring: Here, you will find the System Information of your server, Background Jobs & Migration status, and Health Check to verify if every part of the Self-Manged GitLab server is working smoothly or not.

Settings: I’ll say this is the actual configuration area, and you will find out every dynamic setting to apply. Some required configurations are like:

  • Setting a limited number of projects created by users.
  • Integrating third-party tools along with captcha.
  • Reporting sections to align your users with strict rules.
  • Networking-based restrictions over API and data transfer limit.
  • General appearance to set this GitLab project personalized.
  • Preferences will be useful to set up required changes.

I don’t think you must require to perform any change, though you can have a look to make your GitLab setup more comfortable for your organization.

Also, we can set up additional security parameters. E.g., Any repositories managed by this GitLab server should only be accessible over SSH access and not with HTTPS. And you can apply IP-based restrictions to get it accessible over your organization’s network or VPN. This is possible because of self-hosting. This means we can apply the networking rules regulation directly to our server instead of the GitLab settings.

GitLab Self Managed Admin Settings
GitLab Self Managed Admin Settings

With this, you have completed the process of your Self-Managed GitLab, and your team will be ready to link with it. In case you face any problems with these steps, fill free to contact us by sending an email to info@weetechsolution.com or by clicking here.

Now, you have your own GitLab on your server. This Self-Managed GitLab comes without any user limit per group or project. The repository size will be up to 10 GB per project, and the Data Transfer limit will be as large as your server’s capacity.

In the end, I’d like to thank the GitLab team for providing a very useful utility product for the IT sector.

author avatar
admin@weetech CTO