Facebook Twitter Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    You are at:Home»Security»How to Secure GitLab Server with Let’s Encrypt SSL

    How to Secure GitLab Server with Let’s Encrypt SSL

    By RahulDecember 26, 20202 Mins Read

    We always say, Security first. It should be the first priority to keep your hard work safe from the hackers. This tutorial will take few minutes to secure Gitlab server using Let’s Encrypt SSL certificates. Let’s Encrypt provides free SSL certificates to secure your domains and an easy way to auto updates.

    Advertisement

    This tutorial will help you to secure Gitlab service with Let’s Encrypt SSL certificate with enabling the auto renew feature. If you are going with a fresh installation have a look at below guides.

    • Install and Configure Gitlab on Ubuntu 20.04
    • Install and Configure Gitlab on CentOS 8

    Prerequisites

    Login to your Gitlab system with a sudo privileged account.

    Also make sure to create an A Record points your domain/subdomain to the public IP address of your Gitab server. It is recommended to complete the let’s encrypt validation for issuing a new certification. For example, You need to configure your Gitlab server to access with https://gitlab.tecadmin.net. So make A record in DNS for gitlab.tecadmin.net pointing to server ip address.

    Configure Let’s Encrypt SSL with Gitlab

    Gitlab keeps the configuration files under /etc/gitlab directory. You can edit the main configuration file /etc/gitlab/gitlab.rb in a text editor of your choice.

    sudo vim /etc/gitlab/gitlab.rb 
    

    Make the following changes:

    • First change the external_url setting with domain start with https.

      1
      external_url "https://gitlab.tecadmin.net"

    • Add or update the following entries to the configuration file. Set letsencrypt[‘enable’] to true, this will request a SSL certificate and configure to the Gitlab instance. You can also provide an optional contact email used by lets encrypt authority to send alerts for the ssl certificates.

      1
      2
      3
      4
      5
      # Enable the Let's encrypt SSL
      letsencrypt['enable'] = true
       
      # This is optional to get SSL related alerts
      letsencrypt['contact_emails'] = ['[email protected]']

    • Also configure Gitlab to renew SSL certificate automatically on a regular interval.

      1
      2
      3
      4
      5
      6
      7
      # Enable the auto renew feature
      letsencrypt['auto_renew'] = true
       
      # This example renews every 7th day at 12:30
      letsencrypt['auto_renew_hour'] = "12"
      letsencrypt['auto_renew_minute'] = "30"
      letsencrypt['auto_renew_day_of_month'] = "*/7"

    Save the configuration file and exit from editor.

    Next, run the reconfigure command to apply changes to Gitlab server.

    sudo gitlab-ctl reconfigure 
    

    This will take some time to complete the installation. At the end, you will see a message “gitlab Reconfigured!” on your screen.

    Reconfigure Gitlab on Linux

    Verify SSL

    Access the Gitlab web interface in a web browser. This will automatically redirects you to secure URL.

    Secure Gitlab with Let's Encrypt SSL

    That’s it. You have successfully configured let’s encrypt SSL on Gitlab.

    Conclusion

    In this tutorial, you have learned to configure Let’s Encrypt SSL certificate on Gitlab instance. Also enable to auto renew certificate on a regular interval.

    git Gitlab Let's Encrypt security
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    Git Change Remote URL: How to

    Git Change Remote URL in Local Repository

    How to Open Port in Linux

    Git Change Remote URL to SSH (from HTTPS)

    Add A Comment

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • tail Command in Linux with Examples
    • What is a Orphan Process in Unix/Linux
    • How To Display Warning Message to Unauthorized SSH Access
    • How to Set a Custom SSH Login Banner and MOTD
    • Understanding Reverse DNS: What it is and Why it Matters?
    Facebook Twitter Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.