Close Menu
Rob FaulsRob Fauls
    What's Hot

    Odoo 17- Change default email address

    March 10, 2024

    Odoo 17- Automated Install on Debian 12

    December 26, 2023

    Odoo 17- Manual Install on Debian 10/Debian 11/Debian 12

    November 8, 2023
    Facebook X (Twitter) LinkedIn
    • Home
    • VMware
      • Storage
    • Odoo
    • Linux
    • About
      • About Me
      • Privacy Policy
    Rob FaulsRob Fauls
    Home » Gitlab Install on Debian 11 with Cloudflared and SendGrid
    Linux

    Gitlab Install on Debian 11 with Cloudflared and SendGrid

    Rob FaulsBy Rob FaulsJanuary 23, 2023Updated:August 17, 2023No Comments
    Facebook Twitter LinkedIn Email Reddit Telegram
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Gitlab installation on Debian 11 is relatively straightforward and documented by the GitLab team here. I’ve taken a bit of a twist on the normal install process and chose to use Cloudflared to avoid having to open ports on my firewall.

    This avoids having any direct access to your instance and forces all traffic to be proxied/inspected by Cloudflare. I’ve also configured email to be sent using SendGrid.

    Sections 1-5 were taken directly from the GitLab website, referenced above. After that, I’ll continue with my additions/modifications.

    1. Install and configure the necessary dependencies

    				
    					sudo apt-get update
    sudo apt-get install -y curl openssh-server ca-certificates perl
    
    
    				
    			

    Next, install Postfix (or Sendmail) to send notification emails. If you want to use another solution to send emails please skip this step and configure an external SMTP server after GitLab has been installed.

    Rob’s note: This command is not necessary, because we will be using SendGrid.

    				
    					sudo apt-get install -y postfix
    				
    			

    During Postfix installation a configuration screen may appear. Select ‘Internet Site’ and press enter. Use your server’s external DNS for ‘mail name’ and press enter. If additional screens appear, continue to press enter to accept the defaults.

    2. Add the GitLab package repository and install the package

    				
    					  curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
    				
    			

    Next, install the GitLab package. Make sure you have correctly set up your DNS, and change https://gitlab.example.com to the URL at which you want to access your GitLab instance. Installation will automatically configure and start GitLab at that URL.
    For https:// URLs, GitLab will automatically request a certificate with Let’s Encrypt, which requires inbound HTTP access and a valid hostname. You can also use your own certificate or just use http:// (without the s ).
    If you would like to specify a custom password for the initial administrator user ( root ), check the documentation. If a password is not specified, a random password will be automatically generated.

     

    Rob’s note: I selected http:// (mentioned above) because I will be using Cloudflared and not exposing my server to any users directly. 

    				
    					sudo EXTERNAL_URL="http://gitlab.example.com" apt-get install gitlab-ee
    				
    			

    3. Browse to the hostname and login

    Unless you provided a custom password during installation, a password will be randomly generated and stored for 24 hours in /etc/gitlab/initial_root_password . Use this password with username root to login.

    See our documentation for detailed instructions on installing and configuration.

    4. Set up your communication preferences

    Visit our email subscription preference center to let us know when to communicate with you. We have an explicit email opt-in policy so you have complete control over what and how often we send you emails.
    Twice a month, we send out the GitLab news you need to know, including new features, integrations, docs, and behind the scenes stories from our dev teams. For critical security updates related to bugs and system performance, sign up for our dedicated security newsletter.

    Important note: If you do not opt-in to the security newsletter, you will not receive security alerts.

    5. Recommended next steps

    After completing your installation, consider the recommended next steps, including authentication options and sign-up restrictions.

    6. SendGrid with API Key authentication

    This section is based on the SMTP Settings guide. I’ve compressed the information to provide only what you need to set up SendGrid. In another guide (TBD), I will go through the process of adding an API key for use in SendGrid.

    Open /etc/gitlab/gitlab.rb with your favorite text editor, search for, and edit the section below. 

    				
    					gitlab_rails['smtp_enable'] = true
    gitlab_rails['smtp_address'] = "smtp.sendgrid.net"
    gitlab_rails['smtp_port'] = 587
    gitlab_rails['smtp_user_name'] = "apikey"
    gitlab_rails['smtp_password'] = "the_api_key_you_created"
    gitlab_rails['smtp_domain'] = "smtp.sendgrid.net"
    gitlab_rails['smtp_authentication'] = "plain"
    gitlab_rails['smtp_enable_starttls_auto'] = true
    gitlab_rails['smtp_tls'] = false
    # If use Single Sender Verification You must configure from. If not fail
    # 550 The from address does not match a verified Sender Identity. Mail cannot be sent until this error is resolved.
    # Visit https://sendgrid.com/docs/for-developers/sending-email/sender-identity/ to see the Sender Identity requirements
    gitlab_rails['gitlab_email_from'] = 'email@sender_owner_api'
    gitlab_rails['gitlab_email_reply_to'] = 'email@sender_owner_reply_api'
    				
    			

    Note that smtp_user_name must literally be set to "apikey". The API Key you created must be entered in smtp_password.

    After saving your changes, you will need to run gitlab-ctl reconfigure in order to apply the configuration.

    7. Cloudflared installation/configuration

    I’m going to work off the assumption that you’ve already configured cloudflare’s Zero Trust portal. While that portal gives you a copy/paste of what needs to be done, it’s always nice to have another source to review if you run into any problems.

    Cloudflare has a couple of good documents to review:
    1) https://pkg.cloudflare.com/index.html
    2) Installation/Downloads

    Add cloudflare gpg key:

    				
    					sudo mkdir -p --mode=0755 /usr/share/keyrings
    curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
    				
    			

    Add this repo to your apt repositories:

    				
    					echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared buster main' | sudo tee /etc/apt/sources.list.d/cloudflared.list
    
    				
    			

    Install cloudflared:

    				
    					sudo apt-get update && sudo apt-get install cloudflared
    				
    			

    In the overview tab for your tunnel, you will see a section that says “Install and run a connector”. 

    				
    					sudo cloudflared service install <KEY>
    				
    			
    Debian11 Featured GitLab install
    Previous ArticleOdoo – Hide “Manage databases” link in the login screen
    Next Article ESXi- Check NIC Driver/Firmware

    Related Posts

    Odoo 17- Automated Install on Debian 12

    December 26, 2023

    Odoo 17- Manual Install on Debian 10/Debian 11/Debian 12

    November 8, 2023

    Migrate from Github to Gitea

    September 21, 2023

    Upgrade Debian 11 to Debian 12

    August 17, 2023
    Leave A Reply Cancel Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Editors Picks
    Latest Posts

    Odoo 17- Change default email address

    March 10, 2024

    Odoo 17- Automated Install on Debian 12

    December 26, 2023

    Odoo 17- Manual Install on Debian 10/Debian 11/Debian 12

    November 8, 2023

    Subscribe to Updates

    Get the latest content from Rob.

    I've worked in IT for over 20 years, servicing Government, Healthcare, and Private Sector customers. This is a relatively new adventure into blogging, mostly out of a realization that I need to organize some of my notes on various subjects. Hopefully the articles posted will help others along the way.

    You can connect with me here:

    LinkedIn X (Twitter) Facebook

    Subscribe to Updates

    Keep up to date with new articles posted about 'stuff and things'.

    © 2025 Rob Fauls. Hosted by Flatiron Networks.
    • Home

    Type above and press Enter to search. Press Esc to cancel.