Rob FaulsRob Fauls
    What's Hot

    Gitlab Install on Debian 11 with Cloudflared and SendGrid

    January 23, 2023

    Odoo – Hide “Manage databases” link in the login screen

    November 7, 2022

    Extend LVM Volume

    November 4, 2022
    Facebook Twitter LinkedIn
    • Home
    • VMware
      • Storage
    • Odoo
    • Linux
    • About
      • About Me
      • Privacy Policy
    Rob FaulsRob Fauls
    Home » Gitlab Install on Debian 11 with Cloudflared and SendGrid
    Linux

    Gitlab Install on Debian 11 with Cloudflared and SendGrid

    Rob FaulsBy Rob FaulsJanuary 23, 2023Updated:January 23, 2023No Comments
    Facebook Twitter LinkedIn Email Reddit Telegram
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Gitlab installation on Debian 11 is relatively straightforward and documented by the GitLab team here. I’ve taken a bit of a twist on the normal install process and chose to use Cloudflared to avoid having to open ports on my firewall.

    This avoids having any direct access to your instance and forces all traffic to be proxied/inspected by Cloudflare. I’ve also configured email to be sent using SendGrid.

    Sections 1-5 were taken directly from the GitLab website, referenced above. After that, I’ll continue with my additions/modifications.

    1. Install and configure the necessary dependencies

    				
    					sudo apt-get update
    sudo apt-get install -y curl openssh-server ca-certificates perl
    
    
    				
    			

    Next, install Postfix (or Sendmail) to send notification emails. If you want to use another solution to send emails please skip this step and configure an external SMTP server after GitLab has been installed.

    Rob’s note: This command is not necessary, because we will be using SendGrid.

    				
    					sudo apt-get install -y postfix
    				
    			

    During Postfix installation a configuration screen may appear. Select ‘Internet Site’ and press enter. Use your server’s external DNS for ‘mail name’ and press enter. If additional screens appear, continue to press enter to accept the defaults.

    2. Add the GitLab package repository and install the package

    				
    					  curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
    				
    			

    Next, install the GitLab package. Make sure you have correctly set up your DNS, and change https://gitlab.example.com to the URL at which you want to access your GitLab instance. Installation will automatically configure and start GitLab at that URL.
    For https:// URLs, GitLab will automatically request a certificate with Let’s Encrypt, which requires inbound HTTP access and a valid hostname. You can also use your own certificate or just use http:// (without the s ).
    If you would like to specify a custom password for the initial administrator user ( root ), check the documentation. If a password is not specified, a random password will be automatically generated.

     

    Rob’s note: I selected http:// (mentioned above) because I will be using Cloudflared and not exposing my server to any users directly. 

    				
    					sudo EXTERNAL_URL="http://gitlab.example.com" apt-get install gitlab-ee
    				
    			

    3. Browse to the hostname and login

    Unless you provided a custom password during installation, a password will be randomly generated and stored for 24 hours in /etc/gitlab/initial_root_password . Use this password with username root to login.

    See our documentation for detailed instructions on installing and configuration.

    4. Set up your communication preferences

    Visit our email subscription preference center to let us know when to communicate with you. We have an explicit email opt-in policy so you have complete control over what and how often we send you emails.
    Twice a month, we send out the GitLab news you need to know, including new features, integrations, docs, and behind the scenes stories from our dev teams. For critical security updates related to bugs and system performance, sign up for our dedicated security newsletter.

    Important note: If you do not opt-in to the security newsletter, you will not receive security alerts.

    5. Recommended next steps

    After completing your installation, consider the recommended next steps, including authentication options and sign-up restrictions.

    6. SendGrid with API Key authentication

    This section is based on the SMTP Settings guide. I’ve compressed the information to provide only what you need to set up SendGrid. In another guide (TBD), I will go through the process of adding an API key for use in SendGrid.

    Open /etc/gitlab/gitlab.rb with your favorite text editor, search for, and edit the section below. 

    				
    					gitlab_rails['smtp_enable'] = true
    gitlab_rails['smtp_address'] = "smtp.sendgrid.net"
    gitlab_rails['smtp_port'] = 587
    gitlab_rails['smtp_user_name'] = "apikey"
    gitlab_rails['smtp_password'] = "the_api_key_you_created"
    gitlab_rails['smtp_domain'] = "smtp.sendgrid.net"
    gitlab_rails['smtp_authentication'] = "plain"
    gitlab_rails['smtp_enable_starttls_auto'] = true
    gitlab_rails['smtp_tls'] = false
    # If use Single Sender Verification You must configure from. If not fail
    # 550 The from address does not match a verified Sender Identity. Mail cannot be sent until this error is resolved.
    # Visit https://sendgrid.com/docs/for-developers/sending-email/sender-identity/ to see the Sender Identity requirements
    gitlab_rails['gitlab_email_from'] = 'email@sender_owner_api'
    gitlab_rails['gitlab_email_reply_to'] = 'email@sender_owner_reply_api'
    				
    			

    Note that smtp_user_name must literally be set to "apikey". The API Key you created must be entered in smtp_password.

    After saving your changes, you will need to run gitlab-ctl reconfigure in order to apply the configuration.

    7. Cloudflared installation/configuration

    I’m going to work off the assumption that you’ve already configured cloudflare’s Zero Trust portal. While that portal gives you a copy/paste of what needs to be done, it’s always nice to have another source to review if you run into any problems.

    Cloudflare has a couple of good documents to review:
    1) https://pkg.cloudflare.com/index.html
    2) Installation/Downloads

    Add cloudflare gpg key:

    				
    					sudo mkdir -p --mode=0755 /usr/share/keyrings
    curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
    				
    			

    Add this repo to your apt repositories:

    				
    					echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared buster main' | sudo tee /etc/apt/sources.list.d/cloudflared.list
    
    				
    			

    Install cloudflared:

    				
    					sudo apt-get update && sudo apt-get install cloudflared
    				
    			

    In the overview tab for your tunnel, you will see a section that says “Install and run a connector”. 

    				
    					sudo cloudflared service install <KEY>
    				
    			
    Debian11 Featured GitLab install
    Previous ArticleOdoo – Hide “Manage databases” link in the login screen

    Related Posts

    Odoo – Hide “Manage databases” link in the login screen

    November 7, 2022

    Extend LVM Volume

    November 4, 2022

    Upgrade Debian 10 to Debian 11

    November 4, 2022

    Odoo 16- Automated Install on Debian 11

    October 31, 2022

    Leave A Reply Cancel Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Editors Picks
    Latest Posts

    Gitlab Install on Debian 11 with Cloudflared and SendGrid

    January 23, 2023

    Odoo – Hide “Manage databases” link in the login screen

    November 7, 2022

    Extend LVM Volume

    November 4, 2022

    Subscribe to Updates

    Get the latest content from Rob.

    I've worked in IT for over 20 years, servicing Government, Healthcare, and Private Sector customers. This is a relatively new adventure into blogging, mostly out of a realization that I need to organize some of my notes on various subjects. Hopefully the articles posted will help others along the way.

    You can connect with me here:

    LinkedIn Twitter Facebook

    Subscribe to Updates

    Keep up to date with new articles posted about 'stuff and things'.

    © 2023 Rob Fauls. Designed by Sparked Hosting.
    • Home

    Type above and press Enter to search. Press Esc to cancel.