[DevOps] A complete installation guide for GitLab 6.5.1

From our experience of privately hosting GitLab this year, we created a complete manual to address some inconsistencies on the GitLab documentations. This will serve as a reference on how to successfully complete a manual installation of GitLab 6.5.1 server fully tested on CentOS 6.5.

Based on two installation docs by gitlabhq, this guide was created to be an “idiot proof” reference in getting GitLab fully up and running in production mode.  This guide is specific to the 6f6f1588ba5123f156ee3b0635a061745b71fcde revision of Gitlab 6.5.1. It is important to take note that this version of Gitlab strictly limits restoration of backups to the specific version from which the backup was made.

Special credit goes to Jules Leong for the great contribution on the creation of this blog.


EPEL and PUIAS Computational repositories

First, you need to add EPEL (Extra Packages for Enterpise Linux) Repository  in your CenOS 6.5 machine by running the command below (Source:

yum install epel-release

Add PUIAS Computation Repo

Download PUIAS repo:

$ wget -O /etc/yum.repos.d/PUIAS_6_computational.repo

Next download and install the gpg key:

$ wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-puias

$ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-puias

Verify that the key got installed successfully:

$ rpm -qa gpg*


Verify that the EPEL and PUIAS Computational repositories are enabled as shown below:

$ yum repolist

repo id                   repo name                                             status

PUIAS_6_computational             PUIAS computational Base 6 – x86_64                                                    2,018

base                                                    CentOS-6 – Base                                                                                            4,802

epel                                                     Extra Packages for Enterprise Linux 6 – x86_64                                   7,879

extras                                                  CentOS-6 – Extras                                                                                         12

updates                                              CentOS-6 – Updates                                                                                      814

repolist: 15,525


Install the required tools for GitLab

$ yum -y update

$ yum -y groupinstall 'Development Tools'

$ yum -y install readline readline-devel ncurses-devel gdbm-devel glibc-devel tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc sqlite-devel libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui redis sudo wget crontabs logwatch logrotate perl-Time-HiRes

For reStructuredText markup language support, install the required package python-docutils:

$yum -y install python-docutils


Configure redis

Configure redis and make sure it is started on boot:

$ chkconfig redis on

$ service redis start
In order to receive mail notifications, make sure to install a mail server (this is normally pre-installed in CentOS). The recommended one is postfix and you can install it with:

$ yum -y install postfix


Install Ruby

The use of ruby version managers such as RVM, rbenv or chruby with GitLab in production frequently leads to hard to diagnose problems. Version managers are not supported and we strongly advise everyone to follow the instructions below to use a system ruby. Remove the old Ruby 1.8 package if present. GitLab only supports the Ruby 2.0+ release series:

$ yum remove ruby

 Remove any other Ruby build if it is still present:

$ cd <your-ruby-source-path>

$ make uninstall

Download Ruby and compile it:

$ mkdir /tmp/ruby && cd /tmp/ruby

$ curl --progress | tar xz

$ cd ruby-2.1.2

$ ./configure --disable-install-rdoc

$ make

$ make prefix=/usr/local install

Install the Bundler Gem:

$ gem install bundler --no-doc

Logout and login again for the $PATH to take effect. Check that ruby is properly installed with:

$ which ruby


$ ruby -v

ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-linux]


Create a git user for Gitlab

The adduser command below will create a user named git with a default home directory of /home/git

$ adduser --system --shell /bin/bash --comment 'GitLab' --create-home --home-dir /home/git/ git

Important: In order to include /usr/local/bin to git user’s PATH, one way is to edit the sudoers file. As root run:

$ visudo

Then search for this line:

Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin

and append /usr/local/bin like so:

Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin


Install mysql and enable the mysqld service to start on boot

$ yum install -y mysql-server mysql-devel

$ chkconfig mysqld on

$ service mysqld start


Secure your installation

Run the following script:

$ mysql_secure_installation

Change root password to  a password of your choice, then enter ‘Y’ for all of the upcoming questions.

Login to MySQL (type the database root password):

$ mysql -u root -p


Create a user for GitLab in MySQL

Run the following:

> CREATE USER 'git'@'localhost' IDENTIFIED BY '$password';

Ensure you can use the InnoDB engine which is necessary to support long indexes. If this fails, check your MySQL config files (e.g. /etc/mysql/*.cnf, /etc/mysql/conf.d/*) for the setting “innodb = off”.

> SET storage_engine=INNODB;

Create the GitLab production database:

> CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;

Grant the GitLab user necessary permissions on the table:

> GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'git'@'localhost';

Quit the database session:

> \q

Try connecting to the new database with the new user:

$ sudo -u git -H mysql -u git -p -D gitlabhq_production

Type the password you replaced $password with earlier. Quit the database session:

> \q


Install and Configure GitLab

We’ll install GitLab into home directory of the user “git”

$ cd /home/git

Clone the soure GitLab repository

$ sudo -u git -H git clone -b 6-5-stable gitlab

$ cd /home/git/gitlab

Restore to the specific revision by the original Upraxis Gitlab server

$ sudo -u git -H git reset --hard 6f6f1588ba5123f156ee3b0635a061745b71fcde

Copy the example GitLab config

$ sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml

$ sudo -u git -H vi config/gitlab.yml


Change the following lines of code:

 host: <– change ip

 port: 443       <– change port

 https: true     <– make this true

## Gravatar


enabled: true              # Use user avatar image from (default: true)

ssl_url:{hash}?s=%{size}&d=mm        <– add this

max_size: 104857600  # modify from 5 mb to 100 mb (max_size: 5242880 to max_size: 104857600)

timeout: 90    # modify from 10 seconds to 1 1/2 minutes (timeout: 10 to timeout: 90)

Make sure GitLab can write to the log/ and tmp/ directories

$ chown -R git {log,tmp}

$ chmod -R u+rwX  {log,tmp}

Create directory for satellites

$ sudo -u git -H mkdir /home/git/gitlab-satellites

$ chmod u+rwx,g+rx,o-rwx /home/git/gitlab-satellites

Make sure GitLab can write to the tmp/pids/ and tmp/sockets/ directories

$ sudo -u git -H mkdir tmp/{pids,sockets}

$ chmod -R u+rwX  tmp/{pids,sockets}

Make sure GitLab can write to the public/uploads/ directory

$ sudo -u git -H mkdir public/uploads

$ chmod -R u+rwX public/uploads

Copy the example Unicorn config

$ sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb

To optimize running unicorn, get the number of cores using the nproc command:

$ nproc


Enable cluster mode if you expect to have a high load instance

$ sudo -u git -H vi config/unicorn.rb


Edit no of workers_processes depending on the number of cores,

worker_processes 4


# Copy the example Rack attack config

$ sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb


# Configure Git global settings for git user, useful when editing via web

# Edit according to what is set in config/gitlab.yml

$ sudo -u git -H git config --global "GitLab"

$ sudo -u git -H git config --global "gitlab@localhost"

$ sudo -u git -H git config --global core.autocrlf input


Configure GitLab DB settings

MySQL only:

$ sudo -u git cp config/database.yml.mysql config/database.yml

In MySQL, update username/password in config/database.yml.

Change ‘secure password’ with the value you have given to $password. You can keep the double quotes around the password

$ sudo -u git -H vi config/database.yml

Under production settings, change your password: “$password”


Make config/database.yml readable to git only

$ sudo -u git -H chmod o-rwx config/database.yml



Install Gems


$ cd /home/git/gitlab


Before installing gems in the /home/git/gitlab directory


$ sudo -u git -H vi Gemfile

replace values


gem "modernizer",   "2.6.2"

replace with
gem "modernizr-rails", "2.7.1"

$ sudo -u git -H vi Gemfile.lock

replace values

modernizr (2.6.2)

replace with
modernizr-rails (2.7.1)

modernizr (= 2.6.2)   

replace with
modernizr-rails (= 2.7.1)

For MySQL (note, the option says “without … postgres”)

Note: As of bundler 1.5.2, you can invoke bundle install -jN (where N the number of your processor cores) and you may enjoy the parallel gems installation with measurable difference in completion time (~60% faster). Check the number of your cores with the command nproc. For more information check this post. First make sure you have bundler >= 1.5.2 (run bundle -v) as it addresses some issues that were fixed in 1.5.2.

(You are on root command line):

$ sudo -u git -H bundle install -jN --deployment --without development test postgres aws

where N is the number of CPU cores. You may remove -j  if you have 1 core (default). i.e. If you have 4 CPU cores:

$ sudo -u git -H bundle install -j4 --deployment --without development test postgres aws

Install GitLab shell

GitLab Shell is an ssh access and repository management software developed specially for GitLab.

# Go to home directory

$ cd /home/git

Clone gitlab shell

$ sudo -u git -H git clone -b v1.8.0

$ cd gitlab-shell

$ sudo -u git -H cp config.yml.example config.yml

Edit config and replace gitlab_url with something like ‘’

$ sudo -u git -H vi config.yml


gitlab_url: "http://localhost"   

to this
gitlab_url: ""

Add the following line of code under ca_path: /etc/pki/tls/certs

ca_file: /etc/nginx/ssl/gitlab.crt

self_signed_cert: false   

self_signed_cert: true



# Do setup

$ sudo -u git -H ./bin/install

#Ensure the correct SElinux contexts are set

$ restorecon -Rv /home/git/.ssh



Initialize Database and Activate Advanced Features

$ cd /home/git/gitlab

$ sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production

Type yes when you will be prompted with the following message:

This will create the necessary database tables and seed the database.

You will lose any previous data stored in the database.

Do you want to continue (yes/no)? yes


Type yes to create the database. Take note of the Administrator: login and password.

Administrator account created:




Install Init Script


$ sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab


$ sudo vi /etc/init.d/gitlab


under this

#! /bin/sh

add this

# chkconfig: – 70 30



sudo -u “$app_user” -H -i $0 “$@”; exit;


exec su – “$app_user” — $0 “$@”; exit;

$ chmod +x /etc/init.d/gitlab

$ chkconfig –add gitlab


Sometimes you need to restart in order for the git chkconfig addition to work


Make GitLab start on boot:


$ chkconfig –level 2345 gitlab on


Set up logrotate


$ cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab


Check Application Status


Check if GitLab and its environment are configured correctly:


$ sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production


Compile assets


$ sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production


Start your GitLab instance


$ service gitlab start



Configure Nginx


You will need a new version of nginx otherwise you might encounter an issue like this. To do so, follow the instructions provided by the nginx wiki and then install nginx with:


$ yum -y install nginx

$ chkconfig nginx on

$ wget -O /etc/nginx/conf.d/gitlab.conf



$ vi /etc/nginx/conf.d/gitlab.conf

under ### Normal HTTP host

Remove default_server in this line of code:   listen *:80 default_server;


 listen *:80;


–change YOUR_SERVER_FQDN with

server_name; ## Replace this with something like



client_max_body_size must be the same or lower than max_size in gitlab-shell/config.yml


therefore change:

client_max_body_size 20m;


client_max_body_size 100m;



make sure that under ##Strong  SSL Security the ff

ssl on;

ssl_certificate /etc/nginx/ssl/gitlab.crt

ssl_certificate_key /etc/nginx/ssl/gitlab.key



Near the end of the file, at


## Enable gzip compression as per rails guide:


## WARNING: If you are using relative urls remove the block below

## See config/application.rb under “Relative url support” for the list of

## other files that need to be changed for relative url support

location ~ ^/(assets)/ {

root /home/git/gitlab/public;

gzip_static on; # to serve pre-gzipped version

expires max;

add_header Cache-Control public;



add “##” in front of the lines, like below to comment these lines (as they cause problem of icons not appearing in UI)

##  location ~ ^/(assets)/ {

## root /home/git/gitlab/public;

## gzip_static on; # to serve pre-gzipped version

## expires max;

## add_header Cache-Control public;

##  }



Generate a self-signed SSL certificate:


$ mkdir -p /etc/nginx/ssl/

$ cd /etc/nginx/ssl/

$ sudo openssl req -newkey rsa:2048 -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key


Generating a 2048 bit RSA private key



writing new private key to ‘gitlab.key’


You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.


Country Name (2 letter code) [XX]:PH

State or Province Name (full name) []:Metro Manila

Locality Name (eg, city) [Default City]:Makati City

Organization Name (eg, company) [Default Company Ltd]:Cloud Computing

Organizational Unit Name (eg, section) []:DevOps

Common Name (eg, your name or your server’s hostname) []:localhost

Email Address []



$ sudo chmod o-r gitlab.key



Add nginx user to git group:


$ usermod -a -G git nginx

$ chmod g+rx /home/git/


Finally start nginx with:


$ service nginx start



Configure the firewall


Poke an iptables hole so users can access the web server (http and https ports) and ssh.


$ lokkit -s http -s https -s ssh


Restart the service for the changes to take effect:


$ service iptables restart



Double-check Application Status


To make sure you didn’t miss anything run a more thorough check with:


$ cd /home/git/gitlab

$ sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production


Now, the output will complain that your init script is not up-to-date as follows:


Init script up-to-date? … no

Try fixing it:

Redownload the init script

For more information see:

doc/install/ in section “Install Init Script”

Please fix the error above and rerun the checks.


Do not mind about that error


If all other items are green, then congratulations on successfully installing GitLab!


NOTE: Supply SANITIZE=true environment variable to gitlab:check to omit project names from the output of the check command.

Initial Login


Visit YOUR_SERVER in your web browser for your first GitLab login. The setup has created an admin account for you. You can use it to log in:



Important Note: Please go over to your profile page and immediately change the password, so nobody can access your GitLab by using this login information later on.