Posted on by itg 5

GitLab + certbot + subdomain configuration

https://swas.io/blog/automatic-letsencrypt-gitlab-pages/

First step is to install certbot:

dnf install epel-release

Then for NGINX:
dnf install certbot python3-certbot-nginx


CREATE NEEDED DIRECTORIES
We need the following directories, before we proceed.

sudo mkdir -p /var/www/letsencrypt
sudo mkdir -p /var/www/pagessl
1 - GITLAB SSL THROUGH LET'S ENCRYPT
With all pre-requisites out of the way, let's generate some SSL.

EDIT GITLAB CONFIGURATION
Now edit the file at /etc/gitlab/gitlab.rb.

sudo nano /etc/gitlab/gitlab.rb
And put the following configuration, or edit if necessary.

nginx['custom_gitlab_server_config'] = "location ^~ /.well-known { root /var/www/letsencrypt; }"
Reconfigure GitLab

sudo gitlab-ctl reconfigure
Now we are ready to generate SSL.

CREATE GITLAB SSL
Now that GitLab's Nginx is configured to server files from the needed directory, we can go ahead and tell certbot to get us a certificate and use --webroot to place the needed files.

sudo certbot certonly --webroot --webroot-path=/var/www/letsencrypt -d wpquark.io
Of course you would replace wpquark.io with your domain name. Once done, you will see an output like this.

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/wpquark.io/fullchain.pem. Your cert
   will expire on 2017-07-26. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
   renew"
 - If you lose your account credentials, you can recover through
   e-mails sent to sammy@example.com.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
If you are having issues, shoot in the comments.

USE SSL IN GITLAB
Now edit your config file again.

sudo nano /etc/gitlab/gitlab.rb
And change or put the following configuration options.

external_url 'https://wpquark.io'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/letsencrypt/live/wpquar.io/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/wpquar.io/privkey.pem"
Reconfigure GitLab

sudo gitlab-ctl reconfigure
And see your GitLab under https.

Leave a Reply