Written with help of this:
https://stackoverflow.com/questions/34189199/how-do-i-use-let-s-encrypt-with-gitlab
which is based on
https://webnugget.de/setting-up-gitlab-with-free-ssl-certs-from-lets-encrypt-on-ubuntu-14-04/
one more reference:
Done on Ubuntu, assumed gitlab and certbot installed.
- Create the folder /var/www/letsencrypt
and use this directory as webroot-path
for Let's Encrypt
- Use the webroot
authenticator for Let's Encrypt (certbot -a webroot ...)
- Change the following config values in /etc/gitlab/gitlab.rb
and run gitlab-ctl reconfigure
after that:
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate']= "/etc/letsencrypt/live/gitlab.yourdomain.com/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/gitlab.yourdomain.com/privkey.pem"
nginx['custom_gitlab_server_config']="location ^~ /.well-known {\n alias /var/www/letsencrypt/.well-known;\n}\n"
If you are using Mattermost which is shipped with the Omnibus package then you can additionally set these options in /etc/gitlab/gitlab.rb
:
mattermost_nginx['redirect_http_to_https'] = true
mattermost_nginx['ssl_certificate']= "/etc/letsencrypt/live/gitlab.yourdomain.com/fullchain.pem"
mattermost_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/gitlab.yourdomain.com/privkey.pem"
mattermost_nginx['custom_gitlab_mattermost_server_config']="location ^~ /.well-known {\n alias /var/www/letsencrypt/.well-known;\n}\n"
After requesting your first certificate remember to change the external_url
to https://...
and again run gitlab-ctl reconfigure
P.S
Letsencrypt integration introduced in GitLab version 10.5 and disabled by default. Enabled by default in GitLab version 10.7 and later if external_url
is set with the https protocol and no certificates are configured.
To find out gitlabversion: You should be logged in to access the following page: https://your.domain.name/help
sudo apt-get update sudo apt-get -y install bridge-utils
brctl addbr br0 ip link set dev br0 up
sudo ifconfig br0 inet 192.168.99.1
sudo apt -y install isc-dhcp-server
sudo mcedit /etc/dhcp/dhcpd.conf add to the end of file :
subnet 192.168.99.0 netmask 255.255.255.0 {
option routers 192.168.99.1;
option domain-name-servers 192.168.99.1;
pool {
range 192.168.99.8 192.168.99.64;
}
}
sudo service isc-dhcp-server restart
sudo sysctl net.ipv4.ip_forward=1
sudo mcedit /etc/sysctl.conf
uncomment
net.ipv4.ip_forward=1
Install bind 9:
sudo apt -y install bind9
sudo service bind9 restart
NAT configuration with iptables:
sudo iptables --flush
sudo iptables -t nat --flush
iptables --delete-chain
sudo iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
sudo iptables -A FORWARD -i br0 -j ACCEPT
/etc/network/interfaces file
auto br0 iface br0 inet static
bridge_stp off
bridge_fd 0
bridge_maxwait 0
address 192.168.99.1
netmask 255.255.255.0
Links:
5.6 to 7.2 :
/usr/sbin/pkg info -xo ^php | /usr/bin/awk '{ gsub("56","72",$2); print " -o "$2" "$1}' | /usr/bin/xargs -L 1 /usr/local/sbin/portupgrade -by
7.2 to 7.3:
pkg info -xo php72 | awk '{ gsub("72","73",$2); print " -o "$2" "$1}' | xargs -L 1 portupgrade -by
7.3 to 7.4:
pkg info -xo php73 | awk '{ gsub("73","74",$2); print " -o "$2" "$1}' | xargs -L 1 portupgrade -by
7.2 to 8.0:
pkg delete php72-hash php72-json; pkg info -xo ^php ^mod_php | grep php72 | awk '{gsub("72","80",$2); print " -o "$2" "$1}' | xargs -L 1 portupgrade -DbkycC --batch
#!/bin/sh
_mysqldump="/usr/local/bin/mysqldump"
_gzip="/usr/bin/gzip -9"
_date="/bin/date"
_log="/var/log/mysqlbackup.log"
date=`${_date} +'%d%m%y-%H%M'`
date_log=`${_date} +'%d%m%y %H:%M:%S'`
echo "Backup start ${date_log}" >> ${_log}
${_mysqldump} zabbix | ${_gzip} > /kerya3/backups/mysql/zabbix-${date}.sql.gz
date_log=`${_date} +'%d%m%y %H:%M:%S'`
echo "Backup end ${date_log}" >> ${_log}