GitLab CE - Getting Started Guide
GitLab CE is a self-hosted DevOps platform with Git repositories, CI/CD pipelines, issue tracking, wiki, container registry and more - an open-source alternative to GitHub that you fully control. This server comes with GitLab CE fully installed and configured with the admin password you specified during the order. GitLab is ready to use after a short initial setup (2 - 4 minutes on first boot).
Step 1 - Verify GitLab Works
Your server's IP address and root password are shown on the Server Details page in your client panel. GitLab is available after the initial setup completes (2 - 4 minutes after server creation). Open http://your.server.ip in a browser to verify it works. If you see a 502 error, wait a few minutes and refresh - GitLab is still starting up.
GitLab login:
- Username:
root - Password: the GitLab Root Password you entered during the order
GitLab initially runs on HTTP. To enable HTTPS with a free Let's Encrypt certificate, set up a domain first (see Step 3).
If you placed the server behind a VyOS router on a private network, either configure port forwarding (ports 22, 80 and 443) to make GitLab accessible from the internet, or connect over a VPN and reach GitLab on the server's private IP.
Step 2 - Create Your First Project
Click New project on the dashboard, choose Create blank project, enter a name, and click Create project.
Clone your repository using HTTPS or SSH:
# HTTPS
git clone http://your.server.ip/root/my-project.git
# SSH (add your public key in Preferences > SSH Keys first)
git clone git@your.server.ip:root/my-project.gitStep 3 - Set Up a Custom Domain and HTTPS
GitLab has built-in Let's Encrypt support. To enable HTTPS with your domain:
- Create a DNS A record pointing your domain to the server IP:
Type Name Value A gitlab your.server.ip - SSH into your server and edit
/etc/gitlab/gitlab.rb:
Change thenano /etc/gitlab/gitlab.rbexternal_urlline to use HTTPS with your domain:external_url 'https://gitlab.yourdomain.com' - Apply the configuration:
GitLab will automatically obtain and configure a Let's Encrypt certificate. The certificate renews automatically.gitlab-ctl reconfigure
Make sure your domain's A record is propagated before running reconfigure. DNS changes usually take a few minutes, but can take up to 24 hours. Check at dnschecker.org.
Step 4 - CI/CD Pipelines
GitLab has built-in CI/CD. To create a pipeline, add a .gitlab-ci.yml file to your repository root:
stages:
- build
- test
build-job:
stage: build
script:
- echo "Building the project..."
test-job:
stage: test
script:
- echo "Running tests..."Pipelines run automatically on each push. View results in your project under Build > Pipelines.
Note: To run pipelines, you need to register a GitLab Runner. Follow the GitLab Runner installation guide to set up a runner on this server or a separate machine.
Post-Installation
Fail2Ban - Brute-Force Protection
Your server comes with Fail2Ban pre-configured to protect SSH from brute-force attacks.
| Rule | Max Attempts | Ban Duration |
|---|---|---|
| SSH | 5 failed logins | 1 hour |
Useful commands:
# Check banned IPs
fail2ban-client status sshd
# Unban an IP
fail2ban-client set sshd unbanip 1.2.3.4GitLab also has its own brute-force protection for web logins. If you accidentally lock yourself out, connect via VNC console in your client panel and unban your IP.
Updates
Important: GitLab CE does not update automatically (blocked from unattended upgrades). GitLab must be updated through specific intermediate versions - skipping versions can break your instance.
Always check the official upgrade path before updating. To update:
# Check current version
gitlab-rake gitlab:env:info | grep "GitLab"
# Update to a specific version (follow the upgrade path!)
apt update
apt install gitlab-ce=X.Y.Z-ce.0
# Apply changes
gitlab-ctl reconfigureOS updates can be applied via SSH:
apt update && apt upgrade -yServer Credentials
GitLab admin credentials are stored in /root/.gitlab_credentials. You can also see them when you connect via SSH (displayed in the welcome message).
Service Management
GitLab Omnibus bundles all services (Nginx, PostgreSQL, Redis, Puma, Sidekiq) under the gitlab-ctl command:
# Service management
gitlab-ctl status # check all services
gitlab-ctl restart # restart all services
gitlab-ctl start # start all services
gitlab-ctl stop # stop all services
# Configuration
gitlab-ctl reconfigure # apply changes from gitlab.rb
# Logs
gitlab-ctl tail # live log output (all services)
gitlab-ctl tail nginx # Nginx logs only
gitlab-ctl tail puma # application server logs
# Backups
gitlab-backup create # create data backup
gitlab-ctl backup-etc # backup configuration files
# Reset root password
gitlab-rails console -e production
# Then in console:
# user = User.find_by_username('root')
# user.password = 'newpassword'
# user.password_confirmation = 'newpassword'
# user.save!Software Included
| Component | Details |
|---|---|
| Ubuntu | 24.04 LTS |
| GitLab CE | Omnibus (Nginx, PostgreSQL, Redis, Puma, Sidekiq) |
| CI/CD | Built-in GitLab CI/CD pipelines |
| Postfix | Local MTA for email notifications |
| Let's Encrypt | Built-in SSL certificate management |
| Fail2Ban | SSH brute-force protection |
Troubleshooting
| Problem | Solution |
|---|---|
| 502 error right after creation | GitLab is still starting up (first boot takes 2 - 4 minutes). Wait and refresh the page. Check progress: gitlab-ctl status |
| Can't access GitLab web interface | Check services: gitlab-ctl status. If services are down, try gitlab-ctl restart |
| Let's Encrypt certificate failed | Ensure DNS A record points to the server IP. Check at dnschecker.org. Review errors: gitlab-ctl tail nginx |
| Git push/pull fails over SSH | Add your SSH public key in GitLab (Preferences > SSH Keys). Use git@ in the clone URL |
| Forgot admin password | SSH in and check /root/.gitlab_credentials, or reset via gitlab-rails console (see Service Management) |
| High memory usage | GitLab uses ~2.5-3 GB RAM with optimizations applied. Minimum recommended: 4 GB RAM. If running low, consider upgrading your server plan |
| Blocked by Fail2Ban | Use VNC console in your client panel to unban your IP: fail2ban-client set sshd unbanip 1.2.3.4 |
| Reconfigure takes too long | This is normal - reconfigure can take 1-3 minutes. Monitor with gitlab-ctl tail |
| Forgot root password | Use VNC console in your client panel to reset it |