GitLab CE VPS - Getting Started Guide
Your GitLab CE VPS based on Ubuntu 24.04 comes fully configured - GitLab is installed with the admin password you specified during order. GitLab CE is a self-hosted DevOps platform with Git repositories, CI/CD pipelines, issue tracking, wiki, container registry, and more.
Software Included
| Component | Details |
|---|---|
| Ubuntu | 24.04 LTS |
| GitLab CE | Omnibus (Nginx, PostgreSQL, Redis, Puma, Sidekiq) |
| CI/CD | Built-in GitLab CI/CD pipelines |
| Postfix | Local MTA for email notifications |
| Let's Encrypt | Built-in SSL certificate management |
| Fail2Ban | SSH brute-force protection |
Step 1 - Your Credentials
Log in to your client panel and open your VPS service details. Find the IP address and root password (for SSH).
GitLab login:
- Username:
root - Password: the GitLab Root Password you entered during the order
Note: GitLab performs initial configuration on first boot (creating swap, tuning performance, applying settings). This takes 2-4 minutes. If you see a 502 error right after creation, please wait and refresh the page.
Step 2 - Access GitLab
GitLab is available after the initial setup completes (2-4 minutes after VPS creation). Open your browser and go to:
http://your.server.ipLog in with username root and the GitLab Root Password from Step 1.
Note: GitLab initially runs on HTTP. To enable HTTPS with a free Let's Encrypt certificate, set up a domain first (see Step 4).
Step 3 - Create Your First Project
Click New project on the dashboard, choose Create blank project, enter a name, and click Create project.
Clone your repository using HTTPS or SSH:
# HTTPS
git clone http://your.server.ip/root/my-project.git
# SSH (add your public key in Preferences > SSH Keys first)
git clone git@your.server.ip:root/my-project.gitStep 4 - Set Up a Custom Domain & HTTPS
GitLab has built-in Let's Encrypt support. To enable HTTPS with your domain:
- Create a DNS A record pointing your domain to the server IP:
Type Name Value A gitlab your.server.ip - SSH into your server and edit
/etc/gitlab/gitlab.rb:
Change thenano /etc/gitlab/gitlab.rbexternal_urlline to use HTTPS with your domain:external_url 'https://gitlab.yourdomain.com' - Apply the configuration:
GitLab will automatically obtain and configure a Let's Encrypt certificate. The certificate renews automatically.gitlab-ctl reconfigure
Note: Make sure your domain's A record is propagated before running reconfigure. DNS changes usually take a few minutes, but can take up to 24 hours. Check at dnschecker.org.
Step 5 - CI/CD Pipelines
GitLab has built-in CI/CD. To create a pipeline, add a .gitlab-ci.yml file to your repository root:
stages:
- build
- test
build-job:
stage: build
script:
- echo "Building the project..."
test-job:
stage: test
script:
- echo "Running tests..."Pipelines run automatically on each push. View results in your project under Build > Pipelines.
Note: To run pipelines, you need to register a GitLab Runner. Follow the GitLab Runner installation guide to set up a runner on this server or a separate machine.
Post-Installation
Fail2Ban - Brute-Force Protection
Your server comes with Fail2Ban pre-configured to protect SSH from brute-force attacks.
| Rule | Max Attempts | Ban Duration |
|---|---|---|
| SSH | 5 failed logins | 1 hour |
Useful commands:
# Check banned IPs
fail2ban-client status sshd
# Unban an IP
fail2ban-client set sshd unbanip 1.2.3.4If you accidentally lock yourself out, connect via VNC console in your client panel and unban your IP.
Server Credentials
GitLab admin credentials are stored in /root/.gitlab_credentials. You can also see them when you connect via SSH (displayed in the welcome message).
Useful Commands
# Service management
gitlab-ctl status # check all services
gitlab-ctl restart # restart all services
gitlab-ctl start # start all services
gitlab-ctl stop # stop all services
# Configuration
gitlab-ctl reconfigure # apply changes from gitlab.rb
# Logs
gitlab-ctl tail # live log output (all services)
gitlab-ctl tail nginx # Nginx logs only
gitlab-ctl tail puma # application server logs
# Backups
gitlab-backup create # create data backup
gitlab-ctl backup-etc # backup configuration files
# Reset root password
gitlab-rails console -e production
# Then in console:
# user = User.find_by_username('root')
# user.password = 'newpassword'
# user.password_confirmation = 'newpassword'
# user.save!Updates
Important: GitLab CE does not update automatically (blocked from unattended upgrades). GitLab must be updated through specific intermediate versions - skipping versions can break your instance.
Always check the official upgrade path before updating. To update:
# Check current version
gitlab-rake gitlab:env:info | grep "GitLab"
# Update to a specific version (follow the upgrade path!)
apt update
apt install gitlab-ce=X.Y.Z-ce.0
# Apply changes
gitlab-ctl reconfigureOS updates can be applied via SSH:
apt update && apt upgrade -yTroubleshooting
| Problem | Solution |
|---|---|
| 502 error right after creation | GitLab is still starting up (first boot takes 2-4 minutes). Wait and refresh the page. Check progress: gitlab-ctl status |
| Can't access GitLab web interface | Check services: gitlab-ctl status. If services are down, try gitlab-ctl restart |
| Let's Encrypt certificate failed | Ensure DNS A record points to the server IP. Check at dnschecker.org. Review errors: gitlab-ctl tail nginx |
| Git push/pull fails over SSH | Add your SSH public key in GitLab (Preferences > SSH Keys). Use git@ in the clone URL |
| Forgot admin password | SSH in and check /root/.gitlab_credentials, or reset via gitlab-rails console (see Useful Commands) |
| High memory usage | GitLab uses ~2.5-3 GB RAM with optimizations applied. Minimum recommended: 4 GB RAM. If running low, consider upgrading your VPS plan |
| Blocked by Fail2Ban | Use VNC console in your client panel to unban your IP: fail2ban-client set sshd unbanip 1.2.3.4 |
| Reconfigure takes too long | This is normal - reconfigure can take 1-3 minutes. Monitor with gitlab-ctl tail |