- Deploy and configure GitLab
- Maintain your GitLab instance
- Next steps and further configuration
For users of the Microsoft Azure business cloud, GitLab has a pre-configured offering in the Azure Marketplace. This tutorial describes installing GitLab Enterprise Edition in a single Virtual Machine (VM).
You’ll need an account on Azure. Use of the following methods to obtain an account:
- If you or your company already have an account with a subscription, use that account. If not, you can open your own Azure account for free. Azure’s free trial gives you $200 credit to explore Azure for 30 days. Read more in Azure’s comprehensive FAQ.
- If you have an MSDN subscription, you can activate your Azure subscriber benefits. Your MSDN subscription gives you recurring Azure credits every month, so you can use those credits and try out GitLab.
Because GitLab is already installed in a pre-configured image, all you have to do is create a new VM:
- Visit the GitLab offering in the marketplace
- Select Get it now and the Create this app in Azure window opens. Select Continue.
- Select one of the following options from the Azure portal:
- Select Create to create a VM from scratch.
- Select Start with a pre-set configuration to get started with some pre-configured options. You can modify these configurations at any time.
For the sake of this guide, let’s create the VM from scratch, so select Create.
After you create the virtual machine, use the information in the following sections to configure it.
The first items you need to configure are the basic settings of the underlying virtual machine:
- Select the subscription model and a resource group (create a new one if it doesn’t exist).
- Enter a name for the VM, for example
- Select a region.
- In Availability options, select Availability zone and set it to
1. Read more about the availability zones.
- Ensure the selected image is set to GitLab - Gen1.
- Select the VM size based on the hardware requirements.
Because the minimum system requirements to run a GitLab environment for up to 500 users
is covered by the
D4s_v3size, select that option.
- Set the authentication type to SSH public key.
- Enter a user name or leave the one that is automatically created. This is the user Azure uses to connect to the VM through SSH. By default, the user has root access.
- Determine if you want to provide your own SSH key or let Azure create one for you. Read the SSH documentation to learn more about how to set up SSH public keys.
Review your entered settings, and then proceed to the Disks tab.
For the disks:
- For the OS disk type, select Premium SSD.
- Select the default encryption.
Read more about the types of disks that Azure provides.
Review your settings, and then proceed to the Networking tab.
Use this tab to define the network connectivity for your virtual machine, by configuring network interface card (NIC) settings. You can leave them at their default settings.
Azure creates a security group by default and the VM is assigned to it. The GitLab image in the marketplace has the following ports open by default:
|80||Enable the VM to respond to HTTP requests, allowing public access.|
|443||Enable our VM to respond to HTTPS requests, allowing public access.|
|22||Enable our VM to respond to SSH connection requests, allowing public access (with authentication) to remote terminal sessions.|
If you want to change the ports or add any rules, you can do it after the VM is created by selecting Networking settings in the left sidebar, while in the VM dashboard.
Use this tab to configure monitoring and management options for your VM. You don’t need to change the default settings.
Use this tab to add additional configuration, agents, scripts
or applications through virtual machine extensions or
cloud-init. You don’t
need to change the default settings.
Use this tab to add name/value pairs that enable you to categorize resources. You don’t need to change the default settings.
The final tab presents you with all of your selected options, where you can review and modify your choices from the previous steps. Azure runs validation tests in the background, and if you provided all of the required settings, you can create the VM.
After you select Create, if you had opted for Azure to create an SSH key pair for you, a prompt appears to download the private SSH key. Download the key, as it’s needed to SSH into the VM.
After you download the key, the deployment begins.
At this point, Azure begins to deploy your new VM. The deployment process takes a few minutes to complete. After it’s complete, the new VM and its associated resources are displayed on the Azure Dashboard. Select Go to resource to visit the dashboard of the VM.
GitLab is now deployed and ready to be used. Before doing so, however, you need to set up the domain name and configure GitLab to use it.
The VM has a public IP address (static by default), but Azure allows you to assign a descriptive DNS name to the VM:
- From the VM dashboard, select Configure under DNS name.
- Enter a descriptive DNS name for your instance in the DNS name label field,
gitlab-prod. This makes the VM accessible at
- Select Save for the changes to take effect.
Eventually, most users want to use their own domain name. For you to do this, you need to add a DNS
with your domain registrar that points to the public IP address of your Azure VM.
You can use Azure’s DNS
or some other registrar.
external_url in its configuration file to set up the domain name.
If you don’t set this up, when you visit the Azure friendly name, the browser will
redirect you to the public IP.
To set up the GitLab external URL:
Connect to GitLab through SSH by going to Settings > Connect from the VM dashboard, and follow the instructions. Remember to sign in with the username and SSH key you specified when you created the VM. The Azure VM domain name is the one you set up previously. If you didn’t set up a domain name for your VM, you can use the IP address in its place.
In the case of our example:
ssh -i <private key path> firstname.lastname@example.org
/etc/gitlab/gitlab.rbwith your editor.
external_urland replace it with your own domain name. For the sake of this example, use the default domain name Azure sets up. Using
httpsin the URL automatically enables, Let’s Encrypt, and sets HTTPS by default:
Find the following settings and comment them out, so that GitLab doesn’t pick up the wrong certificates:
# nginx['redirect_http_to_https'] = true # nginx['ssl_certificate'] = "/etc/gitlab/ssl/server.crt" # nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/server.key"
Reconfigure GitLab for the changes to take effect. Run the following command every time you make changes to
sudo gitlab-ctl reconfigure
To prevent the domain name from resetting after a reboot, rename the utility that Bitnami uses:
sudo mv /opt/bitnami/apps/gitlab/bnconfig /opt/bitnami/apps/gitlab/bnconfig.bak
You can now visit GitLab with your browser at the new external URL.
Use the domain name you set up earlier to visit your new GitLab instance
in your browser. In this example, it’s
The first thing that appears is the sign-in page. GitLab creates an administrator user by default. The credentials are:
- Password: the password is automatically created, and there are two ways to find it.
After signing in, be sure to immediately change the password.
It’s important to keep your GitLab environment up-to-date. The GitLab team is constantly making enhancements and occasionally you may need to update for security reasons. Use the information in this section whenever you need to update GitLab.
To determine the version of GitLab you’re currently running:
- On the top bar, select Menu > Admin.
- On the left sidebar, select Overview > Dashboard.
- Find the version under the Components table.
If there’s a newer available version of GitLab that contains one or more security fixes, GitLab displays an Update asap notification message that encourages you to update.
To update GitLab to the latest version:
- Connect to the VM through SSH.
sudo apt update sudo apt install gitlab-ee
This command updates GitLab and its associated components to the latest versions, and can take time to complete. During this time, the terminal shows various update tasks being completed in your terminal.
After the update process is complete, a message like the following appears:
Upgrade complete! If your GitLab server is misbehaving try running sudo gitlab-ctl restart before anything else.
Refresh your GitLab instance in the browser and go to the Admin Area. You should now have an up-to-date GitLab instance.
Now that you have a functional GitLab instance, follow the next steps to learn what more you can do with your new installation.
This section describes common errors you can encounter.
The pre-configured GitLab image in Azure (provided by Bitnami) uses a GPG key deprecated in April 2020.
If you try to update the repositories, the system returns the following error:
[ 21.023494] apt-setup: W: GPG error: https://packages.gitlab.com/gitlab/gitlab-ee/debian buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3F01618A51312F3F [ 21.024033] apt-setup: E: The repository 'https://packages.gitlab.com/gitlab/gitlab-ee/debian buster InRelease' is not signed.
To fix this, fetch the new GPG key:
sudo apt install gpg-agent curl "https://gitlab-org.gitlab.io/omnibus-gitlab/gitlab_new_gpg.key" \ --output /tmp/omnibus_gitlab_gpg.key sudo apt-key add /tmp/omnibus_gitlab_gpg.key