This is my first use of FreeNAS virtual machine. I setup a gitlab on FreeNAS VM, even there is not a server CPU installed (G1840T), I have purchased a E3-1275L v3 for FreeNAS.
Setup on Virtual Machine
My FreeNAS is upgraded to 13-Release, I have 16Git Memory, so I created a 4 virtual CPUs and 4Gib memory, maybe 20Gib disk.
I'm not very familiar with FreeNAS 13 virtualization software
bhyve, sounds like a full virtualization? not like
jail (last virtualization software), share the kernel,
bhyve supports you install Windows, Linux, FreeBSD.
I downloaded Ubuntu 18.04 LTS image and upload to NAS, this image will be used when the virtual machine starts. Installation works fine. P.S. I can import my SSH public key on GitHub during install Ubuntu.
Because Gitlab recommends
Omnibus package and Ubuntu is a recommended OS, and I'm very familiar with Ubuntu. Debian, CentOS, SUSE is recommended too.
Note: setup a hostname of host, and
external_url of Gitlab. The Gitlab config file path:
/etc/gitlab/gitlab.rb, yes, it's a ruby project. I'm not sure why Gitlab use Ruby, just like GitHub, ruby is a best programming language for Git version control website?
Setup Let'e Encrypt with Gitlab
Yes, Gitlab supports Let's Encrypt, it could work fine, but I didn't try it, since my gitlab deployed on intranet, and my ISP blocked 80, 443 ports, so I couldn't challenge successfully with Let's Encrypt (ACME), I hope
DNS-01 challenge method, but Gitlab not support now, maybe available future.
DNS-01 issued certificate for my Cloudflare hosted domain. For Cloudflare with
acme.sh, please refer this docs, I use the new API token method, when you create an API token, you need choose which permissions are related with this token, I granted these:
- Account-Account Setting-Read
- For Account Resource: Include-my account (only one)
- For Zone Resource: Include-All zone from an account-my account(only one)
Gitlab supports you use your own certificate, so change
external_url to a
https:// url and copy your certificate and key file to
/etc/gitlab/ssl, Gitlab will search
YOUR_DOMAIN.key for key file, and
YOUR_DOMAIN.crt for certificate file.
acme.sh could not access
/etc/gitlab/ssl, I changed
ssl directory group to my user, and changed mode for writing.
Last, after certificate installed (copied), I need notify
nginx (Gitlab use nginx) reload, Gitlab provides
gitlab-ctl hup nginx, but this command needs sudo.
sudo visudo, add
NOPASSWD for command
/usr/bin/gitlab-ctl hup nginx.
Not tested renew, I found
acme.sh recorded my certificate installation path and reload command, I suppose after a renew successfully,
acme.sh could install cert to that path and execute reload command.