#secret-pull-gitlab | Explore Tumblr posts and blogs

this-week-in-rust · 2 years ago

Text

This Week in Rust 510

Hello and welcome to another issue of This Week in Rust! Rust is a programming language empowering everyone to build reliable and efficient software. This is a weekly summary of its progress and community. Want something mentioned? Tag us at @ThisWeekInRust on Twitter or @ThisWeekinRust on mastodon.social, or send us a pull request. Want to get involved? We love contributions.

This Week in Rust is openly developed on GitHub and archives can be viewed at this-week-in-rust.org. If you find any errors in this week's issue, please submit a PR.

Updates from Rust Community

Official

Announcing Rust 1.72.0

Change in Guidance on Committing Lockfiles

Cargo changes how arrays in config are merged

Seeking help for initial Leadership Council initiatives

Leadership Council Membership Changes

Newsletters

This Week in Ars Militaris VIII

Project/Tooling Updates

rust-analyzer changelog #196

The First Stable Release of a Memory Safe sudo Implementation

We're open-sourcing the library that powers 1Password's ability to log in with a passkey

ratatui 0.23.0 is released! (official successor of tui-rs)

Zellij 0.38.0: session-manager, plugin infra, and no more offensive session names

Observations/Thoughts

The fastest WebSocket implementation

Rust Malware Staged on Crates.io

ESP32 Standard Library Embedded Rust: SPI with the MAX7219 LED Dot Matrix

A JVM in Rust part 5 - Executing instructions

Compiling Rust for .NET, using only tea and stubbornness!

Ad-hoc polymorphism erodes type-safety

How to speed up the Rust compiler in August 2023

This isn't the way to speed up Rust compile times

Rust Cryptography Should be Written in Rust

Dependency injection in Axum handlers. A quick tour

Best Rust Web Frameworks to Use in 2023

From tui-rs to Ratatui: 6 Months of Cooking Up Rust TUIs

[video] Rust 1.72.0

[video] Rust 1.72 Release Train

Rust Walkthroughs

[series] Distributed Tracing in Rust, Episode 3: tracing basics

Use Rust in shell scripts

A Simple CRUD API in Rust with Cloudflare Workers, Cloudflare KV, and the Rust Router

[video] base64 crate: code walkthrough

Miscellaneous

Interview with Rust and operating system Developer Andy Python

Leveraging Rust in our high-performance Java database

Rust error message to fix a typo

[video] The Builder Pattern and Typestate Programming - Stefan Baumgartner - Rust Linz January 2023

[video] CI with Rust and Gitlab Selfhosting - Stefan Schindler - Rust Linz July 2023

Crate of the Week

This week's crate is dprint, a fast code formatter that formats Markdown, TypeScript, JavaScript, JSON, TOML and many other types natively via Wasm plugins.

Thanks to Martin Geisler for the suggestion!

Please submit your suggestions and votes for next week!

Call for Participation

Always wanted to contribute to open-source projects but did not know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started!

Some of these tasks may also have mentors available, visit the task page for more information.

Hyperswitch - add domain type for client secret

Hyperswitch - deserialization error exposes sensitive values in the logs

Hyperswitch - move redis key creation to a common module

mdbook-i18n-helpers - Write tool which can convert translated files back to PO

mdbook-i18n-helpers - Package a language selector

mdbook-i18n-helpers - Add links between translations

Comprehensive Rust - Link to correct line when editing a translation

Comprehensive Rust - Track the number of times the redirect pages are visited

RustQuant - Jacobian and Hessian matrices support.

RustQuant - improve Graphviz plotting of autodiff computational graphs.

RustQuant - bond pricing implementation.

RustQuant - implement cap/floor pricers.

RustQuant - Implement Asian option pricers.

RustQuant - Implement American option pricers.

release-plz - add ability to mark Gitea/GitHub release as draft

zerocopy - CI step "Set toolchain version" is flaky due to network timeouts

zerocopy - Implement traits for tuple types (and maybe other container types?)

zerocopy - Prevent panics statically

zerocopy - Add positive and negative trait impl tests for SIMD types

zerocopy - Inline many trait methods (in zerocopy and in derive-generated code)

datatest-stable - Fix quadratic performance with nextest

Ockam - Use a user-friendly name for the shared services to show it in the tray menu

Ockam - Rename the Port to Address and support such format

Ockam - Ockam CLI should gracefully handle invalid state when initializing

css-inline - Update cssparser & selectors

css-inline - Non-blocking stylesheet resolving

css-inline - Optionally remove all class attributes

If you are a Rust project owner and are looking for contributors, please submit tasks here.

Updates from the Rust Project

366 pull requests were merged in the last week

reassign sparc-unknown-none-elf to tier 3

wasi: round up the size for aligned_alloc

allow MaybeUninit in input and output of inline assembly

allow explicit #[repr(Rust)]

fix CFI: f32 and f64 are encoded incorrectly for cross-language CFI

add suggestion for some #[deprecated] items

add an (perma-)unstable option to disable vtable vptr

add comment to the push_trailing function

add note when matching on tuples/ADTs containing non-exhaustive types

add support for ptr::writes for the invalid_reference_casting lint

allow overwriting ExpnId for concurrent decoding

avoid duplicate large_assignments lints

contents of reachable statics is reachable

do not emit invalid suggestion in E0191 when spans overlap

do not forget to pass DWARF fragment information to LLVM

ensure that THIR unsafety check is done before stealing it

emit a proper diagnostic message for unstable lints passed from CLI

fix races conditions with SyntaxContext decoding

fix waiting on a query that panicked

improve note for the invalid_reference_casting lint

include compiler flags when you break rust;

load include_bytes! directly into an Lrc

make Sharded an enum and specialize it for the single thread case

make rustc_on_unimplemented std-agnostic for alloc::rc

more precisely detect cycle errors from type_of on opaque

point at type parameter that introduced unmet bound instead of full HIR node

record allocation spans inside force_allocation

suggest mutable borrow on read only for-loop that should be mutable

tweak output of to_pretty_impl_header involving only anon lifetimes

use the same DISubprogram for each instance of the same inlined function within a caller

walk through full path in point_at_path_if_possible

warn on elided lifetimes in associated constants (ELIDED_LIFETIMES_IN_ASSOCIATED_CONSTANT)

make RPITITs capture all in-scope lifetimes

add stable for Constant in smir

add generics_of to smir

add smir predicates_of

treat StatementKind::Coverage as completely opaque for SMIR purposes

do not convert copies of packed projections to moves

don't do intra-pass validation on MIR shims

MIR validation: reject in-place argument/return for packed fields

disable MIR SROA optimization by default

miri: automatically start and stop josh in rustc-pull/push

miri: fix some bad regex capture group references in test normalization

stop emitting non-power-of-two vectors in (non-portable-SIMD) codegen

resolve: stop creating NameBindings on every use, create them once per definition instead

fix a pthread_t handle leak

when terminating during unwinding, show the reason why

avoid triple-backtrace due to panic-during-cleanup

add additional float constants

add ability to spawn Windows process with Proc Thread Attributes | Take 2

fix implementation of Duration::checked_div

hashbrown: allow serializing HashMaps that use a custom allocator

hashbrown: change & to &mut where applicable

hashbrown: simplify Clone by removing redundant guards

regex-automata: fix incorrect use of Aho-Corasick's "standard" semantics

cargo: Very preliminary MSRV resolver support

cargo: Use a more compact relative-time format

cargo: Improve TOML parse errors

cargo: add support for target.'cfg(..)'.linker

cargo: config: merge lists in precedence order

cargo: create dedicated unstable flag for asymmetric-token

cargo: set MSRV for internal packages

cargo: improve deserialization errors of untagged enums

cargo: improve resolver version mismatch warning

cargo: stabilize --keep-going

cargo: support dependencies from registries for artifact dependencies, take 2

cargo: use AND search when having multiple terms

rustdoc: add unstable --no-html-source flag

rustdoc: rename typedef to type alias

rustdoc: use unicode-aware checks for redundant explicit link fastpath

clippy: new lint: implied_bounds_in_impls

clippy: new lint: reserve_after_initialization

clippy: arithmetic_side_effects: detect division by zero for Wrapping and Saturating

clippy: if_then_some_else_none: look into local initializers for early returns

clippy: iter_overeager_cloned: detect .cloned().all() and .cloned().any()

clippy: unnecessary_unwrap: lint on .as_ref().unwrap()

clippy: allow trait alias DefIds in implements_trait_with_env_from_iter

clippy: fix "derivable_impls: attributes are ignored"

clippy: fix tuple_array_conversions lint on nightly

clippy: skip float_cmp check if lhs is a custom type

rust-analyzer: diagnostics for 'while let' loop with label in condition

rust-analyzer: respect #[allow(unused_braces)]

Rust Compiler Performance Triage

A fairly quiet week, with improvements exceeding a small scattering of regressions. Memory usage and artifact size held fairly steady across the week, with no regressions or improvements.

Triage done by @simulacrum. Revision range: d4a881e..cedbe5c

2 Regressions, 3 Improvements, 2 Mixed; 0 of them in rollups 108 artifact comparisons made in total

Full report here

Approved RFCs

Changes to Rust follow the Rust RFC (request for comments) process. These are the RFCs that were approved for implementation this week:

Create a Testing sub-team

Final Comment Period

Every week, the team announces the 'final comment period' for RFCs and key PRs which are reaching a decision. Express your opinions now.

RFCs

No RFCs entered Final Comment Period this week.

Tracking Issues & PRs

[disposition: merge] Stabilize PATH option for --print KIND=PATH

[disposition: merge] Add alignment to the NPO guarantee

New and Updated RFCs

[new] Special-cased performance improvement for Iterator::sum on Range<u*> and RangeInclusive<u*>

[new] Cargo Check T-lang Policy

Call for Testing

An important step for RFC implementation is for people to experiment with the implementation and give feedback, especially before stabilization. The following RFCs would benefit from user testing before moving forward:

No RFCs issued a call for testing this week.

If you are a feature implementer and would like your RFC to appear on the above list, add the new call-for-testing label to your RFC along with a comment providing testing instructions and/or guidance on which aspect(s) of the feature need testing.

Upcoming Events

Rusty Events between 2023-08-30 - 2023-09-27 🦀

Virtual

2023-09-05 | Virtual (Buffalo, NY, US) | Buffalo Rust Meetup

Buffalo Rust User Group, First Tuesdays

2023-09-05 | Virtual (Munich, DE) | Rust Munich

Rust Munich 2023 / 4 - hybrid

2023-09-06 | Virtual (Indianapolis, IN, US) | Indy Rust

Indy.rs - with Social Distancing

2023-09-12 - 2023-09-15 | Virtual (Albuquerque, NM, US) | RustConf

RustConf 2023

2023-09-12 | Virtual (Dallas, TX, US) | Dallas Rust

Second Tuesday

2023-09-13 | Virtual (Boulder, CO, US) | Boulder Elixir and Rust

Monthly Meetup

2023-09-13 | Virtual (Cardiff, UK)| Rust and C++ Cardiff

The unreasonable power of combinator APIs

2023-09-14 | Virtual (Nuremberg, DE) | Rust Nuremberg

Rust Nürnberg online

2023-09-20 | Virtual (Vancouver, BC, CA) | Vancouver Rust

Rust Study/Hack/Hang-out

2023-09-21 | Virtual (Charlottesville, NC, US) | Charlottesville Rust Meetup

Crafting Interpreters in Rust Collaboratively

2023-09-21 | Lehi, UT, US | Utah Rust

Real Time Multiplayer Game Server in Rust

2023-09-21 | Virtual (Linz, AT) | Rust Linz

Rust Meetup Linz - 33rd Edition

2023-09-25 | Virtual (Dublin, IE) | Rust Dublin

How we built the SurrealDB Python client in Rust.

Asia

2023-09-06 | Tel Aviv, IL | Rust TLV

RustTLV @ Final - September Edition

Europe

2023-08-30 | Copenhagen, DK | Copenhagen Rust Community

Rust metup #39 sponsored by Fermyon

2023-08-31 | Augsburg, DE | Rust Meetup Augsburg

Augsburg Rust Meetup #2

2023-09-05 | Munich, DE + Virtual | Rust Munich

Rust Munich 2023 / 4 - hybrid

2023-09-14 | Reading, UK | Reading Rust Workshop

Reading Rust Meetup at Browns

2023-09-19 | Augsburg, DE | Rust - Modern Systems Programming in Leipzig

Logging and tracing in Rust

2023-09-20 | Aarhus, DK | Rust Aarhus

Rust Aarhus - Rust and Talk at Concordium

2023-09-21 | Bern, CH | Rust Bern

Third Rust Bern Meetup

North America

2023-09-05 | Chicago, IL, US | Deep Dish Rust

Rust Happy Hour

2023-09-06 | Bellevue, WA, US | The Linux Foundation

Rust Global

2023-09-12 - 2023-09-15 | Albuquerque, NM, US + Virtual | RustConf

RustConf 2023

2023-09-12 | New York, NY, US | Rust NYC

A Panel Discussion on Thriving in a Rust-Driven Workplace

2023-09-12 | Minneapolis, MN, US | Minneapolis Rust Meetup

Minneapolis Rust Meetup Happy Hour

2023-09-14 | Seattle, WA, US | Seattle Rust User Group Meetup

Seattle Rust User Group - August Meetup

2023-09-19 | San Francisco, CA, US | San Francisco Rust Study Group

Rust Hacking in Person

2023-09-21 | Nashville, TN, US | Music City Rust Developers

Rust on the web! Get started with Leptos

2023-09-26 | Pasadena, CA, US | Pasadena Thursday Go/Rust

Monthly Rust group

2023-09-27 | Austin, TX, US | Rust ATX

Rust Lunch - Fareground

Oceania

2023-09-13 | Perth, WA, AU | Rust Perth

Rust Meetup 2: Lunch & Learn

2023-09-19 | Christchurch, NZ | Christchurch Rust Meetup Group

Christchurch Rust meetup meeting

2023-09-26 | Canberra, ACT, AU | Rust Canberra

September Meetup

If you are running a Rust event please add it to the calendar to get it mentioned here. Please remember to add a link to the event too. Email the Rust Community Team for access.

Jobs

Please see the latest Who's Hiring thread on r/rust

Quote of the Week

In [other languages], I could end up chasing silly bugs and waste time debugging and tracing to find that I made a typo or ran into a language quirk that gave me an unexpected nil pointer. That situation is almost non-existent in Rust, it's just me and the problem. Rust is honest and upfront about its quirks and will yell at you about it before you have a hard to find bug in production.

– dannersy on Hacker News

Thanks to Kyle Strand for the suggestion!

Please submit quotes and vote for next week!

This Week in Rust is edited by: nellshamrell, llogiq, cdmistman, ericseppanen, extrawurst, andrewpollack, U007D, kolharsam, joelmarcey, mariannegoldin, bennyvasquez.

Email list hosting is sponsored by The Rust Foundation

Discuss on r/rust

#rust-lang #rust #rustlang #twir #long post

0 notes

computingpostcom · 3 years ago

Text

GitLab is a web-based platform used to host Git repositories. This tool supports software development using the Continuous Delivery(CD) and Continuous Integration(CI) processes. The GitLab Enterprise Edition builds on top of Git with extra features such as LDAP group sync, multiple roles, and audit logs. It also includes authorization integration with deeper authentication. The amazing features associated with GitLab are: Easy integration with Jenkins, Docker, Slack, Kubernetes, JIRA, LDAP e.t.c Code Quality (Code Climate) On-premise or cloud-based installations Development Analytics Performance monitoring Rich API Integration with IDEs like Eclipse, Visual Studio, Koding, and IntelliJ Issue management, bug tracking, and boards Repository mirroring and high availability (HA) Hosting static websites (GitLab Pages) ChatOp tool (Mattermost) Code Review functionality and Review Apps tool Service Desk (ticketing system) The GitLab system is made up of several distinct components and dependencies. When installing GitLab directly on your system, these components are installed as well. They include Redis, Gitaly, PostgreSQL, and the GitLab application itself. To avoid these components from being populated into your environment, using Docker containers is the preferred installation method. This ensures that all the components live within a single container away from the filesystem of the host. In this guide, we will walk through how to run GitLab in Docker Containers using Docker Compose. Setup Pre-requisites For this guide you need the following: 1GB or more of available RAM on the host Docker and Docker-compose A fully Qualified Domain name(For SSL certificates) But before you begin, update your system and install the required tools: ## On Debian/Ubuntu sudo apt update && sudo apt upgrade sudo apt install curl vim git ## On RHEL/CentOS/RockyLinux 8 sudo yum -y update sudo yum -y install curl vim git ## On Fedora sudo dnf update sudo dnf -y install curl vim git #1. Install Docker and Docker Compose on Linux Begin by installing the Docker engine on your system. Below is a dedicated guide to help you install docker on your system How To Install Docker CE on Linux Systems Once docker has been installed, start and enable the service. sudo systemctl start docker && sudo systemctl enable docker Add your system user to the docker group. sudo usermod -aG docker $USER newgrp docker Now proceed and install Docker compose with aid of the below guide. How To Install Docker Compose on Linux Another easy way of installing Docker Dev release is with the docker.sh script below: sudo apt update && sudo apt install curl uidmap -y curl -fsSL get.docker.com -o get-docker.sh sudo sh get-docker.sh dockerd-rootless-setuptool.sh install #2. Provisioning the GitLab Container We will begin by pulling the docker-compose.yml file for the deployment. wget https://raw.githubusercontent.com/sameersbn/docker-gitlab/master/docker-compose.yml You need to generate 3 random strings at least 64 characters long to be used for: GITLAB_SECRETS_OTP_KEY_BASE: this is used to encrypt 2FA secrets in the database GITLAB_SECRETS_DB_KEY_BASE: used for CI secret variables encryption and importing variables into the database. GITLAB_SECRETS_SECRET_KEY_BASE: it is used for password reset links as well as other ‘standard’ auth features. These strings can be generated using pwgen installed as with the commands: ##On Debian/Ubuntu sudo apt install -y pwgen ##On RHEL/CentOS/RockyLinux 8 sudo yum install epel-release -y sudo yum install pwgen -y ## On Fedora sudo dnf install -y pwgen Generate random strings with the command: pwgen -Bsv1 64 Edit the file and add the strings appropriately, the deployment file has 3 containers i.e Redis, PostgreSQL, and GitLab. Open the file for editing. vim docker-compose.yml Make the below changes as desired. PostgreSQL container

Configure your database as preferred. You need to set the database password. ...... postgresql: restart: always volumes: - postgresql-data:/var/lib/postgresql:Z environment: - DB_USER=gitlab - DB_PASS=StrongDBPassword - DB_NAME=gitlab_production - DB_EXTENSION=pg_trgm,btree_gist ...... GitLab Container Proceed and provide database details, and set the health check appropriately in the GitLab container. gitlab: restart: always image: sameersbn/gitlab:14.10.2 depends_on: - redis - postgresql ports: - "10080:80" - "10022:22" volumes: - gitlab-data:/home/git/data:Z healthcheck: test: curl http://localhost/-/health || exit 1 interval: 1m timeout: 10s retries: 3 start_period: 1m environment: - DEBUG=false - DB_ADAPTER=postgresql - DB_HOST=postgresql - DB_PORT=5432 - DB_USER=gitlab - DB_PASS=StrongDBPassword - DB_NAME=gitlab_production ...... Also update Timezone variables - TZ=Africa/Nairobi - GITLAB_TIMEZONE=Nairobi Under the GitLab container, you can add HTTPS support by making the below settings. If you do not have an FQDN, enable self-signed certificates as well. - GITLAB_HTTPS=true .... If you are using self-signed certificates, you need to enable this as well. - SSL_SELF_SIGNED=true Proceed and provide the random strings. Remember to set the GITLAB_HOST and remove the GITLAB_PORT. This is done because we will configure reverse proxy later. - GITLAB_HOST=gitlab.computingpost.com - GITLAB_PORT= - GITLAB_SSH_PORT=10022 - GITLAB_RELATIVE_URL_ROOT= - GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alphanumeric-string - GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alphanumeric-string - GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alphanumeric-string Set the GitLab user email and password. - GITLAB_ROOT_PASSWORD=StrongPassw0rd - [email protected] You can also enable SMTP support by making the desired settings. - SMTP_ENABLED=true - SMTP_DOMAIN=www.example.com - SMTP_HOST=smtp.gmail.com - SMTP_PORT=587 - [email protected] - SMTP_PASS=password - SMTP_STARTTLS=true - SMTP_AUTHENTICATION=login There are many other configurations you can make to this container. These settings include the Timezone, OAUTH, IMAP e.t.c #3. Configure Persistent Volumes For data persistent, we have to map the volumes appropriately. The docker-compose.yml file has 3 volumes. Here, we will use a secondary disk mounted on our system for data persistence. Identify the disk. $ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 40G 0 disk ├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 39G 0 part ├─rl-root 253:0 0 35G 0 lvm / └─rl-swap 253:1 0 4G 0 lvm [SWAP] sdb 8:16 0 10G 0 disk └─sdb1 8:17 0 10G 0 part Ensure the disk is formatted before you proceed to mount it as shown. sudo mkdir /mnt/data sudo mount /dev/sdb1 /mnt/data Confirm if the disk has been mounted on the desired path. $ sudo mount | grep /dev/sdb1 /dev/sdb1 on /mnt/data type xfs (rw,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota) Create the 3 volumes in the disk. sudo mkdir -p /mnt/data/redis sudo mkdir -p /mnt/data/postgresql sudo mkdir -p /mnt/data/gitlab Set the appropriate file permissions. sudo chmod 775 -R /mnt/data sudo chown -R $USER:docker /mnt/data On Rhel-based systems, you need to configure SELinux as below for the paths to be accessible. sudo setenforce 0 sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config Now create the docker volumes for the containers. Redis docker volume create --driver local \ --opt type=none \ --opt device=/mnt/data/redis \ --opt o=bind redis-data PostgreSQL

docker volume create --driver local \ --opt type=none \ --opt device=/mnt/data/postgresql \ --opt o=bind postgresql-data GitLab docker volume create --driver local \ --opt type=none \ --opt device=/mnt/data/gitlab \ --opt o=bind gitlab-data Once created, list the volumes with the command: $ docker volume list DRIVER VOLUME NAME local gitlab-data local postgresql-data local redis-data Now in the YAML file, add these lines at the bottom. $ vim docker-compose.yml ....... volumes: redis-data: external: true postgresql-data: external: true gitlab-data: external: true #4. Bringing up GitLab. After the desired configurations have been made, bring up the containers with the command: docker-compose up -d Sample execution output: [+] Running 23/28 ⠇ gitlab Pulling 33.9s ⠿ d5fd17ec1767 Pull complete 8.0s ⠿ 2cbc1a21dc95 Pull complete 9.3s ⠿ e3cf021c7259 Pull complete 25.0s ⠿ c55daad7c782 Pull complete 25.2s ..... ⠿ redis Pulled 24.4s ⠿ 1fe172e4850f Pull complete 17.6s ⠿ 6fbcd347bf99 Pull complete 18.1s ⠿ 993114c67627 Pull complete 18.9s ⠿ 2a560260ca39 Pull complete 20.5s ⠿ b7179886a292 Pull complete 20.8s .... ⠿ postgresql Pulled 21.4s ⠿ 23884877105a Pull complete 2.6s ⠿ bc38caa0f5b9 Pull complete 2.8s ⠿ 2910811b6c42 Pull complete 3.1s ⠿ 36505266dcc6 Pull complete 3.5s ........ Verify if the containers are running: $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f5e238c85afb sameersbn/gitlab:14.10.2 "/sbin/entrypoint.sh��" 2 minutes ago Up 2 minutes (healthy) 443/tcp, 0.0.0.0:10022->22/tcp, :::10022->22/tcp, 0.0.0.0:10080->80/tcp, :::10080->80/tcp ubuntu-gitlab-1 c4113ccccc8a sameersbn/postgresql:12-20200524 "/sbin/entrypoint.sh" 2 minutes ago Up 2 minutes 5432/tcp ubuntu-postgresql-1 a352f63cdea5 redis:6.2.6 "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 6379/tcp ubuntu-redis-1 #5. Secure GitLab with SSL Certificates. We need to secure the site with SSL so as to prevent unauthorized access to your data. With the GITLAB_HTTPS option enabled, you can generate certificates for your domain name. Normally, the container looks for the certificates in the volume that belongs to the GitLab container. However, in this guide, we will configure the Nginx reverse proxy for HTTPS. First, install Nginx on your system. ##On RHEL/CentOS/Rocky Linux 8 sudo yum install nginx ##On Debian/Ubuntu sudo apt install nginx Create a virtual host file as shown. sudo vim /etc/nginx/conf.d/gitlab.conf

Add the below lines to the file. server listen 80; server_name gitlab.computinforgeeks.com; client_max_body_size 0; chunked_transfer_encoding on; location / proxy_pass http://localhost:10080/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; proxy_buffering off; proxy_request_buffering off; Save the file, restart and enable Nginx. sudo systemctl restart nginx sudo systemctl enable nginx Option1 – Using Self Signed Certificate The certificate pair is generated using openSSL. Begin by generating the private key. openssl genrsa -out gitlab.key 2048 Create a certificate signing request(CSR). openssl req -new -key gitlab.key -out gitlab.csr Sign the certificate using the CSR and private key. openssl x509 -req -days 3650 -in gitlab.csr -signkey gitlab.key -out gitlab.crt After this, you will have a self-signed certificate generated. For more security, you need to create more robust DHE parameters. openssl dhparam -out dhparam.pem 2048 Now you will have 3 files, gitlab.key, gitlab.crt and dhparam.pem. Copy these files to the certificates directory. sudo cp gitlab.crt /etc/ssl/certs/gitlab.crt sudo mkdir -p /etc/ssl/private/ sudo cp gitlab.key /etc/ssl/private/gitlab.key sudo cp dhparam.pem /etc/ssl/certs/dhparam.pem Now edit your Nginx config to accommodate the certificates. server server_name gitlab.computingpost.com; client_max_body_size 0; chunked_transfer_encoding on; location / proxy_pass http://localhost:10080/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; proxy_buffering off; proxy_request_buffering off; listen 443 ssl; ssl_certificate /etc/ssl/certs/gitlab.crt; ssl_certificate_key /etc/ssl/private/gitlab.key; ssl_dhparam /etc/ssl/certs/dhparam.pem; server if ($host = gitlab.computingpost.com) return 301 https://$host$request_uri; listen 80; server_name gitlab.computingpost.com; return 404; To establish trust with the server, the client needs to copy the gitlab.crt to the list of trusted certificates. Normally at /usr/local/share/ca-certificates/ for Ubuntu and /etc/pki/ca-trust/source/anchors/ for CentOS. Once done, update the certificates: ##On Ubuntu/Debian sudo update-ca-certificates ##On CentOS/Rocky Linux sudo update-ca-trust extract This is done to avoid the error below during git clone on the client. $ git clone https://gitlab.computingpost.com/gitlab-instance-dbda973a/my-android-project.git Cloning into 'my-android-project'... fatal: unable to access 'https://gitlab.computingpost.com/gitlab-instance-dbda973a/my-android-project.git/': SSL certificate problem: self signed certificate Option 2 – Using Let’s Encrypt This requires one to have a Fully Qualified Domain Name(FQDN). Here, we will use a reverse proxy(Nginx) Begin by installing the required packages. ##On RHEL 8/CentOS/Rocky Linux 8/Fedora sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm sudo dnf install certbot python3-certbot-nginx ##On Debian/Ubuntu sudo apt install certbot python3-certbot-nginx Generate SSL certificates for your domain name using the command: sudo certbot --nginx Proceed and issue certificates for the domain name. ........ Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: gitlab.computingpost.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 Requesting a certificate for gitlab.computingpost.com Performing the following challenges: http-01 challenge for bitwarden.example.com Waiting for verification... Cleaning up challenges .... Restart Nginx. sudo systemctl restart nginx #6. Access GitLab Web UI. Now proceed and access GitLab via HTTPS. If you have a firewall enabled, allow the port/service through it. ##For UFW sudo ufw allow 443/tcp ##For Firewalld sudo firewall-cmd --add-service=http --permanent sudo firewall-cmd --add-service=https --permanent sudo firewall-cmd --reload Now proceed and access the page using the URL https://domain_name Login using the created credentials. On successful login, you will see this dashboard. Set if you want the account to be used by everyone or for personal use by setting who to register for an account. Once configured, proceed and create a new project by clicking on “New Project“. Here, I will deploy a project from a template as shown. Once created, the project will appear as shown. You can proceed and add SSH keys for easier management. To confirm if everything is set up accordingly, we will try and git clone the repository. Click on clone to obtain the desired URL. Since I do not have SSH keys, I will proceed to use HTTPS as shown. Voila! That verifies that the GitLab installation is working as preferred. #7. Cleanup To remove the GitLab installation and all the persistent data, use the command: $ docker-compose down -v [+] Running 4/4 ⠿ Container admin-gitlab-1 Removed 13.5s ⠿ Container admin-redis-1 Removed 0.7s ⠿ Container admin-postgresql-1 Removed 0.5s ⠿ Network admin_default Removed 0.4s Closing Thoughts. We have triumphantly walked through how to run GitLab in Docker Containers using Docker Compose. Now you have a GitLab installation from which you can host Git repositories. I hope this was significant.

0 notes