Build a GitLab private warehouse on Linux and penetrate the intranet to achieve public network access

Table of Contents


1. Download GitLab

2. Install GitLab

3. Start Gitlab

4.Install cpolar

5. Create tunnel configuration access address

6. Fixed GitLab access address

7. Configure the second-level subdomain name

8. Test access to second-level subdomain names


GitLab is an open source project for warehouse management systems. It uses Git as a code management tool and builds a web service based on it.

Gitlab is a widely used open source code management platform based on git. It is built on Ruby on Rails. It mainly manages the code and documents generated during the software development process. Gitlab mainly manages code and documents in the two dimensions of group and project. Among them, Group is a group, project is an engineering project. A group can manage multiple projects, which can be understood as having multiple software development tasks in a group, and a project may contain multiple branches, meaning how many branches are included in each project. branches, branches are independent of each other, and different branches can be merged.

Next, we build a GitLab private warehouse in Linux centOS8 and combine it with the Cpolar intranet penetration tool to achieve access to the private warehouse GitLab in the public network environment.

1. Download Gitlab

Create a directory in the system named GitLab to store the downloaded installation package.

mkdir /usr/local/gitlab

Go to the created directory

cd /usr/local/gitlab

Download the Gitlab installation package and wait for the download to complete

wget --content-disposition


2. Install Gitlab

After the download is successful, start installing Gitlab. First install a tool package. It takes a long time and wait for the installation to complete:

yum install policycoreutils-python-utils


Then install Gitlab, go into the /usr/local/gitlab directory we created above and execute:

rpm -Uvh gitlab-ce-15.0.2-ce.0.el8.x86_64.rpm


After the installation is completed, update the configuration. It will take a while. Please wait patiently. After completion, we can see the user name and password.

gitlab-ctl reconfigure

We can see the username and password in the following information. The username is: root. The password needs to be viewed separately.


The path above is the password path, check the password:

cat /etc/gitlab/initial_root_password


3. Start Gitlab

The test starts and no errors indicate success.

gitlab-ctl start


Then modify the access address and edit the Gitlab configuration file.

vim /etc/gitlab/gitlab.rb

Change the value of external_url to You can specify the port number yourself. Specify 8088 here, and then save it.


Reload the configuration file after modification

gitlab-ctl reconfigure

Then restart Gitlab

sudo gitlab-ctl restart

If there is a firewall, add firewall port: 8088

firewall-cmd --zone=public --add-port=8088/tcp --permanent

Then open the browser and enter Linux LAN ip + 8088 to access successfully.


Enter the above username: root and the password viewed above to log in successfully.


4.Install cpolar

Above we installed GitLab on the local Linux virtual machine. Next we installed the cpolar intranet traditional tool. Through cpolar’s http public network address, we can easily access GitLab remotely without registering a domain name ourselves. The following are the steps to install cpolar.

  • Use one-click script installation command
curl -L | sudo bash
  • token authentication

Log in to the cpolar official website backend, click Verify on the left to view your authentication token, and then paste the token into the command line:

cpolar authtoken xxxxxxx


  • Add services to the system and configure cpolar to start automatically at boot
sudo systemctl enable cpolar
  • Start cpolar service
sudo systemctl start cpolar

5. Create tunnel configuration access address

After successfully starting the cpolar service, we access the Linux LAN IP address + port 9200 on the browser and log in to the cpolar web UI management interface.

After successfully logging in, click Tunnel Management – Create Tunnel on the left dashboard to create an http protocol tunnel pointing to the 8088 port set above:

  • Tunnel name: It can be customized. Be careful not to duplicate the existing tunnel name.
  • Protocol: http
  • Local address: 8088
  • Domain name type: Choose a random domain name for free
  • Region: Select China VIP

Click Create


Then open the online tunnel list, view and copy the public network address


Then open the browser and enter the public network address to access successfully.


6. Fixed GitLab access address

Since the tunnel just created uses a random temporary address, the address will change within 24 hours. For long-term remote access, we next configure this public network address as fixed.

  • Second-level subdomains reserved

You need to upgrade to the basic package or above to support the configuration of second-level subdomain names.

Log in to the cpolar official website backend, click Reserve on the left dashboard, find Reserve second-level subdomain name, and reserve a second-level subdomain name for the http tunnel.

  • Region: Select server region
  • Name: Fill in the second-level subdomain name you want to reserve (can be customized)
  • Description: Notes, which can be customized


This example reserves a second-level subdomain named gitlabTest. After the subdomain name is successfully reserved, we copy the subdomain name and then configure it into the tunnel.


7. Configure second-level subdomain names

Log in to the cpolar web ui management interface. Click Tunnel Management on the left dashboard – Tunnel List, find the tunnel that needs to be configured with a second-level subdomain name, and click Edit on the right


Modify the tunnel information and configure the second-level subdomain name into the tunnel:

  • Domain name type: select Second-level subdomain name instead
  • Sub Domain: Fill in the second-level subdomain name we just reserved (in this case, gitlabTest)

After the modification is completed, click Update


After the tunnel is successfully updated, click StatusOnline Tunnel List on the left dashboard. You can see that the public network address of the tunnel has been updated to a second-level subdomain name. Copy the public network address.


8. Test access to second-level subdomain names

Open the browser and let’s test accessing the successfully configured second-level subdomain name. The test is successful and you can access it normally. Now, our only private second-level subdomain name in the entire network has been created. And this address will no longer change randomly. It is fixed. As long as the tunnel is kept online, we can use this public network address to remotely access it anytime and anywhere without the need for a public network IP or setting up a router.