Build a GitLab private warehouse on Linux and penetrate the intranet to achieve public network access

Table of Contents

Preface

1. Download GitLab

2. Install GitLab

3. Start Gitlab

4.Install cpolar

5. Create tunnel configuration access address

6. Fixed GitLab access address

7. Configure the second-level subdomain name

8. Test access to second-level subdomain names


Foreword

GitLab is an open source project for warehouse management systems. It uses Git as a code management tool and builds a web service based on it.

Gitlab is a widely used open source code management platform based on git. It is built on Ruby on Rails. It mainly manages the code and documents generated during the software development process. Gitlab mainly manages code and documents in the two dimensions of group and project. Among them, Group is a group, project is an engineering project. A group can manage multiple projects, which can be understood as having multiple software development tasks in a group, and a project may contain multiple branches, meaning how many branches are included in each project. branches, branches are independent of each other, and different branches can be merged.

Next, we build a GitLab private warehouse in Linux centOS8 and combine it with the Cpolar intranet penetration tool to achieve access to the private warehouse GitLab in the public network environment.

1. Download Gitlab

Create a directory in the system named GitLab to store the downloaded installation package.

mkdir /usr/local/gitlab

Go to the created directory

cd /usr/local/gitlab

Download the Gitlab installation package and wait for the download to complete

wget --content-disposition https://packages.gitlab.com/gitlab/gitlab-
ce/packages/el/8/gitlab-ce-15.0.2-ce.0.el8.x8

9b50bacce26b403590a79e542ea7dc39.png

2. Install Gitlab

After the download is successful, start installing Gitlab. First install a tool package. It takes a long time and wait for the installation to complete:

yum install policycoreutils-python-utils

dd3f42c6bd534a0c938ffa2ddaf8527c.png

Then install Gitlab, go into the /usr/local/gitlab directory we created above and execute:

rpm -Uvh gitlab-ce-15.0.2-ce.0.el8.x86_64.rpm

6e9fa5d5ec8f48e7944fc8acda5dc49e.png

After the installation is completed, update the configuration. It will take a while. Please wait patiently. After completion, we can see the user name and password.

gitlab-ctl reconfigure

We can see the username and password in the following information. The username is: root. The password needs to be viewed separately.

75474bb3dd214ab8bef7e13f96bf74e1.png

The path above is the password path, check the password:

cat /etc/gitlab/initial_root_password

370a9c7dbe6346fa825f5105854a21d6.png

3. Start Gitlab

The test starts and no errors indicate success.

gitlab-ctl start

526d85c0040f4d6a82934879f69e7a2f.png

Then modify the access address and edit the Gitlab configuration file.

vim /etc/gitlab/gitlab.rb

Change the value of external_url to http://127.0.0.1:8088. You can specify the port number yourself. Specify 8088 here, and then save it.

01da23afe7274830babf89e72fba7a71.png

Reload the configuration file after modification

gitlab-ctl reconfigure

Then restart Gitlab

sudo gitlab-ctl restart

If there is a firewall, add firewall port: 8088

firewall-cmd --zone=public --add-port=8088/tcp --permanent

Then open the browser and enter Linux LAN ip + 8088 to access successfully.

d19303c3a5f94c8196a542565dd32914.png

Enter the above username: root and the password viewed above to log in successfully.

ef4353459beb4ff3aaa84f245b1127a8.png

4.Install cpolar

Above we installed GitLab on the local Linux virtual machine. Next we installed the cpolar intranet traditional tool. Through cpolar’s http public network address, we can easily access GitLab remotely without registering a domain name ourselves. The following are the steps to install cpolar.

  • Use one-click script installation command
curl -L https://www.cpolar.com/static/downloads/install-release-cpolar.sh | sudo bash
  • token authentication

Log in to the cpolar official website backend, click Verify on the left to view your authentication token, and then paste the token into the command line:

cpolar authtoken xxxxxxx

c44c29a8f0314e3797ee049baa3569ff.png

  • Add services to the system and configure cpolar to start automatically at boot
sudo systemctl enable cpolar
  • Start cpolar service
sudo systemctl start cpolar

5. Create tunnel configuration access address

After successfully starting the cpolar service, we access the Linux LAN IP address + port 9200 on the browser and log in to the cpolar web UI management interface.

After successfully logging in, click Tunnel Management – Create Tunnel on the left dashboard to create an http protocol tunnel pointing to the 8088 port set above:

  • Tunnel name: It can be customized. Be careful not to duplicate the existing tunnel name.
  • Protocol: http
  • Local address: 8088
  • Domain name type: Choose a random domain name for free
  • Region: Select China VIP

Click Create

9d0262f5518e4efa92838418e189edf1.png

Then open the online tunnel list, view and copy the public network address

d2af51ad5cc94fcfa09153b6cb02d240.png

Then open the browser and enter the public network address to access successfully.

911ba084fe074b9195b91289f3a537d1.png

6. Fixed GitLab access address

Since the tunnel just created uses a random temporary address, the address will change within 24 hours. For long-term remote access, we next configure this public network address as fixed.

  • Second-level subdomains reserved

You need to upgrade to the basic package or above to support the configuration of second-level subdomain names.

Log in to the cpolar official website backend, click Reserve on the left dashboard, find Reserve second-level subdomain name, and reserve a second-level subdomain name for the http tunnel.

  • Region: Select server region
  • Name: Fill in the second-level subdomain name you want to reserve (can be customized)
  • Description: Notes, which can be customized

0a7ae109422546b89a10c9128140566e.png

This example reserves a second-level subdomain named gitlabTest. After the subdomain name is successfully reserved, we copy the subdomain name and then configure it into the tunnel.

c2694d8b024d45b1bcf391dd7da774df.png

7. Configure second-level subdomain names

Log in to the cpolar web ui management interface. Click Tunnel Management on the left dashboard – Tunnel List, find the tunnel that needs to be configured with a second-level subdomain name, and click Edit on the right

9a7d03b89b474bcf9844eb6bd54b4474.png

Modify the tunnel information and configure the second-level subdomain name into the tunnel:

  • Domain name type: select Second-level subdomain name instead
  • Sub Domain: Fill in the second-level subdomain name we just reserved (in this case, gitlabTest)

After the modification is completed, click Update

30bfd03f491e4c96a469dee003d90c13.png

After the tunnel is successfully updated, click StatusOnline Tunnel List on the left dashboard. You can see that the public network address of the tunnel has been updated to a second-level subdomain name. Copy the public network address.

c42d9b3003f842b1a0b2c36a23dcfd6c.png

8. Test access to second-level subdomain names

Open the browser and let’s test accessing the successfully configured second-level subdomain name. The test is successful and you can access it normally. Now, our only private second-level subdomain name in the entire network has been created. And this address will no longer change randomly. It is fixed. As long as the tunnel is kept online, we can use this public network address to remotely access it anytime and anywhere without the need for a public network IP or setting up a router.

8340d3d8c8b5423d992ce5dab106bf78.png