How to Install GitLab CE on RHEL 7

How to Install GitLab CE on RHEL 7

GitLab Community Edition is a complete DevOps platform that bundles source code management, issue tracking, CI/CD pipelines, container registry, and wiki functionality into a single self-hosted application. Installing GitLab CE on Red Hat Enterprise Linux 7 is straightforward using the official Omnibus package, which packages all dependencies — PostgreSQL, Redis, Nginx, and more — into one cohesive installation managed through the gitlab-ctl command. This guide covers repository configuration, installation, initial password retrieval, SSL setup, and SMTP configuration.

Prerequisites

• RHEL 7 server with a minimum of 4 CPU cores and 4 GB RAM (8 GB recommended for teams of 10+)
• At least 10 GB of free disk space on the partition that will hold /var/opt/gitlab
• Root or sudo access
• A fully qualified domain name (FQDN) resolving to your server’s IP address
• Ports 80 and 443 open in your firewall and accessible from users’ workstations
• Outbound access to packages.gitlab.com for the initial installation

Step 1: Update the System and Install Dependencies

Begin with a system update to ensure all base packages are current, then install the packages GitLab’s installation script requires:

sudo yum update -y
sudo yum install -y curl policycoreutils openssh-server openssh-clients perl

Enable and start the SSH service if it is not already running:

sudo systemctl enable sshd
sudo systemctl start sshd

Allow SSH through the firewall:

sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload

Step 2: Install Postfix for Email Notifications (Optional)

GitLab sends emails for account confirmations, merge request notifications, and CI pipeline results. Install and start Postfix for local mail delivery, or skip this step if you plan to configure an external SMTP relay:

sudo yum install -y postfix
sudo systemctl enable postfix
sudo systemctl start postfix

Step 3: Add the GitLab Omnibus Repository

GitLab provides a script that adds the official Omnibus repository to your yum configuration and imports the GPG signing key. Run it directly:

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash

The script creates /etc/yum.repos.d/gitlab_gitlab-ce.repo. Verify it was added correctly:

sudo yum repolist | grep gitlab

You should see a line similar to gitlab_gitlab-ce gitlab_gitlab-ce in the output.

Step 4: Install GitLab CE

Set the external URL environment variable before installation so the Omnibus package embeds the correct URL into its configuration:

sudo EXTERNAL_URL="http://gitlab.example.com" yum install -y gitlab-ce

The installation process downloads the package (approximately 1 GB), extracts it, runs gitlab-ctl reconfigure automatically, and starts all bundled services. This typically takes 5–10 minutes. When complete, you will see a message ending with:

GitLab CE configured.

To install a specific version, append the version string:

sudo EXTERNAL_URL="http://gitlab.example.com" yum install -y gitlab-ce-16.11.0

Step 5: Run gitlab-ctl reconfigure

If you need to apply configuration changes at any point after installation, run:

sudo gitlab-ctl reconfigure

This command re-reads /etc/gitlab/gitlab.rb, regenerates all configuration files for the bundled services, and restarts any services whose configuration changed. It is idempotent — safe to run multiple times.

Step 6: Open Firewall Ports

Allow HTTP and HTTPS traffic through firewalld:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Verify the services are listed:

sudo firewall-cmd --list-services

Step 7: Retrieve the Initial Root Password

GitLab generates a random initial root password during the first reconfigure run and writes it to a file. Retrieve it before it is deleted (it is automatically removed 24 hours after installation):

sudo cat /etc/gitlab/initial_root_password

The output will look like:

# WARNING: This value is valid only in the following conditions
#          1. If provided manually nothing else for the first run
#          2. Ensure the token has write access to the API
# Ensure the following values are not left as default values.

Password: 8TkXjH2oRqP9mN1aLvW6cYzE3dFbI0uG

Log in to http://gitlab.example.com with username root and this password. Immediately navigate to User Settings > Password to set a permanent password.

Step 8: Configure gitlab.rb — External URL and Core Settings

The main GitLab configuration file is /etc/gitlab/gitlab.rb. It is heavily commented and contains every configurable option. The most important settings to review are:

sudo vi /etc/gitlab/gitlab.rb

Key settings:

# The URL users access GitLab through
external_url 'https://gitlab.example.com'

# Number of Puma workers (set to CPU cores - 1, minimum 2)
puma['worker_processes'] = 3

# Reduce memory usage on small servers by limiting Sidekiq concurrency
sidekiq['concurrency'] = 10

# Disable Prometheus monitoring to save memory (optional)
prometheus_monitoring['enable'] = false

# Git data storage path
git_data_dirs({
  "default" => {
    "path" => "/mnt/gitlab-data",
    "failure_count_threshold" => 10,
    "failure_wait_time" => 30
  }
})

After editing, always run sudo gitlab-ctl reconfigure to apply changes.

Step 9: Enable SSL with Let’s Encrypt

GitLab Omnibus includes built-in Let’s Encrypt support. Ensure your domain resolves publicly to your server, then enable it in gitlab.rb:

external_url 'https://gitlab.example.com'

letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['[email protected]']

# Auto-renew certificates
letsencrypt['auto_renew'] = true
letsencrypt['auto_renew_hour'] = 3
letsencrypt['auto_renew_minute'] = 30
letsencrypt['auto_renew_day_of_month'] = "*/14"

Run gitlab-ctl reconfigure. GitLab will request a certificate from Let’s Encrypt, install it, and configure the bundled Nginx to serve HTTPS. The certificate will be stored in /etc/gitlab/ssl/.

If your server is behind a load balancer or does not have public DNS, use your own certificate files instead:

external_url 'https://gitlab.example.com'

nginx['ssl_certificate']     = "/etc/ssl/certs/gitlab.crt"
nginx['ssl_certificate_key'] = "/etc/ssl/private/gitlab.key"

Step 10: Configure SMTP for Email Delivery

To use an external SMTP relay instead of local Postfix, add SMTP settings to gitlab.rb. The example below shows configuration for a generic SMTP server:

gitlab_rails['smtp_enable']               = true
gitlab_rails['smtp_address']              = "smtp.example.com"
gitlab_rails['smtp_port']                 = 587
gitlab_rails['smtp_user_name']            = "[email protected]"
gitlab_rails['smtp_password']             = "your-smtp-password"
gitlab_rails['smtp_domain']               = "example.com"
gitlab_rails['smtp_authentication']       = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls']                  = false
gitlab_rails['smtp_openssl_verify_mode']  = 'peer'

gitlab_rails['gitlab_email_from']         = '[email protected]'
gitlab_rails['gitlab_email_reply_to']     = '[email protected]'

After reconfiguring, test email delivery from the GitLab Rails console:

sudo gitlab-rails console

Notify.test_email('[email protected]', 'GitLab Test', 'Test from GitLab').deliver_now

Type exit to leave the console.

Step 11: Verify Services and Check Status

The gitlab-ctl tool manages all bundled services. Check that all components are running:

sudo gitlab-ctl status

Expected output showing all services as run:

run: alertmanager: (pid 12345) 600s; run: log: (pid 12346) 600s
run: gitaly: (pid 12347) 600s; run: log: (pid 12348) 600s
run: gitlab-exporter: (pid 12349) 600s; run: log: (pid 12350) 600s
run: gitlab-workhorse: (pid 12351) 600s; run: log: (pid 12352) 600s
run: logrotate: (pid 12353) 600s; run: log: (pid 12354) 600s
run: nginx: (pid 12355) 600s; run: log: (pid 12356) 600s
run: postgres-exporter: (pid 12357) 600s; run: log: (pid 12358) 600s
run: postgresql: (pid 12359) 600s; run: log: (pid 12360) 600s
run: puma: (pid 12361) 600s; run: log: (pid 12362) 600s
run: redis: (pid 12363) 600s; run: log: (pid 12364) 600s
run: redis-exporter: (pid 12365) 600s; run: log: (pid 12366) 600s
run: sidekiq: (pid 12367) 600s; run: log: (pid 12368) 600s

If any service shows down, restart it:

sudo gitlab-ctl restart puma
sudo gitlab-ctl restart sidekiq

View logs for a specific service:

sudo gitlab-ctl tail nginx
sudo gitlab-ctl tail puma

Conclusion

GitLab CE is now installed on your RHEL 7 server, accessible over HTTPS with a valid SSL certificate, connected to an external SMTP server for notifications, and ready to host repositories. The Omnibus package approach means all dependencies are self-contained and managed through a single configuration file, making upgrades and backups straightforward. The next step is configuring GitLab CI/CD pipelines — see the companion guide “How to Configure GitLab CI/CD Pipelines on RHEL 7” for a full walkthrough of .gitlab-ci.yml syntax and runner registration.