You need a reliable code repository with built-in CI/CD, issue tracking, and private project management. Installing GitLab on Ubuntu 26.04 LTS gives you a self-hosted DevOps platform that stays under your full control.
This guide walks you through the entire process of installing GitLab on Ubuntu 26.04 from a fresh server to a secure, production-ready instance. You will learn not only how to run each command but also why each step matters for stability and security.
By the end, you will have GitLab on Ubuntu 26.04 configured with HTTPS, proper firewall rules, and the basic hardening a senior sysadmin expects.
Prerequisites
Before you begin this Linux server tutorial, make sure you meet these requirements:
- Operating system: Ubuntu 26.04 LTS server (64-bit)
- Access: Root privileges or a user with
sudorights - Hostname: A valid domain or subdomain pointing to your server IP (FQDN)
- Resources:
- At least 4 GB RAM (8 GB recommended for smooth performance)
- 20 GB free disk space
- Network:
- Outbound internet access to download packages
- Inbound access for SSH (port 22), HTTP (port 80), and HTTPS (port 443)
- Tools already on the system:
aptpackage managercurlorwget- Text editor (
nanoorvim)
You will configure GitLab on Ubuntu 26.04 using GitLab’s official Omnibus package, which bundles all dependencies into a single install.
Step 1: Update Your System and Install Dependencies
Why update first?
Updating your system ensures you have the latest security patches and package metadata. This reduces the chance of conflicts when you add the GitLab repository and install the package.
If you skip this step, you might pull in older libraries that cause dependency issues later.
1.1 Refresh package lists and upgrade
sudo apt update && sudo apt upgrade -y
apt updaterefreshes the package index from Ubuntu repositories.apt upgrade -yupgrades all installed packages to their latest versions and automatically answers “yes” to prompts.
You should see output like:
Hit:1 http://archive.ubuntu.com/ubuntu noble InRelease
...
Reading package lists... Done
Building dependency tree... Done
...
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
If packages are upgraded, the last line will show a count of upgraded packages.
1.2 Install required tools
sudo apt install -y curl ca-certificates openssh-server tzdata perl
What each package does:
curl: Downloads files from the internet, used to fetch the GitLab repository script.ca-certificates: Provides trusted SSL certificates so HTTPS connections work without errors.openssh-server: Enables SSH access, which is required for Git over SSH and remote server management.tzdata: Sets your system timezone so logs and CI/CD jobs have correct timestamps.perl: A scripting language required by some GitLab components.
You will use curl soon to add the GitLab repository, so having it installed now prevents errors later.
Step 2: Add the Official GitLab Repository
Why use the official repository?
GitLab’s Omnibus package is not in Ubuntu’s default repositories. The official GitLab repository provides:
- The latest stable GitLab CE or EE versions
- Security updates
- A supported installation path documented by GitLab itself
Using third-party or outdated repositories can lead to broken installs or missing features.
2.1 Download and run the GitLab repository script
Choose CE (Community Edition) or EE (Enterprise Edition). For most users, CE is sufficient.
For GitLab CE:
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
For GitLab EE:
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
What this does:
curl -sSdownloads the repository script silently but shows errors if something fails.- The script adds the GitLab package repository to your system’s
sources.list.ddirectory. sudo bashruns the script with root privileges so it can modify system package sources.
You should see output indicating the repository was added successfully, something like:
Repository: GitLab CE
Type: deb
URL: https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu
2.2 Verify the repository
Check that the GitLab repository exists:
apt-cache policy gitlab-ce
You should see a line like:
gitlab-ce:
Installed: (none)
Candidate: 17.0.0-ce.0
Version table:
17.0.0-ce.0 500
500 https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu noble/main amd64 Packages
This confirms your system can find the GitLab package.
Step 3: Install GitLab with EXTERNAL_URL
Why set EXTERNAL_URL during install?
The EXTERNAL_URL option tells GitLab which address users will use to access it. GitLab uses this value for:
- Internal redirects
- Link generation in emails and notifications
- Web UI routing
If you skip this or set it incorrectly, you may get broken links or redirect loops.
3.1 Install GitLab CE
Use your domain or subdomain name in place of gitlab.example.com:
sudo EXTERNAL_URL="http://gitlab.example.com" apt install -y gitlab-ce
EXTERNAL_URL="http://gitlab.example.com"sets the base URL.apt install -y gitlab-ceinstalls the GitLab Community Edition package.- The
-yflag automatically confirms the installation.
What happens during install:
- GitLab’s Omnibus package is downloaded and installed.
- Dependencies are resolved.
- GitLab services are installed but not fully configured yet.
You will see progress output as packages are unpacked and configured.
3.2 Replace with your real hostname
If you do not have a real domain yet, you can use a temporary hostname and change it later:
sudo EXTERNAL_URL="http://gitlab.yourdomain.com" apt install -y gitlab-ce
For local testing, you can also map a hostname in /etc/hosts, but for production use a real DNS record.
Step 4: Reconfigure GitLab and Start Services
Why run gitlab-ctl reconfigure?
Installing the package alone does not fully configure GitLab. You must run gitlab-ctl reconfigure to:
- Parse
/etc/gitlab/gitlab.rb - Generate configuration files for Nginx, PostgreSQL, Redis, and other services
- Start and enable all GitLab services
Without this step, GitLab will not run properly.
4.1 Run reconfigure
sudo gitlab-ctl reconfigure
What this does:
- Reads your
gitlab.rbconfiguration file. - Writes configs to
/etc/gitlaband related directories. - Starts services like
nginx,postgresql,redis,sidekiq, andpuma.
You will see output with lines like:
==> Configuring /etc/gitlab/gitlab_rb ...
==> Running handler restart ...
The process can take several minutes on the first run.
4.2 Check service status
Verify that all services are running:
sudo gitlab-ctl status
You should see run for most services:
run: nginx: (pid 1234) 120s
run: postgresql: (pid 1235) 150s
run: redis: (pid 1236) 150s
run: sidekiq: (pid 1237) 100s
run: puma: (pid 1238) 95s
If any service shows down, check logs with:
sudo gitlab-ctl tail <service-name>
Replace <service-name> with nginx, puma, etc.
Step 5: Find the Initial Root Password and Log In
Why act quickly on the root password?
On first install, GitLab generates a random root password and stores it in a file. For security, GitLab removes this file after some time. If you miss it, you must reset the password manually.
5.1 Read the initial root password
sudo cat /etc/gitlab/initial_root_password
You should see output like:
Password: abc123def456...
Copy this password and store it securely.
Note: This file is deleted automatically after 24 hours.
5.2 Access GitLab in your browser
Open your browser and go to:
http://gitlab.example.com
Replace gitlab.example.com with your EXTERNAL_URL value.
- Log in as root
- Use the password from the file above
- You will be forced to change the password on first login
After changing the password, you now have a working GitLab on Ubuntu 26.04 instance.
Step 6: Configure Firewall and HTTPS for Production
Why configure firewall and HTTPS?
A default GitLab install listens on HTTP by default. For production:
- You must restrict access to only necessary ports.
- You must use HTTPS to protect logins, tokens, and Git traffic.
This is a core part of configure GitLab on Ubuntu 26.04 for real use.
6.1 Open required ports with UFW
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable
- Port 22: SSH for Git operations and server access.
- Port 80: HTTP for initial access and Let’s Encrypt challenges.
- Port 443: HTTPS for secure access.
ufw enableturns on the firewall.
Confirm the rules:
sudo ufw status
You should see:
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
6.2 Enable HTTPS with Let’s Encrypt (GitLab-managed)
Edit the GitLab configuration file:
sudo nano /etc/gitlab/gitlab.rb
Find and set:
external_url 'https://gitlab.example.com'
letsencrypt['contact_emails'] = ['admin@example.com']
nginx['ssl_certificate'] = nil
nginx['ssl_certificate_key'] = nil
external_urlnow useshttps://so GitLab knows you want secure access.letsencrypt['contact_emails']sets the email for Let’s Encrypt notifications.- Leaving
ssl_certificateasniltells GitLab to request a certificate automatically.
Save and exit, then reconfigure:
sudo gitlab-ctl reconfigure
GitLab will request a certificate from Let’s Encrypt and configure Nginx for HTTPS.
Test by visiting:
https://gitlab.example.com
You should see a secure connection with a valid certificate.
6.3 Alternative: Use your own SSL certificate
If you already have certificates from another provider:
external_url 'https://gitlab.example.com'
nginx['ssl_certificate'] = '/etc/gitlab/ssl/gitlab.example.com.crt'
nginx['ssl_certificate_key'] = '/etc/gitlab/ssl/gitlab.example.com.key'
letsencrypt['enable'] = false
Then run:
sudo gitlab-ctl reconfigure
This is useful when you run a reverse proxy or manage certificates externally.
Troubleshooting Common Errors
1. EXTERNAL_URL mismatch or redirect loops
Symptom: Browser shows redirect loops or 404 errors.
Cause: EXTERNAL_URL does not match your domain or DNS is not pointing correctly.
Fix:
- Ensure your domain points to your server IP.
- Edit
/etc/gitlab/gitlab.rb:external_url 'https://gitlab.example.com' - Save and run:
sudo gitlab-ctl reconfigure
The redirect issue usually disappears once the URL and DNS match.
2. GitLab services stuck in “down” state
Symptom: gitlab-ctl status shows some services as down.
Cause: Missing dependencies, disk space issues, or memory constraints.
Fix:
- Check disk space:
df -h - Check memory:
free -h - View logs for the failing service:
sudo gitlab-ctl tail <service-name> - Fix resource issues, then run:
sudo gitlab-ctl reconfigure sudo gitlab-ctl restart
3. initial_root_password file missing or empty
Symptom: You cannot find /etc/gitlab/initial_root_password.
Cause: The file was deleted after 24 hours or you installed GitLab earlier.
Fix:
Reset the root password manually:
sudo gitlab-rake gitlab:password:reset
You will be prompted to set a new root password. Store it securely.
4. HTTPS certificate errors
Symptom: Browser shows “certificate not trusted” or Let’s Encrypt fails.
Cause: Wrong domain, port 80 blocked, or DNS not propagating.
Fix:
- Ensure port 80 is open:
sudo ufw allow 80/tcp - Verify DNS points to your server:
dig gitlab.example.com - Re-run Let’s Encrypt:
sudo gitlab-ctl reconfigure
Let’s Encrypt needs port 80 open to validate your domain.
5. SSH Git operations fail
Symptom: git clone git@domain.com:user/repo.git fails.
Cause: SSH port blocked or GitLab SSH port misconfigured.
Fix:
- Ensure port 22 is open:
sudo ufw allow 22/tcp - Check GitLab SSH settings in
/etc/gitlab/gitlab.rb:gitlab_rails['gitlab_shell_ssh_port'] = 22 - Reconfigure:
sudo gitlab-ctl reconfigure
[su_box title=”VPS Manage Service Offer” style=”bubbles” box_color=”#000000″ radius=”10″]If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal![/su_box]
