So, I've got this ubuntu server VM. It's currently just running nginx and this Ghost blog. Now I want to add Gitlab on a subdomain (gitlab.steinar.io), preferably on this same VM.

I think docker is the way to go for my scenario based on what i've heard about it. My knowledge of docker is very limited, but I guess I should just dive in. I used these docs.

1. Installing docker:

sudo apt-get update

Add the key for docker's repo:
sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D

Add the repo:
sudo apt-add-repository 'deb https://apt.dockerproject.org/repo ubuntu-xenial main'

sudo apt-get update again

Install docker!
sudo apt-get install -y docker-engine

2. Change the ssh port, to allow gitlab to use port 22 (optional but recommended):

Note that if you're currently using port 22 for ssh on your server, I reccommend changing that port to something else, for example 2222. This allows you to use 22 for gitlab, which makes it a bit easier to pull and push to your git server without having to fiddle with ports.

If you're using ufw firewall, allow access through port 2222:
sudo ufw allow 2222

then edit the port in the ssh config
vim /etc/ssh/sshd_config

find the line with the port, change it to 2222 and run
service sshd restart

also, on your local machine you can edit your ssh config file and add this new port for quick easy ssh access.

sudo vim ~/.ssh/config

Host steinar
    HostName <your server host name or ip>
    User steinar
    Port 2222
    IdentityFile ~/.ssh/<identityfilename>

3. Setting up a Gitlab docker image

I read through these docs.

Since nginx is running on this server, listening to 80 and 443, I figured Gitlab should be running on a different port, and I would then use an nginx proxy. For now i'll just configure this without SSL and worry about that later.

I ran this:

sudo docker run --detach \
    --hostname gitlab.steinar.io \
    --publish 8929:80 --publish 22:22 \
    --name gitlab \
    --restart always \
    --volume /srv/gitlab/config:/etc/gitlab \
    --volume /srv/gitlab/logs:/var/log/gitlab \
    --volume /srv/gitlab/data:/var/opt/gitlab \
    gitlab/gitlab-ce:latest

4. Configure nginx

I made this very basic nginx vhost config, using proxypass to point at the port we configured in step 3 (8929 in my case).

sudo vim /etc/nginx/sites-available/gitlab

server {
    listen 80;
    listen [::]:80;
    server_name gitlab.steinar.io;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header HOST $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://localhost:8929;
        proxy_redirect off;
    }
}

enabled it:

sudo ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab

restarted nginx:
sudo service nginx restart

And Voila! It seems to work!

I can now navigate to gitlab.steinar.io and reset the root password. I also logged in to the admin interface and disabled public registrations.

5. Securing Gitlab with SSL

I went with a similar approach as with my Ghost blog. I used Let's Encrypt, but that's material for an additional blog post, might be the next one!

In the meantime:
Here are the instructions I used for Ghost.
(Just set this up for example in /var/www/gitlab/ instead of /var/www/ghost/).

A note about RAM

Gitlab takes a up a whole lot of memory. I needed to upgrade my host to 4gb ram for it to run smoothly, at DigitalOcean that would set me back 40$/month.

Gitlab resources
Memory usage was close to 100% untill I increased available memory to 4gb

I picked a bare-metal option from Scaleway with 8gb ram, 50gb SSD storage, 4 cpu cores for around 11€/month. More than enough for a much more reasonable price. Migrating was very easy thanks to docker!

Big thanks to Gaui.is for his tips.