Quick Start – Install GitLab in 5 Minutes
Just rented a brand new CentOS Stream 9 VPS and want to see results immediately? Run this command sequence with root privileges. I’ll explain each line in detail right below.
# Update system and install dependencies
dnf update -y
dnf install -y curl policycoreutils-python-utils openssh-server perl
# Add GitLab repository
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash
# Install GitLab (replace 'gitlab.example.com' with your IP or domain)
EXTERNAL_URL="http://gitlab.example.com" dnf install -y gitlab-ce
# Open ports on Firewall
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-service=ssh
firewall-cmd --reload
Once the commands finish, wait about 1 minute for services to initialize, then access your domain to check the result.
Why Choose CentOS Stream 9 to Run GitLab?
Previously, CentOS 7 was the “king of stability” in my book. However, since Red Hat changed the game, I’ve gradually moved systems to CentOS Stream 9. In practice, this version handles I/O exceptionally well thanks to the new Kernel, making Git Push/Pull operations significantly smoother.
Running your own GitLab CE (Community Edition) provides absolute freedom. You have full control over your data, no worries about repository limits, and no spending hundreds of dollars a month on GitHub user fees. For high-security projects, hiding GitLab behind a VPN is currently the safest option.
Hardware Configuration: Don’t Skimp on RAM
Installing GitLab on a 1GB RAM VPS is a “fatal” mistake. You’ll see 502 errors constantly because Ruby on Rails and Sidekiq consume massive resources. Here are the recommended specs for a team of about 10-20 people:
- RAM: Minimum 4GB (8GB recommended to keep CI/CD running smoothly without hanging).
- CPU: 2 Cores (Prioritize high clock speeds).
- Storage: 20GB free (SSD/NVMe recommended to avoid bottlenecks when multiple people commit simultaneously).
- OS: Clean CentOS Stream 9 x86_64.
Detailed Deployment Steps
Step 1: Environment Preparation
GitLab requires a few tools for SSH management and email notifications. On CentOS Stream 9, this is extremely simple using the dnf package manager.
dnf install -y curl policycoreutils-python-utils openssh-server perl
Next, download the official repository configuration script from GitLab. This script will automatically detect your OS and add the necessary download sources to your system.
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash
Step 2: Installation and URL Setup
During installation, you should declare the EXTERNAL_URL variable immediately. This is the address you’ll use to access the web interface. If you haven’t pointed a domain yet, you can temporarily use your server’s IP.
EXTERNAL_URL="http://192.168.1.100" dnf install -y gitlab-ce
This process usually takes 3 to 5 minutes. GitLab will automatically trigger gitlab-ctl reconfigure to install the full package of PostgreSQL, Redis, and Nginx for you.
Securing the Server with Firewalld and SELinux
Many developers tend to disable Firewall and SELinux to avoid minor issues. However, with a server holding all your intellectual property (source code), doing so is like leaving your front door wide open for hackers.
Firewalld Configuration
Open only the three essential ports: HTTP (80), HTTPS (443), and SSH (22). Other ports should be tightly closed to minimize port scanning risks.
firewall-cmd --permanent --add-service={http,https,ssh}
firewall-cmd --reload
Living with SELinux
CentOS Stream 9 defaults to Enforcing mode for SELinux. Don’t disable it. GitLab supports SELinux very well. If you change the default SSH port (e.g., to 2222), just run the following command to allow SELinux connections:
semanage port -a -t ssh_port_t -p tcp 2222
How to Get the Initial Admin Password
GitLab no longer allows setting a password during installation; instead, it generates a random string for the root account. To view this password, read the following file:
cat /etc/gitlab/initial_root_password
Important Note: The system will automatically delete this file after 24 hours. You need to log in immediately and go to User Settings -> Password to change your personal password.
Upgrading to HTTPS with Let’s Encrypt (Free)
Sending code via HTTP is a major risk because data is transmitted in plain text. Fortunately, GitLab has built-in Let’s Encrypt integration. You just need to edit the configuration file:
vi /etc/gitlab/gitlab.rb
Find and update the following parameters:
external_url 'https://gitlab.yourdomain.com'
letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['[email protected]']
Finally, run the gitlab-ctl reconfigure command to have GitLab automatically request the SSL certificate and configure Nginx for you.
Pro Tips: Troubleshooting Issues
Here are a few tips I’ve gathered after many times “rescuing” GitLab systems:
- 502 Whoops Error: Don’t rush to restart the server. Usually, it’s because the Puma service hasn’t finished starting after a reconfigure. Be patient for 2 minutes; the error will resolve itself.
- Enable Swap: If the server RAM is only 4GB, create an additional 2GB-4GB of Swap on the SSD. This helps prevent the server from “freezing” when the team handles large Merge Requests with hundreds of files.
- Backup Strategy: Code is life. Use a Cronjob to run
gitlab-rake gitlab:backup:createevery night and push the.tarfile to another server or S3. - Health Check: Use the
gitlab-ctl statuscommand to see exactly which component (Redis, Postgres, Gitaly…) is having issues.
Building your own code management system isn’t hard; the hard part is maintaining its stability. I hope this article gives you more confidence when deploying GitLab on CentOS Stream 9. Good luck!

