GitLab is a great open source git repository and much, much, more. The thing i like the most about it is that I can deploy it myself and create my own place to store code, track needed changes, collaborate with others.
There is a port and a great tutorial, provided by Matthias Fechner on how to install it on FreeBSD. His tutorial doesn’t cover specific issues that relate to installation in a jail. I only had to change a couple of settings and I would like to document it here so that I can refer to it if I need to create a new installation.
These difference come from the fact that a FreeBSD jail doesn’t have a ‘127.0.0.1’ address attached to localhost. Localhost for a freebsd jail is the main IP of the jail.
This is sometimes a problem, not specific to GitLab, even more so when the main jail IP is also a public IP and the software being installed assumes that only someone with local privileges would be able to connect to localhost.
Specifically I followed Matthias Fechner’s 12.6 guide, the most recent available at the time of installation.
The problem comes when the Postgresql ‘git’ doesn’t have permissions to do do anything from my jail IP. Of course the default Postgresql permissions allowed anyone from 127.0.0.1 to connect and do whatever… but not from my localhost, which is my public IP. So I had to add an entry to allow my IP to connect.
I had to edit the /var/db/postgres/data11/pg_hba.conf and add:
1 | host all git MY IP ADDRESS/32 trust |
This effectively allows the user ‘git’ connecting from MY IP ADDRESS to have access to Postgresql.
The same concept will need to be applied when modifying the various settings, when connections from ‘127.0.0.1’ are expected, they will actually come from your jail main IP address.
Just a note, I did not check the security consequences of making this changes, my setup is behind a firewall, so, for all practical purposes, everything is still only allowed on localhost, but if that was not the case i would have research it a bit.
That was it. With this everything is working great so far. Next i might want to move the Postgresql to a separate jail. For automated backup purposes I prefer to have ‘databases’ jails separated other jails, this is because to backup the raw database files without specific actions (in general making sure that no write is happening during backup) will generate bad (as corrupt or inconsistent) backups.