Skip to content

GitLab App


GitLab is the complete DevOps platform.

Custom gitlab.yml

GitLab is customized using GitLab's admin interface. Some options can ony be changed in gitlab.yml. For such situations, use the File Manager and modify /app/data/gitlab.yml and restart the app.

Disabling registration

By default, GitLab allows external people to sign up. This can be disabled to restrict use only to Cloudron users as follows:

GitLab > Admin area > Settings > Features > remove the check mark "Sign-up enabled"

GitLab Runner for CI

GitLab CI involves installing one or more GitLab Runners. These runners carry out tasks as instructed by the main GitLab installation. When installing a runner, you have to select the project tags to which the runner will respond and the type of tasks ("executor") it can carry out. For example, there is a Shell executor, Docker execuctor etc.

Once GitLab runner is installed, you have to add the runner in GitLab. When adding the runner in GitLab, you can decide how GitLab schedules tasks in the runner ie. if the runner is exclusive to a project ('Specific Runner') or shared between projects ('Shared Runner) or specific to a group ('Group Runner').

Cloudron's GitLab package can be used with GitLab Runner as follows.

  • First create a new server and install GitLab Runner on it following the instructions at GitLab docs. In short:
    # For ubuntu
    curl -L | sudo bash
    sudo apt-get install gitlab-runner
  • Get the token listed in GitLab under https://<>/admin/runners (under shared runners section).

  • Register the runner with the token from the above step

    root@localhost:~# sudo gitlab-runner register
    Running in system-mode.                            

    Please enter the gitlab-ci coordinator URL (e.g.
    Please enter the gitlab-ci token for this runner:
    Please enter the gitlab-ci description for this runner:
    [localhost]: Shell Jobs Runner
    Please enter the gitlab-ci tags for this runner (comma separated):

    Whether to lock the Runner to current project [true/false]:
    [true]: false
    Registering runner... succeeded                     runner=xzdZgdsX
    Please enter the executor: docker, docker-ssh, shell, ssh, virtualbox, docker-ssh+machine, parallels, docker+machine, kubernetes:
    Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! 
  • The Runner should now be listed under https://<>/admin/runners.

  • Now push a .gitlab-ci.yml to your project to start using the runner.

Rails Console

To open a rail console, first open the Web terminal and then run:

    sudo -u git bundle exec rails c -e production

Reset Admin Password

To reset the admin password, run the following commands using the Web terminal:

# sudo -u git bundle exec rails c -e production
=> user = User.where(id: 1).first
=> user.password = 'NEW_PASS'
=> user.password_confirmation = 'NEW_PASS'
=> exit

App Settings

There are various other settings GitLab supports via gitlab.rb. On Cloudron those are specified in /app/data/gitlab.yml. The upstream docs are referring to the key style of gitlab.rb and the mapping of keys for the yml file are described here.

Incoming Email

GitLab has several features based on receiving incoming email messages:

  • Reply by Email
  • New issue by Email
  • New merge request by email
  • Service Desk.

See the upstream docs for more information.

Set up

If you are not using Cloudron Email server, configure production.incoming_email in /app/data/gitlab.yaml with the IMAP information. The mailroom service is automatically started withen production.incoming_email.enabled is set to true (verify using supervisorctl status in the Web Terminal).

If you are using Cloudron Email on the same server as the Gitlab installation:

  • Create a mailbox say

  • Set the inbox to use in the Email section of the app. When configured, Cloudron will configure GitLab to use Email sub-addressing and the mailroom service is enabled.

Careful about the incoming email domain

GitLab recommends using a subdomain for incoming email in their security note. On Cloudron, you can add the subdomain in the Domains view, enable email server for the subdomain and then select a subdomain email address.


  • Reply by Email - Each issues has a per user email address. Click on the ribbon in the issue page to find this address.

  • New issue by Email - You will find the unique email address per user in the issues page of the project.

  • Service Desk - Enable this for a project in Settings -> General -> Service Desk. The support desk email address is displayed here.

  • Service Desk custom address - This step is only required if you want to a set a different support email address than the incoming email address. To set a custom Service Desk address which is shared for the full instance, add a section service_desk_email in /app/data/gitlab.yml as mentioned here:

production: &base
  ... other configs ...

    enabled: true
    address: "project_contact+%{key}"
    user: ""
    password: "[REDACTED]"
    host: ""
    port: 993
    ssl: true
    start_tls: false
    log_path: "log/mailroom.log"
    mailbox: "inbox"
    idle_timeout: 60
    expunge_deleted: true

Be sure to restart GitLab after making the above changes.

Migration to Cloudron

This guide aims to assist in migrating an already running Gitlab into the Gitlab Cloudron app.

If you have any problems please do not delay and seek help in the Forum.

This guide got written for a migration from a Gitlab installation via Omnibus.

Make sure both Gitlab instances are running the same version! Before continuing to the next step!

The backup Rake task GitLab provides does not store your configuration files. The primary reason for this is that your database contains items including encrypted information for two-factor authentication and the CI/CD secure variables. Storing encrypted information in the same location as its key defeats the purpose of using encryption in the first place.

At the very minimum, you must backup:

For Omnibus:

  • /etc/gitlab/gitlab-secrets.json
  • /etc/gitlab/gitlab.rb

For installation from source:

  • /home/git/gitlab/config/secrets.yml
  • /home/git/gitlab/config/gitlab.yml

NOTE! Since we are switching from Omnibus TO a source installation (The Cloudron Gitlab app is a source installation) we will need to convert the gitlab-secrets.json to secrets.yml.

Also in the converted secrets.yml you will need to change gitlab_rails: to production: - otherwise gitlab will generate new secrets for rails.

Create a backup of your running Gitlab

Gitlab Documentation - Backup and Restore

GitLab 12.2 or later:

bash sudo gitlab-backup create

GitLab 12.1 and earlier:

bash gitlab-rake gitlab:backup:create

If you installed GitLab from source, use the following command: (This is how to do it in Cloudron)

bash sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production

For more examples please visit the official Gitlab Documentation - Backup and Restore

Save the generated file I.e. 1632462433_2021_09_24_14.2.4_gitlab_backup.tar on your local computer.

Change the database owner in the created backup

In the Omnibus version the default user for the database was gitlab in my case.

You need to change this into the PostgreSQL user provided by Cloudron.

Go into the Web terminal of your Cloudron Gitlab app to get the username:

# echoing the single variable

# getting all Postgresql variables
printenv | grep -i POSTGRES

The content of the backup looks like this:

├── artifacts.tar.gz
├── backup_information.yml
├── builds.tar.gz
├── db
   └── database.sql.gz
├── lfs.tar.gz
├── pages.tar.gz
├── repositories
   └── @hashed
└── uploads.tar.gz

Extract the database.sql.gz to edit the database.sql.

We will need to replace all OWNER TO gitlab; strings to OWNER TO userd5499e3cf81b43d093724d69fa223688;.

Save the database.sql and gzip the file back into the database.sql.gz.

Put it back together into the 1632462433_2021_09_24_14.2.4_gitlab_backup.tar.

Example all done in a terminal:

# Move the created backup into a seperate folder for extraction
# Extract the created tar
tar -xf 1632745419_2021_09_27_14.2.4_gitlab_backup.tar

# decompress the gziped database.sql.gz
gzip -d db/database.sql.gz

# replace all `OWNER TO gitlab;` with `OWNER TO OWNER TO userd5499e3cf81b43d093724d69fa223688;`
sed -e 's/OWNER TO gitlab;/OWNER TO userd5499e3cf81b43d093724d69fa223688;/' -i db/database.sql

# compress the `database.sql`
gzip db/database.sql

# Create the new `1632745419_2021_09_27_14.2.4_gitlab_backup.tar`
# You will get a warning since it wont tar it self
tar -cf 1632745419_2021_09_27_14.2.4_gitlab_backup.tar ./
tar: ./1632745419_2021_09_27_14.2.4_gitlab_backup.tar is the archive; not backed up.

Restoring the Backup

  • Upload the new tar to the Gitlab Cloudron app to /app/data/backups/1632745419_2021_09_27_14.2.4_gitlab_backup.tar.
  • Upload the converted secrets.yml to /app/data/secrets.yml
  • Create a snapshot of the running Cloudron Gitlab app (this way we can jump back if something does not work, and you won't need to re-upload the backup)
  • Open the Web terminal of the Cloudron Gitlab app and run the restore
sudo -u git -H GITLAB_ASSUME_YES=1 bundle exec rake --trace gitlab:backup:restore RAILS_ENV=production

Now the restore should start looking something like this:

`/home/git` is not writable.
Bundler will use `/tmp/bundler20210927-435-134v1je435' as your home directory temporarily.
. . .
2021-09-24 06:22:36 +0000 -- done
2021-09-24 06:22:36 +0000 -- Restoring uploads ... 
2021-09-24 06:22:36 +0000 -- done
2021-09-24 06:22:36 +0000 -- Restoring builds ... 
2021-09-24 06:22:36 +0000 -- done
2021-09-24 06:22:36 +0000 -- Restoring artifacts ... 
2021-09-24 06:22:36 +0000 -- done
2021-09-24 06:22:36 +0000 -- Restoring pages ... 
2021-09-24 06:22:36 +0000 -- done
2021-09-24 06:22:36 +0000 -- Restoring lfs objects ... 
2021-09-24 06:22:36 +0000 -- done

Now migrate your custom settings from the gitlab.rb settings into /app/data/gitlab.yml file.

Restart the Cloudron Gitlab app.

Now everything should work as intended.

Migration of Gitlab Users to Cloudron LDAP Users

You might want to link old Gitlab users to the new Cloudron LDAP Users. This is rather simple, just make sure the username of the user is the same as in Cloudron.

Example: Gitlab username is tina.testing so the Cloudron username should also be tina.testing