I’ve started building a small decentralized, non commercial app with a Rust backend + Node.js frontend running on k8s. I would have my own dedicated server for this. Just mentioning the setup because it might grow and for git there seem to be only GitHub and GitLab around and I prefer GitLab.
I care a lot about security and was wondering if it makes sense to self-host GitLab. I‘m not afraid of doing it, but after setup it shouldn’t take more than 1-2 hours per week for me to maintain it in the long run and I’m wondering if that’s realistic.
Would love to hear about the experience of people who did what I’m planning to do.
For self hosting there is also https://forgejo.org/ which is a fork of https://about.gitea.com/ , the latter of which started to shift to a corporate model.
Another upvote for forgeo. So easy to get set up and running. Can run it in docker itself. I tried to host gitlab and got so frustrated with the pages and pages of ruby configs. Forgejo is so much cleaner.
The is also Codeberg
technically the same as forgejo, codeberg is the main forgejo contributor/the org owning it
Gitlab uses a ton of resources and is a pain to setup. Once you get it going, it’s fine.
Going to echo what others have said: Use Gitea or Forgejo instead if you can. Both have runners you can setup like gitlab, but they instead mimic github actions instead of gitlab ci/cd.
I run a semi-private gitea instance, and have not had any problems past the initial setup in 2+ years.
there seem to be only GitHub and GitLab around
Gitea, Forgejo, and cgit exist
And there are others if you look for them.
do the front end in Leptos and host it on ForgeJo
I’m intrigued! But how does it compare to React which is pretty straight forward? I’m not a frontend dev so what’s really great about React is that it works super well with LLMs.
Leptos is very React-like but it’s Rust so it will be Rusty sometimes. you mentioned you’ve done the back end in Rust anyway.
with LLMs do you mean code suggestions like code-pilot or actually integrating with an LLM api?
I remember Gitlab requiring quite a large amount of resources, so if you’re talking about a solo project, I’d skip it and go with something a lot leaner like Gitea, personally.
I’ve never had any security issues with GitHub in the past though, and extended features are free for open source projects, so it’s kind of hard to ignore.
First question is why do you want a forge ? Knowing the feature you need out of it is what should drive your decision.
Personally I would question the benefit of allocating ~5% of your work time to anything that isn’t core building your product but that’s up to you.
Yea a surprisingly small number of people don’t know a git remote can literally be any folder outside of your tree, over almost any kind of connection.
I thought about doing a forge but realized that if I was the only one working on this stuff then I could do the same thing by setting my remote to a folder on my NAS.
Yup, for a solo project that you don’t want to share I would even argue that a forge is close to pointless.
Any ssh remote will work as a backup, you can run the ci/cd task on your own computer just fine (very likely faster even), you obviously don’t need to send PR and request code review to yourself and if a TODO.md isn’t enough to keep track of tasks there’s a billions lightweight task/note tracker.
I use github because I’m a lazy and it works fine as a backup but I don’t need 99% of the features for my pet projects.
I tried hosting Gitlab for a while, but configuration and upgrades were difficult, and your really have to stay on top of updates due to vulnerabilities. It also used a lot of resources and wasn’t super responsive.
I moved to Forgejo (a hard fork of Gitea), and haven’t looked back; I cant recommend it enough. It’s fast, doesn’t take a lot of resources, actively developed, and has all the features I need.
Codeberg is a public instance of Forgejo if you want to try it out first.
Thanks! May I ask what kind of setup you were running and if there’s any feature you might be missing that existed in GitLab but doesn’t in Forgejo?
I was on an old repurposed desktop with 16gb ram and a i7 6700k at the time.
I haven’t felt that I’ve been missing any features from Gitlab. I do use Woodpecker-CI for runners because Forgejo action’s weren’t working for Docker builds, but I think the Forgejo actions have come a long way since I made that decision; I’ll have to try them out again one of these days.
I am selfhosting my Gitlab and it’s one of the less troubling services I run.
I followed their documentation for setup and update gitlab biyearly, as far as I remembered I never had to revert to a backup, even after I skipped updates for a little over a year.
Thanks! What resources are you running it on? I’m looking into a VPS that could host it and ChatGPT recommends 4-8 vCPUs and 16 GB Ram, which sounds reasonable. But let’s say I’m running it on k8s does that leave any room for e.g. running other services on the same cluster?
The container itself has been allocated 4 cores and 4 GiB RAM on my PVE host, RAM usage currently sits at 75%. Before I had 2 GiB of RAM allocated, felt like it was slowed down a little bit by running from a HDD then. The host CPU is an i5-9400, so nothing beefy.
Besides Gitlab, I run Home Assistant, a single tenant Nextcloud instance and pfsense on the same host without any troubles. All services combined have 14 GiB Ram allocated, most of that actually goes to HASS since its doing speech recognition and speech synthesis (6GiB)
I run GitLab with docker compose and watchtower, all the updates are automated and have never caused any issues for me.
That being said my setup uses about 7-8gb of ram.
Thanks! What about CPU usage, how many CPUs did you assign to the environment you run the container in?
The VM is a 6 thread 16gb
OS is currently Ubuntu 22.04.5 LTS (cloud image which is lightweight) just running a very simple docker engine install using the script (plus a few other options since I script the install)
The load averages as of this current moment are
0.12, 0.15, 0.10so not even a full thread is being used.I let the container run unmetered on the CPU and memory.
I can provide both the compose and my install script (which is on the GitLab instance) if you are curious.
Thanks! Super helpful and I’d love to have the compose and install script. I also looked into the Helm charts but still wondering if I should go down that route or not eventually.
Incoming wall of text
Here is my install script to set up Ubuntu since it has a bit of extra steps for privileged ports https://gitlab.meme.beer/-/snippets/1
Docker compose example, note that my config has a shared network with containers in another compose called
nginxto keep traffic inside docker.name: "gitlab" services: gitlab: image: 'gitlab/gitlab-ce:latest' #command: update-permissions restart: always hostname: 'gitlab.example.com' environment: GITLAB_OMNIBUS_CONFIG: | external_url 'https://gitlab.example.com/' pages_external_url 'https://pages.example.com/' pages_nginx['enable'] = true pages_nginx['listen_port'] = 6000 pages_nginx['listen_https'] = false pages_nginx['redirect_http_to_https'] = false #puma['per_worker_max_memory_mb'] = 2048 # 2GB gitlab_rails['gitlab_email_from'] = '[email protected]' gitlab_rails['gitlab_email_display_name'] = 'GitLab' gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.sendgrid.net" gitlab_rails['smtp_port'] = 587 gitlab_rails['smtp_user_name'] = 'apikey' gitlab_rails['smtp_password'] = '$SENDGRID_API_KEY_HERE' gitlab_rails['smtp_domain'] = "smtp.sendgrid.net" gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_tls'] = false gitlab_rails['gitlab_default_theme'] = 2 gitlab_rails['gitlab_shell_ssh_port'] = 2224 gitlab_rails['gitlab_default_projects_features_container_registry'] = true gitlab_rails['registry_enabled'] = true gitlab_rails['registry_api_url'] = 'https://registry.example.com/' gitlab_rails['registry_issuer'] = 'gitlab-issuer' registry['log_level'] = 'info' registry_external_url 'https://registry.example.com/' registry_nginx['enable'] = true registry_nginx['listen_port'] = 5050 registry_nginx['listen_https'] = false registry_nginx['redirect_http_to_https'] = false gitlab_shell['log_level'] = 'INFO' letsencrypt['enable'] = false nginx['error_log_level'] = 'info' nginx['listen_https'] = false #nginx['proxy_protocol'] = true #nginx['trusted_proxies'] = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"] # Workhorse gitlab_workhorse['enable'] = true gitlab_workhorse['ha'] = false gitlab_workhorse['listen_network'] = "tcp" gitlab_workhorse['listen_addr'] = "127.0.0.1:8181" gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse" # Errors # for sentry error logging the GitLab service #gitlab_rails['sentry_enabled'] = true #gitlab_rails['sentry_dsn'] = '' #gitlab_rails['sentry_clientside_dsn'] = '' #gitlab_rails['sentry_environment'] = 'production' # Add any other gitlab.rb configuration here, each on its own line networks: - nginx ports: # gitlab loves https on 443 #- '80:80' #- '443:443' - '2224:22' volumes: - ./config:/etc/gitlab - ./logs:/var/log/gitlab - ./data:/var/opt/gitlab shm_size: '256m' #deploy: # resources: # limits: # cpus: '6' # memory: 12G # reservations: # cpus: '4' # memory: 6G # disable healthcheck for restoring backup #healthcheck: # disable: true networks: nginx: external: true name: nginx
I have been maintaining several self-hosted GitLab instances over the past 5 years, and it rarely takes me longer than 20minutes per update.
Their upgrade paths are clearly marked and well thought out. Their packaging methods are of great quality.
You will not regret going with GitLab.
Thank you! I’m running a Servarr over Docker Compose, and have managed some Kubernetes clusters in the past (although poorly tbh). Any idea how complicated that is in comparison? Also, do you use their Helm charts?
I do straight VM installations unfortunately. I am too stupid for K8s. But seeing how the rest of their stuff is packaged, I suspect you will be fine!
What are the features you need from your host? If it’s just remote syncing, why not just make a small Debian system and install git on it? You can manage security on the box itself. Do you need the overhead of gitlab at all?
I say this because I did try out hosting my own GitLab, GitTea, Cogs, etc and I just found I never needed any of the features. The whole point was to have a single remote that can be backed up and redeployed easily in disaster situations but otherwise all my local work just needed simple tracking. I wrote a couple scripts so my local machine can create new repos remotely and I also setup ssh key on the remote machine.
I don’t have a complicated setup, maybe you do, not sure. But I didn’t need the integrated features and overhead for solo self hosting.
For example, one of my local machine scripts just executes a couple commands on the remote to create a new folder, cd into it, and then run
git init —barethen I can just clone the new project folder on the local machine and get started.I would actually want to use it to integrate with k8s. I would deploy the app on Kubernetes and do load balancing + pointing at a Cloudflare domain so I would need the whole thing to be solid. I think I do need a lot of the features, but I don’t think I necessarily need to have GitLab if something FOSS could offer the same.
