How to Install GitBucket with Nginx on Ubuntu

GitBucket is an open-source Git web platform powered by Scala. It provides a Github-like user interface features such as Git repository hosting via HTTP and SSH, issues, wiki, repository viewer, and pull requests. It comes with a rich set of features. Some of them are listed below:

• Intuitive UI
• Support for GitLFS
• Support Public and Private Git repositories
• Activity timeline and email notifications
• API compatibility with GitHub
• Account and group management

In this tutorial, we will explain how to install GitBucket with Nginx on Ubuntu 20.04.

Prerequisites

• A server running Ubuntu 20.04 with 2 GB of RAM.
• A valid domain name pointed with your server.
• A root password is configured on your server.

Install Java

GitBucket is based on Java so you will need to install it in your system. You can install it with the following command:

apt-get install default-jdk -y

Once installed, verify the Java version using the following command:

java -version

You should get the following output:

openjdk version "11.0.7" 2020-04-14
OpenJDK Runtime Environment (build 11.0.7+10-post-Ubuntu-3ubuntu1)
OpenJDK 64-Bit Server VM (build 11.0.7+10-post-Ubuntu-3ubuntu1, mixed mode, sharing)

Once you are done, you can proceed to the next step.

Install and Configure GitBucket

Before starting, it is a good idea to create separate user and group to run GitBucket. You can create a new group and user named gitbucket with the following command:

groupadd -g 555 gitbucket
useradd -g gitbucket --no-user-group --home-dir /opt/gitbucket --no-create-home --shell /usr/sbin/nologin --system --uid 555 gitbucket

Next, create a new directory for GitBucket with the following command:

mkdir /opt/gitbucket

Next, download the latest version of the GitBucket inside the GitBucket directory:

cd /opt/gitbucket
wget https://github.com/gitbucket/gitbucket/releases/download/4.33.0/gitbucket.war

Next, change the ownership of the GitBucket directory:

chown -R gitbucket:gitbucket /opt/gitbucket

GitBucket comes with an embedded H2 database. You can create a new database configuration file with the following command:

nano /opt/gitbucket/database.conf

Add the following lines:

db {
  url = "jdbc:h2:${DatabaseHome};MVCC=true"
  user = "sa"
  password = "sa"
}

Save and close the file when you are finished.

Create Systemd Service File for GitBucket

Next, you will need to create a systemd service file to manage the GitBucket service. You can create it using the following command:

nano /etc/systemd/system/gitbucket.service

Add the following lines:

# GitBucket Service
[Unit]
Description=Manage Java service

[Service]
WorkingDirectory=/opt/gitbucket
ExecStart=/usr/bin/java -Xms128m -Xmx256m -jar gitbucket.war
User=gitbucket
Group=gitbucket
Type=simple
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target

Save and close the file when you are finished. Then, reload the systemd daemon using the following command:

systemctl daemon-reload

Next, start the GitBucket service and enable it to start after system reboot with the following command:

systemctl start gitbucket
systemctl enable gitbucket

Next, verify the status of the GitBucket service with the following command:

systemctl status gitbucket

You should get the following output:

? gitbucket.service - Manage Java service
     Loaded: loaded (/etc/systemd/system/gitbucket.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2020-05-14 02:27:13 UTC; 10s ago
   Main PID: 93029 (java)
      Tasks: 36 (limit: 2282)
     Memory: 324.9M
     CGroup: /system.slice/gitbucket.service
             ??93029 /usr/bin/java -Xms128m -Xmx256m -jar gitbucket.war

May 14 02:27:19 ubuntu2004 java[93029]: 2020-05-14 02:27:19.868:INFO:oejs.session:main: DefaultSessionIdManager workerName=node0
May 14 02:27:19 ubuntu2004 java[93029]: 2020-05-14 02:27:19.868:INFO:oejs.session:main: No SessionScavenger set, using defaults
May 14 02:27:19 ubuntu2004 java[93029]: 2020-05-14 02:27:19.875:INFO:oejs.session:main: node0 Scavenging every 600000ms
May 14 02:27:20 ubuntu2004 java[93029]: 02:27:20.261 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
May 14 02:27:20 ubuntu2004 java[93029]: 02:27:20.691 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
May 14 02:27:20 ubuntu2004 java[93029]: 02:27:20.697 [main] WARN  slick.util.AsyncExecutor - Having maxConnection > maxThreads can result in d>
May 14 02:27:20 ubuntu2004 java[93029]: 02:27:20.721 [main] INFO  g.core.servlet.InitializeListener - Check version
May 14 02:27:20 ubuntu2004 java[93029]: 02:27:20.721 [main] INFO  g.core.servlet.InitializeListener - Start schema update
May 14 02:27:22 ubuntu2004 java[93029]: 02:27:22.156 [main] INFO  l.servicelocator.ServiceLocator - Can not use class liquibase.parser.core.ya>
May 14 02:27:22 ubuntu2004 java[93029]: 02:27:22.161 [main] INFO  l.servicelocator.ServiceLocator - Can not use class liquibase.parser.core.js>

At this point, GitBucket is running and listening on port 8080.

Configure Nginx as a Reverse Proxy

By default, GitBucket is running on port 8080. So it is a good idea to configure Nginx as a reverse proxy for GitBucket.

First, install the Nginx web server with the following command:

apt-get install nginx -y

Next, create an Nginx virtual host configuration file for GitBucket:

nano /etc/nginx/sites-available/gitbucket

Add the following lines:

upstream gitbucket {
  server 127.0.0.1:8080 weight=100 max_fails=5 fail_timeout=5;
}

server {
  listen          80;
  server_name     gitbucket.linuxbuz.com;

  location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://gitbucket/;
  }
}

Save and close the file. Then, create a symbolic link to the sites-enabled directory:

ln -s /etc/nginx/sites-available/gitbucket /etc/nginx/sites-enabled/

Next, check the Nginx for any syntax error with the following command:

nginx -t

You should get the following output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Finally, restart the Nginx service to implement the changes:

systemctl restart nginx

Secure GitBucket with Let’s Encrypt

Next, you will need to install the Certbot client to secure your GitBucket with Let’s Encrypt SSL.

First, add the Certbot repository using the following command:

add-apt-repository ppa:ahasenack/certbot-tlssni01-1875471

Next, update the repository and install the Certbot client with the following command:

apt-get update -y
apt-get install certbot python3-certbot-nginx -y

Next, run the following command to download and install the Let’s Encrypt SSL for your website:

certbot --nginx -d gitbucket.linuxbuz.com

You will be asked to provide your email and accept the term of service:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for gitbucket.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/gitbucket

Next, select whether or not to redirect HTTP traffic to HTTPS:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and hit Enter to finish the installation.

Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/gitbucket

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://gitbucket.linuxbuz.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=gitbucket.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/gitbucket.linuxbuz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/gitbucket.linuxbuz.com/privkey.pem
   Your cert will expire on 2020-08-12. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Once you are finished, you can proceed to the next step.

Access GitBucket

Now, open your web browser and type the URL https://gitbucket.linuxbuz.com. You will be redirected to the following page:

Click on the Sign in button. You should see the GitBucket login page:

Provide the GitBucket default username as a root and the password as root and click on the Sign in button. You should see the GitBucket dashboard in the following page:

Next, click on the Account Settings in the top right corner to change the default root password:

Provide a new secure password and click on the Save button to update the root password.

Conclusion

Congratulations! you have successfully installed and secured GitBucket with Nginx as a reverse proxy on Ubuntu 20.04. You can now host your own Git repository using the GitBucket.