For all kinds of installs, there are firewall/traffic concerns. The basic firewall software for Linux is iptables, which is tightly connected to the Linux kernel. It is quite complicated to configure this, and there are other books for that. Fortunately, there are many user friendly programs available that let you manage the system firewall by interacting with iptables for you.
Linux UFW (Uncomplicated Firewall) is such a frontend. Follow these instructions to open up your firewall if it is installed on your system.
Before you configure GitLab, you will need to ensure that your firewall rules are permissive enough to allow web traffic.
View the current status of your active firewall by executing the following command:
$sudo ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
As you can see, the current rules allow SSH traffic through, but access to other services is restricted. Since GitLab is a web application, we should allow HTTP access. If you have a domain name associated with your GitLab server, GitLab can also request and enable a free TLS/SSL (Transport Layer Security/Secure Sockets Layer) certificate from the Let's Encrypt project to secure your installation. We'll want to allow HTTPS access as well in this case.
Since the protocol to port mapping for HTTP and HTTPS are available in the /etc/services file, we can allow that traffic in by name. If you didn't already have OpenSSH traffic enabled, you should allow that traffic now too:
$sudo ufw allow http
$sudo ufw allow https
$sudo ufw allow OpenSSH
If you check the ufw status command again, you should see access configured to at least these two services:
$sudo ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
The preceding output indicates that the GitLab web interface will be accessible once we configure the application.