Skip to main content

Installation

Prerequisites#

Hardware requirements#

  • A GNU/Linux host, could be a Virtual Machine or a bare metal server
    • CPU: 4 cores
    • Memory: 8 GB
    • Disk: at least 50 GB free disk space dedicated for application needs (SSD performance) (minimum recommended)
      • If you want to scan large repositories, consider to increase available disk space
  • A dedicated Linux account with sudo privileges (ex: app)

Software requirements#

  • The Full Qualified Domain Name (FQDN) that you want to use for the application (ex: gitguardian.mycorp.local), could be an IP too
  • A TLS certificate for HTTPS or follow the directive to create a self signed one (read for drawback below)

The following binaries/packages are needed:

Binary/PackagesVersion
docker19.03.5
docker-compose1.27.2
bash>= 5.0
gnupg>= 2.2
cUrl*
crontab*

We provide an option during the installation to install these binaries (need external access to work). Supported GNU/Linux distributions:

DistributionVersionName
Debian10 64BitsBuster
Debian9 64BitsStretch
Ubuntu20.04 LTS 64BitsThe Focal Fossa
Ubuntu18.04 LTS 64BitsBionic Beaver
Ubuntu16.04 LTS 64BitsXenial Xerus
CentOS8 64Bits
CentOS7 64Bits
Amazon Linuxv2 64Bits

Note: we highly recommend that you install the latest patch available for your distribution before starting the installation

If you want to use an other distribution, install these binaries by your own before launching the installation.

Network requirements#

For online installation:

For offline installation, no external access is required.

Installation#

We advise you to use a dedicated linux user to install the application (ex: app). Don't forget to give sudo access to this user.

Configure the installation#

Inside your home directory, create a directory named gitguardian/ and inside a file name .preseed:

cdmkdir gitguardiancd gitguardiancat <<EOF > .preseedGG_CLIENT_ID=GG_CLIENT_KEY=GG_HOST=GG_SELFSIGNED=GG_TLS_CERT=GG_TLS_KEY=EOF

We will refer at gitguardian/ as the root directory of the application.

Edit the file .preseed and add you own value:

ParameterDescription
GG_CLIENT_IDYou will receive this information during your onboarding
GG_CLIENT_KEYWe will send this value to you by SMS during your onboarding
GG_HOSTThe FQDN (or the IP) that you want to use to reach the application
GG_SELFSIGNEDtrue means that we will generate a self signed certificate for HTTPS. This could be an easier solution to start the application if you don't have a valid certificate. When use true, GG_TLS_* values could be empty.
GG_TLS_CERTThe full path to a signed TLS certificate
GG_TLS_KEYThe full path to the associated private key

Example with a self signed TLS certificate setup:

GG_CLIENT_ID=GGC_xxxxxxxxxxxxGG_CLIENT_KEY=GGK_yyyyyyyyyyyyGG_HOST=gitguardian.mycorp.localGG_SELFSIGNED=true

Example with a certificate signed by a CA:

GG_CLIENT_ID=GGC_xxxxxxxxxxxxGG_CLIENT_KEY=GGK_yyyyyyyyyyyyGG_HOST=gitguardian.mycorp.localGG_SELFSIGNED=falseGG_TLS_CERT=/etc/tls/cert.pemGG_TLS_KEY=/etc/tls/key.pem

TLS PEM format for nginx#

You need:

  • your server certificate (provided by your Certificate Authority)
  • your intermediate certificates (provided by your Certificate Authority)

How to generate cert.pem file:

cat your_signed_cert.cert intermediate_cert.crt >> cert.pem

Once .preseed file is completed and saved, move to the next part.

Install the application (online mode)#

Note: online mode requires external access to our archive (see the URL below) as well as your distribution repository if you want to use our script to install software prerequisites.

Download our management CLI to install the application with the following command inside the root directory (/home/<USER>/gitguardian/):

curl -s https://get.gitguardian.com/manage.sh -o manage.sh && chmod +x manage.sh

Start the installation and automatically install software requirements:

./manage.sh install --install-deps

Start the installation without installing software requirements (you will need to install these requirements independently):

./manage.sh install

The installation will continue without any needed interaction until the end.

Once the script has ended, you must create a the first account to be the owner of the workspace. This is the only account that will be allowed to log in should your SSO provider not be available.

The password is a one time password, and you will be required to update it after logging in.

# you may have to reload your shell to run this commanddocker-compose exec django python manage.py create_administrator --firstname <FirstName> --email <Email> --password <Password>

Then, browse to the application using the GG_HOST value you configured beforehand.

Install the application (offline mode)#

Download our management CLI and the application tarball:

Replace GGC_CLIENT_ID inside the URL with your own value (sent during onboarding).

Upload these 2 files to your host:

  • put manage.sh inside the root directory of the application (gitguardian/)
  • create a directory download/ inside gitguardian/ and put the file gitguardian.latest.enc inside

Fix permissions:

chmod +x manage.sh

Don't forget to install software requirements before starting the installation. Even in offline mode you can still use the option --install-deps if you have access to your distribution repository, docker repositories and GitHub (see requirements).

Start the installation and automatically install software requirements:

./manage.sh install --install-deps

Start the installation without installing software requirements (you will need to install these requirements independently):

./manage.sh install --offline

The installation will continue without interaction until the end.

Once the script has ended, you must create a the first account to be the owner of the workspace. This is the only account that will be allowed to log in should your SSO provider not be available.

The password is a one time password, and you will be required to update it after logging in.

# you may have to reload your shell to run this commanddocker-compose exec django python manage.py create_administrator --firstname <FirstName> --email <Email> --password <Password>

Then, browse to the application using the GG_HOST value you configured beforehand.