GitLab Self-Managed for Education

ℹ️

About this guide This document explains the self-managed option for Education program members and the decisions you need to make. Browse the GitLab documentation linked throughout for comprehensive detail on each topic.

⚖️

SaaS or Self-Managed?

The GitLab for Education programme supports both deployment options. The right choice depends on your institution's technical capacity, data policies, and compliance requirements.

Option A GitLab.com (SaaS)

Hosted and maintained by GitLab. No server required. Quickest path to getting students using GitLab. Best if your institution has no specific data residency or authentication requirements.

Option B Self-Managed

Installed on your own server or cloud VM. Full control over data location, authentication, and configuration. Best for institutions with IT capacity or specific compliance and data needs.

⚠️

Education licence note Both options are available under the same licence. Self-managed provides GitLab Ultimate with unlimited seats, but your institution is responsible for installation, maintenance, backups, and upgrades.

👤

Who Should Run a Self-Managed Instance?

Running a self-managed GitLab instance requires someone comfortable with Linux server administration. A typical split of responsibilities looks like this:

IT / Sysadmin: Server provisioning, GitLab installation, LDAP/SSO configuration, backups, upgrades, and monitoring.
Educator: Course group setup, student access management, assignment templates, and grading workflows.

💡

If your institution does not have IT capacity to manage a self-hosted server, GitLab.com (SaaS) is strongly recommended as the lower-overhead path to the same Education programme benefits.

⚙️

Installation

For most education deployments, the Linux package (Omnibus) on a single Linux server or cloud VM is the recommended starting point — best-supported, bundles all required services, and easiest to maintain.

GitLab does not run on Windows. A supported Linux operating system (Ubuntu, Debian, or RHEL/CentOS) is required.

📋
Installation Requirements
Hardware (CPU, RAM, storage), supported operating systems, and database requirements.
📦
Install Using the Linux Package (Omnibus)
The recommended installation method for most self-managed deployments.
🐳
Install Using Docker
Running GitLab in a Docker container.
☸️
Install Using the Helm Chart (Kubernetes)
For institutions already running Kubernetes infrastructure.
🏗️
Reference Architectures
Recommended server specs for different user counts (500, 1,000, 2,000+ users).

ℹ️

After installation Activate your Education licence in Admin → Subscription using the activation code provided when your application was approved. The licence must be renewed annually.

🔧

Configuration

The two most important configuration steps are connecting GitLab to your institution's email system and authentication directory. Both are done by editing /etc/gitlab/gitlab.rb and running sudo gitlab-ctl reconfigure.

📧
SMTP Email Configuration
Connect GitLab to your institution's mail server for notifications, password resets, and CI/CD alerts.
🔐
LDAP / Active Directory Integration
Let students and staff sign in using existing institutional credentials.
🔑
Other Authentication Options (SAML, OAuth, OpenID)
For institutions using Shibboleth, Azure AD, Google Workspace, or other identity providers.
🔒
SSL / HTTPS Configuration
Let's Encrypt (automatic) or custom institutional certificate setup.
⚙️
Instance Settings (Admin Area)
Sign-up restrictions, default visibility, repository size limits, and other instance-wide policies.

👥

User & Access Management

With LDAP configured, student accounts are created automatically on first sign-in. The Admin Area provides a web interface for managing users, groups, and permissions across the instance.

ℹ️

Student access The Education licence is institution-wide with unlimited seats — students do not need individual licences. When a student leaves, disabling their account in LDAP automatically blocks their GitLab access at the next sync.

🖥️
The Admin Area
Central interface for managing users, groups, projects, runners, and instance settings.
👤
Administering Users
Creating, modifying, blocking, and deleting user accounts.
🔏
Sign-up Restrictions
Restrict account creation to your institutional email domain or require admin approval.
📁
Groups & Subgroups
Organising students, courses, and projects using GitLab's group hierarchy.

🏃

GitLab Runners (CI/CD)

Runners execute student CI/CD pipeline jobs. At least one runner is needed for pipelines to run. Install runners on a separate machine from your GitLab instance — CI/CD jobs can be resource-intensive and you don't want pipeline activity affecting GitLab's availability.

For most education deployments, a single shared instance runner using the Docker executor is the right starting point. The Docker executor runs each job in an isolated container, preventing one student's pipeline from interfering with another's.

📥
Install GitLab Runner
Installation instructions for Linux, macOS, Windows, and Docker.
🔗
Register a Runner
How to connect a runner to your GitLab instance as a shared, group, or project runner.
🐳
Docker Executor
The recommended executor for education — each job runs in a clean, isolated container.
📊
Runner System Requirements
Sizing the runner machine based on expected concurrent job load.

💾

Backup & Restore

All student work lives in your instance — regular backups are essential. GitLab's built-in backup tool creates a single archive covering repositories, the database, uploads, and CI/CD artefacts. Automate backups to run nightly and store them off-server.

🚨

Critical The backup archive does not include /etc/gitlab/gitlab.rb (your configuration) or /etc/gitlab/gitlab-secrets.json (encryption keys). These must be backed up separately. Without the secrets file, encrypted data cannot be restored.

📦
Back Up GitLab
Running backups, automating with cron, and configuring retention policies.
♻️
Restore GitLab
Step-by-step restore instructions and prerequisites.

⬆️

Upgrades

GitLab releases a new version every month. For education deployments, upgrading once or twice per academic year during low-activity periods is a practical cadence.

Always take a full backup immediately before upgrading, and check the upgrade path — GitLab requires passing through certain versions when crossing major releases.

📋
Plan Your Upgrade
Pre-upgrade checklist, rollback planning, and version-specific considerations.
🛣️
Upgrade Paths
Required intermediate versions when upgrading across major releases.
📰
GitLab Release Notes
What's new, changed, and removed in each release.

📊

Ongoing Administration

After initial setup, the main ongoing responsibilities are monitoring instance health, managing storage growth, and keeping the instance up to date. GitLab includes built-in Prometheus and Grafana monitoring with the Linux package.

📈
Monitoring GitLab
Prometheus, Grafana dashboards, health check endpoints, and the performance bar.
🗄️
Repository Storage
Configuring storage paths, monitoring usage, and managing growth over time.
📚
Full Administration Documentation
The complete GitLab self-managed administration reference.

🎓

Education Programme Resources

🏫
GitLab for Education Programme
Programme overview, eligibility, and application.
🔑
Activating Your Education Licence
How to upload and activate your licence on a self-managed instance.