Community Blog How to Set Up GoCD on Alibaba Cloud ECS with CentOS 7

How to Set Up GoCD on Alibaba Cloud ECS with CentOS 7

In this tutorial, we will be installing and configuring GoCD on an Alibaba Cloud Elastic Compute Service (ECS) instance with CentOS 7.

By Arslan Ud Din Shafiq, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud’s incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

GoCD is an open-source continuous delivery and automation system. GoCD helps you to streamline and automate your BTR (build, test and release) cycle for perfect and continuous delivery of the product. With the help of its sequential and parallel execution, it configures the dependencies for on demand deployment and faster feedback. You can model complex workflows easily and visualize a complex workflow in real-time by using its value stream map.
GoCD compares two builds and let you deploy the version of your choice. GoCD does not restrict its installation to any specific operating system (OS). You can use any operating system (OS) of your choice; however, the installation steps would vary according to the choice of operating system.
In this tutorial, I will be installing and configuring GoCD on Alibaba Cloud Elastic Compute Service (ECS) with CentOS 7 installed on it.


  • You must have Alibaba Cloud Elastic Compute Service (ECS) activated and verified your valid payment method. If you are a new user, you can get a free account in your Alibaba Cloud account. If you don’t know about how to setup your ECS instance, you can refer to this tutorial or quick-start guide. Your ECS instance must have at least 1GB RAM and 2 Core processor.
  • A domain name registered from Alibaba Cloud. If you have already registered a domain from Alibaba Cloud or any other host, you can update its domain nameserver records.
  • Set up your ECS instance with basic functions (git, nano-editor, Java, epel-release).
  • Open port 8153 and 8154 for TCP connection in your security group.

In the following sections, you will learn about how to install GoCD server, how to do configuration of GoCD server, how to setup authentication for GoCD, how to install Nginx, and how to setup SSL certificate using Let’s Encrypt SSL.

Install GoCD

GoCD is only dependent on Java because it has been programmed in Java. To install it first of all we will execute the following command:
 sudo curl https://download.gocd.org/gocd.repo -o /etc/yum.repos.d/gocd.repo

Execute the following command to install GoCD on your server
 sudo yum install -y go-server

You will need to start GoCD server by executing the following command.
 sudo systemctl start go-server

Enable GoCD server by executing the following command.
 sudo systemctl enable go-server

You will need to store artifacts in a directory. You can store them in the same disk drive where you have installed operating system (OS). Alternatively, you can get an extra dedicated drive from Alibaba Cloud to store artifacts. During continuous integration and del-ivery, many artifacts are produced. These artifacts are generated continuously that results in continuous decrease of memory. A situation will come when services will fail to run on your system. I have used same disk, however, it’s completely up to you and I will recommend you to use dedicated disk. For the same disk, execute the following commands:
sudo mkdir /opt/artifacts
sudo chown -R go:go /opt/artifacts

To access your GoCD dashboard, you will need to navigate to your domain name. You can also use your Alibaba Cloud ECS IP address. In my case, I have setup a domain name pointing to IP address of my ECS.
There are 4 ways to access your GoCD dashboard (to access using https, you will need to install SSL certificate):
  1. http://yourdomain.com:8153 (In my case, http://imarslan.com:8153 )
  2. https://yourdomain.com:8154 (In my case, https://imarslan.com:8154 )
  3. http://yourecsip:8153 (In my case, )
  4. https://yourecsip:8154 (In my case, )

Access your GoCD dashboard, and you will see the following screen.
Before adding/creating any pipeline, hover on Admin and click Server Configuration.
Type your URL in Site URL field with port 8153 and Secure Site URL field with port 8154. In my case, I will use http://imarslan.com:8153 and https://imarslan.com:8154. You will need to replace imarslan.com with your domain name.
Provide your SMTP details for sending any type of email notifications from your GoCD.
Replace imarslan.com with your chosen domain name.
You will have to do pipeline management. For this, enter /opt/artifacts in Artifacts Directory Location, because you have chosen to store artifacts on the same disk. In case, you have chosen separate disk, the path would be different.
For Auto delete old artifacts, I have set to free up-to 8GB when 3GB free space is available. This is because I’m using the same disk for storing artifacts and I don’t want all the space to be consumed. You can adopt same settings or modify according to your demand. Leave all other options as they are and save your changes.
To apply these changes, you will need to restart your GoCD server. To restart, execute the following command:

 sudo systemctl restart go-server

GoCD does not provide any authentication system to access dashboard. To setup authentication, you can use a LDAP and password file. As Alibaba Cloud ECS will be accessed publicly, you must setup authentication system to avoid misuse.

Setup Authentication for GoCD Dashboard

For setting up authentication, you will need to use htpasswd command for creating an encrypted password file. To use htpasswd, you will have to install Apache Tools.
To install Apache Tools, execute the following command:
 sudo yum -y install httpd-tools

To create password file for user admin, execute the following command.
 sudo htpasswd -B -c /etc/go/passwd_auth admin

Then type and retype your password and hit enter. You can more users as per your demand or requirement.
Now you have created password file. To configure authentication, hover on Admin, then hover on Security, then click Authorization Configuration.
In the Id field, type users, select Password File Authentication Plugin for GoCD and type path for password path file as /etc/go/passwd_auth. Then click on Check Connection. Save your settings if the connection is successful.
After saving, you will be automatically logged out from GoCD dashboard. You will be redirected to login screen. Login with your credentials.

You will have to setup administrator privileges for your admin user, otherwise, every user will have administrator privileges. For this purpose, hover on Admin and click User Summary. You will see the following screen.
Select username and click Roles. Check Go System Administrator and click Apply.
You have successfully modified admin privileges. If you have more than 1 user, you will first need to update your password file that you created then you can write username in Create New field and click Add.

Setup Let’s Encrypt SSL for GoCD

To install SSL certificate for GoCD, you will need to remove port 8153 from your Alibaba Cloud ECS Security Group Rules. You will need an Nginx as a reverse proxy to forward all the incoming requests to GoCD’s http point.
Navigate to ,Security Groups, then Security Group Rules, here you will find the following rule defined. Click Delete to remove this rule.
To install Nginx server, execute the following command:
 sudo yum -y install nginx

Use the following command to enable Nginx server, so that it starts automatically after reboot.

 sudo systemctl enable nginx

Execute the following command to start Nginx server.
 sudo systemctl start nginx

When you access your domain, you will see the following screen.
To point the domain to right directory, you will need to change the default configuration of Nginx. For this purpose, execute the command below:
 sudo sed -i 's/default_server//g' /etc/nginx/nginx.conf

You will need to create a new configuration file for your GoCD. To do so, execute the following command:

sudo nano /etc/nginx/conf.d/gocd.conf

Copy and paste the following data in opened file, then use Ctrl+X, then type Y and hit enter.


server {
    listen 80 default_server;
    server_name gocd.example.com;
    return 301 https://$host$request_uri;

server {
    listen 443 default_server;
    server_name gocd.example.com;

    ssl_certificate           /etc/letsencrypt/live/imarslan.com/fullchain.pem;
    ssl_certificate_       /etc/letsencrypt/live/imarslan.com/priv.pem;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log  /var/log/nginx/gocd.access.log;

location / {
        proxy_pass http://gocd;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_redirect off;
location /go {
    proxy_pass http://gocd/go;
    proxy_http_version 1.1;
    proxy_set_header Upgrade websocket;
    proxy_set_header Connection upgrade;
    proxy_read_timeout 86400;

You will get clone of Let’s Encrypt from official GitHub repository that will be installed in /opt/letsencrypt. To clone, type the following command and hit enter.

 sudo git clone https://github.com/letsencrypt/letsencrypt  /opt/letsencrypt

Now navigate to /opt/letsencrypt by executing the command:

 cd /opt/letsencrypt

Create your SSL certificate. Let’s Encrypt performs challenges for Domain Validation on the basis of which Certificate Authority (CA) will authenticate your domain. Upon validation, you will be issued a SSL certificate by CA. To create SSL certificate for your domain using Let’s Encrypt, use the following command:

 sudo -H ./letsencrypt-auto certonly --standalone -d imarslan.com  -d www.imarslan.com

Replace imarslan.com with your domain name.
You will be prompted to write your email address. Type your email and hit enter. Accept the terms and proceed.
You can check if there are any errors in your newly configured file.
 sudo nginx -t

Restart Nginx server to load your settings.

 sudo systemctl restart nginx

You can now access your domain name with HTTPS. You should see a screen similar to this.


Install GoCD Agent

GoCD agents are required for the execution of tasks. When any change is detected in task, pipeline gets triggered and jobs get assigned to available workers. For this purpose, at least one agent must be configured. To install agent, follow the steps:
Execute the following command to install go agent.
 sudo yum install -y go-agent

Now execute the following commands to start and enable the Go Agent. This will allow it to start automatically after restart.
sudo systemctl start go-agent
sudo systemctl enable go-agent

Congratulations! Your GoCD server is ready to use.

0 0 0
Share on

Alibaba Clouder

2,600 posts | 750 followers

You may also like