Article version: Enterprise Server 2.17
Installing GitHub Enterprise Server on AWS
To install GitHub Enterprise Server on Amazon Web Services (AWS), you must launch an Amazon Elastic Compute Cloud (EC2) instance and create and attach a separate Amazon Elastic Block Store (EBS) data volume.
Prerequisites
- You must have a GitHub Enterprise license file. To download an existing license file or request a trial license, visit enterprise.github.com. For more information, see "Managing your GitHub Enterprise license."
- You must have an AWS account capable of launching EC2 instances and creating EBS volumes. For more information, see the Amazon Web Services website.
- Most actions needed to launch your GitHub Enterprise Server instance may also be performed using the AWS management console. However, we recommend installing the AWS command line interface (CLI) for initial setup. Examples using the AWS CLI are included below. For more information, see Amazon's guides "Working with the AWS Management Console" and "What is the AWS Command Line Interface."
This guide assumes you are familiar with the following AWS concepts:
- Launching EC2 Instances
- Managing EBS Volumes
- Using Security Groups (For managing network access to your instance)
- Elastic IP Addresses (EIP) (Strongly recommended for production environments)
- EC2 and Virtual Private Cloud (If you plan to launch into a Virtual Private Cloud)
Hardware considerations
GitHub Enterprise Server requires a persistent data disk separate from the root disk. For more information, see "System overview." We recommend different hardware configurations based on the number of user licenses used in your GitHub Enterprise Server instance.
User licenses | vCPUs | Memory | Attached storage | Root storage |
---|---|---|---|---|
Trial, demo, or 10 light users | 2 | 16 GB | 100 GB | 200 GB |
10-3000 | 4 | 32 GB | 250 GB | 200 GB |
3000-5000 | 8 | 64 GB | 500 GB | 200 GB |
5000-8000 | 12 | 96 GB | 750 GB | 200 GB |
8000-10000+ | 16 | 128 GB | 1000 GB | 200 GB |
These are minimum recommendations. More resources may be required depending on your usage, such as user activity and selected integrations. When increasing CPU resources, it's recommended to add at least 6.5 GB of memory for each CPU (up to 16 CPUs) added to your GitHub Enterprise Server instance. For more information, see "Increasing CPU or memory resources."
Note: The root disk can be resized by building a new appliance or using an existing appliance. For more information, see "Increasing storage capacity."
Determining the instance type
Before launching your GitHub Enterprise Server instance on AWS, you'll need to determine the type of virtual machine that best fits the needs of your organization.
Supported instance types
GitHub Enterprise Server is supported on the following EC2 instance types. For more information, see the AWS EC2 instance type overview page.
EC2 instance type | Model |
---|---|
C3 | c3.2xlarge, c3.4xlarge, c3.8xlarge |
EC2 instance type | Model |
---|---|
C4 | c4.2xlarge, c4.4xlarge, c4.8xlarge |
EC2 instance type | Model |
---|---|
C5 | c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, c5.9xlarge, c5.18xlarge |
EC2 instance type | Model |
---|---|
M3 | m3.xlarge, m3.2xlarge |
EC2 instance type | Model |
---|---|
M4 | m4.xlarge, m4.2xlarge, m4.4xlarge, m4.10xlarge, m4.16xlarge |
EC2 instance type | Model |
---|---|
M5 | m5.large, m5.xlarge, m5.2xlarge, m5.4xlarge, m5.12xlarge, m5.24xlarge |
EC2 instance type | Model |
---|---|
R4 | r4.large, r4.xlarge, r4.2xlarge, r4.4xlarge, r4.8xlarge, r4.16xlarge |
EC2 instance type | Model |
---|---|
R5 | r5.large, r5.xlarge, r5.2xlarge, r5.4xlarge, r5.12xlarge, r5.24xlarge |
EC2 instance type | Model |
---|---|
X1 | x1.16xlarge, x1.32xlarge |
Recommended instance types
Based on your user license count, we recommend the following instance types.
User license | Recommended type |
---|---|
Trial, demo, or 10 light users | r4.large |
10 - 3000 | r4.xlarge |
3000 - 5000 | r4.2xlarge |
5000 - 8000 | r4.4xlarge |
8000 - 10000+ | r4.8xlarge |
Note: You can always scale up your CPU or memory by resizing your instance. However, because resizing your CPU or memory requires downtime for your users, we recommend over-provisioning resources to account for scale.
Selecting the GitHub Enterprise Server AMI
You can select an Amazon Machine Image (AMI) for GitHub Enterprise Server using the GitHub Enterprise Server portal or the AWS CLI.
AMIs for GitHub Enterprise Server are available in the AWS GovCloud (US-East and US-West) region. This allows US customers with specific regulatory requirements to run GitHub Enterprise Server in a federally compliant cloud environment. For more information on AWS's compliance with federal and other standards, see AWS's GovCloud (US) page and AWS's compliance page.
Using the GitHub Enterprise Server portal to select an AMI
- Navigate to the GitHub Enterprise Server download page.
- Click Get the latest release of GitHub Enterprise Server.
- In the Select your platform drop-down menu, click Amazon Web Services.
- In the Select your AWS region drop-down menu, choose your desired region.
- Take note of the AMI ID that is displayed.
Using the AWS CLI to select an AMI
- Using the AWS CLI, get a list of GitHub Enterprise Server images published by GitHub's AWS owner IDs (
025577942450
for GovCloud, and895557238572
for other regions). For more information, see "describe-images" in the AWS documentation.aws ec2 describe-images \ --owners OWNER ID \ --query 'sort_by(Images,&Name)[*].{Name:Name,ImageID:ImageId}' \ --output=text
- Take note of the AMI ID for the latest GitHub Enterprise Server image.
Creating a security group
If you're setting up your AMI for the first time, you will need to create a security group and add a new security group rule for each port in the table below. For more information, see the AWS guide "Using Security Groups."
-
Using the AWS CLI, create a new security group. For more information, see "create-security-group" in the AWS documentation.
$ aws ec2 create-security-group --group-name SECURITY_GROUP_NAME --description "SECURITY GROUP DESCRIPTION"
-
Take note of the security group ID (
sg-xxxxxxxx
) of your newly created security group. -
Create a security group rule for each of the ports in the table below. For more information, see "authorize-security-group-ingress" in the AWS documentation.
$ aws ec2 authorize-security-group-ingress --group-id SECURITY_GROUP_ID --protocol PROTOCOL --port PORT_NUMBER --cidr SOURCE IP RANGE
This table identifies what each port is used for.
Port Service Description 22 SSH Git over SSH access. Clone, fetch, and push operations to public/private repositories supported. 25 SMTP SMTP with encryption (STARTTLS) support. 80 HTTP Web application access. All requests are redirected to the HTTPS port when SSL is enabled. 122 SSH Instance shell access. The default SSH port (22) is dedicated to application git+ssh network traffic. 161/UDP SNMP Required for network monitoring protocol operation. 443 HTTPS Web application and Git over HTTPS access. 1194/UDP VPN Secure replication network tunnel in high availability configuration. 8080 HTTP Plain-text web based Management Console. Not required unless SSL is disabled manually. 8443 HTTPS Secure web based Management Console. Required for basic installation and configuration. 9418 Git Simple Git protocol port. Clone and fetch operations to public repositories only. Unencrypted network communication.
Creating the GitHub Enterprise Server instance
To create the instance, you'll need to launch an EC2 instance with your GitHub Enterprise Server AMI and attach an additional storage volume for your instance data. For more information, see "Hardware considerations."
Note: You can encrypt the data disk to gain an extra level of security and ensure that any data you write to your instance is protected. There is a slight performance impact when using encrypted disks. If you decide to encrypt your volume, we strongly recommend doing so before starting your instance for the first time. For more information, see the Amazon guide on EBS encryption.
Warning: If you decide to enable encryption after you've configured your instance, you will need to migrate your data to the encrypted volume, which will incur some downtime for your users.
Launching an EC2 instance
In the AWS CLI, launch an EC2 instance using your AMI and the security group you created. Attach a new block device to use as a storage volume for your instance data, and configure the size based on your user license count. For more information, see "run-instances" in the AWS documentation.
aws ec2 run-instances \
--security-group-ids SECURITY_GROUP_ID \
--instance-type INSTANCE_TYPE \
--image-id AMI_ID \
--block-device-mappings '[{"DeviceName":"/dev/xvdf","Ebs":{"VolumeSize":SIZE,"VolumeType":"TYPE"}}]' \
--region REGION \
--ebs-optimized
Allocating an Elastic IP and associating it with the instance
If this is a production instance, we strongly recommend allocating an Elastic IP (EIP) and associating it with the instance before proceeding to GitHub Enterprise Server configuration. Otherwise, the public IP address of the instance will not be retained after instance restarts. For more information, see "Allocating an Elastic IP Address" and "Associating an Elastic IP Address with a Running Instance" in the Amazon documentation.
Both primary and replica instances should be assigned separate EIPs in production High Availability configurations. For more information, see "Configuring GitHub Enterprise Server for High Availability."
Configuring the GitHub Enterprise Server instance
- Copy the virtual machine's public DNS name, and paste it into a web browser.
- At the prompt, upload your license file and set a management console password. For more information, see "Managing your GitHub Enterprise license."
- In the Management Console, configure and save your desired settings. For more information, see "Configuring the GitHub Enterprise Server appliance."
- The instance will restart automatically.
- Click Visit your instance.