内容目录
安装
官方Linux安装包
以CentOS7为例
配置极狐GitLab 软件源镜像
curl -fsSL https://packages.gitlab.cn/repository/raw/scripts/setup.sh | /bin/bash设置外部访问地址例如 https://gitlab.chenjie.info为要访问极狐GitLab 实例的 URL。安装包将在该 URL 上自动配置和启动极狐GitLab。对于 https 站点,极狐GitLab 将使用 Let’s Encrypt 自动请求 SSL 证书,这需要有效的主机名和入站 HTTP 访问。也可以使用自己的证书或仅使用 http://(不带s)。
执行如下命令安装:
sudo EXTERNAL_URL="https://gitlab.chenjie.info" yum install -y gitlab-jhDocker Compose 安装
对于 Linux 用户,将路径设置为 /srv/gitlab:
可添加到bashrc中
export GITLAB_HOME=/srv/gitlab- 安装 Docker Compose。
- 创建一个
docker-compose.yml文件:version: '3.6' services: web: image: 'registry.gitlab.cn/omnibus/gitlab-jh:latest' restart: always hostname: 'gitlab.chenjie.info' environment: GITLAB_OMNIBUS_CONFIG: | external_url 'https://gitlab.chenjie.info' # Add any other gitlab.rb configuration here, each on its own line ports: - '80:80' - '443:443' - '22:22' volumes: - '$GITLAB_HOME/config:/etc/gitlab' - '$GITLAB_HOME/logs:/var/log/gitlab' - '$GITLAB_HOME/data:/var/opt/gitlab' shm_size: '256m' extra_hosts: #等同配置内部/etc/hosts - "jenkins.chenjie.info:192.168.0.16" - 确保在与
docker-compose.yml相同的目录下并启动极狐GitLab:docker compose up -d
如需配置SSH 端口,例如正常gitlab的ssh端口和节点的ssh端口会产生冲突:
version: '3.6'
services:
web:
image: 'registry.gitlab.cn/omnibus/gitlab-jh:latest'
restart: always
hostname: 'gitlab.chenjie.info'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.chenjie.info'
gitlab_rails['gitlab_shell_ssh_port'] = 2222#配置ssh 端口
ports:
- '8929:8929'
- '2222:22'
volumes:
- '$GITLAB_HOME/config:/etc/gitlab'
- '$GITLAB_HOME/logs:/var/log/gitlab'
- '$GITLAB_HOME/data:/var/opt/gitlab'
shm_size: '256m'
extra_hosts: #等同配置内部/etc/hosts
- "jenkins.chenjie.info:192.168.0.16"手动配置HTTPS
自签名证书
创建私有CA
make /root/gitlab-ca
cd /root/gitlab-ca
# 生成私有CA秘钥
openssl genrsa -out cakey.pem 2048
# 生成私有CA证书,有效期3650天
openssl req -new -x509 -key cakey.pem -out cacert.pem
-subj '/C=CN/ST=Hubei/L=Wuhan/O=CS/CN=Jihu GitLab .Inc' -days 3650签发所需域名证书
# 生成域名私钥和域名证书签发请求(csr)
openssl req -newkey rsa:2048 -nodes -keyout gitlab.chenjie.info.key
-subj '/C=CN/ST=Hubei/L=Wuhan/O=GitLab/OU=CS_PS/CN=gitlab.chenjie.info'
-out gitlab.chenjie.info.csr
# 使用CA私钥和证书来签发域名证书3650天
openssl x509 -req
-extfile <(printf "subjectAltName=DNS:gitlab.chenjie.info,DNS:registry.chenjie.info,DNS:mattermost.chenjie.info,DNS:pages.chenjie.info")
-days 3650 -in gitlab.chenjie.info.csr -CAkey cakey.pem
-CA cacert.pem -CAcreateserial -out gitlab.chenjie.info.crt这里也是签发了单个文件里包含多个域名的证书。
将gitlab.chenjie.info.crt,gitlab.chenjie.info.key cp 到 gitlab配置文件夹下ssl内
liunx包安装方式
cd /root/gitlab-ca
cp gitlab.chenjie.info.* /etc/gitlab/ssl/docker-compose安装方式
cd /root/gitlab-ca
cp gitlab.chenjie.info.* $GITLAB_HOME/config/ssl/修改docker-compose.yml 文件,关闭Let’s Encrypt默认认证
version: '3.6'
services:
web:
image: 'registry.gitlab.cn/omnibus/gitlab-jh:latest'
restart: always
hostname: 'gitlab.chenjie.info'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.chenjie.info'
letsencrypt['enable'] = false #关闭Let's Encrypt默认认证
gitlab_rails['gitlab_shell_ssh_port'] = 2222#配置ssh 端口
ports:
- '80:80'
- '443:443'
- '2222:22'
volumes:
- '$GITLAB_HOME/config:/etc/gitlab'
- '$GITLAB_HOME/logs:/var/log/gitlab'
- '$GITLAB_HOME/data:/var/opt/gitlab'
shm_size: '256m'
extra_hosts: #等同配置内部/etc/hosts
- "jenkins.chenjie.info:192.168.0.16"更新配置
liunx包安装方式
sudo gitlabctl reconfigure
sudo gitlabctl restart docker-compose安装方式
#在docker-compose.yml文件夹内执行
docker-compose restart客户端使用
关闭认证(不推荐)
git config --global http.sslVerify false将自签名CA证书加到系统默认证书中
cd /root/gitlab-ca
cat cacert.pem >>/etc/ssl/certs/ca-bundle.crt