CentOS 安装配置 GitLab


安装依赖

# yum -y install curl
# yum -y install postfix
# systemctl start postfix
# systemctl enable postfix

配置 GitLab 镜像源

/etc/yum.repos.d/gitlab-ce.repo

[gitlab-ce]
name=gitlab-ce
baseurl=http://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7
repo_gpgcheck=0
gpgcheck=0
enabled=1
gpgkey=https://packages.gitlab.com/gpg.key

建立缓存

# yum makecache

安装

# yum install gitlab-ce

配置修改

# vi /etc/gitlab/gitlab.rb

修改下面的属性

external_url 'https://devops.iamzhl.top:8888'
nginx['enable'] = false
gitlab_rails['time_zone'] = 'Asia/Shanghai'

external_url 为部署完成后克隆仓库时显示的地址,后面的端口地址不会真正占用,可以根据实际情况修改,这里我使用 https 的配置;nginx[‘enable’] 设为 false 以禁用内置 nginx,改用外部自己部署的 nginx 统一管理;gitlab_rails[‘time_zone’] 设置自己所在的时区,否则会出现仓库刚提交的却显示 8 小时前甚至 8 小时后。

请根据个人需要进行定制

重新配置并重启

# gitlab-ctl reconfigure
# gitlab-ctl restart

设置自启

systemctl restart gitlab-runsvdir.service

设置外部 nginx 代理

/etc/nginx/conf.d/gitlab.conf

server {
    listen   8888 ssl;
    listen   [::]:8888 ssl ipv6only=on;
    server_name  devops.iamzhl.top;

    server_tokens off;
    root /opt/gitlab/embedded/service/gitlab-rails/public;

    # SSL
    ssl on;
    ssl_certificate /etc/nginx/ssl/1_ipv6.tlhub.cn_bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/2_ipv6.tlhub.cn.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;

    access_log  /var/log/nginx/gitlab_access.log;
    error_log   /var/log/nginx/gitlab_error.log;

    ## 支持页面嵌套
  proxy_set_header    X-Frame-Options     ALLOW;

    location / {
      proxy_pass http://gitlab-workhorse;

      client_max_body_size 0;
      gzip off;

      proxy_read_timeout      300;
      proxy_connect_timeout   300;
      proxy_redirect          off;

      proxy_http_version 1.1;

      proxy_set_header    Host                $http_host;
      proxy_set_header    X-Real-IP           $remote_addr;
      proxy_set_header    X-Forwarded-Ssl     on;
      proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
      proxy_set_header    X-Forwarded-Proto   $scheme;
      ## 支持页面嵌套
      proxy_hide_header   X-Frame-Options;
    }
}

/etc/nginx/nginx.conf

user  nginx;
worker_processes  4;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  65535;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    upstream gitlab-workhorse {
      server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
    }

    include /etc/nginx/conf.d/*.conf;
}

重启 nginx

systemctl restart nginx

测试

https://devops.iamzhl.top:8888

文章作者: 套陆
版权声明: 本博客所有文章除特別声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来源 套陆 !
评论
  目录