CentOS 安装配置 GitLab
安装依赖
# yum -y install curl
# yum -y install postfix
# systemctl start postfix
# systemctl enable postfix
配置 GitLab 镜像源
/etc/yum.repos.d/gitlab-ce.repo
[gitlab-ce]
name=gitlab-ce
baseurl=http://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7
repo_gpgcheck=0
gpgcheck=0
enabled=1
gpgkey=https://packages.gitlab.com/gpg.key
建立缓存
# yum makecache
安装
# yum install gitlab-ce
配置修改
# vi /etc/gitlab/gitlab.rb
修改下面的属性
external_url 'https://devops.iamzhl.top:8888'
nginx['enable'] = false
gitlab_rails['time_zone'] = 'Asia/Shanghai'
external_url 为部署完成后克隆仓库时显示的地址,后面的端口地址不会真正占用,可以根据实际情况修改,这里我使用 https 的配置;nginx[‘enable’] 设为 false 以禁用内置 nginx,改用外部自己部署的 nginx 统一管理;gitlab_rails[‘time_zone’] 设置自己所在的时区,否则会出现仓库刚提交的却显示 8 小时前甚至 8 小时后。
请根据个人需要进行定制
重新配置并重启
# gitlab-ctl reconfigure
# gitlab-ctl restart
设置自启
systemctl restart gitlab-runsvdir.service
设置外部 nginx 代理
/etc/nginx/conf.d/gitlab.conf
server {
listen 8888 ssl;
listen [::]:8888 ssl ipv6only=on;
server_name devops.iamzhl.top;
server_tokens off;
root /opt/gitlab/embedded/service/gitlab-rails/public;
# SSL
ssl on;
ssl_certificate /etc/nginx/ssl/1_ipv6.tlhub.cn_bundle.crt;
ssl_certificate_key /etc/nginx/ssl/2_ipv6.tlhub.cn.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
## 支持页面嵌套
proxy_set_header X-Frame-Options ALLOW;
location / {
proxy_pass http://gitlab-workhorse;
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
## 支持页面嵌套
proxy_hide_header X-Frame-Options;
}
}
/etc/nginx/nginx.conf
user nginx;
worker_processes 4;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 65535;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
}
include /etc/nginx/conf.d/*.conf;
}
重启 nginx
systemctl restart nginx
测试
https://devops.iamzhl.top:8888
本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 套陆的博客!
wechat- alipay
评论
TwikooUtterances