什么是GitLab?
- GitLab是一个开源分布式版本控制系统
- 开发语言:Ruby
- 功能:管理项目源代码、版本控制、代码复用与查找
安装配置
centos7
准备工作
-
关闭firewalld防火墙
[root@localhost ~]# Systemctl stop firewalld [root@localhost ~]# Systemctl disable firewalld -
关闭SELINUX并重启系统
[root@localhost ~]# vim /etc/selinux/config SELINUX=disabled -
安装Omnibus Gitlab-ce package
-
安装GitLab组件
[root@localhost ~]# yum install curl policycoreutils openssh-server openssh-clients postfix -y -
配置YUM仓库
[root@localhost ~]# curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh|sudo bash -
启动postfix邮件服务
[root@localhost ~]# systemctl start postfix && systemctl enable postfix -
安装Gitlab-ce社区版本
[root@localhost ~]# yum install gitlab-ce -y
-
-
Omnibus Gitlab等相关配置初始化并完成安装
-
证书创建与配置加载
[root@localhost ~]# mkdir -p /etc/gitlab/ssl [root@localhost ~]# openssl genrsa -out "/etc/gitlab/ssl/gitlab.example.com.key" 2048 [root@localhost ~]# openssl req -new -key "/etc/gitlab/ssl/gitlab.example.com.key" -out "/etc/gitlab/ssl/gitlab.example.com.csr" You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []:sanqi Locality Name (eg, city) [Default City]:sanqi Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:gitlab.example.com Email Address []:admin@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456 An optional company name []: [root@localhost ~]# openssl x509 -req -days 365 -in "/etc/gitlab/ssl/gitlab.example.com.csr" -signkey "/etc/gitlab/ssl/gitlab.example.com.key" -out "/etc/gitlab/ssl/gitlab.example.com.crt" Signature ok subject=/C=cn/ST=sanqi/L=sanqi/O=Default Company Ltd/CN=gitlab.example.com/emailAddress=admin@example.com Getting Private key [root@localhost ~]# openssl dhparam -out /etc/gitlab/ssl/dhparams.pem 2048 [root@localhost ~]# cd etc/gitlab/ssl/ [root@VM_0_14_centos ssl]# ll total 16 -rw-r--r-- 1 root root 424 Mar 25 09:43 dhparams.pem -rw-r--r-- 1 root root 1298 Mar 25 09:36 gitlab.example.com.crt -rw-r--r-- 1 root root 1082 Mar 25 09:31 gitlab.example.com.csr -rw-r--r-- 1 root root 1679 Mar 25 09:28 gitlab.example.com.key [root@VM_0_14_centos ssl]# chmod 600 ./* [root@VM_0_14_centos ssl]# ll total 16 -rw------- 1 root root 424 Mar 25 09:43 dhparams.pem -rw------- 1 root root 1298 Mar 25 09:36 gitlab.example.com.crt -rw------- 1 root root 1082 Mar 25 09:31 gitlab.example.com.csr -rw------- 1 root root 1679 Mar 25 09:28 gitlab.example.com.key -
Nginx SSL代理服务配置
[root@localhost ~]# vim /etc/gitlab/git external_url 'https://gitlab.example.com' nginx['redirect_http_to_https'] = true # nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.example.com.crt" # nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.example.com.key" # nginx['ssl_dhparam'] = /etc/gitlab/ssl/dhparams.pem # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
-
3. 初始化Gitlab相关服务并完成安装
```shell
[root@localhost ~]# gitlab-ctl reconfigure
[root@localhost ~]# vim /var/opt/gitlab/nginx/conf/gitlab-http.conf
server {
listen *:80;
rewrite ^(.*)$ https://$host$1 permanent;
server_name gitlab.example.com;
server_tokens off; ## Don't show the nginx version number, a security best practice
location / {
return 301 https://gitlab.example.com:443$request_uri;
}
```
4. 重启gitlab服务
```shell
[root@localhost ~]# gitlab-ctl restart
```
-
修改访问主机hosts文件,访问gitlab
vim /etc/hosts ###添加一行 10.25.25.4 gitlab.example.com浏览器访问gitlab.example.com
第一次访问需要设置密码,用户root
gitlab.png
