部署社区版gitlab
- 安装gitlab的依赖项
# yum install -y curl openssh-server openssh-clients postfix cronie policycoreutils-python - 启动postfix,并设置为开机启动
# systemctl start postfix
# systemctl enable postfix
注释:postfix 起不来,去修改 /etc/postfix/main.cf的设置,再启动
inet_protocols = ipv4
inet_interfaces = all- 设置防火墙
# firewall-cmd --add-service=http --permanent
# firewall-cmd --reload
注释:iptables的话,开放80和443端口- 获取rpm包(搭***去下载)
# wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-11.6.2-ce.0.el7.x86_64.rpm - 安装RPM包
# rpm -i gitlab-ce-11.6.2-ce.0.el7.x86_64.rpm- 初始化配置文件
# gitlab-ctl reconfigure- 修改配置文件/etc/gitlab/gitlab.rb
external_url 'http://gitlab.xxx.com'
git_data_dirs({
"default" => {
"path" => "/data/gitlab/data"
}
})
### GitLab Shell settings for GitLab
gitlab_rails['gitlab_shell_ssh_port'] = 9322
gitlab_rails['gitlab_shell_git_timeout'] = 5000- 如何使用自建Nginx需要修改如下修改配置文件/etc/gitlab/gitlab.rb
nginx['enable'] = false
web_server['external_users'] = ['www']
gitlab_rails['trusted_proxies'] = [ '127.0.0.1' ]
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8181" - 重载配置
# gitlab-ctl reconfigure
# gitlab-ctl restart # 重启时等会,不行再gitlab-ctl reconfigure - 查看gitlab版本
# head -1 /opt/gitlab/version-manifest.txt 覆盖汉化包
- 搭***去克隆gitlab汉化包仓库,对比后下载到本地。
# git clone https://gitlab.com/xhang/gitlab.git
# cd gitlab
# git diff origin/11-6-stable origin/11-6-stable-zh > ../11.6.diff- 导入汉化差异文件
# yum install patch -y
# gitlab-ctl stop
# patch -d /opt/gitlab/embedded/service/gitlab-rails -p1 < 11.6.diff
# gitlab-ctl start # 启动时等会,不行再gitlab-ctl reconfigure Nginx配置
- nginx.conf 的http里面增加如下配置
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Remove private_token from the request URI
# In: /foo?private_token=unfiltered&authenticity_token=unfiltered&rss_token=unfiltered&...
# Out: /foo?private_token=[FILTERED]&authenticity_token=unfiltered&rss_token=unfiltered&...
map $request_uri $temp_request_uri_1 {
default $request_uri;
~(?i)^(?<start>.*)(?<temp>[\?&]private[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
}
# Remove authenticity_token from the request URI
# In: /foo?private_token=[FILTERED]&authenticity_token=unfiltered&rss_token=unfiltered&...
# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=unfiltered&...
map $temp_request_uri_1 $temp_request_uri_2 {
default $temp_request_uri_1;
~(?i)^(?<start>.*)(?<temp>[\?&]authenticity[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
}
# Remove rss_token from the request URI
# In: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=unfiltered&...
# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=[FILTERED]&...
map $temp_request_uri_2 $filtered_request_uri {
default $temp_request_uri_2;
~(?i)^(?<start>.*)(?<temp>[\?&]rss[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
}
# A version of the referer without the query string
map $http_referer $filtered_http_referer {
default $http_referer;
~^(?<temp>.*)\? $temp;
}- gitlab.xxx.com.conf
upstream gitlab-workhorse {
server 127.0.0.1:8181;
}
server {
listen 80;
server_name gitlab.xxx.com;
return 307 https://gitlab.xxx.com$request_uri;
}
server {
listen 443 ssl;
server_name gitlab.xxx.com;
index index.html index.htm index.php;
access_log /data/logs/gitlab.xxx.com.acc.log access;
error_log /data/logs/gitlab.xxx.com.err.log;
add_header Strict-Transport-Security "max-age=31536000";
server_tokens off;
client_max_body_size 0;
ssl_prefer_server_ciphers on;
ssl on;
keepalive_timeout 70;
ssl_certificate ./sslkey/gitlab.xxx.com.crt;
ssl_certificate_key ./sslkey/gitlab.xxx.com.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;preload" always;
if ($http_host = "") {
set $http_host_with_default "gitlab.xxx.com";
}
if ($http_host != "") {
set $http_host_with_default $http_host;
}
location ~ (\.git/gitlab-lfs/objects|\.git/info/lfs/objects/batch$) {
proxy_cache off;
proxy_pass http://gitlab-workhorse;
proxy_request_buffering off;
}
location ~ ^/(assets)/ {
root /opt/gitlab/embedded/service/gitlab-rails/public;
expires max;
add_header Cache-Control public;
}
error_page 404 /404.html;
error_page 500 /500.html;
error_page 502 /502.html;
location ~ ^/(404|500|502)(-custom)?\.html$ {
root /opt/gitlab/embedded/service/gitlab-rails/public;
internal;
}
location / {
proxy_pass http://127.0.0.1:8181;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_read_timeout 300; # Some requests take more than 30 seconds.
proxy_connect_timeout 300; # Some requests take more than 30 seconds.
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header Host $http_host_with_default;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
}
}登陆
- 首次登陆提示修改密码
- 使用root登陆
- 设置中文:右上角-->Settings-->Preferred language-->简体中文-->确定Update profile settings
邮件配置
- 邮件配置,编辑追加配置文件/etc/gitlab/gitlab.rb
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.163.com"
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_user_name'] = "10086@163.com"
gitlab_rails['smtp_password'] = "授权密码"
gitlab_rails['smtp_domain'] = "163.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
### Email Settings
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = '10086@163.com'
gitlab_rails['gitlab_email_display_name'] = '10086'
gitlab_rails['gitlab_email_reply_to'] = '10086@163.com'
gitlab_rails['gitlab_email_subject_suffix'] = 'gitlab'
# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"- 重载配置
# gitlab-ctl reconfigure - 测试发邮件
# gitlab-rails console
-------------------------------------------------------------------------------------
GitLab: 11.6.2 (4d0c547)
GitLab Shell: 8.4.3
postgresql: 9.6.11
-------------------------------------------------------------------------------------
Loading production environment (Rails 5.0.7)
irb(main):001:0> Notify.test_email('xxxx@qq.com', 'Message Subject', 'Message Body').deliver_now 修改默认备份目录
- 首先创建自定义存放目录
# mkdir /data/backup/gitlab -p
# chown git.git /data/backup -R - 编辑追加配置文件/etc/gitlab/gitlab.rb
gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/data/backup/gitlab/"
gitlab_rails['backup_archive_permissions'] = 0644
# gitlab_rails['backup_pg_schema'] = 'public'
###! The duration in seconds to keep backups before they are allowed to be deleted (7天)
gitlab_rails['backup_keep_time'] = 604800 - 重载配置
# gitlab-ctl reconfigure- 配置脚本,每3小时备份一次,删除7天前的备份,并且同步到异地
#!/bin/bash
gitlab-rake gitlab:backup:create RAILS_ENV=production
if [ -d /data/backup/gitlab/ ];then
cd /data/backup/gitlab/
find . -mtime +7 -exec rm -f {} \;
fi
remote_ipaddr="远程ip"
ssh_cmd="ssh -p 22022 -o StrictHostKeyChecking=no -o PasswordAuthentication=no"
rsync_args="-q -rtl --progress --bwlimit=30000"
today=`date +"%Y%m%d"`
remote_dir="/data/remote_backup"
/usr/bin/rsync $rsync_args -e "$ssh_cmd" /data/backup/gitlab/
root@${remote_ipaddr}:$remote_dir/gitlab/- 备份和恢复
### 备份
# gitlab-rake gitlab:backup:create RAILS_ENV=production # 备份
# ls /data/backup/gitlab/ # 这是自定义,默认的备份目录/var/opt/gitlab/backups
1583379726_2020_03_05_11.6.2_gitlab_backup.tar
### 恢复
# gitlab-ctl stop unicorn
# gitlab-ctl stop sidekiq
# gitlab-rake gitlab:backup:restore RAILS_ENV=production BACKUP=1583379726_2020_03_05_11.6.2 # 恢复
gitlab-ctl start
注意:非本机拷贝过来的tar包,导致权限不够,需要修改成git为所属者。
在终端执行:
chown git:git /data/backup/gitlab/1583379726_2020_03_05_11.6.2_gitlab_backup.tar相关文章
暂无评论...