CenOS7安装GitLab(使用外部Nginx配置)并配置HTTPS协议

本文讲解在CentOS7系统中安装GitLab(使用外部Nginx配置)并配置HTTPS协议进行加密传输数据。

实验环境

server服务端: 操作系统为CentOS 7.6，IP:192.168.56.14， git:2.16.5。
宿主机：Windows 10，IP:192.168.1.8， git:git version 2.21.0.windows.1。

查看server服务端信息:

1
2
3
4
[root@hellogitlab ~]# cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core) 
[root@hellogitlab ~]# ip addr show|grep 192  
    inet 192.168.1.11/24 brd 192.168.1.255 scope global noprefixroute dynamic enp0s3

安装GitLab

参考https://about.gitlab.com/install/#centos-7在CentOS7上面安装Omnibus package。

安装依赖

安装必要依赖，并开启防火墙放行80和443端口:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
## 说明：安装依赖
[root@hellogitlab ~]# yum install curl policycoreutils-python openssh-server deltarpm -y

## 说明：查看防火墙放行列表
[root@hellogitlab ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s3 enp0s8
  sources: 
  services: ssh dhcpv6-client
  ports: 8140/tcp 53/tcp 11211/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

## 说明：防火墙放行80端口
[root@hellogitlab ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success
[root@hellogitlab ~]# firewall-cmd --zone=public --add-port=443/tcp --permanent
success

## 说明：重启防火墙
[root@hellogitlab ~]# firewall-cmd --reload
success

## 说明：查看防火墙放行列表
[root@hellogitlab ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s3
  sources: 
  services: ssh dhcpv6-client
  ports: 80/tcp 443/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

新增GitLab的国内清华大学的yum源

清华大学YUM源地址https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/
清华大学Gitlab Community Edition 镜像使用帮助https://mirrors.tuna.tsinghua.edu.cn/help/gitlab-ce/

新建 /etc/yum.repos.d/gitlab-ce.repo，内容如下:

1
2
3
4
5
[gitlab-ce]
name=Gitlab CE Repository
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/
gpgcheck=0
enabled=1

使用以下命令添加数据:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
[root@hellogitlab ~]# cat > /etc/yum.repos.d/gitlab-ce.repo << EOF
> [gitlab-ce]
> name=Gitlab CE Repository
> baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el\$releasever/
> gpgcheck=0
> enabled=1
> EOF
[root@hellogitlab ~]# cat /etc/yum.repos.d/gitlab-ce.repo 
[gitlab-ce]
name=Gitlab CE Repository
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/
gpgcheck=0
enabled=1

查找yum源中gitlab-ce的版本:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
[root@hellogitlab ~]# yum list gitlab-ce --showduplicates|tail -n 30|head 
gitlab-ce.x86_64                  11.9.12-ce.0.el7                     gitlab-ce
gitlab-ce.x86_64                  11.10.0-ce.0.el7                     gitlab-ce
gitlab-ce.x86_64                  11.10.1-ce.0.el7                     gitlab-ce
gitlab-ce.x86_64                  11.10.2-ce.0.el7                     gitlab-ce
gitlab-ce.x86_64                  11.10.3-ce.0.el7                     gitlab-ce
gitlab-ce.x86_64                  11.10.4-ce.0.el7                     gitlab-ce
gitlab-ce.x86_64                  11.10.5-ce.0.el7                     gitlab-ce
gitlab-ce.x86_64                  11.10.6-ce.0.el7                     gitlab-ce
gitlab-ce.x86_64                  11.10.7-ce.0.el7                     gitlab-ce
gitlab-ce.x86_64                  11.10.8-ce.0.el7                     gitlab-ce

安装gitlab-ce-11.10.0

我们安装11.10.0版本:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
[root@hellogitlab ~]# yum install gitlab-ce-11.10.0 -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.tuna.tsinghua.edu.cn
 * updates: mirrors.tuna.tsinghua.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package gitlab-ce.x86_64 0:11.10.0-ce.0.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================================================
 Package                         Arch                         Version                                   Repository                       Size
==============================================================================================================================================
Installing:
 gitlab-ce                       x86_64                       11.10.0-ce.0.el7                          gitlab-ce                       594 M

Transaction Summary
==============================================================================================================================================
Install  1 Package

Total download size: 594 M
Installed size: 594 M
Downloading packages:
gitlab-ce-11.10.0-ce.0.el7.x86_64.rpm                    14% [======-                                       ] 5.9 MB/s |  88 MB  00:01:24 ETA 
gitlab-ce-11.10.0-ce.0.el7.x86_64.rpm                                                                                  | 594 MB  00:01:56     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : gitlab-ce-11.10.0-ce.0.el7.x86_64 [###################################                                                   ] 1/1
  Installing : gitlab-ce-11.10.0-ce.0.el7.x86_64 [############################################################                          ] 1/1
  Installing : gitlab-ce-11.10.0-ce.0.el7.x86_64                                                                                          1/1 
It looks like GitLab has not been configured yet; skipping the upgrade script.

       *.                  *.
      ***                 ***
     *****               *****
    .******             *******
    ********            ********
   ,,,,,,,,,***********,,,,,,,,,
  ,,,,,,,,,,,*********,,,,,,,,,,,
  .,,,,,,,,,,,*******,,,,,,,,,,,,
      ,,,,,,,,,*****,,,,,,,,,.
         ,,,,,,,****,,,,,,
            .,,,***,,,,
                ,*,.



     _______ __  __          __
    / ____(_) /_/ /   ____ _/ /_
   / / __/ / __/ /   / __ `/ __ \
  / /_/ / / /_/ /___/ /_/ / /_/ /
  \____/_/\__/_____/\__,_/_.___/


Thank you for installing GitLab!
GitLab was unable to detect a valid hostname for your instance.
Please configure a URL for your GitLab instance by setting `external_url`
configuration in /etc/gitlab/gitlab.rb file.
Then, you can start your GitLab instance by running the following command:
  sudo gitlab-ctl reconfigure

For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md

  Verifying  : gitlab-ce-11.10.0-ce.0.el7.x86_64                                                                                          1/1 

Installed:
  gitlab-ce.x86_64 0:11.10.0-ce.0.el7                                                                                                         

Complete!

查看GitLab版本:

1
2
[root@hellogitlab ~]# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
11.10.0

配置GitLab配置文件

GitLab配置文件存放路径为/etc/gitlab/gitlab.rb，我们先备份一份原始配置文件:

1
2
3
4
5
6
7
[root@hellogitlab ~]# cp /etc/gitlab/gitlab.rb /etc/gitlab/gitlab.rb.20190818_1106.bak
[root@hellogitlab ~]# ls -lah /etc/gitlab/
total 188K
drwxr-xr-x   2 root root   58 Aug 18 11:06 .
drwxr-xr-x. 77 root root 8.0K Aug 18 11:03 ..
-rw-------   1 root root  88K Aug 18 11:03 gitlab.rb
-rw-------   1 root root  88K Aug 18 11:06 gitlab.rb.20190818_1106.bak

外部URL(external URL)配置

为了给用户展示正确的仓库克隆链接，需要设置external URL。
外部URL可以分多种形式：
1. IP地址形式的URL，开放80端口
2. 域名形式的URL，开放80端口
3. 使用CA认证的URL，开放443端口

第一种方式通过IP地址形式的URL开放80端口，可以参考CenOS7安装GitLab(使用外部Nginx配置)。

我们今天使用域名形式和CA认证的URL。先尝试使用域名形式的URL。

13 external_url ‘http://gitlab.example.com’ —> external_url ‘http://hellogitlab.com’

说明："—>" 表示修改为，前面的13表示第13行。

使用命令修改:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
## 查看本地的hostname，并绑定hostname与ip地址
[root@hellogitlab ~]# hostname
hellogitlab.com
[root@hellogitlab ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@hellogitlab ~]# ip addr show|grep 192
    inet 192.168.1.11/24 brd 192.168.1.255 scope global noprefixroute dynamic enp0s3
[root@hellogitlab ~]# echo "192.168.1.11    hellogitlab.com" >> /etc/hosts
[root@hellogitlab ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.11    hellogitlab.com
[root@hellogitlab ~]# ping hellogitlab.com -c 3
PING hellogitlab.com (192.168.1.11) 56(84) bytes of data.
64 bytes from hellogitlab.com (192.168.1.11): icmp_seq=1 ttl=64 time=0.032 ms
64 bytes from hellogitlab.com (192.168.1.11): icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from hellogitlab.com (192.168.1.11): icmp_seq=3 ttl=64 time=0.040 ms

--- hellogitlab.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.032/0.037/0.040/0.006 ms

## 设置gitlab的URL地址
[root@hellogitlab ~]# sed -i "13s@external_url 'http://gitlab.example.com'@external_url \"http://hellogitlab.com\"@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# cat -n /etc/gitlab/gitlab.rb|sed -n '13p'
    13  external_url "http://hellogitlab.com"

时区配置

时区设置为"Asia/Shanghai":

49 # gitlab_rails[’time_zone’] = ‘UTC’ —> gitlab_rails[’time_zone’] = ‘Asia/Shanghai’

使用命令修改:

1
2
3
[root@hellogitlab ~]# sed -i "49s@^# gitlab_rails\['time_zone'\] = 'UTC'@gitlab_rails\['time_zone'\] = 'Asia/Shanghai'@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# cat -n /etc/gitlab/gitlab.rb|sed -n '49p'
    49  gitlab_rails['time_zone'] = 'Asia/Shanghai'

Email邮箱设置

参考： https://docs.gitlab.com/omnibus/settings/smtp.html

我们使用网易的163邮箱作为邮件的发送人。

原始配置:

1
2
3
4
5
6
51 ### Email Settings
52 # gitlab_rails['gitlab_email_enabled'] = true
53 # gitlab_rails['gitlab_email_from'] = 'example@example.com'
54 # gitlab_rails['gitlab_email_display_name'] = 'Example'
55 # gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
56 # gitlab_rails['gitlab_email_subject_suffix'] = ''

修改为:

1
2
3
4
5
6
51 ### Email Settings
52 gitlab_rails['gitlab_email_enabled'] = true
53 gitlab_rails['gitlab_email_from'] = 'mzh_love_linux@163.com'
54 # gitlab_rails['gitlab_email_display_name'] = 'GitLab'
55 # gitlab_rails['gitlab_email_reply_to'] = 'mzh_love_linux@163.com'
56 # gitlab_rails['gitlab_email_subject_suffix'] = '[GitLab]'

使用命令修改:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
[root@hellogitlab ~]# sed -i "52s@^# gitlab_rails\['gitlab_email_enabled'\] = true@gitlab_rails\['gitlab_email_enabled'\] = true@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "53s@^# gitlab_rails\['gitlab_email_from'\] = 'example\@example.com'@gitlab_rails\['gitlab_email_from'\] = 'mzh_love_linux\@163.com'@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "54s@^# gitlab_rails\['gitlab_email_display_name'\] = 'Example'@gitlab_rails\['gitlab_email_display_name'\] = 'GitLab'@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "55s@^# gitlab_rails\['gitlab_email_reply_to'\] = 'noreply\@example.com'@gitlab_rails\['gitlab_email_reply_to'\] = 'mzh_love_linux\@163.com'@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "56s@^# gitlab_rails\['gitlab_email_subject_suffix'\] = ''@gitlab_rails\['gitlab_email_subject_suffix'\] = '[GitLab]'@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# cat -n /etc/gitlab/gitlab.rb|sed -n '51,56p'
    51  ### Email Settings
    52  gitlab_rails['gitlab_email_enabled'] = true
    53  gitlab_rails['gitlab_email_from'] = 'mzh_love_linux@163.com'
    54  gitlab_rails['gitlab_email_display_name'] = 'GitLab'
    55  gitlab_rails['gitlab_email_reply_to'] = 'mzh_love_linux@163.com'
    56  gitlab_rails['gitlab_email_subject_suffix'] = '[GitLab]'

禁止用户创建顶层组

参考： https://docs.gitlab.com/ee/administration/user_settings.html#disallow-users-creating-top-level-groups

禁止用户创建顶层组(Disallow users creating top-level groups):

59 # gitlab_rails[‘gitlab_default_can_create_group’] = true —> gitlab_rails[‘gitlab_default_can_create_group’] = false

使用命令修改:

1
2
3
[root@hellogitlab ~]# sed -i "59s@# gitlab_rails\['gitlab_default_can_create_group'\] = true@gitlab_rails\['gitlab_default_can_create_group'\] = false@g"  /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# cat -n /etc/gitlab/gitlab.rb|sed -n '59p' 
    59  gitlab_rails['gitlab_default_can_create_group'] = false

禁止用户修改用户名

参考： https://docs.gitlab.com/ee/administration/user_settings.html#disallow-users-changing-usernames

禁止用户修改用户名(Disallow users changing usernames):

60 # gitlab_rails[‘gitlab_username_changing_enabled’] = true —> gitlab_rails[‘gitlab_username_changing_enabled’] = false

使用命令修改:

1
2
3
[root@hellogitlab ~]# sed -i "60s@# gitlab_rails\['gitlab_username_changing_enabled'\] = true@gitlab_rails\['gitlab_username_changing_enabled'\] = false@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# cat -n /etc/gitlab/gitlab.rb|sed -n '60p'
    60  gitlab_rails['gitlab_username_changing_enabled'] = false

GitLab trusted_proxies可信代理配置

将IP子网段添加到可信代理中:

113 # gitlab_rails[’trusted_proxies’] = [] —> gitlab_rails[’trusted_proxies’] = [‘192.168.1.0/24’]

使用命令修改:

1
2
3
[root@hellogitlab ~]# sed -i "113s@^# gitlab_rails\['trusted_proxies'\] = \[\]@gitlab_rails['trusted_proxies'] = \['192.168.1.0/24'\]@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# cat -n /etc/gitlab/gitlab.rb|sed -n '113p'
   113  gitlab_rails['trusted_proxies'] = ['192.168.56.0/24']

git仓库存储目录配置

参考： https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory

git仓库存储目录默认为/var/opt/gitlab/git-data ，由于git仓库存储数据比较多，最好将存储目录设置LVM或者支持NFS协议(network file system protocol)的NAS或SAN网络存储设备对应的卷的路径，便于后面扩容。

::: tip 注意 git仓库存储目录必须是目录，不能是软链接 ！！ :::

修改git_data_dirs的配置:

1
2
3
4
5
380 # git_data_dirs({                                                                       
381 #   "default" => {
382 #     "path" => "/mnt/nfs-01/git-data"
383 #    }
384 # })

修改为:

1
2
3
4
5
380 git_data_dirs({                                                                                                                               
381     "default" => {
382         "path" => "/home/git/git-data"
383     }
384 })

使用命令修改:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
[root@hellogitlab ~]# sed -i "380s@^# git_data_dirs@git_data_dirs@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "381s@^#   \"default@    \"default@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "382s@^#     \"path\" => \"/mnt/nfs-01/git-data\"@        \"path\" => \"/home/git/git-data\"@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "383s@^#    }@    }@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "384s@^# })@})@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# cat -n /etc/gitlab/gitlab.rb|sed -n '380,384p'
   380  git_data_dirs({
   381      "default" => {
   382          "path" => "/home/git/git-data"
   383      }
   384  })

创建仓库存储目录:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
[root@hellogitlab ~]# useradd -d /home/git -s /sbin/nologin git
[root@hellogitlab ~]# ls -lah /home/git/
total 12K
drwx------  2 git  git   62 Aug 18 11:25 .
drwxr-xr-x. 4 root root  35 Aug 18 11:25 ..
-rw-r--r--  1 git  git   18 Oct 31  2018 .bash_logout
-rw-r--r--  1 git  git  193 Oct 31  2018 .bash_profile
-rw-r--r--  1 git  git  231 Oct 31  2018 .bashrc
[root@hellogitlab ~]# cat /etc/passwd|grep git
git:x:1001:1001::/home/git:/sbin/nologin
[root@hellogitlab ~]# id git
uid=1001(git) gid=1001(git) groups=1001(git)
[root@hellogitlab ~]# ls -lad /home/git/
drwx------. 4 git git 111 Jun 22 19:45 /home/git/
[root@hellogitlab ~]# ls -lad /home/git/git-data/
drwxr-xr-x. 2 root root 6 Jun 22 19:45 /home/git/git-data/
[root@hellogitlab ~]# chown git:root /home/git/git-data/
[root@hellogitlab ~]# ls -lad /home/git/git-data/       
drwxr-xr-x. 2 git root 6 Jun 22 19:45 /home/git/git-data/

SMTP外部邮箱设置

参考： https://docs.gitlab.com/omnibus/settings/smtp.html

我们使用外部邮箱发送邮件通知。

SMTP的原始信息:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
507 ### GitLab email server settings
508 ###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
509 ###! **Use smtp instead of sendmail/postfix.**
510                                                                                                                                                 
511 # gitlab_rails['smtp_enable'] = true
512 # gitlab_rails['smtp_address'] = "smtp.server"
513 # gitlab_rails['smtp_port'] = 465
514 # gitlab_rails['smtp_user_name'] = "smtp user"
515 # gitlab_rails['smtp_password'] = "smtp password"
516 # gitlab_rails['smtp_domain'] = "example.com"
517 # gitlab_rails['smtp_authentication'] = "login"
518 # gitlab_rails['smtp_enable_starttls_auto'] = true
519 # gitlab_rails['smtp_tls'] = false

修改为:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
507 ### GitLab email server settings
508 ###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
509 ###! **Use smtp instead of sendmail/postfix.**
510                                                                                                                                                 
511 gitlab_rails['smtp_enable'] = true
512 gitlab_rails['smtp_address'] = "smtp.163.com"
513 gitlab_rails['smtp_port'] = 465
514 gitlab_rails['smtp_user_name'] = "mzh_love_linux@163.com"
515 gitlab_rails['smtp_password'] = "authCode"  # <--- 说明：先在邮箱设置中开启客户端授权码，防止密码泄露，此处填写网易邮箱的授权码，不要填写真实密码
516 gitlab_rails['smtp_domain'] = "163.com"
517 gitlab_rails['smtp_authentication'] = "login"
518 gitlab_rails['smtp_enable_starttls_auto'] = true
519 gitlab_rails['smtp_tls'] = true

使用命令修改:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
[root@hellogitlab ~]# sed -i "511s@# gitlab_rails\['smtp_enable'\] = true@gitlab_rails\['smtp_enable'\] = true@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "512s@# gitlab_rails\['smtp_address'\] = \"smtp.server\"@gitlab_rails\['smtp_address'\] = \"smtp.163.com\"@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "513s@# gitlab_rails\['smtp_port'\] = 465@gitlab_rails\['smtp_port'\] = 465@g"  /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "514s@# gitlab_rails\['smtp_user_name'\] = \"smtp user\"@gitlab_rails\['smtp_user_name'\] = \"mzh_love_linux\@163.com\"@g"  /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "515s@# gitlab_rails\['smtp_password'\] = \"smtp password\"@gitlab_rails\['smtp_password'\] = \"authCode\"@g"  /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "516s@# gitlab_rails\['smtp_domain'\] = \"example.com\"@gitlab_rails\['smtp_domain'\] = \"163.com\"@g"  /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "517s@# gitlab_rails\['smtp_authentication'\] = \"login\"@gitlab_rails\['smtp_authentication'\] = \"login\"@g"  /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "518s@# gitlab_rails\['smtp_enable_starttls_auto'\] = true@gitlab_rails\['smtp_enable_starttls_auto'\] = true@g"  /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "519s@# gitlab_rails\['smtp_tls'\] = false@gitlab_rails\['smtp_tls'\] = true@g"  /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# cat -n /etc/gitlab/gitlab.rb|sed -n '511,519p'
   511  gitlab_rails['smtp_enable'] = true
   512  gitlab_rails['smtp_address'] = "smtp.163.com"
   513  gitlab_rails['smtp_port'] = 465
   514  gitlab_rails['smtp_user_name'] = "mzh_love_linux@163.com"
   515  gitlab_rails['smtp_password'] = "authCode"
   516  gitlab_rails['smtp_domain'] = "163.com"
   517  gitlab_rails['smtp_authentication'] = "login"
   518  gitlab_rails['smtp_enable_starttls_auto'] = true
   519  gitlab_rails['smtp_tls'] = true

::: tip 说明配置生效后，需要测试SMTP发送邮件是否成功！测试SMTP设置参考： https://docs.gitlab.com/omnibus/settings/smtp.html#testing-the-smtp-configuration :::

改变Git有用户和组信息

参考： https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user–group

Git配置的原始信息:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
653 # user['username'] = "git"
654 # user['group'] = "git"                                                                                                                         
655 # user['uid'] = nil
656 # user['gid'] = nil
657 
658 ##! The shell for the git user
659 # user['shell'] = "/bin/sh"
660 
661 ##! The home directory for the git user
662 # user['home'] = "/var/opt/gitlab"
663 
664 # user['git_user_name'] = "GitLab"
665 # user['git_user_email'] = "gitlab@#{node['fqdn']}"
666 

我们修改为:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
653 user['username'] = "git"    # <-- 说明： 此行被修改
654 user['group'] = "git"     # <-- 说明： 此行被修改
655 # user['uid'] = nil
656 # user['gid'] = nil
657 
658 ##! The shell for the git user
659 # user['shell'] = "/bin/sh"
660 
661 ##! The home directory for the git user
662 user['home'] = "/home/git"     # <-- 说明： 此行被修改
663 
664 # user['git_user_name'] = "GitLab"
665 # user['git_user_email'] = "mzh_love_linux@163.com"     # <-- 说明： 此行被修改，邮箱地址是配置SMTP需要使用的邮箱地址
666 

使用命令修改:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
[root@hellogitlab ~]# sed -i "653s@^# user\['username'\]@user\['username'\]@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "654s@^# user\['group'\]@user\['group'\]@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "662s@^# user\['home'\] = \"/var/opt/gitlab\"@user\['home'\] = \"/home/git\"@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "665s@^# user\['git_user_email'\] = \"gitlab\@#{node\['fqdn'\]}\"@user\['git_user_email'\] = \"mzh_love_linux\@163.com\"@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# cat -n /etc/gitlab/gitlab.rb|sed -n '653,665p'
   653  user['username'] = "git"
   654  user['group'] = "git"
   655  # user['uid'] = nil
   656  # user['gid'] = nil
   657
   658  ##! The shell for the git user
   659  # user['shell'] = "/bin/sh"
   660
   661  ##! The home directory for the git user
   662  user['home'] = "/home/git"
   663
   664  # user['git_user_name'] = "GitLab"
   665  user['git_user_email'] = "mzh_love_linux@163.com"

设置非捆绑WEB服务器的用户名

参考： https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server

WEB SERVER配置的原始信息:

1
2
3
4
5
6
7
8
9
968 ##! When bundled nginx is disabled we need to add the external webserver user to
969 ##! the GitLab webserver group.
970 # web_server['external_users'] = []
971 # web_server['username'] = 'gitlab-www'
972 # web_server['group'] = 'gitlab-www'
973 # web_server['uid'] = nil
974 # web_server['gid'] = nil
975 # web_server['shell'] = '/bin/false'
976 # web_server['home'] = '/var/opt/gitlab/nginx'

修改为:

1
2
3
4
5
6
7
970 web_server['external_users'] = ['nginx', 'root']
971 web_server['username'] = 'nginx'
972 web_server['group'] = 'nginx'
973 # web_server['uid'] = nil
974 # web_server['gid'] = nil
975 # web_server['shell'] = '/bin/false'
976 # web_server['home'] = '/var/opt/gitlab/nginx'

使用命令修改:

1
2
3
4
5
6
7
[root@hellogitlab ~]# sed -i "970s@^# web_server\['external_users'\] = \[\]@web_server\['external_users'\] = \['nginx', 'root'\]@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "971s@^# web_server\['username'\] = 'gitlab-www'@web_server\['username'\] = 'nginx'@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# sed -i "972s@^# web_server\['group'\] = 'gitlab-www'@web_server\['group'\] = 'nginx'@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# cat -n /etc/gitlab/gitlab.rb|sed -n '970,972p'
   970  web_server['external_users'] = ['nginx', 'root']
   971  web_server['username'] = 'nginx'
   972  web_server['group'] = 'nginx'

安装外部Nginx服务:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
[root@hellogitlab ~]# yum install nginx -y
[root@hellogitlab ~]# nginx -V
nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_auth_request_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'
[root@hellogitlab ~]# nginx -v
nginx version: nginx/1.12.2

[root@hellogitlab ~]# cat /etc/passwd|grep nginx
nginx:x:997:994:Nginx web server:/var/lib/nginx:/sbin/nologin
[root@hellogitlab ~]# usermod -d /var/opt/gitlab/nginx nginx
[root@hellogitlab ~]# cat /etc/passwd|grep nginx            
nginx:x:997:994:Nginx web server:/var/opt/gitlab/nginx:/sbin/nologin

设置非捆绑WEB服务器为Nginx

关闭捆绑WEB服务器：

983 # nginx[’enable’] = true –> nginx[’enable’] = false

使用命令修改:

1
2
3
[root@hellogitlab ~]# sed -i "983s@^# nginx\['enable'\] = true@nginx\['enable'\] = false@g" /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# cat -n /etc/gitlab/gitlab.rb|sed -n '983p'    
   983  nginx['enable'] = false

配置GitLab的Nginx配置文件

参考： https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/web-server/nginx

下载nginx的gitlab配置模板文件，注：下载单个文件时，应查看文件的raw文件::

1
[root@hellogitlab ~]# wget https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/web-server/nginx/gitlab-omnibus-nginx.conf

你也可以通过点击下面的按钮进行下载。

download gitlab-omnibus-nginx.conf

将 gitlab-omnibus-nginx.conf移动到/etc/nginx/conf.d目录:

1
2
3
4
5
6
[root@hellogitlab ~]# mv gitlab-omnibus-nginx.conf /etc/nginx/conf.d/
[root@hellogitlab ~]# ls -lah /etc/nginx/conf.d/
total 8.0K
drwxr-xr-x 2 root root   39 Aug 18 11:40 .
drwxr-xr-x 4 root root 4.0K Aug 18 11:36 ..
-rw-r--r-- 1 root root 2.1K Aug 18 11:40 gitlab-omnibus-nginx.conf

并修改YOUR_SERVER_FQDN为域名:

31 server_name YOUR_SERVER_FQDN; —> server_name hellogitlab.com;

使用命令修改:

1
2
3
[root@hellogitlab ~]# sed -i "31s@server_name YOUR_SERVER_FQDN;@server_name hellogitlab.com;@g" /etc/nginx/conf.d/gitlab-omnibus-nginx.conf
[root@hellogitlab ~]# cat -n /etc/nginx/conf.d/gitlab-omnibus-nginx.conf|sed -n '31p'
    31    server_name hellogitlab.com; ## Replace this with something like gitlab.example.com

禁用/etc/nginx/nginx.conf 中的默认的80端口的server配置:

80端口的server的原始信息:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
38     server {
39         listen       80 default_server;
40         listen       [::]:80 default_server;
41         server_name  _;
42         root         /usr/share/nginx/html;
43 
44         # Load configuration files for the default server block.
45         include /etc/nginx/default.d/*.conf;
46 
47         location / {
48         }
49 
50         error_page 404 /404.html;
51             location = /40x.html {
52         }
53 
54         error_page 500 502 503 504 /50x.html;
55             location = /50x.html {
56         }                                                          
57     }

修改为:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
38  #     server {
39  #         listen       80 default_server;
40  #         listen       [::]:80 default_server;
41  #         server_name  _;
42  #         root         /usr/share/nginx/html;
43  # 
44  #         # Load configuration files for the default server block.
45  #         include /etc/nginx/default.d/*.conf;
46  # 
47  #         location / {
48  #         }
49  # 
50  #         error_page 404 /404.html;
51  #             location = /40x.html {
52  #         }
53  # 
54  #         error_page 500 502 503 504 /50x.html;
55  #             location = /50x.html {
56  #         }
57  #     }

使用命令修改:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
[root@hellogitlab ~]# sed -i "38,57s@^@# @g" /etc/nginx/nginx.conf
[root@hellogitlab ~]# cat -n /etc/nginx/nginx.conf|sed -n '38,57p'
    38  #     server {
    39  #         listen       80 default_server;
    40  #         listen       [::]:80 default_server;
    41  #         server_name  _;
    42  #         root         /usr/share/nginx/html;
    43  # 
    44  #         # Load configuration files for the default server block.
    45  #         include /etc/nginx/default.d/*.conf;
    46  # 
    47  #         location / {
    48  #         }
    49  # 
    50  #         error_page 404 /404.html;
    51  #             location = /40x.html {
    52  #         }
    53  # 
    54  #         error_page 500 502 503 504 /50x.html;
    55  #             location = /50x.html {
    56  #         }
    57  #     }

检查nginx配置是否正确:

1
2
3
[root@hellogitlab ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

加载配置

使用gitlab-ctl reconfigure重新加载配置:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
[root@hellogitlab ~]# gitlab-ctl reconfigure
Starting Chef Client, version 13.6.4
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
  - postgresql (0.1.0)
  - redis (0.1.0)
  - package (0.1.0)
  - gitlab (0.0.1)
  - letsencrypt (0.1.0)
  - nginx (0.1.0)
  - runit (4.3.0)
  - registry (0.1.0)
  - gitaly (0.1.0)
  - consul (0.1.0)
  - mattermost (0.1.0)
  - crond (0.1.0)
  - acme (3.1.0)
  - compat_resource (12.19.1)
Installing Cookbook Gems:
Compiling Cookbooks...
..... 执行剧本，省略
..... 执行剧本，省略
Recipe: <Dynamically Defined Resource>
  * service[gitaly] action restart
    - restart service service[gitaly]
Recipe: gitaly::enable
  * runit_service[gitaly] action hup
    - send hup to runit_service[gitaly]
Recipe: <Dynamically Defined Resource>
  * service[gitlab-workhorse] action restart
    - restart service service[gitlab-workhorse]
  * service[node-exporter] action restart
    - restart service service[node-exporter]
  * service[gitlab-monitor] action restart
    - restart service service[gitlab-monitor]
  * service[redis-exporter] action restart
    - restart service service[redis-exporter]
  * service[prometheus] action restart
    - restart service service[prometheus]
Recipe: gitlab::prometheus
  * execute[reload prometheus] action run
    - execute /opt/gitlab/bin/gitlab-ctl hup prometheus
Recipe: <Dynamically Defined Resource>
  * service[alertmanager] action restart
    - restart service service[alertmanager]
  * service[postgres-exporter] action restart
    - restart service service[postgres-exporter]

Running handlers:
Running handlers complete
Chef Client finished, 457/1201 resources updated in 03 minutes 40 seconds
gitlab Reconfigured!

没有报错，看到"gitlab Reconfigured!"，说明加载配置成功！！

测试SMTP配置

运行gitlab-rails console进入到gitlab-rails控制台:

1
2
3
4
5
6
7
8
[root@hellogitlab ~]# gitlab-rails console
-------------------------------------------------------------------------------------
 GitLab:       11.10.0 (8a802d1c6b7)
 GitLab Shell: 9.0.0
 PostgreSQL:   9.6.11
-------------------------------------------------------------------------------------
Loading production environment (Rails 5.0.7.2)
irb(main):001:0>

发送测试邮件:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
irb(main):002:0> Notify.test_email('798423939@qq.com', 'Message Subject by gitlab-rails', '<p style="color:red;">Message Body</p>').deliver_now
Notify#test_email: processed outbound mail in 497.2ms
Sent mail to 798423939@qq.com (2781.6ms)
Date: Sun, 18 Aug 2019 11:55:54 +0800
From: GitLab <mzh_love_linux@163.com>
Reply-To: GitLab <mzh_love_linux@163.com>
To: 798423939@qq.com
Message-ID: <5d58cc4aedc53_59db3fa38ffd65fc74929@hellogitlab.com.mail>
Subject: Message Subject by gitlab-rails
Mime-Version: 1.0
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p style="color: red;">Message Body</p></body></html>

=> #<Mail::Message:69971471528860, Multipart: false, Headers: <Date: Sun, 18 Aug 2019 11:55:54 +0800>, <From: GitLab <mzh_love_linux@163.com>>, <Reply-To: GitLab <mzh_love_linux@163.com>>, <To: 798423939@qq.com>, <Message-ID: <5d58cc4aedc53_59db3fa38ffd65fc74929@hellogitlab.com.mail>>, <Subject: Message Subject by gitlab-rails>, <Mime-Version: 1.0>, <Content-Type: text/html; charset=UTF-8>, <Content-Transfer-Encoding: 7bit>, <Auto-Submitted: auto-generated>, <X-Auto-Response-Suppress: All>>

## 退出命令行
irb(main):003:0> quit

没有报异常，说明邮件发送成功！登陆QQ邮箱检查邮件信息，发现已经收到邮件！

启动GitLab和Nginx服务

启动GitLab和Nginx服务:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
[root@hellogitlab ~]# systemctl start gitlab-runsvdir
[root@hellogitlab ~]# gitlab-ctl start
ok: run: alertmanager: (pid 22117) 1042s
ok: run: gitaly: (pid 21983) 1050s
ok: run: gitlab-monitor: (pid 22047) 1048s
ok: run: gitlab-workhorse: (pid 22011) 1050s
ok: run: logrotate: (pid 21486) 1191s
ok: run: node-exporter: (pid 22026) 1049s
ok: run: postgres-exporter: (pid 22131) 1042s
ok: run: postgresql: (pid 21050) 1286s
ok: run: prometheus: (pid 22075) 1047s
ok: run: redis: (pid 20820) 1308s
ok: run: redis-exporter: (pid 22056) 1048s
ok: run: sidekiq: (pid 21407) 1203s
ok: run: unicorn: (pid 21351) 1209s
[root@hellogitlab ~]# systemctl start nginx
[root@hellogitlab ~]# netstat -tunlp|grep nginx
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      24963/nginx: master 
tcp6       0      0 :::80                   :::*                    LISTEN      24963/nginx: master 

::: tip 注意启动GitLab和Nginx服务前，先要使用systemctl start gitlab-runsvdir启动 runsv。 :::

配置宿主机IP、域名绑定关系

配置C:\Windows\System32\drivers\etc\hosts文件，增加以下内容：

1
192.168.1.11 hellogitlab.com

测试是否能够ping通hellogitlab.com:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
$ ping hellogitlab.com

正在 Ping hellogitlab.com [192.168.1.11] 具有 32 字节的数据:
来自 192.168.1.11 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.1.11 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.1.11 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.1.11 的回复: 字节=32 时间<1ms TTL=64

192.168.1.11 的 Ping 统计信息:
    数据包: 已发送 = 4，已接收 = 4，丢失 = 0 (0% 丢失)，
往返行程的估计时间(以毫秒为单位):
    最短 = 0ms，最长 = 0ms，平均 = 0ms

发现可以ping通过服务器，说明网络是通的。

关闭SELinux

查看SELinux的具体的工作状态:

1
2
[root@hellogitlab ~]# getenforce 
Disabled

说明SELinux已经关闭！

访问GitLab

在Google浏览器中访问URL: http://hellogitlab.com/ ，可以看到GitLab页面了。

如果发现异常，可查看GitLab的错误日志文件/var/log/nginx/gitlab_error.log，另外检查SELinux是否关闭。

GitLab WEB界面配置

设置GitLab管理员root的密码为"1234567890"，并重新登陆，进入主页：

新建一个用户，并设置为管理员:

登陆邮箱查看邮件，验证账号：

点击链接"Click here to set your password"重置密码:

使用刚新建的管理员账号登陆：

创建一个新的个人项目：

点击"Create project"创建项目。

创建完成后，可以看到跳转到项目详情界面：

我们将宿主机上的个人公钥加到Gitlab上去，如果没有公钥，可以使用ssh-keygen -C your_email@example.com添加。

在WEB界面添加SSH KEY：

配置git环境:

1
2
3
4
5
$ git config --global user.name "Zhaohui Mei"
$ git config --global user.email "mzh.whut@gmail.com"
$ git config --global --list
user.name=Zhaohui Mei
user.email=mzh.whut@gmail.com

克隆下载项目文件:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
$ git clone git@hellogitlab.com:meizhaohui/firstrepo.git                                            
Cloning into 'firstrepo'...                                                                         
The authenticity of host 'hellogitlab.com (192.168.1.11)' can't be established.                     
ECDSA key fingerprint is SHA256:c3MxIn6mHOUu3SY/+PvOVFwQQrWTrzzuaNgoR5R4iHc.                        
Are you sure you want to continue connecting (yes/no)? yes                                          
Warning: Permanently added 'hellogitlab.com,192.168.1.11' (ECDSA) to the list of known hosts.       
remote: Enumerating objects: 3, done.                                                               
remote: Counting objects: 100% (3/3), done.                                                         
remote: Total 3 (delta 0), reused 0 (delta 0)                                                       
Receiving objects: 100% (3/3), done.                                                                

提交修改:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
$ cd firstrepo\                                                       
                                                                      
                             
$ git diff                                                            
diff --git a/README.md b/README.md                                    
index f3156d7..a8737ce 100644                                         
--- a/README.md                                                       
+++ b/README.md                                                       
@@ -1,3 +1,4 @@                                                       
 # firstrepo                                                          

-第一个gitlab项目                                                     
\ No newline at end of file                                           
+第一个gitlab项目                                                     
+add by ssh method.                                                   
                                                                      
                              
$ git add -A                                                          
                                                                      
                           
$ git commit -m"通过SSH下载并提交修改"                                
[master 787a9ba] 通过SSH下载并提交修改                                
 1 file changed, 2 insertions(+), 1 deletion(-)                       
                                                                      
                           
$ git push origin master:master                                       
Enumerating objects: 5, done.                                         
Counting objects: 100% (5/5), done.                                   
Delta compression using up to 12 threads                              
Compressing objects: 100% (2/2), done.                                
Writing objects: 100% (3/3), 343 bytes | 343.00 KiB/s, done.          
Total 3 (delta 0), reused 0 (delta 0)                                 
To hellogitlab.com:meizhaohui/firstrepo.git                           
   30e1ce1..787a9ba  master -> master                                 

可以发现合入成功！

在WEB界面上查看刚才的提交:

通过http方式下载项目文件:

1
2
3
4
5
6
7
$ git clone http://hellogitlab.com/meizhaohui/firstrepo.git http
Cloning into 'http'...
remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (6/6), done.

在克隆下载时，需要输入用户名和密码：

我们再次进行修改并提交:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
$ cd http\                                                                     
                                                                               
                                          
$ git diff                                                                     
diff --git a/README.md b/README.md                                             
index a8737ce..80725a0 100644                                                  
--- a/README.md                                                                
+++ b/README.md                                                                
@@ -2,3 +2,4 @@                                                                
                                                                               
 第一个gitlab项目                                                              
 add by ssh method.                                                            
+add by http method.                                                           
                                                                                                                          
$ git add -A                                                                   
                                                                               
                                          
$ git commit -m"通过HTTP方式下载并提交修改"                                    
[master a89dc8c] 通过HTTP方式下载并提交修改                                    
 1 file changed, 1 insertion(+)                                                
                                                                               
                                            
$ git push origin master:master                                                
Enumerating objects: 5, done.                                                  
Counting objects: 100% (5/5), done.                                            
Delta compression using up to 12 threads                                       
Compressing objects: 100% (2/2), done.                                         
Writing objects: 100% (3/3), 360 bytes | 180.00 KiB/s, done.                   
Total 3 (delta 0), reused 0 (delta 0)                                          
To http://hellogitlab.com/meizhaohui/firstrepo.git                             
   787a9ba..a89dc8c  master -> master                                          

可以发现通过http方式也可以合入修改！

在WEB界面上查看刚才的提交:

GitLab HTTPS协议配置

下载配置文件

上述使用HTTP域名方式配置的GitLab正常可用，我们在此基础上配置HTTPS协议，使我们的GitLab更安全！

首先，我们下载gitlab-omnibus-ssl-nginx.conf配置文件:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
[root@hellogitlab ~]# wget https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/web-server/nginx/gitlab-omnibus-ssl-nginx.conf
--2019-08-18 16:23:17--  https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/web-server/nginx/gitlab-omnibus-ssl-nginx.conf
Resolving gitlab.com (gitlab.com)... 35.231.145.151
Connecting to gitlab.com (gitlab.com)|35.231.145.151|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4695 (4.6K) [text/plain]
Saving to: ‘gitlab-omnibus-ssl-nginx.conf’

100%[====================================================================================================>] 4,695       --.-K/s   in 0s      

2019-08-18 16:23:20 (91.4 MB/s) - ‘gitlab-omnibus-ssl-nginx.conf’ saved [4695/4695]

你也可以通过点击下面的按钮进行下载。

download gitlab-omnibus-ssl-nginx.conf

修改配置

将配置文件复制到/etc/nginx/conf.d/目录下:

1
2
3
4
5
6
7
[root@hellogitlab ~]# cp gitlab-omnibus-ssl-nginx.conf /etc/nginx/conf.d/
[root@hellogitlab ~]# ls -lah /etc/nginx/conf.d/
total 16K
drwxr-xr-x 2 root root   76 Aug 18 16:35 .
drwxr-xr-x 4 root root 4.0K Aug 18 11:44 ..
-rw-r--r-- 1 root root 2.1K Aug 18 16:23 gitlab-omnibus-nginx.conf
-rw-r--r-- 1 root root 4.6K Aug 18 16:35 gitlab-omnibus-ssl-nginx.conf

查看配置文件，我们关注35、46、52-54行：

我们将YOUR_SERVER_FQDN替换成域名地址hellogitlab.com:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
[root@hellogitlab ~]# sed -i 's/YOUR_SERVER_FQDN/hellogitlab.com/g' /etc/nginx/conf.d/gitlab-omnibus-ssl-nginx.conf
[root@hellogitlab ~]# cat -n /etc/nginx/conf.d/gitlab-omnibus-ssl-nginx.conf |sed -n '27,55p'
    27  ## Redirects all HTTP traffic to the HTTPS host
    28  server {
    29    ## Either remove "default_server" from the listen line below,
    30    ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
    31    ## to be served if you visit any address that your server responds to, eg.
    32    ## the ip address of the server (http://x.x.x.x/)
    33    listen 0.0.0.0:80;
    34    listen [::]:80 ipv6only=on default_server;
    35    server_name hellogitlab.com; ## Replace this with something like gitlab.example.com
    36    server_tokens off; ## Don't show the nginx version number, a security best practice
    37    return 301 https://$http_host$request_uri;
    38    access_log  /var/log/nginx/gitlab_access.log;
    39    error_log   /var/log/nginx/gitlab_error.log;
    40  }
    41
    42  ## HTTPS host
    43  server {
    44    listen 0.0.0.0:443 ssl;
    45    listen [::]:443 ipv6only=on ssl default_server;
    46    server_name hellogitlab.com; ## Replace this with something like gitlab.example.com
    47    server_tokens off; ## Don't show the nginx version number, a security best practice
    48    root /opt/gitlab/embedded/service/gitlab-rails/public;
    49
    50    ## Strong SSL Security
    51    ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
    52    ssl on;
    53    ssl_certificate /etc/nginx/ssl/gitlab.crt;
    54    ssl_certificate_key /etc/nginx/ssl/gitlab.key;
    55

创建自签名证书

创建自签名证书存放目录，并创建证书:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
[root@hellogitlab ~]# mkdir /etc/nginx/ssl
[root@hellogitlab ~]# openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout /etc/nginx/ssl/gitlab.key -out /etc/nginx/ssl/gitlab.crt
Generating a 2048 bit RSA private key
...............................................................................+++
....................+++
writing new private key to '/etc/nginx/ssl/gitlab.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:hubei
Locality Name (eg, city) [Default City]:wuhan
Organization Name (eg, company) [Default Company Ltd]:IT
Organizational Unit Name (eg, section) []:HelloGitlab
Common Name (eg, your name or your server's hostname) []:hellogitlab.com
Email Address []:mzh.whut@gmail.com
[root@hellogitlab ~]# ls -lah /etc/nginx/ssl/
total 12K
drwxr-xr-x 2 root root   42 Aug 18 16:52 .
drwxr-xr-x 5 root root 4.0K Aug 18 16:51 ..
-rw-r--r-- 1 root root 1.4K Aug 18 16:52 gitlab.crt
-rw-r--r-- 1 root root 1.7K Aug 18 16:52 gitlab.key

重新配置GitLab

先将http方式的配置文件备份:

1
2
3
4
5
6
7
[root@hellogitlab ~]# mv /etc/nginx/conf.d/gitlab-omnibus-nginx.conf /etc/nginx/conf.d/gitlab-omnibus-nginx.conf.bak
[root@hellogitlab ~]# ls -lah /etc/nginx/conf.d/
total 16K
drwxr-xr-x 2 root root   80 Aug 18 16:55 .
drwxr-xr-x 5 root root 4.0K Aug 18 16:51 ..
-rw-r--r-- 1 root root 2.1K Aug 18 16:23 gitlab-omnibus-nginx.conf.bak
-rw-r--r-- 1 root root 4.6K Aug 18 16:43 gitlab-omnibus-ssl-nginx.conf

停止GitLab和Nginx:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
[root@hellogitlab ~]# gitlab-ctl stop
ok: down: alertmanager: 0s, normally up
ok: down: gitaly: 0s, normally up
ok: down: gitlab-monitor: 0s, normally up
ok: down: gitlab-workhorse: 1s, normally up
ok: down: logrotate: 0s, normally up
ok: down: node-exporter: 1s, normally up
ok: down: postgres-exporter: 0s, normally up
ok: down: postgresql: 1s, normally up
ok: down: prometheus: 0s, normally up
ok: down: redis: 0s, normally up
ok: down: redis-exporter: 1s, normally up
ok: down: sidekiq: 0s, normally up
ok: down: unicorn: 0s, normally up
[root@hellogitlab ~]# systemctl stop gitlab-runsvdir
[root@hellogitlab ~]# systemctl stop nginx
[root@hellogitlab ~]# ps -ef|grep gitlab
root     20570 14345  0 17:08 pts/0    00:00:00 grep --color=auto gitlab
[root@hellogitlab ~]# ps -ef|grep nginx
root     20576 14345  0 17:08 pts/0    00:00:00 grep --color=auto nginx

修改Gitlab配置文件/etc/gitlab/gitlab.rb，将13行的http://hellogitlab.com 替换成https://hellogitlab.com:

1
2
3
[root@hellogitlab ~]# sed -i 's@http://hellogitlab.com@https://hellogitlab.com@g' /etc/gitlab/gitlab.rb
[root@hellogitlab ~]# cat -n /etc/gitlab/gitlab.rb|sed -n '13p'
    13  external_url "https://hellogitlab.com"

让配置生效:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@hellogitlab ~]# gitlab-ctl reconfigure
Starting Chef Client, version 13.6.4
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
  - package (0.1.0)
  - postgresql (0.1.0)
  - redis (0.1.0)
  - registry (0.1.0)
  - mattermost (0.1.0)
  - consul (0.1.0)
  - gitaly (0.1.0)
  - letsencrypt (0.1.0)
  - nginx (0.1.0)
  - runit (4.3.0)
  - acme (3.1.0)
  - crond (0.1.0)
  - gitlab (0.0.1)
  - compat_resource (12.19.1)
Installing Cookbook Gems:
Compiling Cookbooks...
...省略
...省略
Running handlers complete
Chef Client finished, 6/610 resources updated in 17 seconds
gitlab Reconfigured!

启动GitLab和Nginx服务:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
[root@hellogitlab ~]# systemctl start gitlab-runsvdir
[root@hellogitlab ~]# gitlab-ctl start
ok: run: alertmanager: (pid 21555) 12s
ok: run: gitaly: (pid 21537) 13s
ok: run: gitlab-monitor: (pid 21549) 12s
ok: run: gitlab-workhorse: (pid 21541) 12s
ok: run: logrotate: (pid 21545) 12s
ok: run: node-exporter: (pid 21547) 12s
ok: run: postgres-exporter: (pid 21557) 12s
ok: run: postgresql: (pid 21539) 12s
ok: run: prometheus: (pid 21553) 12s
ok: run: redis: (pid 21535) 13s
ok: run: redis-exporter: (pid 21551) 12s
ok: run: sidekiq: (pid 21533) 13s
ok: run: unicorn: (pid 21543) 12s
[root@hellogitlab ~]# systemctl start nginx

访问GitLab

在Google浏览器中访问URL:http://hellogitlab.com/ ，可以看到页面自动跳转到https://hellogitlab.com/了：

我们点击"高级"–“继续前往hellogitlab.com（不安全）"，可以看到打开了 https://hellogitlab.com/页面：

我们使用"meizhaohui"这个账号进行登陆，发现可以登陆上，登陆后的界面如下：

查看项目的详情界面，点击"clone"按钮，查看URL地址是否更新，可以发现URL已经变成https开头了：

我们在宿主机上面使用https方式克隆下载仓库，也需要输入用户名和密码：

修改文件并提交:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
$ git clone https://hellogitlab.com/meizhaohui/firstrepo.git https
Cloning into 'https'...
remote: Enumerating objects: 9, done.
remote: Counting objects: 100% (9/9), done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 9 (delta 1), reused 0 (delta 0)
Unpacking objects: 100% (9/9), done.

$ cd https

$ git diff
diff --git a/README.md b/README.md
index 80725a0..4d4a504 100644
--- a/README.md
+++ b/README.md
@@ -3,3 +3,4 @@
 第一个gitlab项目
 add by ssh method.
 add by http method.
+add by https method.

$ git add -A

$ git commit -m"通过HTTPS方式下载并提交修改"
[master 6159214] 通过HTTPS方式下载并提交修改
 1 file changed, 1 insertion(+)

$ git push origin master:master
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 12 threads
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 341 bytes | 341.00 KiB/s, done.
Total 3 (delta 1), reused 0 (delta 0)
To https://hellogitlab.com/meizhaohui/firstrepo.git
   a89dc8c..6159214  master -> master

在WEB界面上查看刚才的提交：

我们再在ssh方式下载的目录更新一下，看能否拉出最新的修改:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
$ cd ..\firstrepo\

$ git remote -v
origin  git@hellogitlab.com:meizhaohui/firstrepo.git (fetch)
origin  git@hellogitlab.com:meizhaohui/firstrepo.git (push)

$ git pull
remote: Enumerating objects: 8, done.
remote: Counting objects: 100% (8/8), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 6 (delta 1), reused 0 (delta 0)
Unpacking objects: 100% (6/6), done.
From hellogitlab.com:meizhaohui/firstrepo
   787a9ba..6159214  master     -> origin/master
Updating 787a9ba..6159214
Fast-forward
 README.md | 2 ++
 1 file changed, 2 insertions(+)

$ git log
commit 61592140da36857dd244b7e136b50fd292995419 (HEAD -> master, origin/master, origin/HEAD)
Author: Zhaohui Mei <mzh.whut@gmail.com>
Date:   Sun Aug 18 17:29:37 2019 +0800

    通过HTTPS方式下载并提交修改

commit a89dc8c7287ee51e91dee6bb20f56c4b1e19cb36
Author: Zhaohui Mei <mzh.whut@gmail.com>
Date:   Sun Aug 18 16:00:38 2019 +0800

    通过HTTP方式下载并提交修改

commit 787a9ba5201bdf5f4b51bf9a876820daadb63c54
Author: Zhaohui Mei <mzh.whut@gmail.com>
Date:   Sun Aug 18 15:49:11 2019 +0800

    通过SSH下载并提交修改

commit 30e1ce16b7e72bcceb5fc071a4f5d8927f2bccba
Author: 梅朝辉 <mzh.whut@gmail.com>
Date:   Sun Aug 18 12:30:36 2019 +0800

    Initial commit

可以看到最新的修改都已经成功下载下来，说明配置没有问题！

我们再通过SSH方式提交一次修改，做最后的检查:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
$ git diff                                                    
diff --git a/README.md b/README.md                            
index 4d4a504..ccd2cd5 100644                                 
--- a/README.md                                               
+++ b/README.md                                               
@@ -4,3 +4,4 @@                                               
 add by ssh method.                                           
 add by http method.                                          
 add by https method.                                         
+add by ssh method again.                                     
                                                                                 
$ git add -A                                                  
                                                                                   
$ git commit -m"配置HTTPS传输后，通过SSH方式提交修改"         
[master 24c6584] 配置HTTPS传输后，通过SSH方式提交修改         
 1 file changed, 1 insertion(+)                               
                                                                                  
$ git push origin master:master                               
Enumerating objects: 5, done.                                 
Counting objects: 100% (5/5), done.                           
Delta compression using up to 12 threads                      
Compressing objects: 100% (2/2), done.                        
Writing objects: 100% (3/3), 363 bytes | 363.00 KiB/s, done.  
Total 3 (delta 1), reused 0 (delta 0)                         
To hellogitlab.com:meizhaohui/firstrepo.git                   
   6159214..24c6584  master -> master                         

发现可以正常提交，并且在WEB界面上面可以看到提交的更新：

GitLab汉化

上述的操作可以确定HTTPS协议的GitLab已经配置好了！现在做最后的优化，进行GitLab汉化。

你可以通过下面这个命令下载汉化包:

1
$ git clone https://gitlab.com/xhang/gitlab.git -b 11-10-stable-zh

我使用之前下载的汉化包直接上传到服务器上:

1
2
3
4
5
[root@hellogitlab ~]# ls -lah gitlab-11-10-stable-zh.tar.gz   
-rw-r--r-- 1 root root 60M Jun 29 18:35 gitlab-11-10-stable-zh.tar.gz
[root@hellogitlab ~]# tar -zxvf gitlab-11-10-stable-zh.tar.gz
[root@hellogitlab ~]# ls -ld gitlab-11-10-stable-zh 
drwxrwxr-x 28 root root 4096 Jun 13 10:13 gitlab-11-10-stable-zh

停止GitLab和Nginx服务:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
[root@hellogitlab ~]# gitlab-ctl stop
ok: down: alertmanager: 0s, normally up
ok: down: gitaly: 1s, normally up
ok: down: gitlab-monitor: 0s, normally up
ok: down: gitlab-workhorse: 0s, normally up
ok: down: logrotate: 1s, normally up
ok: down: node-exporter: 0s, normally up
ok: down: postgres-exporter: 1s, normally up
ok: down: postgresql: 0s, normally up
ok: down: prometheus: 0s, normally up
ok: down: redis: 0s, normally up
ok: down: redis-exporter: 0s, normally up
ok: down: sidekiq: 0s, normally up
ok: down: unicorn: 0s, normally up
[root@hellogitlab ~]# systemctl stop gitlab-runsvdir
[root@hellogitlab ~]# systemctl stop nginx
[root@hellogitlab ~]# ps -ef|grep gitlab
root     27234 14345  0 17:51 pts/0    00:00:00 grep --color=auto gitlab
[root@hellogitlab ~]# ps -ef|grep nginx
root     27240 14345  0 17:51 pts/0    00:00:00 grep --color=auto nginx

说明GitLab相关服务已经停止。

备份/opt/gitlab/embedded/service/gitlab-rails/文件夹，防止后续操作失败导致GitLab无法运行:

1
2
3
4
5
6
7
[root@hellogitlab ~]# cp -rf /opt/gitlab/embedded/service/gitlab-rails/ /opt/gitlab/embedded/service/gitlab-rails.bak
[root@hellogitlab ~]# ls -lad /opt/gitlab/embedded/service/gitlab-rails*
drwxr-xr-x 24 root root 4096 Aug 18 11:45 /opt/gitlab/embedded/service/gitlab-rails
drwxr-xr-x 24 root root 4096 Aug 18 17:52 /opt/gitlab/embedded/service/gitlab-rails.bak
[root@hellogitlab ~]# du -sh /opt/gitlab/embedded/service/gitlab-rails*
253M    /opt/gitlab/embedded/service/gitlab-rails
253M    /opt/gitlab/embedded/service/gitlab-rails.bak

去除cp的别名，复制gitlab汉化包中的文件到/opt/gitlab/embedded/service/gitlab-rails/目录下:

1
2
3
4
5
6
7
8
9
[root@hellogitlab ~]# alias cp
alias cp='cp -i'
[root@hellogitlab ~]# unalias cp
[root@hellogitlab ~]# ls
anaconda-ks.cfg       gitlab-11-10-stable-zh         gitlab-omnibus-nginx.conf      readme.txt
centos7_mini_init.sh  gitlab-11-10-stable-zh.tar.gz  gitlab-omnibus-ssl-nginx.conf
[root@hellogitlab ~]# cp -rf gitlab-11-10-stable-zh/* /opt/gitlab/embedded/service/gitlab-rails/
cp: cannot overwrite non-directory ‘/opt/gitlab/embedded/service/gitlab-rails/log’ with directory ‘gitlab-11-10-stable-zh/log’
cp: cannot overwrite non-directory ‘/opt/gitlab/embedded/service/gitlab-rails/tmp’ with directory ‘gitlab-11-10-stable-zh/tmp’

使配置生效:

1
2
3
4
5
6
7
[root@hellogitlab ~]# systemctl start gitlab-runsvdir
[root@hellogitlab ~]# gitlab-ctl reconfigure
...... 执行剧本，忽略
Running handlers:
Running handlers complete
Chef Client finished, 5/609 resources updated in 51 seconds
gitlab Reconfigured!

启动GitLab和Nginx服务:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
[root@hellogitlab ~]# systemctl start gitlab-runsvdir
[root@hellogitlab ~]# gitlab-ctl start
ok: run: alertmanager: (pid 27460) 134s
ok: run: gitaly: (pid 27472) 134s
ok: run: gitlab-monitor: (pid 27464) 134s
ok: run: gitlab-workhorse: (pid 27474) 134s
ok: run: logrotate: (pid 27476) 134s
ok: run: node-exporter: (pid 27478) 134s
ok: run: postgres-exporter: (pid 27462) 134s
ok: run: postgresql: (pid 27482) 134s
ok: run: prometheus: (pid 27480) 134s
ok: run: redis: (pid 27470) 134s
ok: run: redis-exporter: (pid 27484) 134s
ok: run: sidekiq: (pid 27468) 134s
ok: run: unicorn: (pid 27466) 134s
[root@hellogitlab ~]# systemctl start nginx

重新访问GitLab，可以看到中文页面了:

正常登陆。在"偏好"中设置"语言"是"简体中文”，重新登陆即可。

再次查看项目详情页面：

GitLab常用命令

启动服务： gitlab-ctl start
查看状态： gitlab-ctl status
停掉服务： gitlab-ctl stop
重启服务：gitlab-ctl restart
让配置生效： gitlab-ctl reconfigure
查看GitLab版本： cat /opt/gitlab/embedded/service/gitlab-rails/VERSION

初始化HTTPS方式GitLab配置文件的脚本

download init_gitlab_https_conf.sh

脚本内容如下:

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
##!/bin/bash
## Filename: init_GITLAB_CONF.sh
## Author: Zhaohui Mei
## Date: 2019-08-18
## Email: mzh_love_linux@163.com
## Function: 
## Function 1: Install the GitLab 11.10
## Function 2: Configure the GitLab /etc/gitlab/gitlab.rb
#################################################################################


#################################################################################
## Define the key information that need to use
TIMEZONE="Asia/Shanghai"
GITLAB_CONF="/etc/gitlab/gitlab.rb"
DOMAIN_NAME="hellogitlab.com"
SMTP_EMAIL_FROM="mzh_love_linux@163.com"
SMTP_HOST_ADDRESS="smtp.163.com"
SMTP_DOMAIN="163.com"
SMTP_HOST_POST=465
SMTP_AUTH_CODE="authCode" # is not the password
SMTP_EMAIL_DISPLAY_NAME="GitLab"
SMTP_EMAIL_SUBJECT_SUFFIX="[GitLab]"
GIT_HOME="/home/git"
GIT_DATA_ROOT_DIR="/home/git/git-data"
IP=$(ip a show|grep 192|awk -F'[ /]+' '{print $3}')
TRUSTED_PROXY=$(echo ${IP}|awk -F'.' '{print $1"."$2"."$3".0"}')

#################################################################################


#################################################################################
#### Check the GitLab version
#### [root@localhost ~]# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
#### 11.10.0
export LANG="zh_CN.UTF-8"

echo -e "1) Install Dependencies"
yum install curl policycoreutils-python openssh-server deltarpm -y
#################################################################################


#################################################################################
echo -e "2) Add the Gitlab-ce yum repo"
cat > /etc/yum.repos.d/gitlab-ce.repo << EOF
[gitlab-ce]
name=Gitlab CE Repository
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el\$releasever/
gpgcheck=0
enabled=1
EOF
#################################################################################


#################################################################################
echo -e "3) Install Gitlab 11.10.0"
yum install gitlab-ce-11.10.0 -y
#################################################################################


#################################################################################
echo -e "4) Check Gitlab version"
cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
#################################################################################


#################################################################################
echo -e "5) backup gitlab configuration"
NOW_TIME=$(date +"%Y%m%d-%H%M%S")
cp "${GITLAB_CONF}" "${GITLAB_CONF}".${NOW_TIME}.bak
#################################################################################


#################################################################################
echo -e "6) Add tinghua yum repo and Install git"
yum install epel-release -y
yum install https://centos7.iuscommunity.org/ius-release.rpm -y
## replace the yum repo to tsinghua repo
cp /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.original
cp /etc/yum.repos.d/ius.repo /etc/yum.repos.d/ius.repo.original

cat > /etc/yum.repos.d/epel.repo << EOF
[epel]
name=Extra Packages for Enterprise Linux 7 - \$basearch
baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7/\$basearch
##mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=\$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - \$basearch - Debug
baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7/\$basearch/debug
##mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=\$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 7 - \$basearch - Source
baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7/SRPMS
##mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=\$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
EOF

cat > /etc/yum.repos.d/ius.repo << EOF
[ius]
name = IUS for Enterprise Linux 7 - \$basearch
baseurl = https://mirrors.tuna.tsinghua.edu.cn/ius/7/\$basearch/
enabled = 1
repo_gpgcheck = 0
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-IUS-7

[ius-debuginfo]
name = IUS for Enterprise Linux 7 - \$basearch - Debug
baseurl = https://mirrors.tuna.tsinghua.edu.cn/ius/7/\$basearch/debug/
enabled = 0
repo_gpgcheck = 0
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-IUS-7

[ius-source]
name = IUS for Enterprise Linux 7 - Source
baseurl = https://mirrors.tuna.tsinghua.edu.cn/ius/7/src/
enabled = 0
repo_gpgcheck = 0
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-IUS-7
EOF

yum install git2u-2.16.5 -y && git --version
#################################################################################


#################################################################################
echo -e "7) Install Nginx"
yum install nginx -y && nginx -V
#################################################################################


#################################################################################
echo -e "8) Create git data root folder and set the permission"
if test -d "${GIT_DATA_ROOT_DIR}" ; then
    echo "The Folder ${GIT_DATA_ROOT_DIR} exist"
else
    mkdir -p "${GIT_DATA_ROOT_DIR}"
fi
chown -R git:root "${GIT_DATA_ROOT_DIR}"
#################################################################################


#################################################################################
echo -e "9) Create the IP / Domain map file"
echo -e "${IP}\t${DOMAIN_NAME}" >> /etc/hosts
#################################################################################


#################################################################################
echo -e "10) Modify the Nginx configuration"
wget https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/web-server/nginx/gitlab-omnibus-ssl-nginx.conf
mv gitlab-omnibus-ssl-nginx.conf /etc/nginx/conf.d/gitlab-omnibus-ssl-nginx.conf
ls -lah /etc/nginx/conf.d/
sed -i 's/YOUR_SERVER_FQDN/hellogitlab.com/g' /etc/nginx/conf.d/gitlab-omnibus-ssl-nginx.conf
cat -n /etc/nginx/conf.d/gitlab-omnibus-ssl-nginx.conf
## forbiden the default 80 server
sed -i "38,57s@^@# @g" /etc/nginx/nginx.conf
cat -n /etc/nginx/nginx.conf|sed -n '38,57p'
#################################################################################


#################################################################################
echo -e "11) Create self ssl files"
mkdir -p /etc/nginx/ssl
echo -e "Create OpenSSL configuration"
cat > req.conf << EOF
## The default config file : /etc/pki/tls/openssl.cnf
## set prompt = no will read config data from file directly.
[ req ]
distinguished_name     = req_distinguished_name
prompt                 = no

[ req_distinguished_name ]
countryName            = CN
stateOrProvinceName    = hubei
localityName           = wuhan
0.organizationName     = IT
organizationalUnitName = ${DOMAIN_NAME}
commonName             = ${DOMAIN_NAME}
emailAddress           = ${SMTP_EMAIL_FROM}
EOF
echo -e "Create self CA"
openssl req -x509 -nodes -days 1095 -config req.conf -newkey rsa:2048 -keyout /etc/nginx/ssl/gitlab.key -out /etc/nginx/ssl/gitlab.crt
echo -e "Check Nginx configuration"
nginx -t
#################################################################################


#################################################################################
echo -e "11) firewall allow 80 and 443 port"
port_80=$(firewall-cmd --list-all|grep '  ports'|grep 80|wc -l)
port_443=$(firewall-cmd --list-all|grep '  ports'|grep 443|wc -l)
if [[ "${port_80}" -eq 0 ]]; then
    firewall-cmd --zone=public --add-port=80/tcp --permanent
fi
if [[ "${port_443}" -eq 0 ]]; then
    firewall-cmd --zone=public --add-port=443/tcp --permanent
fi
firewall-cmd --reload
firewall-cmd --list-all
#################################################################################


#################################################################################
## Set the gitlab configuration
echo -e "Step 1: set external url"
sed -i "13s@external_url 'http://gitlab.example.com'@external_url \"https://${DOMAIN_NAME}\"@g" "${GITLAB_CONF}"

echo -e "Step 2: set Time Zone ans Sync Time to time5.aliyun.com IP:182.92.12.11"
sed -i "49s@^# gitlab_rails\['time_zone'\] = 'UTC'@gitlab_rails\['time_zone'\] = '${TIMEZONE}'@g" "${GITLAB_CONF}"
yum install ntp -y && ntpdate 182.92.12.11 && echo "Time Sync Done!"
echo "Step 3: Email Setting"
sed -i "52s@^# gitlab_rails\['gitlab_email_enabled'\] = true@gitlab_rails\['gitlab_email_enabled'\] = true@g" "${GITLAB_CONF}"
sed -i "53s/^# gitlab_rails\['gitlab_email_from'\] = 'example@example.com'/gitlab_rails\['gitlab_email_from'\] = '${SMTP_EMAIL_FROM}'/g" "${GITLAB_CONF}"
sed -i "54s@^# gitlab_rails\['gitlab_email_display_name'\] = 'Example'@gitlab_rails\['gitlab_email_display_name'\] = '${SMTP_EMAIL_DISPLAY_NAME}'@g" "${GITLAB_CONF}"
sed -i "55s/^# gitlab_rails\['gitlab_email_reply_to'\] = 'noreply@example.com'/gitlab_rails\['gitlab_email_reply_to'\] = '${SMTP_EMAIL_FROM}'/g" "${GITLAB_CONF}"
sed -i "56s@^# gitlab_rails\['gitlab_email_subject_suffix'\] = ''@gitlab_rails\['gitlab_email_subject_suffix'\] = '${SMTP_EMAIL_SUBJECT_SUFFIX}'@g" "${GITLAB_CONF}"

echo -e "Step 4: Disallow users creating top-level groups"
sed -i "59s@# gitlab_rails\['gitlab_default_can_create_group'\] = true@gitlab_rails\['gitlab_default_can_create_group'\] = false@g" "${GITLAB_CONF}"

echo -e "Step 5: Disallow users changing usernames"
sed -i "60s@# gitlab_rails\['gitlab_username_changing_enabled'\] = true@gitlab_rails\['gitlab_username_changing_enabled'\] = false@g" "${GITLAB_CONF}"

echo -e "Step 6: Configuring GitLab trusted_proxies"
sed -i "113s@^# gitlab_rails\['trusted_proxies'\] = \[\]@gitlab_rails['trusted_proxies'] = \['${TRUSTED_PROXY}/24'\]@g" "${GITLAB_CONF}"

echo -e "Step 7: Git data dirs Settings"
sed -i "380s@^# git_data_dirs@git_data_dirs@g" "${GITLAB_CONF}"
sed -i "381s@^#   \"default@    \"default@g" "${GITLAB_CONF}"
sed -i "382s@^#     \"path\" => \"/mnt/nfs-01/git-data\"@        \"path\" => \"${GIT_DATA_ROOT_DIR}\"@g" "${GITLAB_CONF}"
sed -i "383s@^#    }@    }@g" "${GITLAB_CONF}"
sed -i "384s@^# })@})@g" "${GITLAB_CONF}"

echo -e "Step 8: SMTP settings"
sed -i "511s@# gitlab_rails\['smtp_enable'\] = true@gitlab_rails\['smtp_enable'\] = true@g" "${GITLAB_CONF}"
sed -i "512s/# gitlab_rails\['smtp_address'\] = \"smtp.server\"/gitlab_rails\['smtp_address'\] = \"${SMTP_HOST_ADDRESS}\"/g" "${GITLAB_CONF}"
sed -i "513s@# gitlab_rails\['smtp_port'\] = 465@gitlab_rails\['smtp_port'\] = ${SMTP_HOST_POST}@g"  "${GITLAB_CONF}"
sed -i "514s/# gitlab_rails\['smtp_user_name'\] = \"smtp user\"/gitlab_rails\['smtp_user_name'\] = \"${SMTP_EMAIL_FROM}\"/g"  "${GITLAB_CONF}"
sed -i "515s@# gitlab_rails\['smtp_password'\] = \"smtp password\"@gitlab_rails\['smtp_password'\] = \"${SMTP_AUTH_CODE}\"@g"  "${GITLAB_CONF}"
sed -i "516s@# gitlab_rails\['smtp_domain'\] = \"example.com\"@gitlab_rails\['smtp_domain'\] = \"${SMTP_DOMAIN}\"@g"  "${GITLAB_CONF}"
sed -i "517s@# gitlab_rails\['smtp_authentication'\] = \"login\"@gitlab_rails\['smtp_authentication'\] = \"login\"@g"  "${GITLAB_CONF}"
sed -i "518s@# gitlab_rails\['smtp_enable_starttls_auto'\] = true@gitlab_rails\['smtp_enable_starttls_auto'\] = true@g"  "${GITLAB_CONF}"
sed -i "519s@# gitlab_rails\['smtp_tls'\] = false@gitlab_rails\['smtp_tls'\] = true@g"  "${GITLAB_CONF}"

echo -e "Step 9: GitLab User Settings"
sed -i "653s@^# user\['username'\]@user\['username'\]@g" "${GITLAB_CONF}"
sed -i "654s@^# user\['group'\]@user\['group'\]@g" "${GITLAB_CONF}"
sed -i "662s@^# user\['home'\] = \"/var/opt/gitlab\"@user\['home'\] = \"${GIT_HOME}\"@g" "${GITLAB_CONF}"
sed -i "665s/^# user\['git_user_email'\] = \"gitlab@#{node\['fqdn'\]}\"/user\['git_user_email'\] = \"${SMTP_EMAIL_FROM}\"/g" "${GITLAB_CONF}"

echo -e "Step 10: Set the username of the non-bundled web-server user"
sed -i "970s@^# web_server\['external_users'\] = \[\]@web_server\['external_users'\] = \['nginx', 'root'\]@g" "${GITLAB_CONF}"
sed -i "971s@^# web_server\['username'\] = 'gitlab-www'@web_server\['username'\] = 'nginx'@g" "${GITLAB_CONF}"
sed -i "972s@^# web_server\['group'\] = 'gitlab-www'@web_server\['group'\] = 'nginx'@g" "${GITLAB_CONF}"

echo -e "Step 11: Disable bundled Nginx"
sed -i "983s@^# nginx\['enable'\] = true@nginx\['enable'\] = false@g" "${GITLAB_CONF}"
echo -e "OK. Great Done!!!"
#################################################################################


#################################################################################
echo -e "You can run the command to test the configuration"
echo -e "Start the gitlab: gitlab-ctl reconfigure"
echo -e "Start the gitlab-runsvdir: systemctl start gitlab-runsvdir"
echo -e "Start the gitlab: gitlab-ctl start"
echo -e "Start the nginx: systemctl start nginx"
echo -e "You can set the Chinese i18n by yourself"