内网需求说明
1、搭建gitlab-ce来代码管理, 3、搭建nginx反向代理,可以通过域名访问 5、搭建基于kvm的虚拟集群实验环境
1、安装
1.1、安装gitlab-ce依赖包
sudo dnf install -y curl policycoreutils openssh-server openssh-clients
sudo systemctl enable sshd
sudo systemctl start sshd
1.2、安装postfix 启动并设为开机自启
yum install postfix
systemctl enable postfix
systemctl start postfix
1.3、安装gitlab-ce yum源
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
1.4、安装
# https://gitlab.example.com #为访问域名
EXTERNAL_URL="https://gitlab.example.com" yum install gitlab-ce
!!!—WARNING—!!!
如运行 gitlab-ctl reconfigure
出现如下警告警告Running handlers:
There was an error running gitlab-ctl reconfigure:
letsencrypt_certificate[code.geenti.com] (letsencrypt::http_authorization line 5) had an error: Faraday::ConnectionFailed: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: Faraday::ConnectionFailed: Net::OpenTimeout
请使用如下办法解决vim /etc/gitlab/gitlab.rb
添加
letsencrypt['enable'] = false
配置
配置nginx 反向代理
server {
listen 80;
server_name gitlab.mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name gitlab.mydomain.com;
error_log /home/logs/nginx/gitlab.mydomain.com.com.error.log error;
access_log /home/logs/nginx/gitlab.mydomain.com.access.log main;
ssl on;
ssl_certificate cert/gitlab.mydomain.com.pem;
ssl_certificate_key cert/gitlab.mydomain.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
client_max_body_size 500m;
proxy_pass https://192.168.0.2.68;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
}
}