0. 安装和配置必须的依赖
sudo yum install curl openssh-server openssh-clients postfix cronie
sudo service postfix start
sudo chkconfig postfix on
sudo lokkit -s http -s ssh
1. 下载gitlab-ce
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
sudo yum install gitlab-ce
2. 默认的gitlab.rb文件在/etc/gitlab/gitlab.rb下,修改:
2.1 修改引用外部的nginx:
nginx["enable"] = false
2.2 添加用户权限:
web_server['external_users'] = ['nginx']
2.3 tail -f /var/log/gitlab/nginx/error.log
2018/11/03 15:45:10 [error] 8931#0: *15 connect() to unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socketfailed (13: Permission denied) while connecting to upstream, client: xxx.xxx.xxx.xx, server: git.xxxx.com, request: "GET / HTTP/1.1", upstream: "http://unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket:/", host: "git.xxxx.com"
通过nginx日志可以看出,nginx没有访问gitlab的socket权限,修改方式有多种,我的机器上nginx的执行用户是nginx,而socket文件夹为
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | drwxr-x--- 2 git gitlab-www 4096 11月 3 15:57 sockets 文件赋权限 # chmod -R o+x /var/opt/gitlab/gitlab-rails/sockets or # chmod 755 /var/opt/gitlab/gitlab-rails/sockets 将nginx用户加入gitlab-www组 # usermod -a -G gitlab-www nginx 修改配置 # vim /etc/gitlab/gitlab.rb web_server['external_users'] = ['nginx'] # web_server['username'] = 'gitlab-www' # web_server['group'] = 'gitlab-www' |
建议添加用户到用户组下,然后在gitlab.rb中添加扩展;因为sudo gitlab-ctl reconfigure后,文件夹的权限重新复原,导致出现Permission denied;
2.4 仓库存放路径:
git_data_dirs({
"default" => {
"path" => "/data/git-data",
"failure_count_threshold" => 10,
"failure_wait_time" => 30,
"failure_reset_time" => 1800,
"failure_timeout" => 30
}
})
2.5 gitlab无法push或clone的错误:JWT::DecodeError (Nil JSON web token): lib/gitlab/workhorse.rb:120:in
问题出在反代的配置上:nginx或者apache的反代应该反代到 http://gitlab-workhorse; 而不应该反代到http://127.0.0.1:8080
以下是我的配置文件,可以直接复制后使用:
upstream gitlab {
server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}
server {
listen *:80;
server_name gitlab.meidai.f3322.net; # 请修改为你的域名
server_tokens off; # don't show the version number, a security best practice
root /opt/gitlab/embedded/service/gitlab-rails/public;
# Increase this if you want to upload large attachments
# Or if you want to accept large git objects over http
client_max_body_size 250m;
# individual nginx logs for this gitlab vhost
access_log /var/log/gitlab/nginx/gitlab_access.log;
error_log /var/log/gitlab/nginx/gitlab_error.log;
location / {
# serve static files from defined root folder;.
# @gitlab is a named location for the upstream fallback, see below
try_files $uri $uri/index.html $uri.html @gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location @gitlab {
# If you use https make sure you disable gzip compression
# to be safe against BREACH attack
proxy_read_timeout 300; # Some requests take more than 30 seconds.
proxy_connect_timeout 300; # Some requests take more than 30 seconds.
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab;
}
# Enable gzip compression as per rails guide: http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
# WARNING: If you are using relative urls do remove the block below
# See config/application.rb under "Relative url support" for the list of
# other files that need to be changed for relative url support
location ~ ^/(assets)/ {
root /opt/gitlab/embedded/service/gitlab-rails/public;
# gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
}
error_page 502 /502.html;
}
扫一扫
3431
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
