Gitlab与ssh登陆的恩怨情仇

在center6,5上按照http://www.01happy.com/centos-6-5-install-gitlab/ 搭建了gitlab

刚开始是

bundle install --deployment --without development test postgres puma aws

出问题了找不到ruby源，后来在/home/git/gitlab/Gemfile /home/git/gitlab/Gemfile.lock

这两个文件里 把第一句改为source "https://ruby.taobao.org" 把gem "modernizr",        "2.6.3" 改为gem "modernizr-rails",        "2.7.1"

启动GitLab实例 service gitlab start 时候报错了、 
Starting unicorn: bash: bin/web: No such file or directory [FAILED] 
Starting sidekiq: bash: bin/background_jobs: No such file or directory [FAILED]

daemon --pidfile=$UPID --user=$USER "$PATH_PATCH RAILS_ENV=$RAILS_ENV bin/web start" 
更改为： 
daemon --pidfile=$UPID --user=$USER "$PATH_PATCH RAILS_ENV=$RAILS_ENV script/web start" 

daemon --pidfile=$SPID --user=$USER "$PATH_PATCH RAILS_ENV=$RAILS_ENV bin/background_jobs start" 
更改为： 
daemon --pidfile=$SPID --user=$USER "$PATH_PATCH RAILS_ENV=$RAILS_ENV script/background_jobs start

接着就是挑战nginx配置了

原文里的nginx配置链接失效了后来找了一个

## 生成证书   sudo openssl req -newkey rsa:2048 -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key


##    sudo chmod o-r gitlab.key


##


##编辑配置文件 Edit `gitlab-shell/config.yml`:


##  1) Set “gitlab_url” param in `gitlab-shell/config.yml` to `https://git.example.com`


##  2) Set “ca_file” to `/etc/nginx/ssl/gitlab.crt`


##  3) Set “self_signed_cert” to `true`


## Edit `gitlab/config/gitlab.yml`:


##  1) Define port for http “port: 443″


##  2) Enable https “https: true”



upstream gitlab {


  ## Uncomment if you have set up puma/unicorn to listen on a unix socket (recommended).


  server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;


  ## Uncomment if puma/unicorn are configured to listen on a tcp port.


  ## Check the port number in /home/git/gitlab/config/{puma.rb/unicorn.rb}


  # server 127.0.0.1:8080;


}


## This is a normal HTTP host which redirects all traffic to the HTTPS host.


server {


  listen *:80;#HTTP访问的端口


  ## Replace git.example.com with your FQDN.


  server_name baidu.com;#替换成你的域名或ip


  server_tokens off;


  ## This doesn’t have to be a valid path since we are redirecting,


  ## you don’t have to change it.


  root /nowhere;


  rewrite ^ https://$server_name$request_uri permanent;


}


server {


  listen 443 ssl;


  ## Replace git.example.com with your FQDN.


  server_name baidu.com;#替换成你的域名或ip


  server_tokens off;


  root /home/git/gitlab/public;


  ## Increase this if you want to upload large attachments


  ## Or if you want to accept large git objects over http


  client_max_body_size 20m;


  ## Strong SSL Security


  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html


  ssl on;


  ssl_certificate /usr/local/nginx/ssl/gitlab.crt;#证书的位置


  ssl_certificate_key /usr/local/nginx/ssl/gitlab.key;


  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;


  ssl_session_cache  builtin:1000  shared:SSL:10m;






  #add_header Strict-Transport-Security max-age=63072000;


  #add_header X-Frame-Options DENY;


  #add_header X-Content-Type-Options nosniff;


  ## Individual nginx logs for this GitLab vhost


  access_log  /usr/local/nginx/logs/gitlab_access.log;


  error_log   /usr/local/nginx/logs/gitlab_error.log;


  location / {


    ## Serve static files from defined root folder.


    ## @gitlab is a named location for the upstream fallback, see below.


    try_files $uri $uri/index.html $uri.html @gitlab;


  }


  ## If a file, which is not found in the root folder is requested,


  ## then the proxy pass the request to the upsteam (gitlab unicorn).


  location @gitlab {


    ## If you use https make sure you disable gzip compression


    ## to be safe against BREACH attack.


    gzip off;


    ## https://github.com/gitlabhq/gitlabhq/issues/694


    ## Some requests take more than 30 seconds.


    proxy_read_timeout      300;


    proxy_connect_timeout   300;


    proxy_redirect          off;


    proxy_set_header   Host              $http_host;


    proxy_set_header   X-Real-IP         $remote_addr;


    proxy_set_header   X-Forwarded-Ssl   on;


    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;


    proxy_set_header   X-Forwarded-Proto $scheme;


    proxy_pass http://gitlab;#这是关键对应上面的upstream gitlab{}


  }


  ## Enable gzip compression as per rails guide:


  ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression


  #location ~ ^/(assets)/ {


  #  root /home/git/gitlab/public;


  #  gzip_static on; # to serve pre-gzipped version


  #  expires max;


  #  add_header Cache-Control public;


  #}


  error_page 502 /502.html;


}

防火墙开了443端口可以访问了

又遇到sshd的问题了登陆上gitlab后照着配置在win10上生成了公钥和私钥也传上去了一用git@ip推送就提示输入password

这里恶补下sshd登陆涉及到的文件 

/etc/passwd 记录账号如git:x:497:497:GitLab:/home/git:/home/git/gitlab-shell/bin/gitlab-shell 
/etc/ssh/sshd_config 是sshd 里面有一项PermitEmptyPasswords yes 要开启

最后一个提示有的git地址 gitlab里面提供的少了repositories  git@ip:repositories/root/pro.git