这是docker部署的nginx
docker run \
-p 80:80 \
-p 443:443 \
--name nginx \
-v /server/nginx:/etc/nginx/ \
-v /server/nginx/nginx.conf:/etc/nginx/nginx.conf \
-v /server/nginx/log:/var/log/nginx \
-d nginx:latest
这是docker部署的gitlab 注意端口!!! 还要注意gitlab的占用内存和cpu
docker run \
-itd \
-p 9443:443 \
-p 9922:22 \
-v /usr/local/docker/gitlab/etc:/etc/gitlab \
-v /usr/local/docker/gitlab/log:/var/log/gitlab \
-v /usr/local/docker/gitlab/opt:/var/opt/gitlab \
--restart=always \
--privileged=true \
--name gitlab \
-m 5g \
--cpus=4 \
-e TZ=Asia/Shanghai \
gitlab/gitlab-ce
进入正题,gitlab部署域名访问不适用http
这是gitlab.rb的配置
# 这是域名和ssl还有https
external_url 'https://gitlab.****.com'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.****.com_bundle.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.****.com.key"
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
我是挂载在外面的,所以直接修改文件就行,然后进入gitlab容器
docker exec -it gitlab /bin/bash
//使配置生效
gitlab-ctl reconfigure
生效完!!!!重点!!!注意ssl证书路径以及名称是否正确
不正确生效的话会导致nginx ssl证书路径不对
nginx配置文件看看nginx-http.conf和gitlab-registry.conf
查看证书路径是否正确
不正确修改nginx路径以及进入容器内 gitlab-ctl restart
外置部署的nginx配置文件更改
server {
listen 80;
listen [::]:80;
server_name gitlab.****.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name gitlab.****.com;
ssl_certificate /nginx/gitlab.****.com_bundle.crt;
ssl_certificate_key /nginx/gitlab.****.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
proxy_ssl_verify off;
keepalive_timeout 60;
location / {
proxy_pass https://docker宿主机:9443; # 一定是宿主机ip
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# 对 GitLab 的静态资源访问做转发
location ~* \.(js|css|png)$ {
proxy_pass https://docker宿主机IP:9443; # 一定是宿主机ip
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
gitlab内置nginx看看ssl证书就OK了,
下来一些步骤不知道是不是必须的,我是添加了,可以尝试不添加
nginx和gitlab进入同一网络
下来就没了!!!!
别忘了重启nginx