centos8 部署
sudo dnf install -y curl policycoreutils openssh-server perl
wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el8/gitlab-ce-13.8.4-ce.0.el8.x86_64.rpm
rpm -i gitlab-ce-13.8.4-ce.0.el8.x86_64.rpm
gitlab-ctl reconfigure
gitlab-ctl restart | start | stop | status
ubuntu18.04|20.04 部署
sudo apt-get update
sudo apt-get install -y curl openssh-server ca-certificates
1.dpkg 安装
wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/apt/packages.gitlab.com/gitlab/gitlab-ce/ubuntu/pool/focal/main/g/gitlab-ce/gitlab-ce_13.6.7-ce.0_amd64.deb
dokg -i gitlab-ce/gitlab-ce_13.6.7-ce.0_amd64.deb
2.apt 安装
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
cat > /etc/apt/sources.list.d/gitlab_gitlab-ce.list << EOF
deb https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/ubuntu bionic main
deb-src https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/ubuntu bionic main
EOF
sudo apt-get update
apt-get install gitlab-ce
sudo EXTERNAL_URL= "http://localhost" apt-get install gitlab-ce
gitlab-ctl reconfigure
gitlab-ctl restart | start | stop | status
修改配置文件gitlab.rb
vim /etc/gitlab/gitlab.rb
#external_url 'http://gitlab.example.com'
external_url '域名:端口号' # 修改这个地方,没有域名用公网ip
1.改用自己的nginx
vim /etc/gitlab/gitlab.rb
external_url '域名:端口号'
905 unicorn['port'] = 8080 #默认的,但是没开启
注: url的端口号和unicorn 的端口号 要不一致。
# 禁用内置nginx
1282 nginx['enable'] = false
cat > /etc/nginx/conf.d/gitlab.conf << EOF
# gitlab socket 文件地址
upstream gitlab {
# 7.x 版本在此位置
# server unix:/var/opt/gitlab/gitlab-rails/tmp/sockets/gitlab.socket;
# 8.0 位置
server unix://var/opt/gitlab/gitlab-rails/sockets/gitlab.socket;
}
server {
listen 80; #修改端口号(nginx需要访问的端口号和gitlab.rb中 external_url 端口号保持一致 )
server_name localhost;
server_tokens off; #不显示版本号,这是安全性最佳做法
root /opt/gitlab/embedded/service/gitlab-rails/public;
client_max_body_size 250m;
location / {
try_files $uri $uri /index.html $uri .html @gitlab;
}
location @gitlab {
proxy_read_timeout 300; # Some requests take more than 30 seconds.
proxy_connect_timeout 300; # Some requests take more than 30 seconds.
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme ;
proxy_set_header Host $http_host ;
proxy_set_header X-Real-IP $remote_addr ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://127.0.0.1:端口号; #和gitlab.rb中unicorn['port'] 端口号保持一致
}
location ~ ^/(assets)/ {
root /opt/gitlab/embedded/service/gitlab-rails/public;
expires max;
add_header Cache-Control public;
}
error_page 502 /502.html;
}
EOF
2.改用自己的redis
vim /etc/gitlab/gitlab.rb
redis['enable'] = false # 禁用内置redis
#### Redis TCP connection
1179 gitlab_rails['redis_host'] = "127.0.0.1"
688 gitlab_rails['redis_port'] = 6379
gitlab_rails['redis_password'] = "1"
gitlab_rails['redis_database'] = 10
#安装redis
wget http://download.redis.io/releases/redis-6.0.10.tar.gz
tar -xvf redis-6.0.10.tar.gz -C /usr/local/
cd /usr/local/redis-6.0.10/
make MALLOC=libc
cp /usr/local/redis-6.0.10/src/redis-cli /usr/bin/
cp /usr/local/redis-6.0.10/src/redis-server /usr/bin/
cp /usr/local/redis-6.0.10/src/redis-sentinel /usr/bin/
mkdir -p /etc/redis/{conf,log,pid,redis6379}
cat > /etc/redis/conf/redis6379.conf << EOF
##########################################redis.conf############################################
bind 0.0.0.0
protected-mode no
port 6379
tcp-backlog 511
unixsocket "/tmp/redis6379.sock"
unixsocketperm 700
timeout 0
tcp-keepalive 300
################################# GENERAL #####################################
daemonize yes
supervised no
pidfile "/etc/redis/pid/redis_6379.pid"
loglevel notice
logfile "/etc/redis/log/redis6379.log"
databases 16
always-show-logo yes
################################ SNAPSHOTTING ################################
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename "dump6379.rdb"
dir "/etc/redis/redis6379"
################################# REPLICATION #################################
# masterauth "1"
replica-serve-stale-data yes
replica-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-disable-tcp-nodelay no
################################## SECURITY ###################################
requirepass "1"
rename-command CONFIG "b840fc02d524045429941cc43f59e41cb7be6c52"
################################### CLIENTS ####################################
maxclients 10000
############################# LAZY FREEING ####################################
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
replica-lazy-flush no
############################## APPEND ONLY MODE ###############################
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
aof-use-rdb-preamble yes
################################ LUA SCRIPTING ###############################
lua-time-limit 5000
############################### 慢日志 ################################
slowlog-log-slower-than 10000
slowlog-max-len 128
EOF
#启动服务
redis-server /etc/redis/conf/redis6379.conf
#加载配置文件
gitlab-ctl reconfigure
#操作命令
gitlab-ctl restart | start | stop | status
3.设置ssl
server {
listen 80;
server_name git.mymy.app;
rewrite ^( .*) https://$server_name $1 permanent;
}
server {
listen 443 ssl;
server_name git.mymy.app;
server_tokens off;
ssl_certificate /etc/gitlab/ssl/5131025_git.mymy.app.pem;
ssl_certificate_key /etc/gitlab/ssl/5131025_git.mymy.app.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ubuntu 安装错误
gitlab 卡在ruby_block[ wait for redis service socket] action run
解决方案:
在另外开启一个终端启动如下命令
sudo /opt/gitlab/embedded/bin/runsvdir-start
nohup /opt/gitlab/embedded/bin/runsvdir-start &
设置服务开机自启
1.gitlabe服务
systemctl enable gitlab-runsvdir.service
2.nginx服务
cat > /usr/lib/systemd/system/nginx.service<< EOF
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStart=/etc/nginx/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP \$MAINPID
ExecStop=/bin/kill -s TERM \$MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
3.redis服务
cat > /usr/lib/systemd/system/redis.service<< EOF
[Unit]
Description=redis
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStart=/usr/bin/redis-server /etc/redis/conf/redis6981.conf
ExecReload=/bin/kill -s HUP \$MAINPID
ExecStop=/usr/bin/redis-cli -p 6379 -a 1 shutdown
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF