基于 CentOS 8.2 安装。其中,redis 和 postgresql 组件将由我们自己配置,而不使用 gitlab 的 docker 镜像中打包的版本。
gitlab 套件中的 nginx 将绑定到 127.0.0.1:8081 端口;gitlab 的 ssh 将绑定到 0.0.0.0:2222 端口。
注意需要关闭 CentOS 的 SELinux,SELinux 过于严苛的安全策略会给安装过程带来很多不必要的麻烦; 在系统安全方面,这里将启用 firewalld 防火墙,这种安全策略,对于仅安装了 gitlab 的服务器来说已经足够。
# 安装 Redis
sudo yum install -y redis
# 启动 Redis
sudo systemctl enable --now redis# 安装 PostgreSQL
sudo dnf module disable postgresql:10
sudo dnf module enable postgresql:12
sudo yum install -y postgresql-server postgresql-contrib
# 初始化数据库
sudo postgresql-setup initdb
# 启动 PostgreSQL
sudo systemctl enable --now postgresql修改 /var/lib/pgsql/data/pg_hba.conf 令其支持密码登录:
--- pg_hba.conf.old 2020-10-23 10:57:41.082138782 +0800
+++ pg_hba.conf.new 2020-10-23 10:57:56.908137499 +0800
@@ -79,9 +79,9 @@
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
-host all all 127.0.0.1/32 ident
+host all all 127.0.0.1/32 md5
# IPv6 local connections:
-host all all ::1/128 ident
+host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer进入 psql 命令行:
sudo -u postgres psql执行以下 sql 命令:
-- 重新加载 pg_hba.conf
SELECT pg_reload_conf();
-- 创建 gitlab 角色
CREATE ROLE gitlab WITH LOGIN SUPERUSER;
ALTER ROLE gitlab PASSWORD 'your-db-passwd';
-- 创建 gitlabhq_production 数据库
CREATE DATABASE gitlabhq_production OWNER gitlab;其中,在 gitlab 安装阶段需要赋予其 SUPERUSER 权限,安装完成后可以将该权限去除:
ALTER ROLE gitlab WITH NOSUPERUSER;# 添加 Docker 软件源
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 安装 Docker CE
sudo yum makecache
sudo yum install -y docker-ce
# 安装 docker-compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/bin/docker-compose
sudo chmod +x /usr/bin/docker-compose# 启动 firewalld
sudo systemctl enable --now firewalld
# 配置放行的端口
sudo firewall-cmd --permanent --add-service=http # 80 端口
sudo firewall-cmd --permanent --add-service=https # 443 端口
sudo firewall-cmd --permanent --add-port=2222/tcp # 2222 端口 (ssh)
sudo firewall-cmd --reload
这里将 Gitlab 安装到 /srv/gitlab:
sudo mkdir -p /srv/gitlab
cd /srv/gitlab创建文件 sshd_config:
Port 2222
ChallengeResponseAuthentication no
HostKey /etc/gitlab/ssh_host_rsa_key
HostKey /etc/gitlab/ssh_host_ecdsa_key
HostKey /etc/gitlab/ssh_host_ed25519_key
Protocol 2
PermitRootLogin no
PasswordAuthentication no
MaxStartups 100:30:200
AllowUsers git
PrintMotd no
PrintLastLog no
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys /gitlab-data/ssh/authorized_keys
AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k
AuthorizedKeysCommandUser git
# Fix: User username not allowed because account is locked
# With "UsePAM yes" the "!" is seen as a password disabled account and not fully locked so ssh public key login works
UsePAM yes
# Disabling use DNS in ssh since it tends to slow connecting
UseDNS no
# Enable the use of Git protcol v2
AcceptEnv GIT_PROTOCOL
创建文件 docker-compose.yml:
version: "3"
services:
web:
image: 'gitlab/gitlab-ce:13.4.4-ce.0'
restart: always
hostname: 'your-domain.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://your-domain.com'
gitlab_rails['time_zone'] = 'Asia/Shanghai' # 时区配置
gitlab_rails['gitlab_default_theme'] = 2
gitlab_rails['gitlab_default_projects_features_container_registry'] = false
#gitlab_rails['gitlab_ssh_host'] = 'youdomain.com'
gitlab_rails['gitlab_shell_ssh_port'] = 2222
gitlab_rails['registry_enabled'] = false
# postgresql settings
gitlab_rails['db_adapter'] = "postgresql"
gitlab_rails['db_database'] = "gitlabhq_production"
gitlab_rails['db_username'] = "gitlab"
gitlab_rails['db_password'] = "your-db-passwd"
gitlab_rails['db_host'] = "127.0.0.1"
gitlab_rails['db_port'] = 5432
# redis settings
gitlab_rails['redis_host'] = "127.0.0.1"
gitlab_rails['redis_port'] = 6379
gitlab_rails['redis_database'] = 1
# email settings
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'your-gitlab-email-sender-address'
gitlab_rails['gitlab_email_display_name'] = 'GitLab'
# gitlab_rails['gitlab_email_subject_suffix'] = 'GitLab Instance'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "email-smtp.us-west-2.amazonaws.com" # your smtp server
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "your-smtp-username"
gitlab_rails['smtp_password'] = "your-smtp-password"
gitlab_rails['smtp_domain'] = "yourdomain.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
# services
puma['enable'] = true
#puma['worker_processes'] = 1
#puma['min_threads'] = 2
#puma['max_threads'] = 2
registry['enable'] = false
redis['enable'] = false
redis_exporter['enable'] = false
postgresql['enable'] = false
postgres_exporter['enable'] = false
nginx['redirect_http_to_https'] = false
nginx['listen_addresses'] = ['127.0.0.1', '[::1]']
nginx['listen_port'] = 8081
nginx['listen_https'] = false
network_mode: host
volumes:
# sshd_config 配置文件中的端口号写死了,必须替换掉
- "./sshd_config:/assets/sshd_config"
- "./config:/etc/gitlab"
- "./logs:/var/log/gitlab"
- "./data:/var/opt/gitlab"执行 docker-compose 命令启动:
sudo docker-compose up -d此时,等待一段时间,gitlab 就已经在你的 8081 端口上运行起来了。
然后我们需要配置 nginx,将其转发到 80, 443 端口上。
TODO