架构
关闭防火墙
[root@gitlab ~]# systemctl stop firewalld
[root@gitlab ~]# systemctl disable firewalld
关闭SELinux
[root@gitlab ~]# setenforce 0
setenforce: SELinux is disabled
安装依赖组件
[root@gitlab ~]# yum -y install curl policycoreutils openssh-server openssh-clients postfix
下载gitlab-ce仓库
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash
。
启动邮件服务器
[root@gitlab data]# systemctl start postfix
[root@gitlab data]# systemctl enable postfix
安装gitlab
安装omnibus gitlab-ce
omnibus相当于一键安装包,自动安装gitlab所依赖的所有组件
yum -y install gitlab-ce
创建私钥与证书
[root@gitlab data]# mkdir /etc/gitlab/ssl
[root@gitlab data]# openssl genrsa -out "/etc/gitlab/ssl/gitlab.aubin.com.key" 2048
创建申请证书
openssl req -new -key "/etc/gitlab/ssl/gitlab.aubin.com.key" -out "/etc/gitlab/ssl/gitlab.aubin.com.csr
Country Name (2 letter code) [XX]:cn
# 国家
State or Province Name (full name) []:bj
# 省份
Locality Name (eg, city) [Default City]:bj
# 城市
Organization Name (eg, company) [Default Company Ltd]:ctyun # 公司名
Organizational Unit Name (eg, section) []:ops
# 部门
Common Name (eg, your name or your server's hostname) []:gitlab.aubin.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
给申请证书签名
[root@gitlab data]# openssl x509 -req -days 3650 -in "/etc/gitlab/ssl/gitlab.aubin.com.csr" -signkey "/etc/gitlab/ssl/gitlab.aubin.com.key" -out "/etc/gitlab/ssl/gitlab.aubin.com.crt"
创建pem
openssl dhparam -out /etc/gitlab/ssl/dhparams.pem 2048
修改权限
chmod 600 /etc/gitlab/ssl/*
配置gitlab
nginx['redirect_http_to_https'] = ture
nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/gitlab.aubin.com.crt"
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.aubin.com.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.aubin.com.key"
nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparams.pem"
nginx['listen_addresses'] = ['*']
nginx['listen_port'] = 9000
初始化所有配置
[root@gitlab ssl]# gitlab-ctl reconfigure
配置本地windows住的hosts文件
# gitlab
42.81.133.59 gitlab.aubin.com
浏览器访问
初次进入需要设置管理员密码(默认账号为root),前面配置了nginx为https访问,所以访问地址应该为https
https://IP:9000
nginx配置文件
修改配置文件后要重启gitlabgitlab-ctl restart
/var/opt/gitlab/nginx/conf/gitlab-http.conf