GitLab安装日记
GitLab安装日记
使用12.3.5版本的gitlab可以对页面进行补充翻译
下载安装
清华大学开源软件镜像站:https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/
yum -y install wget
wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-10.3.5-ce.0.el7.x86_64.rpm
rpm -i gitlab-ce-10.3.5-ce.0.el7.x86_64.rpm
汉化补充
yum -y install git
git clone https://gitlab.com/xhang/gitlab.git
#获取差异文件
cd gitlab
git diff origin/12-3-stable origin/12-3-stable-zh > 12.3.5.diff
#通过差异文件对页面文件进行修改
patch -d/opt/gitlab/embedded/service/gitlab-rails -p1 < 12.3.5.diff
附12.3.5.diff 提取码: tdtt
gitlab配置使用原有的redis
打开gitlab.rb文件修改,注意一定要给redis密码 不然报500错误
redis['enable'] = false
gitlab_rails['redis_host'] = '127.0.0.1'
gitlab_rails['redis_port'] = 6379
gitlab_rails['redis_password'] = 'password' #这样会在gitlab.rb文件保留redis明文密码
gitlab_rails['redis_database'] = 6 #选择数据库id
gitlab配置unicorn端口避免与tomcat冲突
打开gitlab.rb文件修改
unicorn['listen'] = '127.0.0.1'
unicorn['port'] = 18080
gitlab配置使用原有的nginx
- 打开gitlab.rb文件修改
nginx['enable'] = false
gitlab_workhorse['listen_network'] = "unix"
gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/socket"
web_server['external_users'] = ["www"] #实际启动nginx的用户
gitlab_rails['trusted_proxies'] = ["127.0.0.1"]
2.配置 nginx
http中
upstream gitlab-workhorse {
#该处与gitlab.rb gitlab_workhorse['listen_addr'] 一致
server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}
新建server
server {
listen *:80;
server_tokens off; #不显示nginx版本号
client_max_body_size 250m;#文件上传最大大小
add_header Strict-Transport-Security "max-age=31536000";
add_header Referrer-Policy strict-origin-when-cross-origin;
if ($http_host = "") {
set $http_host_with_default "192.168.0.97:8099";
}
if ($http_host != "") {
set $http_host_with_default $http_host;
}
gzip on;
gzip_static on;
gzip_comp_level 2;
gzip_http_version 1.1;
gzip_vary on;
gzip_disable "msie6";
gzip_min_length 10240;
gzip_proxied no-cache no-store private expired auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/json application/xml application/rss+xml;
proxy_read_timeout 3600;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header referer "https://gitlab.tdtt.tk$request_uri";
proxy_set_header Host $http_host_with_default;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
##proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Proto http;
#主要其它无所谓
location / {
proxy_cache off;
proxy_pass http://gitlab-workhorse;
}
location ~ (.git/git-receive-pack$|.git/info/refs?service=git-receive-pack$|.git/gitlab-lfs/objects|.git/info/lfs/objects/batch$) {
proxy_cache off;
proxy_pass http://gitlab-workhorse;
proxy_request_buffering off;
}
location /-/grafana/ {
proxy_pass http://localhost:3000/;
}
#health checks configuration
location /error.txt {
# return code here is ignored by the error_page directive
return 500 'nginx returned $status when communicating with gitlab-workhorse\n';
}
location /error.json {
# return code here is ignored by the error_page directive
return 500 '{"error":"nginx returned $status when communicating with gitlab-workhorse","status":$status}\n';
}
location = /-/health {
proxy_cache off;
proxy_pass http://gitlab-workhorse;
error_page 404 500 502 /error.txt;
}
location = /-/readiness {
proxy_cache off;
proxy_pass http://gitlab-workhorse;
error_page 404 500 502 /error.json;
}
location = /-/liveness {
proxy_cache off;
proxy_pass http://gitlab-workhorse;
error_page 404 500 502 /error.json;
}
location / {
proxy_cache off;
proxy_pass http://gitlab-workhorse;
}
location /assets {
##proxy_cache gitlab;
proxy_pass http://gitlab-workhorse;
}
}
gitlab配置使用mailgun邮箱
打开gitlab.rb文件修改
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.mailgun.org"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "[email protected]" #用户名
gitlab_rails['smtp_password'] = "07d55946" #密码
gitlab_rails['smtp_domain'] = "mg.tdtt.tk" #mg.域名
gitlab_rails['smtp_authentication'] = "plain"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = '[email protected]'
gitlab_rails['gitlab_email_display_name'] = '唐大土土' #邮件发信人
gitlab修改克隆地址
打开gitlab.rb文件修改
gitlab_rails['gitlab_shell_ssh_port'] = 1022 #实际ssh端口与centos7 的sshd服务一个端口
external_url 'https://gitlab.tdtt.tk' #实际访问地址。邮件链接地址,克隆地址都是这里修改
内网安装gitlab需要把内网的sshd端口转发到公网端口
Docker安装gitlab需要-p 1022:22 将容器内部端口向外映射
gitlab配置数据库
postgresql开通远程访问 需要gitlab-ctl reconfigure后设置
su - gitlab-psql #切换登录用户
psql -h /var/opt/gitlab/postgresql -d gitlabhq_production #连接到gitlab数据库
\password gitlab #修改密码
\q #退出数据库
exit #退回到root用户
打开gitlab.rb文件修改
postgresql['enable'] = true
postgresql['listen_address'] = '127.0.0.1,192.168.2.3' #监听127.0.0.1和192.168.2.3ip,这样gitlab-ctl reconfigure不会报错。
#修改postgresql['listen_address']内容会加载到/var/opt/gitlab/postgresql/data/postgresql.conf
#与update content in file /var/opt/gitlab/gitlab-rails/etc/database.yml两个文件。如果改为*数据库连接地址也会变成*
#gitlab_rails['db_host'] 取消注释database.yml内容会根据此字段生成。postgresql['listen_address']也就能设置为*
gitlab_rails['db_password'] = 'password' #上面修改的数据库密码这样会在gitlab.rb与database.yml文件保留postgresql明文密码
gitlab_rails['db_host'] = "127.0.0.1"
postgresql['port'] = 5432
postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data"
postgresql['md5_auth_cidr_addresses'] = ["0.0.0.0/0"]
postgresql['custom_pg_hba_entries'] = {
APPLICATION: [ # APPLICATION should identify what the settings are used for
{
type: "host",
database: "all",
user: "all",
cidr: "0.0.0.0/0",
method: "md5",
# option: example
}
]
}
Gitlab 官方宣布,将从 12.1 版本开始不再支持 MySQL 数据库。
gitlab低配机优化
打开gitlab.rb文件修改
postgresql['shared_buffers'] = "256MB" #减少postgres数据库缓存
sidekiq['concurrency'] = 10 #降低sidekiq中的并发级别
prometheus_monitoring['enable'] = false #禁用 prometheus monitoring
unicorn['worker_processes'] = 2 #unicorn进程数低于2会卡死,推荐cpu线程数+1,一个进程占用500MB内存
实际gitlab+redis+nginx+mysql系统内存使用2038MB
实际gitlab启动服务有 gitaly gitlab-workhorse logrotate postgresql sidekiq unicorn
gitlab命令
gitlab-ctl start/restart/stop #启动/重启/停止
gitlab-ctl status #查看状态
gitlab-rake gitlab:backup:create #创建备份
gitlab-ctl tail #查看日志
gitlab-ctl reconfigure #根据gitlab.rb文件加载配置
systemctl enable gitlab-runsvdir.service #开机自启动
systemctl disable gitlab-runsvdir.service #禁止开机自启动