GitLab安装日记

使用12.3.5版本的gitlab可以对页面进行补充翻译

下载安装

清华大学开源软件镜像站：https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/

yum -y install wget 
wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-10.3.5-ce.0.el7.x86_64.rpm
rpm -i gitlab-ce-10.3.5-ce.0.el7.x86_64.rpm

汉化补充

yum -y install git
git clone https://gitlab.com/xhang/gitlab.git
#获取差异文件
cd gitlab
git diff origin/12-3-stable origin/12-3-stable-zh > 12.3.5.diff
#通过差异文件对页面文件进行修改
patch -d/opt/gitlab/embedded/service/gitlab-rails -p1 < 12.3.5.diff

附12.3.5.diff 提取码: tdtt

gitlab配置使用原有的redis

打开gitlab.rb文件修改，注意一定要给redis密码 不然报500错误

redis['enable'] = false 
gitlab_rails['redis_host'] = '127.0.0.1' 
gitlab_rails['redis_port'] = 6379
gitlab_rails['redis_password'] = 'password'  #这样会在gitlab.rb文件保留redis明文密码
gitlab_rails['redis_database'] = 6 #选择数据库id

gitlab配置unicorn端口避免与tomcat冲突

打开gitlab.rb文件修改

unicorn['listen'] = '127.0.0.1'
unicorn['port'] = 18080

gitlab配置使用原有的nginx

1. 打开gitlab.rb文件修改

   nginx['enable'] = false
   gitlab_workhorse['listen_network'] = "unix"
   gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/socket"
   web_server['external_users'] = ["www"] #实际启动nginx的用户
   gitlab_rails['trusted_proxies'] = ["127.0.0.1"]
   

2.配置 nginx
http中

    upstream gitlab-workhorse {
      #该处与gitlab.rb gitlab_workhorse['listen_addr'] 一致  
      server unix:/var/opt/gitlab/gitlab-workhorse/socket;
    }

新建server

server {
    listen *:80;
    server_tokens off; #不显示nginx版本号
    client_max_body_size 250m;#文件上传最大大小

    add_header Strict-Transport-Security "max-age=31536000";
    add_header Referrer-Policy strict-origin-when-cross-origin;
    if ($http_host = "") {
        set $http_host_with_default "192.168.0.97:8099";
    }

    if ($http_host != "") {
        set $http_host_with_default $http_host;
    }

    gzip on;
    gzip_static on;
    gzip_comp_level 2;
    gzip_http_version 1.1;
    gzip_vary on;
    gzip_disable "msie6";
    gzip_min_length 10240;
    gzip_proxied no-cache no-store private expired auth;
    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/json application/xml application/rss+xml;

    proxy_read_timeout      3600;
    proxy_connect_timeout   300;
    proxy_redirect          off;
    proxy_http_version 1.1;
    proxy_set_header referer "https://gitlab.tdtt.tk$request_uri";
    proxy_set_header Host $http_host_with_default;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    ##proxy_set_header Connection $connection_upgrade;
    proxy_set_header X-Forwarded-Proto http;

    #主要其它无所谓
    location / {
        proxy_cache off;
        proxy_pass  http://gitlab-workhorse;
    }

    location ~ (.git/git-receive-pack$|.git/info/refs?service=git-receive-pack$|.git/gitlab-lfs/objects|.git/info/lfs/objects/batch$) {
        proxy_cache off;
        proxy_pass http://gitlab-workhorse;
        proxy_request_buffering off;
    }

    location /-/grafana/ {
        proxy_pass http://localhost:3000/;
    }

    #health checks configuration
    location /error.txt {
         # return code here is ignored by the error_page directive
         return 500 'nginx returned $status when communicating with gitlab-workhorse\n';
    }

    location /error.json  {
        # return code here is ignored by the error_page directive
        return 500 '{"error":"nginx returned $status when communicating with gitlab-workhorse","status":$status}\n';
    }

    location = /-/health {
        proxy_cache off;
        proxy_pass  http://gitlab-workhorse;
        error_page 404 500 502 /error.txt;
    }
    location = /-/readiness {
        proxy_cache off;
        proxy_pass  http://gitlab-workhorse;
        error_page 404 500 502 /error.json;
    }
    location = /-/liveness {
        proxy_cache off;
        proxy_pass  http://gitlab-workhorse;
        error_page 404 500 502 /error.json;
    }
    location / {
        proxy_cache off;
        proxy_pass  http://gitlab-workhorse;
    }
    location /assets {
        ##proxy_cache gitlab;
        proxy_pass  http://gitlab-workhorse;
    }
}

gitlab配置使用mailgun邮箱

打开gitlab.rb文件修改

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.mailgun.org"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "[email protected]" #用户名
gitlab_rails['smtp_password'] = "07d55946" #密码
gitlab_rails['smtp_domain'] = "mg.tdtt.tk" #mg.域名
gitlab_rails['smtp_authentication'] = "plain"
gitlab_rails['smtp_enable_starttls_auto'] = true

gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = '[email protected]'
gitlab_rails['gitlab_email_display_name'] = '唐大土土' #邮件发信人

gitlab修改克隆地址

打开gitlab.rb文件修改

gitlab_rails['gitlab_shell_ssh_port'] = 1022 #实际ssh端口与centos7 的sshd服务一个端口
external_url 'https://gitlab.tdtt.tk' #实际访问地址。邮件链接地址，克隆地址都是这里修改

内网安装gitlab需要把内网的sshd端口转发到公网端口
Docker安装gitlab需要-p 1022:22 将容器内部端口向外映射

gitlab配置数据库

postgresql开通远程访问 需要gitlab-ctl reconfigure后设置

su - gitlab-psql #切换登录用户
psql -h /var/opt/gitlab/postgresql -d gitlabhq_production #连接到gitlab数据库
\password gitlab #修改密码
\q #退出数据库
exit #退回到root用户

打开gitlab.rb文件修改
postgresql['enable'] = true
postgresql['listen_address'] = '127.0.0.1,192.168.2.3' #监听127.0.0.1和192.168.2.3ip，这样gitlab-ctl reconfigure不会报错。
#修改postgresql['listen_address']内容会加载到/var/opt/gitlab/postgresql/data/postgresql.conf
#与update content in file /var/opt/gitlab/gitlab-rails/etc/database.yml两个文件。如果改为*数据库连接地址也会变成*
#gitlab_rails['db_host'] 取消注释database.yml内容会根据此字段生成。postgresql['listen_address']也就能设置为*
gitlab_rails['db_password'] = 'password' #上面修改的数据库密码这样会在gitlab.rb与database.yml文件保留postgresql明文密码
gitlab_rails['db_host'] = "127.0.0.1"
postgresql['port'] = 5432
postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data"
postgresql['md5_auth_cidr_addresses'] = ["0.0.0.0/0"]
postgresql['custom_pg_hba_entries'] = {
  APPLICATION: [ # APPLICATION should identify what the settings are used for
    {
      type: "host",
      database: "all",
      user: "all",
      cidr: "0.0.0.0/0",
      method: "md5",
#       option: example
    }
  ]
}

Gitlab 官方宣布,将从 12.1 版本开始不再支持 MySQL 数据库。

gitlab低配机优化

打开gitlab.rb文件修改

postgresql['shared_buffers'] = "256MB" #减少postgres数据库缓存
sidekiq['concurrency'] = 10 #降低sidekiq中的并发级别
prometheus_monitoring['enable'] = false #禁用 prometheus monitoring
unicorn['worker_processes'] = 2 #unicorn进程数低于2会卡死，推荐cpu线程数+1，一个进程占用500MB内存

实际gitlab+redis+nginx+mysql系统内存使用2038MB
实际gitlab启动服务有 gitaly gitlab-workhorse logrotate postgresql sidekiq unicorn

gitlab命令

gitlab-ctl start/restart/stop #启动/重启/停止
gitlab-ctl status #查看状态
gitlab-rake gitlab:backup:create #创建备份
gitlab-ctl tail #查看日志
gitlab-ctl reconfigure #根据gitlab.rb文件加载配置
systemctl enable gitlab-runsvdir.service #开机自启动
systemctl disable gitlab-runsvdir.service #禁止开机自启动