架構(gòu)

image

關(guān)閉防火墻

[root@gitlab ~]# systemctl stop firewalld
[root@gitlab ~]# systemctl disable firewalld

關(guān)閉SELinux

[root@gitlab ~]# setenforce 0
setenforce: SELinux is disabled

安裝依賴(lài)組件

[root@gitlab ~]# yum -y install curl policycoreutils openssh-server openssh-clients postfix

下載gitlab-ce倉(cāng)庫(kù)

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh  | bash

。

啟動(dòng)郵件服務(wù)器

[root@gitlab data]# systemctl start postfix
[root@gitlab data]# systemctl enable postfix

安裝gitlab

安裝omnibus gitlab-ce
omnibus相當(dāng)于一鍵安裝包倒槐，自動(dòng)安裝gitlab所依賴(lài)的所有組件

 yum -y install gitlab-ce

創(chuàng)建私鑰與證書(shū)

[root@gitlab data]# mkdir /etc/gitlab/ssl
[root@gitlab data]# openssl genrsa -out "/etc/gitlab/ssl/gitlab.aubin.com.key" 2048


創(chuàng)建申請(qǐng)證書(shū)
openssl req -new -key "/etc/gitlab/ssl/gitlab.aubin.com.key" -out "/etc/gitlab/ssl/gitlab.aubin.com.csr
Country Name (2 letter code) [XX]:cn                # 國(guó)家
State or Province Name (full name) []:bj            # 省份
Locality Name (eg, city) [Default City]:bj          # 城市
Organization Name (eg, company) [Default Company Ltd]:ctyun # 公司名
Organizational Unit Name (eg, section) []:ops       # 部門(mén)
Common Name (eg, your name or your server's hostname) []:gitlab.aubin.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:


給申請(qǐng)證書(shū)簽名
[root@gitlab data]# openssl x509 -req -days 3650 -in "/etc/gitlab/ssl/gitlab.aubin.com.csr" -signkey "/etc/gitlab/ssl/gitlab.aubin.com.key" -out "/etc/gitlab/ssl/gitlab.aubin.com.crt"

創(chuàng)建pem
openssl dhparam -out /etc/gitlab/ssl/dhparams.pem 2048
 
修改權(quán)限
chmod 600 /etc/gitlab/ssl/*

配置gitlab

nginx['redirect_http_to_https'] = ture
nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/gitlab.aubin.com.crt"
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.aubin.com.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.aubin.com.key"
nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparams.pem"
nginx['listen_addresses'] = ['*']
nginx['listen_port'] = 9000

初始化所有配置

[root@gitlab ssl]# gitlab-ctl reconfigure

配置本地windows住的hosts文件

# gitlab
42.81.133.59 gitlab.aubin.com

瀏覽器訪問(wèn)

初次進(jìn)入需要設(shè)置管理員密碼(默認(rèn)賬號(hào)為root),前面配置了nginx為https訪問(wèn)，所以訪問(wèn)地址應(yīng)該為https

https://IP:9000

image

nginx配置文件

修改配置文件后要重啟gitlabgitlab-ctl restart

/var/opt/gitlab/nginx/conf/gitlab-http.conf