gitlab部署
gitlab其实也可以直接通过docker部署,但docker部署方式会有端口冲突问题,导致gitlab实际使用时会频繁更改仓库地址的端口,因此推荐直接使用实例本机部署.
二级域名准备
- gitlab最好使用单独的二级域名进行访问。前往”云解析DNS”添加解析记录,补充二级域名如gitlab.svinvy.com即可。
- 修改nginx配置,移除原端口监听的default_server配置,避免端口冲突。添加二级域名配置。主要是配置根路径/的访问默认转发到gitlab的work-horse端口。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name gitlab.svinvy.com;
root /usr/share/nginx/html;
ssl_certificate /xxx/fullchain.pem;
ssl_certificate_key /xxx/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
location / {
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-workhorse;
}gitlab-workhorse需在gitlab安装之后生效,此处只是先行增加配置
- 补充二级域名ssl证书
let’s encrypt重新执行renew命令,选择所有options重新生成证书即可。sudo certbot --nginx
gitlab安装
1 | wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-10.2.5-ce.0.el7.x86_64.rpm |
gitlab配置修改
gitlab默认会启用内置nginx,我们需手动禁用,并编辑对外域名
1 | vim /etc/gitlab/gitlab.rb |
启用新配置
1 | gitlab-ctl reconfigure |
验证nginx二级配置并重启
1 | nginx -t |