Docker搭建Gitlab
最近换了域名,又新入了一台牛逼Plus的机器,就准备把环境软件都搭建起来,先把GitLab搭建起来吧
其实docker的官方文档已经很详细了,但是英文还是不是很亲切,所以还是参考了其他博客
新的机器的系统是Centos8.2这里在安装docker的时候跟7有一些不同,这个如果用到centos8的要注意下
配置docker
详细的安装就不细说了,可以参考上面攻略,贴一下我的 docker-compose.yml
web: image: 'gitlab/gitlab-ce:latest' restart: always hostname: 'gitlab.dpdp.fun' environment: GITLAB_OMNIBUS_CONFIG: | external_url 'https://gitlab.dpdp.fun' # Add any other gitlab.rb configuration here, each on its own line ports: - '8880:80' - '8443:443' - '8822:22' volumes: - '/data/docker/gitlab/config:/etc/gitlab' - '/data/docker/gitlab/logs:/var/log/gitlab' - '/data/docker/gitlab/data:/var/opt/gitlab'
这里要注意的是对应的端口,和对应的挂在卷,因为稍后要做域名转发。
还要注意的是域名 这里指定了https://gitlab.dpdp.fun 那么 好像通过ip访问就访问不了了,必须通过这个域名访问还必须是https的
启动docker:
docker-compose up -d
配置Nginx转发Server
server { listen 80; #listen [::]:80; server_name gitlab.dpdp.fun ; #告诉浏览器有效期内只准用 https 访问 add_header Strict-Transport-Security max-age=15768000; #永久重定向到 https 站点 return 301 https://$server_name$request_uri; access_log /data/web/wwwlogs/gitlab.dpdp.fun.log; } server { listen 443 ssl http2; #listen [::]:443 ssl http2; server_name gitlab.dpdp.fun ; location / { proxy_pass_header Server; proxy_pass https://localhost:8443; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; } ssl_certificate /data/web/https/gitlab.dpdp.fun/Nginx/1_gitlab.dpdp.fun_bundle.crt; ssl_certificate_key /data/web/https/gitlab.dpdp.fun/Nginx/2_gitlab.dpdp.fun.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"; ssl_session_cache builtin:1000 shared:SSL:10m; # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048 ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem; access_log /data/web/wwwlogs/gitlab.dpdp.fun.log; }
这样就可以通过域名直接访问Gitlab了
SSH访问
配置私钥 这个最好要保存到单独的文件
ssh-keygen -t rsa -b 2048 -C "email@example.com"
在~/.ssh/目录下面创建config文件
Host gitlab.dpdp.fun HostName gitlab.dpdp.fun PreferredAuthentications publickey IdentityFile ~/.ssh/id_rsa_gitlab User root
链接测试
git clone ssh://git@gitlab.dpdp.fun:8822/root/helloworld.git
这里要注意端口问题,我们在git用ssh 访问的时候要带上端口
配置GitLab邮箱
申请smtp的信息自行到qq或者163设置里面操作
在gitlab.rb里面添加
### Email Settings gitlab_rails['smtp_enable'] = true # 开启 SMTP 功能 gitlab_rails['smtp_address'] = "smtp.qq.com" gitlab_rails['smtp_port'] = 465 # 端口不可以选择587,测试过会发送邮件失败 gitlab_rails['smtp_user_name'] = "123456@qq.com" # 你的邮箱账号 gitlab_rails['smtp_password'] = "xxxxxxxxxxxxxx" # 授权码,不是密码 gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_tls'] = true gitlab_rails['gitlab_email_from'] = '123456@qq.com' # 发件人信息,必须跟‘smtp_user_name’保持一致,否则报错 gitlab_rails['smtp_domain'] = "qq.com" # 修改并不影响
这里要注意一个 我这边进行重新加载配置的时候ssl报错 “LetsEncrypt certificates fail in domain validation” 找了一堆 可以参考
https://forum.gitlab.com/t/letsencrypt-certificates-fail-in-domain-validation/18112
letsencrypt['enable'] = false
把这个关闭了就ok了,这里没有细究 回头可以研究下,
重新加载配置文件,然后发送测试文件
#docker exec -it gitlab_web_1 bash #gitlab-ctl reconfigure root@gitlab:/# gitlab-rails console -------------------------------------------------------------------------------- GitLab: 13.2.4 (136d3a02dca) FOSS GitLab Shell: 13.3.0 PostgreSQL: 11.7 -------------------------------------------------------------------------------- Loading production environment (Rails 6.0.3.1) irb(main):001:0> Notify.test_email('1233456@qq.com', 'Message Subject', 'Message Body').deliver_now
重启docker
[root@localhost gitlab]# docker restart ae2f66a032d8
基本ok了,