一直使用 git 来做项目版本控制,但每次新建项目都要去服务器上操作,比较麻烦,所以选用开源的 gitlab 就相当合适了。
gitlab 的自带组件比较多,例如 redis、postgresql 还有自带的 nginx 等等,中间的坑也很多,综合考量还是选用懒方法 docker 容器来安装。安全、快速。
部署环境为 Ubuntu 18.04 的局域网机器,由于是 Docker 方式部署,理论上各个环境的部署方式都是类似的。
环境准备
性能要求
最好是 4GB 内存以上,至少要 2GB 内存,否则卡的你怀疑人生。
安装 Docker
我们从阿里源安装。
安装必要的一些系统工具
$ apt-get update
$ apt-get -y install apt-transport-https ca-certificates curl software-properties-common安装 GPG 证书
$ curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -写入软件源信息
$ add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"更新并安装 Docker-CE
$ apt-get -y update
$ apt-get -y install docker-ce安装好之后,来看看 Docker 的版本。
$ docker version
Client:
Version: 18.06.1-ce
API version: 1.38
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:24:51 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.1-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:23:15 2018
OS/Arch: linux/amd64
Experimental: false安装 gitlab-ce
镜像拉取
$ docker pull gitlab-ce # 大约 1.5GB 耐心等待容器创建
$ docker run -d \
--hostname gitlab.maywzh.com \ # 指定容器域名, 未知功能: 创建镜像仓库的时候使用到
-p 8880:80 \ # 将容器内 80 端口映射到主机 8880, 提供 http 服务
-p 8222:22 \ # 将容器内 22 端口映射到主机 8222, 提供 ssh 服务
-p 9090:9090 \ # 将容器内 9090 端口映射到主机 9090, 提供 prometheus 服务
--name gitlab \ # 指定容器名称
--restart always \ # 容器退出时, 自动重启
-v /srv/gitlab/config:/etc/gitlab \ # 将本地 /srv/gitlab/config 挂载到容器内 /etc/gitlab
-v /srv/gitlab/logs:/var/log/gitlab \ # 将本地 /srv/gitlab/logs 挂载到容器内 /var/log/gitlab
-v /srv/gitlab/data:/var/opt/gitlab \ # 将本地 /srv/gitlab/data 挂载到容器内 /var/opt/gitlab
gitlab/gitlab-ce:latest # 镜像名称: 版本查看容器运行状况
$ docker inspect gitlab --format "{{.State.Status}}"
running # 表示正常配置
我们把 docker 容器的 gitlab 配置目录挂载在本地的 /srv/gitlab/ 中。所以,需要改动这里的配置文件。
先备份gitlab.rb
$ cd /srv/gitlab/config
$ cp gitlab.rb gitlab.rb.default配置文件示例
### gitlab.rb 把以下内容加在原 gitlab.rb 的最下面 有些配置项需要视情况改动
## 域名设置 这个影响 git clone 的地址
external_url http://github.maywzh.com
## gitlab 镜像自带 nginx 配置
nginx['enable'] = true
nginx['client_max_body_size'] = '250m'
nginx['redirect_http_to_https'] = false
nginx['listen_addresses'] = ['0.0.0.0', '[::]']
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/*.conf;"
nginx['proxy_read_timeout'] = 3600
nginx['proxy_connect_timeout'] = 300
nginx['proxy_set_headers'] = {
"Host" => "$http_host_with_default",
"X-Real-IP" => "$remote_addr",
"X-Forwarded-For" => "$proxy_add_x_forwarded_for",
"Upgrade" => "$http_upgrade",
"Connection" => "$connection_upgrade"
}
nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
nginx['proxy_cache'] = 'gitlab'
nginx['http2_enabled'] = false
# nginx['real_ip_trusted_addresses'] = ['172.16.0.0/16'] #需要改动
nginx['real_ip_header'] = 'X-Real-IP'
nginx['real_ip_recursive'] = on
nginx['custom_error_pages'] = {
'404' => {
'title' => 'Example title',
'header' => 'Example header',
'message' => 'Example message'
}
}
nginx['dir'] = "/var/opt/gitlab/nginx"
nginx['log_directory'] = "/var/log/gitlab/nginx"
nginx['worker_processes'] = 4
nginx['worker_connections'] = 10240
nginx['log_format'] = '$remote_addr - $remote_user [$time_local]"$request"$status $body_bytes_sent"$http_referer""$http_user_agent"'
nginx['sendfile'] = 'on'
nginx['tcp_nopush'] = 'on'
nginx['tcp_nodelay'] = 'on'
nginx['gzip'] = "on"
nginx['gzip_http_version'] = "1.0"
nginx['gzip_comp_level'] = "2"
nginx['gzip_proxied'] = "any"
nginx['gzip_types'] = ["text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
nginx['keepalive_timeout'] = 65
nginx['cache_max_size'] = '5000m'
nginx['server_names_hash_bucket_size'] = 64
nginx['status'] = {
"enable" => false,
}
## 邮件服务 以 qq 邮箱为例 需要改动
gitlab_rails['time_zone'] = 'Asia/Shanghai'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "xxxxxx@qq.com"
gitlab_rails['smtp_password'] = "xxxxxxx" #qq 邮箱的独立密码
gitlab_rails['smtp_domain'] = "smtp.qq.com"
gitlab_rails['smtp_authentication'] = :plain
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['gitlab_email_from'] = "xxxxxx@qq.com"
user['git_user_email'] = "xxxxxx@qq.com"
user['git_user_name'] = "gitlab"
## gitlab 自带 Postgresql 配置
postgresql['enable'] = true
postgresql['ssl'] = 'off'
## gitlab 自带 Redis 配置
gitlab_rails['redis_host'] = "127.0.0.1"
gitlab_rails['redis_port'] = 6379
gitlab_rails['redis_password'] = '0340fg2340jk342302342l' # 需要改动
gitlab_rails['redis_database'] = 0
redis['enable'] = true
redis['username'] = "gitlab-redis"
redis['maxclients'] = "10000"
redis['maxmemory'] = "1gb"
redis['maxmemory_policy'] = "allkeys-lru"
redis['maxmemory_samples'] = "5"
redis['tcp_timeout'] = "60"
redis['tcp_keepalive'] = "300"
redis['port'] = 6379
redis['password'] = '0340fg2340jk342302342l' # 需要改动
## gitlab 备份路径
gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
## 监控 Prometheus 配置
prometheus['enable'] = true
prometheus['monitor_kubernetes'] = false
prometheus['username'] = 'gitlab-prometheus'
prometheus['uid'] = nil
prometheus['gid'] = nil
prometheus['shell'] = '/bin/sh'
prometheus['home'] = '/var/opt/gitlab/prometheus'
prometheus['log_directory'] = '/var/log/gitlab/prometheus'
prometheus['scrape_interval'] = 15
prometheus['scrape_timeout'] = 15
prometheus['chunk_encoding_version'] = 2
prometheus['listen_address'] = '0.0.0.0:9090'
prometheus_monitoring['enable'] = true
node_exporter['enable'] = true
redis_exporter['enable'] = true
redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
redis_exporter['flags'] = {
'redis.addr' => "127.0.0.1:6379",
'redis.password' => '0340fg2340jk342302342l' # 需要改动
}
postgres_exporter['enable'] = true
gitlab_monitor['enable'] = true 修改好配置文件后,重载配置
$ docker exec -t gitlab gitlab-ctl reconfigure
$ docker exec -t gitlab gitlab-ctl restartnginx 反向代理
由于容器内部的 http 服务端口是 8880,为了能够直接输入域名来访问,需要设置 nginx 反向代理代理容器内部的 nginx 服务。
$ sudo vim /etc/nginx/conf.d/gitlab.conf修改/etc/nginx/conf.d/gitlab.conf
server
{
listen 80;
server_name gitlab.maywzh.com;
location /
{
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8880;
}
}修改/etc/nginx/nginx.conf
...
http{
...
include /etc/nginx/conf.d/gitlab.conf;
...
}
...重启 nginx
$ systemctl restart nginx.service这样就部署完成了~