安装GitLab
依赖包安装
# yum install curl policycoreutils openssh-server openssh-clients postfix
gitlab仓库安装
# curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
启动邮件服务
# systemctl start postfix
# systemctl enable postfix
如果报错:Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
# yum -y install deltarpm
安装gitlab-ce
# yum install gitlab-ce -y
创建路径
# mkdir -p /etc/gitlab/ssl
创建私有密钥
# openssl genrsa -out "/etc/gitlab/ssl/gitlab.example.com.key" 2048
证书制作
# openssl req -new -key "/etc/gitlab/ssl/gitlab.example.com.key" -out "/etc/gitlab/ssl/gitlab.example.com.csr"
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []:dl Locality Name (eg, city) [Default City]:dl Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:gitlab.example.com Email Address []:admin@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456 An optional company name []:
看一下
# cd /etc/gitlab/ssl/
# ll
总用量 8
-rw-r--r-- 1 root root 1074 9月 18 12:47 gitlab.example.com.csr
-rw-r--r-- 1 root root 1679 9月 18 12:43 gitlab.example.com.key
创建证书
# openssl x509 -req -days 365 -in "/etc/gitlab/ssl/gitlab.example.com.csr" -signkey "/etc/gitlab/ssl/gitlab.example.com.key" -out "/etc/gitlab/ssl/gitlab.example.com.crt"
Signature ok
subject=/C=cn/ST=dl/L=dl/O=Default Company Ltd/CN=gitlab.example.com/emailAddress=admin@example.com
Getting Private key
# ll
总用量 12
-rw-r--r-- 1 root root 1281 9月 18 12:55 gitlab.example.com.crt
-rw-r--r-- 1 root root 1074 9月 18 12:47 gitlab.example.com.csr
-rw-r--r-- 1 root root 1679 9月 18 12:43 gitlab.example.com.key
生成pem文件
# openssl dhparam -out /etc/gitlab/ssl/dhparam.pem 2048
# ll
总用量 16
-rw-r--r-- 1 root root 424 9月 18 12:58 dhparam.pem
-rw-r--r-- 1 root root 1281 9月 18 12:55 gitlab.example.com.crt
-rw-r--r-- 1 root root 1074 9月 18 12:47 gitlab.example.com.csr
-rw-r--r-- 1 root root 1679 9月 18 12:43 gitlab.example.com.key
改权限
# chmod 600 *
# ll
总用量 16
-rw------- 1 root root 424 9月 18 12:58 dhparam.pem
-rw------- 1 root root 1281 9月 18 12:55 gitlab.example.com.crt
-rw------- 1 root root 1074 9月 18 12:47 gitlab.example.com.csr
-rw------- 1 root root 1679 9月 18 12:43 gitlab.example.com.key
改配置
# vim /etc/gitlab/gitlab.rb
external_url 'https://gitlab.example.com'
nginx['redirect_http_to_https'] = true
# nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.example.com.crt"
# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.example.com.key"
# nginx['ssl_dhparam'] = /etc/gitlab/ssl/dhparams.pem
让配置生效
# gitlab-ctl reconfigure
改gitlab中的nginx反代的配置
# vim /var/opt/gitlab/nginx/conf/gitlab-http.conf
server_name gitlab.example.com;
rewrite ^(.*)$ https://$host$1 permanent;
server_tokens off; ## Don't show the nginx version number, a security best practice
重启gitlab使nginx配置生效
# gitlab-ctl restart