安装GitLab

依赖包安装
# yum install curl policycoreutils openssh-server openssh-clients postfix
 
gitlab仓库安装
 
启动邮件服务
# systemctl start postfix
# systemctl enable postfix
 
如果报错:Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
# yum -y install deltarpm
 
安装gitlab-ce
# yum install gitlab-ce -y
 
创建路径
# mkdir -p /etc/gitlab/ssl
 
创建私有密钥
# openssl genrsa -out "/etc/gitlab/ssl/gitlab.example.com.key" 2048
 
证书制作
# openssl req -new -key "/etc/gitlab/ssl/gitlab.example.com.key" -out "/etc/gitlab/ssl/gitlab.example.com.csr"
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:dl
Locality Name (eg, city) [Default City]:dl
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:gitlab.example.com
Email Address []:admin@example.com
 
 
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
看一下
# cd /etc/gitlab/ssl/
# ll
总用量 8
-rw-r--r-- 1 root root 1074 9月  18 12:47 gitlab.example.com.csr
-rw-r--r-- 1 root root 1679 9月  18 12:43 gitlab.example.com.key
创建证书
# openssl x509 -req -days 365 -in "/etc/gitlab/ssl/gitlab.example.com.csr" -signkey "/etc/gitlab/ssl/gitlab.example.com.key" -out "/etc/gitlab/ssl/gitlab.example.com.crt"
Signature ok
subject=/C=cn/ST=dl/L=dl/O=Default Company Ltd/CN=gitlab.example.com/emailAddress=admin@example.com
Getting Private key
# ll
总用量 12
-rw-r--r-- 1 root root 1281 9月  18 12:55 gitlab.example.com.crt
-rw-r--r-- 1 root root 1074 9月  18 12:47 gitlab.example.com.csr
-rw-r--r-- 1 root root 1679 9月  18 12:43 gitlab.example.com.key
 
生成pem文件
# openssl dhparam -out /etc/gitlab/ssl/dhparam.pem 2048
# ll
总用量 16
-rw-r--r-- 1 root root  424 9月  18 12:58 dhparam.pem
-rw-r--r-- 1 root root 1281 9月  18 12:55 gitlab.example.com.crt
-rw-r--r-- 1 root root 1074 9月  18 12:47 gitlab.example.com.csr
-rw-r--r-- 1 root root 1679 9月  18 12:43 gitlab.example.com.key
 
改权限
# chmod 600 *
# ll
总用量 16
-rw------- 1 root root  424 9月  18 12:58 dhparam.pem
-rw------- 1 root root 1281 9月  18 12:55 gitlab.example.com.crt
-rw------- 1 root root 1074 9月  18 12:47 gitlab.example.com.csr
-rw------- 1 root root 1679 9月  18 12:43 gitlab.example.com.key
 
改配置
# vim /etc/gitlab/gitlab.rb
external_url 'https://gitlab.example.com'
nginx['redirect_http_to_https'] = true
# nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.example.com.crt"
# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.example.com.key"
# nginx['ssl_dhparam'] = /etc/gitlab/ssl/dhparams.pem
 
让配置生效
# gitlab-ctl reconfigure
 
改gitlab中的nginx反代的配置
# vim /var/opt/gitlab/nginx/conf/gitlab-http.conf
  server_name gitlab.example.com;
  rewrite ^(.*)$ https://$host$1 permanent;
  server_tokens off; ## Don't show the nginx version number, a security best practice
 
重启gitlab使nginx配置生效
# gitlab-ctl restart
 
posted @ 2020-01-22 17:00  Edward_han  阅读(81)  评论(0编辑  收藏  举报