search

waterloo3122 / open-source-docs

Apache License 2.0
0 stars 0 forks source link

Centos 7 install and configure gitlab #85

Open waterloo3122 opened 5 years ago

waterloo3122 commented 5 years ago

install via docker

mkdir -p /srv/gitlab/config /srv/gitlab/logs /srv/gitlab/data
mkdir -p /srv/gitlab/config/ssl
openssl genrsa -out /srv/gitlab/config/ssl/gitlab.ceph-in.tk.key 2048
openssl req -new -key /srv/gitlab/config/ssl/gitlab.ceph-in.tk.key -out /srv/gitlab/config/ssl/gitlab.ceph-in.tk.csr
openssl x509 -req -days 3650 -in /srv/gitlab/config/ssl/gitlab.ceph-in.tk.csr -signkey /srv/gitlab/config/ssl/gitlab.ceph-in.tk.key -out /srv/gitlab/config/ssl/gitlab.ceph-in.tk.crt
openssl dhparam -out /srv/gitlab/config/ssl/dhparams 2048

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
yum -y install docker-ce
systemctl enable docker
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
systemctl restart docker

sudo docker run --detach \
  --hostname gitlab.ceph-in.tk \
  --publish 443:443 --publish 80:80 --publish 2222:22 \
  --name gitlab \
  --restart always \
  --volume /srv/gitlab/config:/etc/gitlab \
  --volume /srv/gitlab/logs:/var/log/gitlab \
  --volume /srv/gitlab/data:/var/opt/gitlab \
  gitlab/gitlab-ee:latest
waterloo3122 commented 5 years ago

change /etc/gitlab/gitlab.rb

vim /etc/gitlab/gitlab.rb

change as follows

external_url 'https://gitlab.ceph-in.tk'

nginx['redirect_http_to_https'] = true

nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.ceph-in.tk.crt"

nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.ceph-in.tk.key"

nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparams" 

gitlab_rails[‘time_zone’] = 'Asia/Shanghai'

gitlab-ctl reconfigure

vi /var/opt/gitlab/nginx/conf/gitlab-http.conf

add the following line

rewrite ^(.*)$ https://$host$1 permanent;

below

server_name gitlab.ceph-in.tk

then

gitlab-ctl restart

waterloo3122 commented 5 years ago

use your own smtp

gitlab_rails['gitlab_email_enabled'] = true gitlab_rails['gitlab_email_from'] = 'xxx@xxx.com' gitlab_rails['gitlab_email_display_name'] = 'xxxx gitlab' gitlab_rails['gitlab_email_reply_to'] = 'xxx@xxxx.com' gitlab_rails['gitlab_email_subject_suffix'] = 'xxxx gitlab'

gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.ym.163.com" gitlab_rails['smtp_port'] = 994 gitlab_rails['smtp_user_name'] = "xxx@xxx.com" gitlab_rails['smtp_password'] = "xxxxxxxx~" gitlab_rails['smtp_domain'] = "smtp.ym.163.com" gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_tls'] = true

waterloo3122 commented 5 years ago

configure client to trust gitlab cert

check this link below https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html

Install the ca-certificates package: yum install ca-certificates Enable the dynamic CA configuration feature update-ca-trust force-enable Add it as a new file to /etc/pki/ca-trust/source/anchors/: cp your-gitlab.crt /etc/pki/ca-trust/source/anchors/ Use command update-ca-trust extract

systemctl restart jenkins

waterloo3122 commented 5 years ago

install groovy

yum install groovy

waterloo3122 commented 5 years ago

decrease memory usage

https://blog.csdn.net/ouyang_peng/article/details/84066417

external_url 'https://gitlab.xxx.com'
unicorn['worker_timeout'] = 60
unicorn['worker_processes'] = 2
unicorn['worker_memory_limit_min'] = "200 * 1 << 20"
unicorn['worker_memory_limit_max'] = "300 * 1 << 20"
sidekiq['concurrency'] = 2
postgresql['shared_buffers'] = "256MB"
postgresql['max_worker_processes'] = 2
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.xxx.com.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.xxx.com.key"
waterloo3122 commented 4 years ago

enable ldap

vim /etc/gitlab/gitlab.rb

gitlab_rails['ldap_enabled'] = true
gitlab_rails['prevent_ldap_sign_in'] = false

###! **remember to close this block with 'EOS' below**
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
  main: # 'main' is the GitLab 'provider ID' of this LDAP server
    label: 'LDAP'
    host: '192.168.1.102'
    port: 389
    uid: 'uid'
    bind_dn: d=admin,ou=People,dc=mofanglicai,dc=com,dc=cn'
    password: '11111111'
    encryption: 'start_tls' # "start_tls" or "simple_tls" or "plain"
    verify_certificates: false
    smartcard_auth: false
    active_directory: true
    allow_username_or_email_login: false
    lowercase_usernames: false
    block_auto_created_users: false
    base: 'ou=People,dc=mofanglicai,dc=com,dc=cn'
    user_filter: ''
    ## EE only
    group_base: ''
    admin_group: ''
    sync_ssh_keys: false

  #secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
  #  label: 'LDAP'
  #  host: '_your_ldap_server'
  #  port: 389
  #  uid: 'sAMAccountName'
  #  bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
  #  password: '_the_password_of_the_bind_user'
  #  encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
  #  verify_certificates: true
  #  smartcard_auth: false
  #  active_directory: true
  #  allow_username_or_email_login: false
  #  lowercase_usernames: false
  #  block_auto_created_users: false
  #  base: ''
  #  user_filter: ''
  #  ## EE only
  #  group_base: ''
  #  admin_group: ''
  #  sync_ssh_keys: false
EOS