首页 > 运维 > Gitlab 安装与配置
2021
07-14

Gitlab 安装与配置

Gitlab 安装

使用 docker-compose 安装 Gitlab,traefik 反向代理 Gitlab,并开启 https

编辑 docker-compose.yaml 文件

$ mkdir gitlab
$ cat << 'EOF' | tee gitlab/docker-compose.yaml
version: "3"

services:
  gitlab:
    image: gitlab/gitlab-ce
    container_name: gitlab
    restart: always
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        # Gitlab访问URL
        external_url "https://git.YOU_DOMAIN"
        # Gitlab SSH端口,注意映射端口时不要与宿主机的SSH端口冲突
        gitlab_rails["gitlab_shell_ssh_port"] = 22
        # 时区设置
        gitlab_rails["time_zone"] = "Asia/Shanghai"
        # 邮件设置,以QQ企业邮箱为例
        gitlab_rails["smtp_enable"] = true
        gitlab_rails["smtp_address"] = "smtp.exmail.qq.com"
        gitlab_rails["smtp_port"] = 465
        gitlab_rails["smtp_user_name"] = "YOU_EMAIL"
        gitlab_rails["smtp_password"] = "YOU_EMAIL_PASSWORD"
        gitlab_rails["smtp_domain"] = "exmail.qq.com"
        gitlab_rails["smtp_authentication"] = "login"
        gitlab_rails["smtp_enable_starttls_auto"] = true
        gitlab_rails["smtp_tls"] = true
        gitlab_rails["gitlab_email_enabled"] = true
        gitlab_rails["gitlab_email_from"] = "YOU_EMAIL"
        gitlab_rails["gitlab_email_display_name"] = "YOU_EMAIL_DISPLAY_NAME"
        gitlab_rails["gitlab_email_reply_to"] = "YOU_EMAIL"
        gitlab_rails["gitlab_email_subject_suffix"] = ""
        # 备份设置,保留14天的备份
        gitlab_rails["manage_backup_path"] = true
        gitlab_rails["backup_path"] = "/var/opt/gitlab/backups"
        gitlab_rails["backup_archive_permissions"] = 0644
        gitlab_rails["backup_pg_schema"] = "public"
        gitlab_rails["backup_keep_time"] = 1209600
        # 超时设置
        gitlab_rails["webhook_timeout"] = 60 
        unicorn["worker_timeout"] = 60
        unicorn["worker_processes"] = 4
        # Gitlab自带的nginx设置,使用外部的traefik反向代理
        nginx["enable"] = true
        nginx["listen_port"] = 80
        nginx["listen_https"] = false
    ports:
      - "2222:22"
    networks:
      - gitlab
    volumes:
      - "/etc/localtime:/etc/localtime"
      - "/data/gitlab/config:/etc/gitlab"
      - "/data/gitlab/logs:/var/log/gitlab"
      - "/data/gitlab/data:/var/opt/gitlab"
    labels:
      - "traefik.enable=true"
      # HTTP访问入口,HTTP自动跳转HTTPS
      - "traefik.http.routers.gitlab.entrypoints=web"
      - "traefik.http.routers.gitlab.rule=Host(`git.YOU_DOMAIN`)"
      - "traefik.http.routers.gitlab.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # HTTPS访问入口
      - "traefik.http.routers.gitlab-secure.entrypoints=websecure"
      - "traefik.http.routers.gitlab-secure.rule=Host(`git.YOU_DOMAIN`)"
      # 开启TLS,指定证书域名
      - "traefik.http.routers.gitlab-secure.tls=true"
      - "traefik.http.routers.gitlab-secure.tls.certresolver=default"
      # 指定Gitlab的端口,多端口容器需要指定
      - "traefik.http.services.gitlab-secure.loadbalancer.server.port=80"

  traefik:
    image: traefik:2.1
    container_name: traefik
    restart: always
    command: 
      # 开启api/dashboard
      - "--api.dashboard=true" 
      # 设置provider为docker
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      # 设置http和https入口点
      - "--entryPoints.web.address=:80"
      - "--entryPoints.websecure.address=:443"
      # ACME验证方式,这里选择TLS验证
      - "--certificatesresolvers.default.acme.tlschallenge=true"
      # 申请证书的邮箱
      - "--certificatesResolvers.default.acme.email=YOU_EMAIL"
      # 保存ACME证书的位置
      - "--certificatesResolvers.default.acme.storage=/letsencrypt/acme.json"
    networks:
      - gitlab
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/etc/localtime:/etc/localtime"                                          
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock"

networks:
  gitlab:
    driver: bridge
EOF

注意将 YOU_XXX 换成符合要求的名称,使用 TLS 验证必须将域名解析到所在服务器,CA服务器能通过解析到达此服务器(本例中 git.YOU_DOAMIN )

启动 Gitlab

$ cd gitlab
$ docker-compose up -d

启动要拉取对应的 docker 镜像,等待时间可能较长,也可以预先拉取


容器起来之后,默认用户是root,要登录web界面需要先进入容器的这个文件获取密码:

docker exec -it gitlab /bin/bash

cat /etc/gitlab/initial_root_password

查看 Gitlab 版本

$ docker exec gitlab /opt/gitlab/bin/gitlab-rake gitlab:env:info

备份 Gitlab

$ docker exec gitlab /opt/gitlab/bin/gitlab-rake gitlab:backup:create RAILS_ENV=production

在 Gitlab 容器的路径 /var/opt/gitlab/backups(对应于宿主机的 /data/gitlab/data/backups 目录)下会生成形如 1576482525_2019_12_16_12.5.4_gitlab_backup.tar 的备份文件

将此备份命令加入 corntab 中,定期执行即可自动定期备份

还原 Gitlab

将备份文件复制到要还原的机器中(该机器安装一样版本的 Gitlab)

拷贝备份文件到 Gitlab 容器中

$ docker cp 1576482525_2019_12_16_12.5.4_gitlab_backup.tar gitlab:/var/opt/gitlab/backups/


交互式进入 Gitlab 容器内部

$ docker exec -it gitlab /bin/bash

在 Gitlab 容器内执行如下还原命令(注意还原文件不需要加 _gitlab_backup.tar )

$ /opt/gitlab/bin/gitlab-rake gitlab:backup:restore RAILS_ENV=production BACKUP=/var/opt/gitlab/backups/1576482525_2019_12_16_12.5.4

一路敲 yes 回车即可


不用traefik,仅安装gitlab, docker-compose.yaml 文件

version: "3"

services:
  gitlab:
    image: gitlab/gitlab-ce
    container_name: gitlab
    restart: always
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        # Gitlab访问URL
        external_url "http://122.51.156.172:8000"
        # Gitlab SSH端口,注意映射端口时不要与宿主机的SSH端口冲突
        gitlab_rails["gitlab_shell_ssh_port"] = 2222
        # 时区设置
        gitlab_rails["time_zone"] = "Asia/Shanghai"
    ports:
      # 前面是gitlab上面配置的接口,后面是服务器的ssh端口
      - "2222:51204"
      - "8000:8000"
    networks:
      - gitlab
    volumes:
      - "/etc/localtime:/etc/localtime"
      - "/data/gitlab/config:/etc/gitlab"
      - "/data/gitlab/logs:/var/log/gitlab"
      - "/data/gitlab/data:/var/opt/gitlab"

networks:
  gitlab:
    driver: bridge

常用命令

# 启动所有 gitlab 组件;
gitlab-ctl start

# 停止所有 gitlab 组件;    
gitlab-ctl stop

# 重启所有 gitlab 组件;        
gitlab-ctl restart

# 查看服务状态;        
gitlab-ctl status

# 修改gitlab配置文件;
vim /etc/gitlab/gitlab.rb

# 重新编译gitlab的配置;        
gitlab-ctl reconfigure
    
# 检查gitlab;       
gitlab-rake gitlab:check SANITIZE=true --trace    

# 查看日志;
gitlab-ctl tail        
gitlab-ctl tail nginx/gitlab_access.log


本文》有 0 条评论

留下一个回复