环境
-
ubuntu
uname -a Linux kysq-KVM 6.8.0-40-generic #40~22.04.3-Ubuntu SMP PREEMPT_DYNAMIC Tue Jul 30 17:30:19 UTC 2 x86_64 x86_64 x86_64 GNU/Linux -
gitlab
13.7
官方文档
- https://docs.gitlab.com/ee/install/installation.html
- archives版本 https://docs.gitlab.com/archives/
docker run -it --rm -p 4000:4000 registry.gitlab.com/gitlab-org/gitlab-docs:13.7 - http://localhost:4000/13.7/ee/install/installation.html
注意事项
- ping gitlab.com 超时
git config --global https.proxy http://*.*.*.*:8899 - go 代理
export GOPROXY=https://goproxy.cn - cookies set失败
# 1. https 证书不安全 不支持 secur
安装
1. Packages and dependencies(ROOT)
-
sudo
apt-get update -y apt-get upgrade -y apt-get install sudo -y -
Build dependencies
根据报错信息调整 依赖apt-get install -y build-essential zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libre2-dev \ libreadline-dev libncurses5-dev libffi-dev curl openssh-server checkinstall libxml2-dev \ libxslt-dev libcurl4-openssl-dev libicu-dev logrotate rsync python-docutils pkg-config cmake \ runitapt-get install -y build-essential zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libre2-dev \ libreadline-dev libncurses5-dev libffi-dev curl openssh-server checkinstall libxml2-dev \ libxslt1-dev libcurl4-openssl-dev libicu-dev logrotate rsync python3-docutils pkg-config cmake \ runitapt-get install libkrb5-dev -
Git
# Install dependencies apt-get install -y libcurl4-openssl-dev libexpat1-dev gettext libz-dev libssl-dev libpcre2-dev build-essential # Clone the Gitaly repository # git clone https://gitlab.com/gitlab-org/gitaly.git -b <X-Y-stable> /tmp/gitaly git clone https://gitlab.com/gitlab-org/gitaly.git -b v13.7.3 /tmp/gitaly # Compile and install Git cd /tmp/gitaly make git GIT_PREFIX=/usr/local -
GraphicsMagick
apt-get install -y graphicsmagick -
Mail server
apt-get install -y postfix -
Exiftool
apt-get install -y libimage-exiftool-perl
2. Ruby(ROOT)
-
标准安装
# apt-get remove ruby1.8 mkdir /tmp/ruby && cd /tmp/ruby curl --remote-name --progress "https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.2.tar.gz" echo 'cb9731a17487e0ad84037490a6baf8bfa31a09e8 ruby-2.7.2.tar.gz' | shasum -c - && tar xzf ruby-2.7.2.tar.gz cd ruby-2.7.2 ./configure --disable-install-rdoc make sudo make installmake报错openssl版本问题ossl_pkey_rsa.c:877:58: error: ‘RSA_SSLV23_PADDING’ undeclared (first use in this function); did you mean ‘RSA_NO_PADDING’?改为rbenv安装https://www.cnblogs.com/livelab/p/12960670.html# curl -fsSL https://github.com/rbenv/rbenv-installer/raw/master/bin/rbenv-installer | bash # git clone https://github.com/rbenv/rbenv.git ~/.rbenv # echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc # echo 'eval "$(rbenv init -)"' >> ~/.bashrc # git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build # echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc # source ~/.bashrc rbenv install 2.7.2
3. Go(ROOT)
-
install
# Remove former Go installation folder # rm -rf /usr/local/go curl --remote-name --progress "https://dl.google.com/go/go1.13.5.linux-amd64.tar.gz" echo '512103d7ad296467814a6e3f635631bd35574cab3369a97a323c9a585ccaa569 go1.13.5.linux-amd64.tar.gz' | shasum -a256 -c - && \ tar -C /usr/local -xzf go1.13.5.linux-amd64.tar.gz ln -sf /usr/local/go/bin/{go,godoc,gofmt} /usr/local/bin/ rm go1.13.5.linux-amd64.tar.gz
4. Node(ROOT)
-
install
# install node v12.x curl --location "https://deb.nodesource.com/setup_12.x" | sudo bash - sudo apt-get install -y nodejs curl --silent --show-error "https://dl.yarnpkg.com/debian/pubkey.gpg" | sudo apt-key add - echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list sudo apt-get update sudo apt-get install yarn源码安装
https://nodejs.org/zh-cn/download/package-managerwget https://nodejs.org/download/release/v12.18.3/node-v12.18.3-linux-x64.tar.gz tar zxvf node-v12.18.3-linux-x64.tar.gz cd node-v12.18.3-linux-x64/ ln -s /opt/node-v12.18.3-linux-x64 /usr/local/node vim /etc/profile export PATH=/usr/local/node/bin:$PATH source /etc/profile node -v源码安装yarn
tar -xzvf yarn-v1.22.5.tar.gz cd yarn-v1.22.5/ mv yarn-v1.22.5 /opt/yarn vim ~/.bashrc export PATH="/opt/yarn/bin:$PATH source ~/.bashrc yarn --version
5. System users(ROOT)
-
create git user
# sudo adduser --disabled-login --gecos 'GitLab' git sudo adduser git vim /etc/sudoers git ALL=(ALL) ALL
6. Database(ROOT)创建 gitlab 账号 host: 127.0.0.1 passport: 123456
-
Install the database packages
sudo apt-get install -y postgresql postgresql-client libpq-dev postgresql-contrib psql --version sudo service postgresql start sudo service postgresql status -
create user
su - postgres psql # Create a database user for GitLab`` # CREATE USER gitlab CREATEDB; # ALTER USER gitlab WITH PASSWORD '123456'; CREATE USER gitlab WITH PASSWORD '123456'; # Create the `pg_trgm` extension CREATE EXTENSION IF NOT EXISTS pg_trgm; # Create the btree_gist extension (required for GitLab 13.1+) CREATE EXTENSION IF NOT EXISTS btree_gist; CREATE DATABASE gitlabhq_production OWNER gitlab; GRANT ALL PRIVILEGES ON DATABASE gitlabhq_production TO gitlab; ALTER USER gitlab WITH CREATEDB; ALTER DATABASE gitlabhq_production OWNER TO gitlab; # ip可访问 root用户 sudo su - vim /etc/postgresql/14/main/postgresql.conf listen_addresses = '*' # 重启postgresql sudo service postgresql restart # 测试 psql -h 127.0.0.1 -U gitlab -d gitlabhq_production 123456
7. Redis(ROOT)
-
install
sudo apt-get install redis-server -
configure
# Configure redis to use sockets sudo cp /etc/redis/redis.conf /etc/redis/redis.conf.orig # Disable Redis listening on TCP by setting 'port' to 0 sudo sed 's/^port .*/port 0/' /etc/redis/redis.conf.orig | sudo tee /etc/redis/redis.conf # Enable Redis socket for default Debian / Ubuntu path echo 'unixsocket /var/run/redis/redis.sock' | sudo tee -a /etc/redis/redis.conf # Grant permission to the socket to all members of the redis group echo 'unixsocketperm 770' | sudo tee -a /etc/redis/redis.conf # Create the directory which contains the socket sudo mkdir -p /var/run/redis sudo chown redis:redis /var/run/redis sudo chmod 755 /var/run/redis # Persist the directory which contains the socket, if applicable if [ -d /etc/tmpfiles.d ]; then echo 'd /var/run/redis 0755 redis redis 10d -' | sudo tee -a /etc/tmpfiles.d/redis.conf fi # Activate the changes to redis.conf sudo service redis-server restart # Add git to the redis group sudo usermod -aG redis git
8. GitLab(git)
-
clone
su - git cd /home/git # git clone https://gitlab.com/gitlab-org/gitlab-foss.git -b <X-Y-stable> gitlab git clone https://gitlab.com/gitlab-org/gitlab-foss.git -b v13.7.3 gitlab -
configure
# Go to GitLab installation folder cd /home/git/gitlab # Copy the example GitLab config cp config/gitlab.yml.example config/gitlab.yml # Update GitLab config file, follow the directions at top of the file vim config/gitlab.yml # Copy the example secrets file cp config/secrets.yml.example config/secrets.yml sudo chmod 0600 config/secrets.yml # Make sure GitLab can write to the log/ and tmp/ directories sudo chown -R git log/ sudo chown -R git tmp/ sudo chmod -R u+rwX,go-w log/ sudo chmod -R u+rwX tmp/ # Make sure GitLab can write to the tmp/pids/ and tmp/sockets/ directories sudo chmod -R u+rwX tmp/pids/ sudo chmod -R u+rwX tmp/sockets/ # Create the public/uploads/ directory mkdir -p public/uploads/ # Make sure only the GitLab user has access to the public/uploads/ directory # now that files in public/uploads are served by gitlab-workhorse sudo chmod 0700 public/uploads # Change the permissions of the directory where CI job logs are stored sudo chmod -R u+rwX builds/ # Change the permissions of the directory where CI artifacts are stored sudo chmod -R u+rwX shared/artifacts/ # Change the permissions of the directory where GitLab Pages are stored sudo chmod -R ug+rwX shared/pages/ # Copy the example Puma config cp config/puma.rb.example config/puma.rb # Refer to https://github.com/puma/puma#configuration for more information. # You should scale Puma workers and threads based on the number of CPU # cores you have available. You can get that number via the `nproc` command. vim config/puma.rb # Configure Git global settings for git user # 'autocrlf' is needed for the web editor sudo git config --global core.autocrlf input # Disable 'git gc --auto' because GitLab already runs 'git gc' when needed sudo git config --global gc.auto 0 # Enable packfile bitmaps sudo git config --global repack.writeBitmaps true # Enable push options sudo git config --global receive.advertisePushOptions true # Enable fsyncObjectFiles to reduce risk of repository corruption if the server crashes sudo git config --global core.fsyncObjectFiles true # Configure Redis connection settings cp config/resque.yml.example config/resque.yml # Change the Redis socket path if you are not using the default Debian / Ubuntu configuration vim config/resque.yml -
Configure GitLab DB Settings
cp config/database.yml.postgresql config/database.yml vim config/database.yml sudo chmod o-rwx config/database.yml -
Install Gems
bundle install --deployment --without development test mysql aws kerberosgem ‘mimemagic’, ‘~> 0.3.2’ 已废弃
vim Gemfile gem 'mimemagic', '= 0.3.10' bundle install --without development test mysql aws kerberos ## 其中的问题 bundle config build.gpgme --use-system-libraries gem install gpgme -v '2.0.20' --source 'https://rubygems.org/' -- --use-system-libraries -
Install GitLab Shell
# Run the installation task for gitlab-shell: bundle exec rake gitlab:shell:install RAILS_ENV=production # By default, the gitlab-shell config is generated from your main GitLab config. # You can review (and modify) the gitlab-shell config as follows: vim /home/git/gitlab-shell/config.yml -
Install GitLab Workhorse
bundle exec rake "gitlab:workhorse:install[/home/git/gitlab-workhorse]" RAILS_ENV=production # bundle exec rake "gitlab:workhorse:install[/home/git/gitlab-workhorse,https://example.com/gitlab-workhorse.git]" RAILS_ENV=production -
Install GitLab-Elasticsearch-indexer on Enterprise Edition(skip)
bundle exec rake "gitlab:indexer:install[/home/git/gitlab-elasticsearch-indexer]" RAILS_ENV=production # bundle exec rake "gitlab:indexer:install[/home/git/gitlab-elasticsearch-indexer,https://example.com/gitlab-elasticsearch-indexer.git]" RAILS_ENV=production -
Install GitLab Pages(skip)
cd /home/git git clone https://gitlab.com/gitlab-org/gitlab-pages.git cd gitlab-pages git checkout v$(</home/git/gitlab/GITLAB_PAGES_VERSION) make -
Install Gitaly
# Fetch Gitaly source with Git and compile with Go cd /home/git/gitlab bundle exec rake "gitlab:gitaly:install[/home/git/gitaly,/home/git/repositories]" RAILS_ENV=production # bundle exec rake "gitlab:gitaly:install[/home/git/gitaly,/home/git/repositories,https://example.com/gitaly.git]" RAILS_ENV=production # Restrict Gitaly socket access sudo chmod 0700 /home/git/gitlab/tmp/sockets/private sudo chown git /home/git/gitlab/tmp/sockets/private # If you are using non-default settings, you need to update config.toml cd /home/git/gitaly vim config.toml -
Start Gitaly
gitlab_path=/home/git/gitlab gitaly_path=/home/git/gitaly sh -c "$gitlab_path/bin/daemon_with_pidfile $gitlab_path/tmp/pids/gitaly.pid \ $gitaly_path/gitaly $gitaly_path/config.toml >> $gitlab_path/log/gitaly.log 2>&1 &" -
Initialize Database and Activate Advanced Features
cd /home/git/gitlab bundle exec rake gitlab:setup RAILS_ENV=production # Type 'yes' to create the database tables. # or you can skip the question by adding force=yes # sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production force=yes # When done, you see 'Administrator account created:' # bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=yourpassword GITLAB_ROOT_EMAIL=youremail GITLAB_LICENSE_FILE="/path/to/license" -
Install Init Script
cd /home/git/gitlab cp lib/support/init.d/gitlab /etc/init.d/gitlab cp lib/support/init.d/gitlab.default.example /etc/default/gitlab # Make GitLab start on boot: sudo update-rc.d gitlab defaults 21 -
Set up Logrotate
cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab -
Check Application Status
bundle exec rake gitlab:env:info RAILS_ENV=production -
Compile GetText PO files
bundle exec rake gettext:compile RAILS_ENV=production -
Compile Assets
yarn install --production --pure-lockfile bundle exec rake gitlab:assets:compile RAILS_ENV=production NODE_ENV=production # bundle exec rake gitlab:assets:compile RAILS_ENV=production NODE_ENV=production NODE_OPTIONS="--max_old_space_size=4096" -
Start Your GitLab Instance
sudo service gitlab start # or sudo /etc/init.d/gitlab restart -
Rails console
RAILS_ENV=production bundle exec rails c
9. Nginx(root)
-
install
sudo apt-get install -y nginx -
Site Configuration
cp /home/git/gitlab/lib/support/nginx/gitlab /etc/nginx/sites-available/gitlab sudo ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab vim /etc/nginx/sites-available/gitlab # 80 已被占用 vim /etc/nginx/sites-available/default listen [::]:82 default_server; sudo service nginx restart
Using https
- In gitlab.yml:
- Set the port option in section 1 to 443.
- Set the https option in section 1 to true.
- In the config.yml of GitLab Shell:
- Set gitlab_url option to the HTTPS endpoint of GitLab (e.g. https://git.example.com).
- Set the certificates using either the ca_file or ca_path option.
- Use the gitlab-ssl NGINX example configuration instead of the gitlab configuration.
- Update YOUR_SERVER_FQDN.
- Update ssl_certificate and ssl_certificate_key.
- Review the configuration file and consider applying other security and performance enhancing features.
Custom SSH Connection
# Add to /home/git/.ssh/config
host localhost # Give your setup a name (here: override localhost)
user git # Your remote git user
port 2222 # Your port number
hostname 127.0.0.1; # Your server name or IP
更换域名
- gitlab/config/gitlab.yml
- gitlab-shell/config.yml
- gitaly/config.toml
- /etc/nginx/sites-available/gitlab
- 重启gitaly、gitlab、nginx
…