1.关闭防火墙 && 禁用防火墙
systemctl stop firewalld
systemctl disable firewalld
2.关闭SELLINUX安全策略
vi /etc/sysconfig/selinux
...
SELINUX=disable
...
reboot
3.安装Omnibus GitLab-ce package
1.安装GitLab组件(邮件发送组件)
yum -y install curl policycoreutils openssh-server openssh-clients postfix
2.配置YUM仓库
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
3.启用postfix邮件服务
systemctl start postfix && systemctl enable postfix
如启动报错:(注意确认防火墙已经关闭)
vim /etc/postfix/main.cf
inet_protocols = ipv4
inet_interfaces = all
4.安装GitLab-ce 社区版本
yum install -y gitlab-ce
5.创建证书
mkdir -p /etc/gitlab/ssl
openssl genrsa -out "/etc/gitlab/ssl/gitlab.example.com.key" 2048
openssl req -new -key "/etc/gitlab/ssl/gitlab.example.com.key" -out "/etc/gitlab/ssl/gitlab.example.com.csr"
创建签署证书
openssl x509 -req -days 365 -in "/etc/gitlab/ssl/gitlab.example.com.csr" -signkey "/etc/gitlab/ssl/gitlab.example.com.key" -out "/etc/gitlab/ssl/gitlab.example.com.crt"
openssl dhparam -out "/etc/gitlab/ssl/dhparams.pem" 2048
更改权限 chmod 600 *
6.配置证书到gitlab
vi /etc/gitlab/gitlab.rb
...
external_url 'https://gitlab.example.com'
nginx['redirect_http_to_https'] =true
...
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.example.com.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.example.com.key"
...
nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparams.pem"
...
7.重新配置gitLab (注意如果虚拟机内存配置过小可能出现一些莫名错误,建议配置2G)
gitlab-ctl reconfigure
8.配置NGINX
vi /var/opt/gitlab/nginx/conf/gitlab-http.conf
...
server{
...
server_name
...
rewrite ^(.*)$ https://$host$1 permanent;
}
...
gitlab-ctl restart
9.默认会有一个root用户,默认密码在/etc/gitlab/initial_root_password ,这里直接修改密码是不生效的。
如果这个密码无法登录可以尝试以下办法登录:
cd /opt/gitlab/bin
gitlab-rails console
u=User.where(id:1).first
u.password='12345678'
u.save!