How to install Gitlab On CentOS7

来自koorka知识分享
跳到导航 跳到搜索

本案例使用外部Nginx Server

安装gitlab-ce

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash

sudo yum -y install gitlab-ce

配置Nginx Server

安装Nginx Server

sudo yum -y install nginx

编辑 /etc/nginx/conf.d/gitlab.conf

upstream gitlab-workhorse {
  server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}

server {
  ## Either remove "default_server" from the listen line below,
  ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
  ## to be served if you visit any address that your server responds to, eg.
  ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
  #listen 0.0.0.0:80 default_server;
  #listen [::]:80 default_server;
  #
  listen  80;
  server_name git.example.com; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice
  root /opt/gitlab/embedded/service/gitlab-rails/public;
  ## See app/controllers/application_controller.rb for headers set
  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
  location / {
    client_max_body_size 0;
    gzip off;
    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;
    proxy_http_version 1.1;
    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_pass http://gitlab-workhorse;
  }
}

基本配置

edit /etc/gitlab/gitlab.rb

external_url "http://git.example.com"
git_data_dirs({ "default" => { "path" => "/opt/data/git-data" } })
web_server['external_users'] = ['nginx']
nginx['enable'] = false

运行下面的命令使新的配置生效:

 sudo gitlab-ctl reconfigure

启动gitlab服务:

sudo gitlab-ctl start

访问 http://git.example.com , 修改 root用户的密码。

访问时如果出现502错误(connect() to unix:/var/opt/gitlab/gitlab-workhorse/socket failed (13: Permission denied)), 将nginx用户添加到gitlab-www用户组:

sudo usermod -aG nginx gitlab-www

然后重新启动nginx服务。

配置LDAP

编辑/etc/gitlab/gitlab.rb, 添加下面的内容

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-EOS # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
  ## label
  #
  # A human-friendly name for your LDAP server. It is OK to change the label later,
  # for instance if you find out it is too large to fit on the web page.
  #
  # Example: 'Paris' or 'Acme, Ltd.'
  label: 'LDAP'

  host: '_your_ldap_server'
  port: 389 # or 636
  uid: 'uid'
  encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
  bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
  password: '_the_password_of_the_bind_user'

  timeout: 10
  active_directory: false
     allow_username_or_email_login: false
     block_auto_created_users: false
     base: 'ou=people,dc=example,dc=example'
     user_filter: ''
     attributes:
       username: ['uid', 'userid', 'sAMAccountName']
       email:    ['mail', 'email', 'userPrincipalName']
       name:       'cn'
       first_name: 'givenName'
       last_name:  'sn'

EOS
sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart

常用命令和其他技巧

查看日志:

/var/log/gitlab

重置管理员密码
sudo gitlab-rails console production
Loading production environment (Rails 4.1.1)
irb(main):001:0> user = User.where(id:1).first
irb(main):002:0> user.password='66668888'
irb(main):003:0> user.save!

=> true
#成功会反回true
irb(main):003:0>quit
调试LDAP访问是否正常
ldapsearch -h yourldapserver -w yourpassword -D 'cn=user fullname,ou=People,dc=example,dc=com' -b 'ou=People,dc=example,dc=com'
如何设置LDAP用户作为管理员

需要使用gitlab-rails console

sudo gitlab-rails console
u = User.find_by_username("your_username_in_ldap")
u.admin = true
u.save
exit
关闭/开启 用户注册功能

用管理员账户登录,进入管理区域即 http://git.example.com/admin

进入settings, 找到: Signup enabled , 去掉选项,保存即可。

开启/关闭本地用户登录

在开启LDAP登录并设置LDAP用户为管理员后,你可能想关闭本地用户登录。这时只需要使用管理员登录,并进入管理区域(Admin area),找到 settings 下的 “Sign-in Restrictions” 段,

取消选择: “Password authentication enabled for web interface” 和 “Password authentication enabled for Git over HTTP(S)” 即可。

如果 enable “Password authentication enabled for Git over HTTP(S)” 项,用户虽然不能登录,单可以使用本地用户帐户访问git.