How to install Gitlab On CentOS7
本案例使用外部Nginx Server
安装gitlab-ce
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
sudo yum -y install gitlab-ce
配置Nginx Server
安装Nginx Server
sudo yum -y install nginx
编辑 /etc/nginx/conf.d/gitlab.conf
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}
server {
## Either remove "default_server" from the listen line below,
## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
## to be served if you visit any address that your server responds to, eg.
## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
#listen 0.0.0.0:80 default_server;
#listen [::]:80 default_server;
#
listen 80;
server_name git.example.com; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
root /opt/gitlab/embedded/service/gitlab-rails/public;
## See app/controllers/application_controller.rb for headers set
## Individual nginx logs for this GitLab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
client_max_body_size 0;
gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-workhorse;
}
}
基本配置
edit /etc/gitlab/gitlab.rb
external_url "http://git.example.com"
git_data_dirs({ "default" => { "path" => "/opt/data/git-data" } })
web_server['external_users'] = ['nginx']
nginx['enable'] = false
运行下面的命令使新的配置生效:
sudo gitlab-ctl reconfigure
启动gitlab服务:
sudo gitlab-ctl start
访问 http://git.example.com , 修改 root用户的密码。
访问时如果出现502错误(connect() to unix:/var/opt/gitlab/gitlab-workhorse/socket failed (13: Permission denied)), 将nginx用户添加到gitlab-www用户组:
sudo usermod -aG nginx gitlab-www
然后重新启动nginx服务。
配置LDAP
编辑/etc/gitlab/gitlab.rb, 添加下面的内容
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-EOS # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
## label
#
# A human-friendly name for your LDAP server. It is OK to change the label later,
# for instance if you find out it is too large to fit on the web page.
#
# Example: 'Paris' or 'Acme, Ltd.'
label: 'LDAP'
host: '_your_ldap_server'
port: 389 # or 636
uid: 'uid'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
password: '_the_password_of_the_bind_user'
timeout: 10
active_directory: false
allow_username_or_email_login: false
block_auto_created_users: false
base: 'ou=people,dc=example,dc=example'
user_filter: ''
attributes:
username: ['uid', 'userid', 'sAMAccountName']
email: ['mail', 'email', 'userPrincipalName']
name: 'cn'
first_name: 'givenName'
last_name: 'sn'
EOS
sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart
常用命令和其他技巧
查看日志:
/var/log/gitlab
重置管理员密码
sudo gitlab-rails console production
Loading production environment (Rails 4.1.1)
irb(main):001:0> user = User.where(id:1).first
irb(main):002:0> user.password='66668888'
irb(main):003:0> user.save!
=> true
#成功会反回true
irb(main):003:0>quit
调试LDAP访问是否正常
ldapsearch -h yourldapserver -w yourpassword -D 'cn=user fullname,ou=People,dc=example,dc=com' -b 'ou=People,dc=example,dc=com'
如何设置LDAP用户作为管理员
需要使用gitlab-rails console
sudo gitlab-rails console
u = User.find_by_username("your_username_in_ldap")
u.admin = true
u.save
exit
关闭/开启 用户注册功能
用管理员账户登录,进入管理区域即 http://git.example.com/admin
进入settings, 找到: Signup enabled , 去掉选项,保存即可。
开启/关闭本地用户登录
在开启LDAP登录并设置LDAP用户为管理员后,你可能想关闭本地用户登录。这时只需要使用管理员登录,并进入管理区域(Admin area),找到 settings 下的 “Sign-in Restrictions” 段,
取消选择: “Password authentication enabled for web interface” 和 “Password authentication enabled for Git over HTTP(S)” 即可。
如果 enable “Password authentication enabled for Git over HTTP(S)” 项,用户虽然不能登录,单可以使用本地用户帐户访问git.