環境

[root@iZ2851te7e5Z ~]# lsb_release -a LSB Version: :core-4.1-amd64:core-4.1-noarch Distributor ID: CentOS Description: CentOS Linux release 7.1.1503 (Core) Release: 7.1.1503 Codename: Core

服務器安裝了

• PHP7
• Nginx,占用80端口
• Mysql

安裝

安裝采用官網提供的安裝方法.

進入頁面 https://about.gitlab.com/downloads/

選擇 CentOS 7

硬件要求

GitLab對硬件的要求不是很高,很顯然,越好的硬件,越能支撐起更多的項目的和用戶.

系統要求

支持的類UNIX系統

• Ubuntu
• Debian
• CentOS
• Red Hat Enterprise Linux (please use the CentOS packages and instructions)
• Scientific Linux (please use the CentOS packages and instructions)
• Oracle Linux (please use the CentOS packages and instructions)

不支持的類UNIX系統

• OS X
• Arch Linux
• Fedora
• Gentoo
• FreeBSD

不是類UNIX的系統

比如Windows,并不支持.

安裝和配置必要的依賴關系

如果你安裝postfix發送郵件，請選擇“網站設置”中。而不是使用后綴也可以使用sendmail配置自定義SMTP服務器配置為SMTP服務器。

sudo yum install curl policycoreutils openssh-server openssh-clients sudo systemctl enable sshd sudo systemctl start sshd sudo yum install postfix sudo systemctl enable postfix sudo systemctl start postfix sudo firewall-cmd --permanent --add-service=http sudo systemctl reload firewalld

postfix 服務啟動失敗

/usr/sbin/postconf: fatal: parameter inet_interfaces: no local interface found for ::1

修改配置文件 vi /etc/postfix/main.cf

修改的部分為

inet_interfaces = 127.0.0.1 #只能接受內部郵件，其它郵件不接受inet_protocols = all

啟動服務 sudo systemctl start postfix,成功.

安裝firewalld

yum install firewalld

systemctl unmask firewalld

添加GitLab安裝包到服務器

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash

添加國內的鏡像源

執行上面的命令,會一直 time out ,所以我們要換成國內的源.

以下操作針對CentOS 7 ,其他的請戳 https://mirror.tuna.tsinghua.edu.cn/help/gitlab-ce/

vim /etc/yum.repos.d/gitlab-ce.repo

[gitlab-ce] name=gitlab-ce baseurl=http://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7 repo_gpgcheck=0 gpgcheck=0 enabled=1 gpgkey=https://packages.gitlab.com/gpg.key

注意,如果對應配置文件下有文件gitlab_gitlab-ce.repo,重命名一下,不然會默認加載這個導致上面的文件不起作用.

查看目前的yum進程,并殺死

ps -aPID TTY TIME CMD 18781 pts/0 00:00:00 sudo 18783 pts/0 00:00:00 bash 18796 pts/0 00:00:00 yum 18855 pts/0 00:00:00 sudo 18856 pts/0 00:00:00 yum 18871 pts/0 00:00:00 pskill -9 18796 kill -9 18856 sudo yum makecache sudo yum install gitlab-ce

上面執行完了,是這樣的展示結果

sudo gitlab-ctl reconfiguregitlab: GitLab should be reachable at http://iZ2851te7e5Z gitlab: Otherwise configure GitLab for your system by editing /etc/gitlab/gitlab.rb file gitlab: And running reconfigure again. gitlab: gitlab: For a comprehensive list of configuration options please see the Omnibus GitLab readme gitlab: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md gitlab: It looks like GitLab has not been configured yet; skipping the upgrade script.驗證中 : gitlab-ce-8.7.6-ce.0.el7.x86_64 1/1 已安裝:gitlab-ce.x86_64 0:8.7.6-ce.0.el7 完畢！

配置和開始使用GitLab

sudo gitlab-ctl reconfigure

接下來會自動配置文件權限,安裝數據庫….

提示!安裝的時間會很長!!!

根據我們服務器監控記錄,配置過程花了5個小時!

修改配置文件 /etc/gitlab/gitlab.rb

目前的狀態是完成了安裝包的安裝,但是還沒有啟用配置文件,所以依賴還都沒有裝。

所以非常不建議直接運行sudo gitlab-ctl reconfigure,不能再踩一次坑!QAQ

基本我們要調的東西都在/etc/gitlab/gitlab.rb里面,所以這個文件一定要仔細看好。

修改連接數據庫為Mysql

因為我們本機已經用了LNMP做了環境,所以可以直接采用Mysql作為我們的數據庫,而不用postgresql,減少服務器的負擔。

企業版才支持使用mysql

QAQ

# Disable the built-in Postgres postgresql['enable'] = false# Fill in the values for database.yml gitlab_rails['db_adapter'] = 'mysql2' gitlab_rails['db_encoding'] = 'utf8' gitlab_rails['db_host'] = '127.0.0.1' gitlab_rails['db_port'] = '3306' gitlab_rails['db_username'] = 'USERNAME' gitlab_rails['db_password'] = 'PASSWORD'

采用本機自帶的nginx

################ # GitLab Nginx # ################ ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/master/doc/settings/nginx.mdnginx['enable'] = false nginx['client_max_body_size'] = '250m' nginx['redirect_http_to_https'] = false #nginx['redirect_http_to_https_port'] = 80 # nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt" # Most root CA's are included by default # nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt" # nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" # nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" # nginx['ssl_prefer_server_ciphers'] = "on" # nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" # recommended by https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ # nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html # nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html # nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem nginx['listen_addresses'] = ["0.0.0.0", "[::]"] nginx['listen_port'] = 80 # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port # nginx['listen_https'] = nil # override only if your reverse proxy internally communicates over HTTP: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl # nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" # nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;" # nginx['proxy_read_timeout'] = 300 # nginx['proxy_connect_timeout'] = 300 # nginx['proxy_set_headers'] = { # "Host" => "$http_host", # "X-Real-IP" => "$remote_addr", # "X-Forwarded-For" => "$proxy_add_x_forwarded_for", # "X-Forwarded-Proto" => "https", # "X-Forwarded-Ssl" => "on" # } # nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2' # nginx['proxy_cache'] = 'gitlab' # nginx['http2_enabled'] = true # nginx['real_ip_trusted_addresses'] = [] # nginx['real_ip_header'] = # nginx['real_ip_recursive'] = nilnginx['custom_nginx_config'] = "include /etc/nginx/conf.d/*.conf;" # If you need to add custom settings into the NGINX config, for example to include existing server blocks, you can use the following setting. ## Advanced settings nginx['dir'] = "/usr/local/nginx" nginx['log_directory'] = "/usr/local/nginx" nginx['worker_processes'] = 4 nginx['worker_connections'] = 10240 nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"' # nginx['sendfile'] = 'on' # nginx['tcp_nopush'] = 'on' # nginx['tcp_nodelay'] = 'on' nginx['gzip'] = "on" nginx['gzip_http_version'] = "1.0" nginx['gzip_comp_level'] = "2" # nginx['gzip_proxied'] = "any" nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ] nginx['keepalive_timeout'] = 65 nginx['cache_max_size'] = '5000m'

創建vhost下的配置文件,指向GitLab文件夾

upstream gitlab-workhorse {server unix://var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0; }server {listen *:80;server_name git.example.com;server_tokens off;root /opt/gitlab/embedded/service/gitlab-rails/public;client_max_body_size 250m;access_log /var/log/gitlab/nginx/gitlab_access.log;error_log /var/log/gitlab/nginx/gitlab_error.log;# Ensure Passenger uses the bundled Ruby versionpassenger_ruby /opt/gitlab/embedded/bin/ruby;# Correct the $PATH variable to included packaged executablespassenger_env_var PATH "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/usr/local/bin:/usr/bin:/bin";# Make sure Passenger runs as the correct user and group to# prevent permission issuespassenger_user git;passenger_group git;# Enable Passenger & keep at least one instance running at all timespassenger_enabled on;passenger_min_instances 1;location ~ ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$ {# 'Error' 418 is a hack to re-use the @gitlab-workhorse blockerror_page 418 = @gitlab-workhorse;return 418;}location ~ ^/[\w\.-]+/[\w\.-]+/repository/archive {# 'Error' 418 is a hack to re-use the @gitlab-workhorse blockerror_page 418 = @gitlab-workhorse;return 418;}location ~ ^/api/v3/projects/.*/repository/archive {# 'Error' 418 is a hack to re-use the @gitlab-workhorse blockerror_page 418 = @gitlab-workhorse;return 418;}# Build artifacts should be submitted to this locationlocation ~ ^/[\w\.-]+/[\w\.-]+/builds/download {client_max_body_size 0;# 'Error' 418 is a hack to re-use the @gitlab-workhorse blockerror_page 418 = @gitlab-workhorse;return 418;}# Build artifacts should be submitted to this locationlocation ~ /ci/api/v1/builds/[0-9]+/artifacts {client_max_body_size 0;# 'Error' 418 is a hack to re-use the @gitlab-workhorse blockerror_page 418 = @gitlab-workhorse;return 418;}location @gitlab-workhorse {## https://github.com/gitlabhq/gitlabhq/issues/694## Some requests take more than 30 seconds.proxy_read_timeout 3600;proxy_connect_timeout 300;proxy_redirect off;# Do not buffer Git HTTP responsesproxy_buffering off;proxy_set_header Host $http_host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_pass http://gitlab-workhorse;## The following settings only work with NGINX 1.7.11 or newer### Pass chunked request bodies to gitlab-workhorse as-is# proxy_request_buffering off;# proxy_http_version 1.1;}## Enable gzip compression as per rails guide:## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression## WARNING: If you are using relative urls remove the block below## See config/application.rb under "Relative url support" for the list of## other files that need to be changed for relative url supportlocation ~ ^/(assets)/ {root /opt/gitlab/embedded/service/gitlab-rails/public;gzip_static on; # to serve pre-gzipped versionexpires max;add_header Cache-Control public;}error_page 502 /502.html; }

使用

查看狀態

上面的命令是通過gitlab-ctl安裝的,那么通過gitlab-ctl命令一樣也能做別事情~

gitlab-ctl

I don't know that command. /opt/gitlab/embedded/bin/omnibus-ctl: command (subcommand) deploy-pagePut up the deploy page remove-accountsDelete *all* users and groups used by this package upgradeRun migrations after a package upgrade General Commands:cleanseDelete *all* gitlab data, and start from scratch.helpPrint this help message.reconfigureReconfigure the application.show-configShow the configuration that would be generated by reconfigure.uninstallKill all processes and uninstall the process supervisor (data will be preserved). Service Management Commands:graceful-killAttempt a graceful stop, then SIGKILL the entire process group.hupSend the services a HUP.intSend the services an INT.killSend the services a KILL.onceStart the services if they are down. Do not restart them if they stop.restartStop the services if they are running, then start them again.service-listList all the services (enabled services appear with a *.)startStart services if they are down, and restart them if they stop.statusShow the status of all the services.stopStop the services, and do not restart them.tailWatch the service logs of all enabled services.termSend the services a TERM.

這樣就知道了我們的服務怎么使用了~

status 查看狀態

# gitlab-ctl status run: gitlab-workhorse: (pid 19751) 23124s; run: log: (pid 19750) 23124s run: logrotate: (pid 31160) 1078s; run: log: (pid 19765) 23091s run: nginx: (pid 32621) 0s; run: log: (pid 19755) 23119s run: postgresql: (pid 19584) 23964s; run: log: (pid 19583) 23964s run: redis: (pid 19501) 23975s; run: log: (pid 19500) 23975s run: sidekiq: (pid 19831) 22616s; run: log: (pid 19738) 23128s run: unicorn: (pid 19707) 23134s; run: log: (pid 19706) 23134s

tail 查看日志

這個命令查看我們的gitlab在運行過程中有沒有問題.

gitlab-ctl tail

后記

GitLab對服務器的要求比較高,文檔上說4核8G,我的1核512M的小服務器在安裝多次后卡死多次。我決定暫時先放放。。。以后再做這個。。。

QAQ

參考資料

• https://about.gitlab.com/gitlab-com/
• http://www.chhua.com/web-note4929
• https://mirror.tuna.tsinghua.edu.cn/help/gitlab-ce/
• https://about.gitlab.com/downloads/
• https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/database.md#database-settings

總結

以上是生活随笔為你收集整理的【GitLab】CentOS安装GitLab最佳实践的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。