字数:6238

1 引文

用gitlab去管理git工程,有以下几个优点:

  • 一是比较直观

  • 代码库的权限管控方便灵活

  • 有丰富的扩展功能,比如接入其它插件、钩子等等

2 安装

2.1 在线安装

安装依赖项: sudo apt-get install -y curl openssh-server ca-certificatesca-certificates

添加安装包的地址: curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash

安装: sudo EXTERNAL_URL="http://gitlab.roadl.com" apt-get install gitlab-ce

gitlab-ce是开源版本,官方的安装文档里提到的是gitlab-ee版

gitlab默认是安装在一个单独的主机上,自带有nginx,并使用80和8080两个端口

有几个配置是:vim /etc/gitlab/gitlab.rb

修改以下内容:

external_url 'http://gitlab.roadl.com'           # 此处修为你自己的 gitlab url

# 自动注册的也配置上了
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "tycit@qq.com"
gitlab_rails['smtp_password'] = "xxx"
gitlab_rails['smtp_domain'] = "smtp.qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = 'tycit@qq.com'

# 设置外部 webserver 用户,这个用户是启动nginx的用户,如果不配会出现权限问题,见下文
web_server['external_users'] = ['www-data'] 
web_server['group'] = 'gitlab-www'
nginx['enable'] = false

2.2 更新配置

如果集成现有的nginx,需要增加以下配置,我的配置是这样的:

upstream gitlab {
	# 7.x 版本在此位置
	# server unix:/var/opt/gitlab/gitlab-rails/tmp/sockets/gitlab.socket;

	# 8.0 位置
	# server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket;

	# https://gitlab.com/gitlab-org/gitlab-recipes/blob/master/web-server/nginx/gitlab-omnibus-nginx.conf
	server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}

server {
	 listen *:80;

	 server_name gitlab.roadl.com 172.17.0.3; # 请修改为你的域名

	 server_tokens off; # don't show the version number, a security best practice
	 root /opt/gitlab/embedded/service/gitlab-rails/public;

	 # Increase this if you want to upload large attachments
	 # Or if you want to accept large git objects over http
	 client_max_body_size 250m;

	 # individual nginx logs for this gitlab vhost
	 access_log /var/log/gitlab/nginx/gitlab_access.log;
	 error_log /var/log/gitlab/nginx/gitlab_error.log;

	 location / {
		 # serve static files from defined root folder;.
		 # @gitlab is a named location for the upstream fallback, see below
		 try_files $uri $uri/index.html $uri.html @gitlab;
	 }

	 # if a file, which is not found in the root folder is requested,
	 # then the proxy pass the request to the upsteam (gitlab unicorn)
	 location @gitlab {
		 # If you use https make sure you disable gzip compression
		 # to be safe against BREACH attack

		 proxy_read_timeout 300; # Some requests take more than 30 seconds.
		 proxy_connect_timeout 300; # Some requests take more than 30 seconds.
		 proxy_redirect off;

		 proxy_set_header X-Forwarded-Proto $scheme;
		 proxy_set_header Host $http_host;
		 proxy_set_header X-Real-IP $remote_addr;
		 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		 proxy_set_header X-Frame-Options SAMEORIGIN;

		 proxy_pass http://gitlab;
	 }

	 # Enable gzip compression as per rails guide: http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
	 # WARNING: If you are using relative urls do remove the block below
	 # See config/application.rb under "Relative url support" for the list of
	 # other files that need to be changed for relative url support
	 location ~ ^/(assets)/ {
		 root /opt/gitlab/embedded/service/gitlab-rails/public;
		 # gzip_static on; # to serve pre-gzipped version
		 expires max;
		 add_header Cache-Control public;
	 }

	 error_page 502 /502.html;
}

遇到的坑:

  • 坑1

参照这个文章,配置了这个unicorn['port'] = 9090,upstream到9090这个端口,能通,但是主页是一个模块的设置页。并不是gitlab的主页, 怎么也不通。

  • 坑2

后来主要参考了这个,但是报502错误,先多说是内存的问题,比如这里这里,差点想把内存升了。

  • 坑3

这篇文章提到了一个gitlab-ctl tail [process name]命令,用此命令sudo gitlab-ctl tail -f unicorn查到了日志, 原来是这样一个情况:

==> /var/log/gitlab/nginx/gitlab_error.log <==
2019/10/30 21:55:33 [crit] 24068#24068: *806 connect() to unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket failed (13: Permission denied) while connecting to upstream, client: 183.17.228.75, server: gitlab.roadl.com, request: "GET / HTTP/1.1", upstream: "http://unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket:/", host: "gitlab.roadl.com"
2019/10/30 21:55:34 [crit] 24068#24068: *806 connect() to unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket failed (13: Permission denied) while connecting to upstream, client: 183.17.228.75, server: gitlab.roadl.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket:/favicon.ico", host: "gitlab.roadl.com", referrer: "http://gitlab.roadl.com/"

gitlab-ctl status能查看各组件运行情况

  • 坑4

另一篇文章解决了权限的问题,使用了外部nginx,那么启动nginx的用户有没有访问socket的权限呢? 将启动nginx的用户www-data添加到组(好像每次configure reload后又要来一次这个命令行)usermod -a -G gitlab-www www-data。更新权限chmod -R o+x /var/opt/gitlab/gitlab-rails/sockets。 同时gitlab的配置要是:web_server['external_users'] = ['www-data'],使设置生效:sudo gitlab-ctl reconfigure,这样可以访问gitlab的首页了。

windows的git没办法克隆: git clone git@gitlab.roadl.com:tao/roadl.git,服务器的日志报的类似这种问题: vim /var/log/gitlab/gitlab-rails/production.log

Filter chain halted as :authenticate_user rendered or redirected
Completed 401 Unauthorized in 11ms (Views: 0.5ms | ActiveRecord: 1.2ms | Elasticsearch: 0.0ms)

最后,在本地生成ssh key密钥对,.ssh目录下加config,git clone才可用。虽然也能通过网页访问和登录gitlab,用ssh的方式也能clone代码,但是不能通过http的方式clone。

这个地方卡了较久

原来是upstream这地方的配置是不对的,最后,官方的配置说明在这里这里,早看这个会少走弯路,翻遍一万个网页不如官方文档管用!

其它:

新用户申请,没收到邮件,看这里