本文已参与「新人创作礼」活动,一起开启掘金创作之路。
1、docker启动命令
sudo docker run --detach \
--publish 8443:443 --publish 8070:80 --publish 8022:22 \
--name gitlab \
--restart always \
--volume /opt/gitlab/config:/etc/gitlab \
--volume /opt/gitlab/logs:/var/log/gitlab \
--volume /opt/gitlab/data:/var/opt/gitlab \
--shm-size 256m \
gitlab/gitlab-ce:latest
2、查看密码
gitlab的默认账号是root,gitlab的密码默认在/etc/gitlab/initial_root_password文件里面,后面会自动删除这个文件,要及时修改密码
root@1e928e43ef64:/# cat /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
# 1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
# 2. Password hasn't been changed manually, either via UI or via command line.
#
# If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.
Password: Qn0XT1MiLVhuvNStIkRWzk3qZWwusYpRY4z8TqAkyLA=
# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.
root@1e928e43ef64:/#
2、修改https
配置文件
增加以下几项
external_url "https://192.168.50.221:8443"
nginx['listen_port'] = 443
gitlab_rails['gitlab_shell_ssh_port'] = 8022
letsencrypt['enable'] = false
nginx['ssl_certificate'] = "/etc/gitlab/ssl/cert.pem"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/key.pem"
配置讲解
external_url 为docker外的访问地址
nginx['listen_port'] 为docker内部的https监听地址,因为启动命令那里写了443所以这边也配置一下,如果不配置,默认读取external_url后面的端口
gitlab_rails['gitlab_shell_ssh_port'] 这个配置是为了修改gitlab项目ssh clone地址处正确显示
letsencrypt['enable'] = false 把letsencrypt加密去掉,这个好像用起来比较麻烦
nginx['ssl_certificate'] 和 nginx['ssl_certificate_key'] 这边用的shell脚本一键生成的
generate-ip-cert.sh
#!/bin/sh
IP=$(echo $1 | egrep -o "^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$")
if [ ! $IP ]
then
echo "Usage: generate-ip-cert.sh 127.0.0.1"
exit 1
fi
echo "[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = XX
stateOrProvinceName = N/A
localityName = N/A
organizationName = Self-signed certificate
commonName = $IP: Self-signed certificate
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
IP.1 = $IP
" > san.cnf
openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout key.pem -out cert.pem -config san.cnf
rm san.cnf
3、修改头像显示
在/etc/gitlab/gitlab.rb加这3行。这个仅限开发人员访问gitlab的时候能也能访问外网,要不然就要自建libravatar服务器 ,因为我们这边用的https,所以加1,3两行就可以,注意plain对应http,ssl对应https,不能混用
gitlab_rails['gravatar_enabled'] = true
gitlab_rails['gravatar_plain_url'] = "http://cdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
gitlab_rails['gravatar_ssl_url'] = "https://seccdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
官方文档 docs.gitlab.com/ee/administ…
4、配置重载
gitlab-ctl reconfigure
5、使用baseic_auth进行clone
git -c http.sslVerify=false clone https://username:password@192.168.50.221:8443/demo/demo.git
这里加 -c http.sslVerify=false 是因为ssl证书我们自签发的,如果是买的证书就不需要
首次执行后认证信息会存放在家目录的.git-credentials
如windows就是C:\Users\username.git-credentials
如果没有在url里面填写账号密码,这里会弹窗提示
6、使用ssh协议 进行clone
需要把自己ssh的公钥提交到gitlab
怎么生成的也可以看右上角的蓝色了解更多
默认执行下面命令生成,然后到家目录查看C:\Users\username.ssh\id_rsa.pub
ssh-keygen -t rsa -b 2048
clone项目
C:\Users\seth>git clone ssh://git@192.168.50.221:8022/omsp/demo.git
Cloning into 'demo'...
The authenticity of host '[192.168.50.221]:8022 ([192.168.50.221]:8022)' can't be established.
ED25519 key fingerprint is SHA256:Yf+2/qTXFprZo4+8/KMR5oEbgaNuL0euYPsPRtqO3k8.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[192.168.50.221]:8022' (ED25519) to the list of known hosts.
warning: You appear to have cloned an empty repository.
7、修改中文
选择后保存修改后手动刷新一下页面
