1、CentOS 7.9 安装 Gitlab 服务器
[root@localhost ~]# yum install -y curl policycoreutils-python openssh-server perl
[root@localhost ~]# systemctl enable sshd
[root@localhost ~]# systemctl start sshd
[root@localhost ~]# firewall-cmd --permanent --add-service=http
[root@localhost ~]# firewall-cmd --permanent --add-service=https
[root@localhost ~]# systemctl reload firewalld
[root@localhost ~]# wget -O gitlab.rpm https://packages.gitlab.com/gitlab/gitlab-ce/packages/el/7/gitlab-ce-15.3.3-ce.0.el7.x86_64.rpm/download.rpm
[root@localhost ~]# rpm -ivh gitlab.rpm
2、准备证书
[root@localhost ~]# cd /etc/gitlab
[root@localhost gitlab]# openssl genrsa -out jason-ca.key 4096
[root@localhost gitlab]# openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=GD/L=Shenzhen/O=jason/OU=Personal/CN=jason.com" -key jason-ca.key -out jason-ca.crt
[root@localhost gitlab]# openssl genrsa -out gitlab.server.key 4096
[root@localhost gitlab]# openssl req -sha512 -new -subj "/C=CN/ST=GD/L=Shenzhen/O=jason/OU=Personal/CN=gitlab.jason.com" -key gitlab.server.key -out gitlab.server.csr
[root@localhost gitlab]# openssl x509 -req -sha512 -days 3650 -CA jason-ca.crt -CAkey jason-ca.key -CAcreateserial -in gitlab.server.csr -out gitlab.server.crt
[root@localhost gitlab]# rm -rf gitlab.server.csr
3、配置Gitlab (HTTPS、SMTP)
[root@localhost ~]# vi /etc/gitlab/gitlab.rb
[root@localhost ~]# gitlab-ctl show-config
[root@localhost ~]# gitlab-ctl reconfigure
[root@localhost ~]# gitlab-ctl start
[root@localhost ~]# gitlab-ctl status
修改配置项如下
- external_url 'gitlab.jason.com'
- gitlab_rails['gitlab_shell_ssh_port'] = 22
- gitlab_rails['gitlab_shell_git_timeout'] = 800
- nginx['enable'] = true
- nginx['redirect_http_to_https'] = true
- nginx['ssl_certificate'] = "/etc/gitlab/gitlab.server.crt"
- nginx['ssl_certificate_key'] = "/etc/gitlab/gitlab.server.key"
- letsencrypt['enable'] = false
- gitlab_rails['gravatar_plain_url'] = "cdn.libravatar.org/avatar/%{ha…"
- gitlab_rails['smtp_enable'] = true
- gitlab_rails['smtp_address'] = "smtp.exmail.qq.com"
- gitlab_rails['smtp_port'] = 465
- gitlab_rails['smtp_user_name'] = "operation@xxxxx.cn"
- gitlab_rails['smtp_password'] = "xxxxxxx"
- gitlab_rails['smtp_domain'] = "xxxxx.cn"
- gitlab_rails['smtp_authentication'] = "login"
- gitlab_rails['smtp_enable_starttls_auto'] = true
- gitlab_rails['smtp_tls'] = true
- gitlab_rails['gitlab_email_from'] = "operation@xxxxx.cn"
如果遇到错误,删除 /etc/gitlab/gitlab-secrets.json 文件,再次执行 gitlab-ctl reconfigure
4、测试发送邮件
[root@localhost gitlab]# gitlab-ctl stop
[root@localhost gitlab]# gitlab-rails console
--------------------------------------------------------------------------------
Ruby: ruby 2.7.5p203 (2021-11-24 revision f69aeb8314) [x86_64-linux]
GitLab: 14.7.1 (c25c22ccd8c) FOSS
GitLab Shell: 13.22.2
PostgreSQL: 12.7
--------------------------------------------------------------------------------
Loading production environment (Rails 6.1.4.4)
irb(main):001:0> Notify.test_email('admin@xxxxx.cn','Test email','Hello, 2022 !').deliver_now
irb(main):001:0> exit
如果遇到问题,查看日志
[root@localhost gitlab]# gitlab-ctl tail
[root@localhost gitlab]# gitlab-ctl tail nginx
[root@localhost gitlab]# gitlab-ctl tail nginx/gitlab_error.log
[root@localhost gitlab]# gitlab-ctl tail nginx/gitlab_access.log
[root@localhost gitlab]# gitlab-ctl tail gitlab-rails
5、WIN10 浏览器登录测试
- root 用户名密码文件:/etc/gitlab/initial_root_password
- root 用户登录后,修改密码,并删除密码文件
- 创建用户 user666
- user666用户登录,创建项目 demo
- 项目地址 gitlab.jason.com/user666/dem…
6、WIN10 安装Git客户端
- 下载地址 git-scm.com/
- 版本 PortableGit-2.37.3-64-bit.7z.exe
- 执行 PortableGit-2.37.3-64-bit.7z.exe 安装到目录 F:\PortableGit
7、WIN10 获取证书 gitlab.jason.com.pem
- 执行 F:\PortableGit\git-bash.exe
$ openssl s_client -connect gitlab.jason.com:443
CONNECTED(00000194)
---
Certificate chain
0 s:C = CN, ST = GD, L = Shenzhen, O = jason, OU = Personal, CN = gitlab.jason.com
i:C = CN, ST = GD, L = Shenzhen, O = jason, OU = Personal, CN = jason.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFSzCCAzMCCQDWUMyQcAz9sjANBgkqhkiG9w0BAQ0FADBkMQswCQYDVQQGEwJD
TjELMAkGA1UECAwCR0QxETAPBgNVBAcMCFNoZW56aGVuMQ4wDAYDVQQKDAVqYXNv
... ... ... ... ...
- 复制从 -----BEGIN CERTIFICATE----- 到 -----END CERTIFICATE----- 的内容,保存到F:\PortableGit\gitlab.jason.com.pem
8、配置证书,客户端接受自签名证书
$ git config --list
$ git config --global credential.helper store
$ git config --global http.https://gitlab.jason.com.sslCAInfo F:/PortableGit/gitlab.jason.com.pem
- 如果不想管理证书,避免麻烦,可以关闭SSL验证: git config --global http.sslVerify false
- 或者 GIT_SSL_NO_VERIFY=true
9、迁移项目
- 从gitee上克隆一个项目,push到 gitlab.jason.com/user666/dem…
- 登录 gitlab.jason.com 创建项目 demo
$ git config --global user.email "you@example.com"
$ git config --global user.name "Your Name"
$ git clone https://gitee.com/jason78/k8s-demo-1.23.5.git
$ git config --global --add safe.directory D:/workspaces/IDEA-workspace/k8s-demo-1.23.5
$ cd k8s-demo-1.23.5
$ git branch -m master main
$ git remote set-url origin https://gitlab.jason.com/user666/demo.git
$ git branch --set-upstream-to=origin/main main
$ git push -u origin main
$ git remote -v
$ git remote -a
$ git remote -v
- 过程中会提示输入用户名和密码
- 邮件地址 user.email 可以随意填写,在Commit边上有个发邮件的按钮会用到
- 用户名 user.name 必须是Gitlab 登录的用户名
- 配置文件是用户目录下的 .gitconfig 文件
10、遇到的问题
fatal: unable to access 'xxxxx.git/': SSL certificate problem: self signed certificate
fatal: unable to access 'xxxxx.git/': SSL: no alternative certificate subject name matches target host name 'gitlab.jason.com'
fatal: unable to access 'xxxxx.git/': SSL certificate problem: unable to get local issuer certificate
fatal: The upstream branch of your current branch does not match the name of your current branch. To push to the upstream branch on the remote
fatal: detected dubious ownership in repository at xxx xxx is owned by: xxx but the current user is: xxxx To add an exception for this directory, call: xxxx
问题:不用HTTPS,使用SSH通讯,怎么配置?
- Gitlab先用起来,通过操作实践,积累多了自然就理解了
- 把理解的知识分享出来,自造福田,自得福缘
- 追求简单,容易使人理解,知识的上下文也是知识的一部分,例如版本,时间等
- 欢迎留言交流,也可以提出问题,一般在周末回复和完善文档
- Jason@vip.qq.com 2022-9-21
