最新消息:

CentOS 上GitLab的搭建

git admin 4680浏览 0评论

事情的起因是因为导师提到让我在实验室服务器搭建一个Git服务器供大家使用,于是我就在网上搜索解决方案,最后选定了两个gitblit以及gitlab,不过最后发现服务器是windows server 2008 r2,gitlab没法部署,最后退而求其次部署了gitblit,感觉速度还蛮不错,功能也可以,就是一点,界面不如gitlab好看。

后来就心痒难耐,觉得gitlab很漂亮,结果就想着在自己vps部署一个,于是就开始了噩梦一般的部署过程。开正体前,我再感叹下,实在是太麻烦了,尤其是在centos 5这种老系统上面。

1.添加EPEL源

不添加这个,什么依赖都装不了。所以,你懂得。这个是centos 5的,其他版本的可以去网上搜,就地址不一样。

1
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-5-4.noarch.rpm

2.安装依赖

就是安装依赖,建议python自己编译安装一个,版本新一点。

1
2
yum -y groupinstall 'Development Tools' 'Additional Development'
yum -y install readline readline-devel ncurses-devel gdbm-devel glibc-devel tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc sqlite-devel gcc-c++ libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui python-devel redis

3.安装Ruby

安装Ruby,千万不要用最新版,要用p327版本

1
2
3
4
wget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p327.tar.gz
tar xfvz ruby-1.9.3-p327.tar.gz
cd ruby-1.9.3-p327
./configure --disable-install-doc --enable-shared --disable-pthread

编译前,如果可以的话,最好安装下qt

1
2
yum install qt-devel qtwebkit-devel
export PATH=$PATH:/usr/lib32/qt4/bin   # 32位和64位,你懂得

编译安装

1
make && make install

4.更新gem,安装rails

1
2
3
gem update --system
gem update
gem install rails

5.Gitolite安装

添加两个用户,安装证书

1
2
3
4
adduser --shell /bin/bash --create-home --home-dir /home/gitlab gitlab
adduser --system --shell /bin/sh --comment 'gitolite' --create-home --home-dir /home/git git
sudo -u gitlab -H ssh-keygen -q -N '' -t rsa -f /home/gitlab/.ssh/id_rsa
sudo usermod -a -G git gitlab

Gitolite安装

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
cd /home/git
sudo -u git -H git clone -b gl-v320 https://github.com/gitlabhq/gitolite.git /home/git/gitolite
# Add Gitolite scripts to $PATH
sudo -u git -H mkdir /home/git/bin
sudo -u git -H sh -c 'printf "%bn%bn" "PATH=$PATH:/home/git/bin" "export PATH" >> /home/git/.profile'
sudo -u git -H sh -c 'gitolite/install -ln /home/git/bin'
# Copy the gitlab user's (public) SSH key ...
sudo cp /home/gitlab/.ssh/id_rsa.pub /home/git/gitlab.pub
sudo chmod 0444 /home/git/gitlab.pub
# ... and use it as the admin key for the Gitolite setup
sudo -u git -H sh -c "PATH=/home/git/bin:$PATH; gitolite setup -pk /home/git/gitlab.pub"
# Make sure the Gitolite config dir is owned by git
sudo chmod -R 750 /home/git/.gitolite/
sudo chown -R git:git /home/git/.gitolite/
# Make sure the repositories dir is owned by git and it stays that way
sudo chmod -R ug+rwXs,o-rwx /home/git/repositories/
sudo chown -R git:git /home/git/repositories/

设置ssh安全选项(这个可能没用)

1
2
3
4
5
6
7
8
9
10
11
12
echo "Host localhost
   StrictHostKeyChecking no
   UserKnownHostsFile=/dev/null" | sudo tee -a /etc/ssh/ssh_config
echo "Host YOUR_DOMAIN_NAME
   StrictHostKeyChecking no
   UserKnownHostsFile=/dev/null" | sudo tee -a /etc/ssh/ssh_config
# If gitolite domain differs
echo "Host YOUR_GITOLITE_DOMAIN
   StrictHostKeyChecking no
   UserKnownHostsFile=/dev/null" | sudo tee -a /etc/ssh/ssh_config

测试gitolite安装

1
2
3
4
5
6
# Clone the admin repo so SSH adds localhost to known_hosts ...
# ... and to be sure your users have access to Gitolite
sudo -u gitlab -H git clone git@localhost:gitolite-admin.git /tmp/gitolite-admin
# If it succeeded without errors you can remove the cloned repo
sudo rm -rf /tmp/gitolite-admin

6. 安装Gitlab

首先下载下来

1
2
3
4
5
6
7
8
9
10
# We'll install GitLab into home directory of the user "gitlab"
cd /home/gitlab
# Clone GitLab repository
sudo -u gitlab -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab
# Go to gitlab dir
cd /home/gitlab/gitlab
# Checkout to stable release
sudo -u gitlab -H git checkout 4-0-stable

设置权限还有其他选项

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
cd /home/gitlab/gitlab
# Copy the example GitLab config
sudo -u gitlab -H cp config/gitlab.yml.example config/gitlab.yml
# 把其中的gitlab部分和ssh部分的host改成自己的域名就行了
sudo -u gitlab -H vim config/gitlab.yml
# Make sure GitLab can write to the log/ and tmp/ directories
sudo chown -R gitlab log/
sudo chown -R gitlab tmp/
sudo chmod -R u+rwX  log/
sudo chmod -R u+rwX  tmp/
# Copy the example Unicorn config
sudo -u gitlab -H cp config/unicorn.rb.example config/unicorn.rb

数据库设置

1
2
3
4
5
# Mysql
sudo -u gitlab cp config/database.yml.mysql config/database.yml
# PostgreSQL
sudo -u gitlab cp config/database.yml.postgresql config/database.yml

安装Gems

1
2
3
4
5
6
7
8
9
cd /home/gitlab/gitlab
sudo gem install charlock_holmes --version '0.6.9'
# For mysql db
sudo -u gitlab -H bundle install --deployment --without development test postgres
# Or For postgres db
sudo -u gitlab -H bundle install --deployment --without development test mysql

额外设置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# 设置git全局设置
sudo -u gitlab -H git config --global user.name "GitLab"
sudo -u gitlab -H git config --global user.email "gitlab@localhost"
# 设置Hook脚本
sudo cp ./lib/hooks/post-receive /home/git/.gitolite/hooks/common/post-receive
sudo chown git:git /home/git/.gitolite/hooks/common/post-receive
# 初始化数据库
sudo -u gitlab -H bundle exec rake gitlab:app:setup RAILS_ENV=production
# 安装初始化脚本,这是centos,ubuntu有对应的脚本
sudo wget https://raw.github.com/gitlabhq/gitlab-recipes/master/init.d/gitlab-centos -P /etc/init.d/
sudo chmod +x /etc/init.d/gitlab-centos
chkconfig --add gitlab-centos

测试gitlab的状态,正常则启动

1
2
3
4
5
6
7
8
# 查看环境信息
sudo -u gitlab -H bundle exec rake gitlab:env:info RAILS_ENV=production
# 检测gitlab状态,非绿色的太多了,要注意修复下
sudo -u gitlab -H bundle exec rake gitlab:check RAILS_ENV=production
# 启动
sudo service gitlab start

7. Nginx配置

安装就不说了,配置写法,这个是http

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# GITLAB
# Maintainer: @randx
# App Version: 4.0
upstream gitlab {
  server unix:/home/gitlab/gitlab/tmp/sockets/gitlab.socket;
}
server {
  listen 80;         # e.g., listen 192.168.1.1:80;
  server_name Domain_NAME;     # e.g., server_name source.example.com;
  root /home/gitlab/gitlab/public;
  # individual nginx logs for this gitlab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
  location / {
    # serve static files from defined root folder;.
    # @gitlab is a named location for the upstream fallback, see below
    try_files $uri $uri/index.html $uri.html @gitlab;
  }
  # if a file, which is not found in the root folder is requested,
  # then the proxy pass the request to the upsteam (gitlab unicorn)
  location @gitlab {
    proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_redirect     off;
    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;
    proxy_pass http://gitlab;
  }
}

https的对应配置,建议使用最新版openssl编译nginx可以激活ECDHE前向加密。加密算法建议使用AES 不过首先应该先自己签名一个证书

1
2
sudo openssl req -new -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key
sudo chmod o-r gitlab.key
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# GITLAB
# Maintainer: @randx
# App Version: 4.0
upstream gitlab {
  server unix:/home/gitlab/gitlab/tmp/sockets/gitlab.socket;
}
# This is a normal HTTP host which redirects all traffic to the HTTPS host.
server {
    listen       80;
    listen [::]:80;
    server_name Domain_NAME;
    root /nowhere;
    rewrite ^ https://gitlab.stardrad.com$request_uri permanent;
}
server {
    listen 443;
    listen [::]:443 ipv6only=on;
    server_name Domain_NAME;
    root /home/gitlab/gitlab/public;
    ssl on;
    ssl_certificate gitlab.crt;
    ssl_certificate_key gitlab.key;    
    ssl_protocols  SSLv3 TLSv1 TLSv2;       
    ssl_ciphers AES:HIGH:!ADH:!MD5;       
    ssl_prefer_server_ciphers   on;  
    # individual nginx logs for this gitlab vhost
    access_log  /var/log/nginx/gitlab_access.log;
    error_log   /var/log/nginx/gitlab_error.log;
    location / {
    # serve static files from defined root folder;.
    # @gitlab is a named location for the upstream fallback, see below
    try_files $uri $uri/index.html $uri.html @gitlab;
    }
    # if a file, which is not found in the root folder is requested,
    # then the proxy pass the request to the upsteam (gitlab unicorn)
    location @gitlab {
    proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_redirect     off;
    #proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-Ssl on;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;
    proxy_pass http://gitlab;
    }
}

8. 完成

记住初始账号密码,登入即可

1
2
admin@local.host
5iveL!fe

截图 gitlab

附注

如果你的ssh的端口非标准的22(vps一般都是这样),则应当修改配置文件

1
2
3
4
5
6
7
su gitlab
vim ~/.ssh/config
# 在vim中插入
host localhost
    user git
    port 888
    hostname Your Ip or Your domain name

参考

  1. Installing GitLab with gitolite on CentOS 6.2 and 6.3
  2. 官方Ubuntu安装文档
  3. RedHat/CentOS 安装gitlabhq

 

转载请注明:爱开源 » CentOS 上GitLab的搭建

您必须 登录 才能发表评论!