首先我們先進行系統套件的更新以及安裝所需套件:
$ apt-get install ruby bundler sudo vim dialog build-essential zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libreadline-dev libncurses5-dev libffi-dev curl git-core openssh-server redis-server checkinstall libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev python-docutils libpq-dev $ gem install bundler --no-ri --no-rdoc $ gem install rake $ bundle install $ gem install charlock_holmes
接著,建立
git 的系統使用者以執行 GitLab 的 Daemon,並安裝 gitlab-shell。其中,使用
git pull origin master 取得最新版的GitLab$ adduser --disabled-login --gecos 'GitLab' git $ cd /home/git $ sudo -u git -H git clone https://github.com/gitlabhq/gitlab-shell.git $ cd gitlab-shell $ sudo -u git -H git pull origin master $ sudo -u git -H cp config.yml.example config.yml $ sudo -u git -H vim config.yml
更改
gitlab-shell 內的 config.yml,這邊筆者依據自己的需求,只更動URL為https開頭,以及 gitlab-shell 的服務埠config.yml:
# GitLab user. git by default user: git # Url to gitlab instance. Used for api calls. Should end with a slash. gitlab_url: "https://localhost:89/"
安裝 gitlab-shell :
sudo -u git -H ./bin/install
安裝 MySQL server,並建立 gitlab 帳號和權限,資料庫是給 Web 介面和權限管理使用
$ mysql -u root -p mysql> CREATE DATABASE IF NOT EXISTS `gitlabDB` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`; mysql> GRANT ALL ON `gitlabDB`.* TO 'gitlab'@'localhost' identified by '<YOUR_DB_PASS>'; mysql> \q
接著安裝 GitLab web 介面部分:
$ cd /home/git $ sudo -u git -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab $ cd /home/git/gitlab $ sudo -u git -H git pull origin master $ cd /home/git/gitlab $ sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
依據需求,更改
config/gitlab.yml 的內容,這裡筆者主要更動以下的設定:
https: true
gitlab.yml:
gitlab: ## Web server settings (note: host is the FQDN, do not include http://) host: localhost port: 80 https: true
由於是使用
git 使用者來執行此服務,所以需要更改一些目錄的權限:
$ chown -R git log/ $ chown -R git tmp/ $ chmod -R u+rwX log/ $ chmod -R u+rwX tmp/ $ sudo -u git -H mkdir /home/git/gitlab-satellites $ sudo -u git -H mkdir tmp/pids/ $ sudo -u git -H mkdir tmp/sockets/ $ chmod -R u+rwX tmp/pids/ $ chmod -R u+rwX tmp/sockets/ $ sudo -u git -H mkdir public/uploads $ chmod -R u+rwX public/uploads
接著,安裝 Nginx,一方面提供 SSL 加密傳輸,另一方面提供 reverse proxy 和
gitlab-shell 溝通。
$ apt-get install nginx $ rm -f /etc/nginx/sites-enabled/default $ cp /home/git/gitlab/lib/support/nginx/gitlab /etc/nginx/sites-available/gitlab $ ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab
編輯
/etc/nginx/sites-enabled/gitlab 如下,請不要忘記要更改系統環境的相關設定,如 server name。/etc/nginx/sites-enabled/gitlab:
upstream gitlab {
## Uncomment if you have set up puma/unicorn to listen on a unix socket (recommended).
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
## Uncomment if puma/unicorn are configured to listen on a tcp port.
## Check the port number in /home/git/gitlab/config/{puma.rb/unicorn.rb}
# server 127.0.0.1:9292;
}
# This is a normal HTTP host which redirects all traffic to the HTTPS host.
# Replace git.example.com with your FQDN.
# This is a normal HTTP host which redirects all traffic to the HTTPS host.
# Replace git.example.com with your FQDN.
server {
listen *:80;
server_name YOUR_SERVER_FQDN;
server_tokens off;
root /nowhere; # this doesn't have to be a valid path since we are redirecting, you don't have to change it.
rewrite ^ https://$server_name:89$request_uri permanent;
}
server {
listen *:89 ssl;
server_name YOUR_SERVER_FQDN;
server_tokens off;
root /home/git/gitlab/public;
ssl on;
ssl_certificate /etc/nginx/gitlab.crt;
ssl_certificate_key /etc/nginx/gitlab.key;
ssl_protocols SSLv3 TLSv1 TLSv1.2;
ssl_ciphers AES:HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
# individual nginx logs for this gitlab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
# serve static files from defined root folder;.
# @gitlab is a named location for the upstream fallback, see below
try_files $uri $uri/index.html $uri.html @gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location @gitlab {
proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab;
}
}
建立 https 服務所需的 cert 和 key 檔案,並搬到
/etc/nginx 目錄下:
$ sudo openssl req -new -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key $ mv gitlab.crt /etc/nginx $ mv gitlab.key /etc/nginx $ service nginx restart
資料庫相關設定:
production: adapter: mysql2 encoding: utf8 reconnect: false database: gitlabDB pool: 10 reaping_frequency: 10 username: gitlab password: "YOUR_DB_PASS" # host: localhost # socket: /tmp/mysql.sock
接著更改
config/unicorn.rb,依據筆者經驗,因為第一次連線到頁面需要比較久的時間,若用預設的 30 會導致連線有問題,必須要將 timeout 設高一些,這邊筆者設為 300。config/unicorn.rb:
# nuke workers after 30 seconds instead of 60 seconds (the default) timeout 300
建立資料庫的 schema。
$ sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production
這邊要注意,執行完成後會產生管理者帳號和密碼,請務必牢記,以便待會連線時登入,也別忘記登入後做密碼的更改。
Administrator account created: login.........admin@local.host password......5iveL!fe
在
/etc/init.d/ 目錄下放啟動 GitLab 的 script ,執行以下指令:
$ cp lib/support/init.d/gitlab /etc/init.d/gitlab $ chmod +x /etc/init.d/gitlab $ update-rc.d gitlab defaults 21 $ sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production $ service gitlab start
現在可以試著連線看看,看能不能看到 GitLab 頁面。如果可以,就可以開始享用 GitLab 囉!
參考資料:
http://www.rosehosting.com/blog/how-to-install-gitlab-ruby-and-nginx-on-a-debian-7-wheezy-vps/
沒有留言:
張貼留言