前言#
本文讲述如何在 Debian 11 环境下使用 Docker 安装 GitLab。
创建 Git 用户组和用户#
首先需要创建 git 的用户组和用户:
groupadd -g 998 git
useradd -m -u 998 -g git -s /bin/sh -d /home/git git
以上命令建议在安装 Docker 之前执行。
已知使用 apt 安装 Docker 会默认创建 GID 为 998 的 docker 组,会与 GitLab 的 git 组冲突,提前创建 GID 为 998 的组可避免手工修改。
安装 Docker 和 Docker Compose#
参考:
创建应用#
创建 GitLab 应用及数据文件夹 /app/gitlab:
mkdir -p /app/gitlab
mkdir -p /app/gitlab/data/{config,logs,data}
创建 /app/gitlab/docker-compose.yaml 文件,内容如下:
version: '3'
services:
gitlab:
image: gitlab/gitlab-ce:14.7.2-ce.0
container_name: gitlab
restart: always
privileged: true
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://example.com';
nginx['enable'] = false;
gitlab_rails['trusted_proxies'] = ['172.17.0.0/24', '10.0.0.0/8'];
gitlab_workhorse['listen_network'] = 'tcp';
gitlab_workhorse['listen_addr'] = '0.0.0.0:8181';
gitlab_workhorse['gitlab_ssh_host'] = 'git.example.com';
ports:
- '8181:8181'
- '2222:22'
volumes:
- /etc/localtime:/etc/localtime:ro
# - /app/gitlab/data/data/.ssh/id_rsa.pub:/gitlab-data/ssh/authorized_keys:ro
- /app/gitlab/data/config:/etc/gitlab
- /app/gitlab/data/logs:/var/log/gitlab
- /app/gitlab/data/data:/var/opt/gitlab
shm_size: '256m'
deploy:
resources:
limits:
cpus: 2
memory: 4G
其中,example.com 修改为 GitLab 的域名,git.example.com 修改为 SSH 的域名。
进入应用文件夹,拉取镜像并初始化服务:
cd /app/gitlab
docker-compose pull
docker-compose up -d
配置#
首先停止服务:
docker-compose down
修改 /app/gitlab/data/config/gitlab.rb 文件,依次查找取消注释并修改即可:
external_url 'https://example.com'
gitlab_rails['gitlab_ssh_host'] = 'git.example.com'
gitlab_rails['time_zone'] = 'Asia/Shanghai'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.example.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "smtp_user"
gitlab_rails['smtp_password'] = "smtp_password"
gitlab_rails['smtp_domain'] = "example.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'noreply@example.com'
gitlab_rails['gitlab_email_display_name'] = 'Example'
gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
gitlab_rails['gitlab_default_theme'] = 2
gitlab_rails['gravatar_plain_url'] = 'https://gravatar.loli.net/avatar/%{hash}?s=%{size}&d=identicon'
gitlab_rails['gravatar_ssl_url'] = 'https://gravatar.loli.net/avatar/%{hash}?s=%{size}&d=identicon'
gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
启动服务,应用配置:
doker-compose up -d
SSH 转发#
将容器内 SSH 密钥映射到宿主机:
rm -rf /home/git/.ssh
ln -sf /app/gitlab/data/data/.ssh /home/git/.ssh
生成宿主机到容器的通信密钥:
su - git
ssh-keygen
创建 gitlab-shell:
mkdir -p /opt/gitlab/embedded/service/gitlab-shell/bin
touch /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell
chmod a+x /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell
/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell 的内容如下:
#!/bin/sh
ssh -i /home/git/.ssh/id_rsa -p 2222 -o StrictHostKeyChecking=no git@git.example.com "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
注意将
git.example.com添加到/etc/hosts文件,指向127.0.0.1即可。
修改 docker-compose.yaml 文件,将挂载 /gitlab-data/ssh/authorized_keys 一行的注释取消。
重启服务:
docker-compose down
docker-compose up -d
配置 nginx 转发#
nginx 配置文件示例:
upstream gitlab-workhorse {
server 127.0.0.1:8181 fail_timeout=0;
}
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name example.com;
server_tokens off;
return 301 https://$http_host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ipv6only=on ssl;
server_name example.com;
server_tokens off;
include enable-ssl.conf;
include enable-hsts.conf;
ssl_certificate /data/ssl/example.com/fullchain.pem;
ssl_certificate_key /data/ssl/example.com/privkey.pem;
ssl_trusted_certificate /data/ssl/example.com/ca.pem;
location / {
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-workhorse;
}
}
结尾#
浏览器打开 https://example.com,尝试一下!