前言#
本文講述如何在 Debian 11 環境下使用 Docker 安裝 GitLab。
創建 Git 用戶組和用戶#
首先需要創建 git 的用戶組和用戶:
groupadd -g 998 git
useradd -m -u 998 -g git -s /bin/sh -d /home/git git
以上命令建議在安裝 Docker 之前執行。
已知使用 apt 安裝 Docker 會默認創建 GID 為 998 的 docker 組,會與 GitLab 的 git 組衝突,提前創建 GID 為 998 的組可避免手工修改。
安裝 Docker 和 Docker Compose#
參考:
創建應用#
創建 GitLab 應用及數據文件夾 /app/gitlab:
mkdir -p /app/gitlab
mkdir -p /app/gitlab/data/{config,logs,data}
創建 /app/gitlab/docker-compose.yaml 文件,內容如下:
version: '3'
services:
gitlab:
image: gitlab/gitlab-ce:14.7.2-ce.0
container_name: gitlab
restart: always
privileged: true
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://example.com';
nginx['enable'] = false;
gitlab_rails['trusted_proxies'] = ['172.17.0.0/24', '10.0.0.0/8'];
gitlab_workhorse['listen_network'] = 'tcp';
gitlab_workhorse['listen_addr'] = '0.0.0.0:8181';
gitlab_workhorse['gitlab_ssh_host'] = 'git.example.com';
ports:
- '8181:8181'
- '2222:22'
volumes:
- /etc/localtime:/etc/localtime:ro
# - /app/gitlab/data/data/.ssh/id_rsa.pub:/gitlab-data/ssh/authorized_keys:ro
- /app/gitlab/data/config:/etc/gitlab
- /app/gitlab/data/logs:/var/log/gitlab
- /app/gitlab/data/data:/var/opt/gitlab
shm_size: '256m'
deploy:
resources:
limits:
cpus: 2
memory: 4G
其中,example.com 修改為 GitLab 的域名,git.example.com 修改為 SSH 的域名。
進入應用文件夾,拉取鏡像並初始化服務:
cd /app/gitlab
docker-compose pull
docker-compose up -d
配置#
首先停止服務:
docker-compose down
修改 /app/gitlab/data/config/gitlab.rb 文件,依次查找取消註釋並修改即可:
external_url 'https://example.com'
gitlab_rails['gitlab_ssh_host'] = 'git.example.com'
gitlab_rails['time_zone'] = 'Asia/Shanghai'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.example.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "smtp_user"
gitlab_rails['smtp_password'] = "smtp_password"
gitlab_rails['smtp_domain'] = "example.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'noreply@example.com'
gitlab_rails['gitlab_email_display_name'] = 'Example'
gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
gitlab_rails['gitlab_default_theme'] = 2
gitlab_rails['gravatar_plain_url'] = 'https://gravatar.loli.net/avatar/%{hash}?s=%{size}&d=identicon'
gitlab_rails['gravatar_ssl_url'] = 'https://gravatar.loli.net/avatar/%{hash}?s=%{size}&d=identicon'
gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
啟動服務,應用配置:
doker-compose up -d
SSH 轉發#
將容器內 SSH 密鑰映射到宿主機:
rm -rf /home/git/.ssh
ln -sf /app/gitlab/data/data/.ssh /home/git/.ssh
生成宿主機到容器的通信密鑰:
su - git
ssh-keygen
創建 gitlab-shell:
mkdir -p /opt/gitlab/embedded/service/gitlab-shell/bin
touch /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell
chmod a+x /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell
/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell 的內容如下:
#!/bin/sh
ssh -i /home/git/.ssh/id_rsa -p 2222 -o StrictHostKeyChecking=no git@git.example.com "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
注意將
git.example.com添加到/etc/hosts文件,指向127.0.0.1即可。
修改 docker-compose.yaml 文件,將掛載 /gitlab-data/ssh/authorized_keys 一行的註釋取消。
重啟服務:
docker-compose down
docker-compose up -d
配置 nginx 轉發#
nginx 配置文件示例:
upstream gitlab-workhorse {
server 127.0.0.1:8181 fail_timeout=0;
}
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name example.com;
server_tokens off;
return 301 https://$http_host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ipv6only=on ssl;
server_name example.com;
server_tokens off;
include enable-ssl.conf;
include enable-hsts.conf;
ssl_certificate /data/ssl/example.com/fullchain.pem;
ssl_certificate_key /data/ssl/example.com/privkey.pem;
ssl_trusted_certificate /data/ssl/example.com/ca.pem;
location / {
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-workhorse;
}
}
結尾#
瀏覽器打開 https://example.com,嘗試一下!