最终效果
背景介绍
因为 Gitlab 中国区新版本已经由国内的极狐接管,迫于使用习惯,我们还是使用原汁原味的 Gitlab 官方维护的版本,这里使用的版本是 15.11.13,因为新的 UI 实在是显得太臃肿了,我们使用 Docker 来部署,需要准备的内容有:
- gitlab.xxx.xxx 域名(需要解析到 gitlab.xxx.xxx 到 Nginx IP)
- pages.xxx.xxx 域名(需要解析 *.pages.xxx.xxx 到 Nginx IP)
- 外部 Nginx (用来实现 SSL 访问,容器内部做太过于麻烦,解耦开)
- SSL证书(可以使用购买的证书或者是使用免费的 let'sencrypt,实际上是支持通配符的)
- Docker
部署方法
1. 解析配置
首先在域名解析的地方解析域名,为了方便(因为我的 Nginx 还承载了其他服务)直接解析 * 的通配符域名到我们的 Nginx
2. Nginx 配置
接下来解析我们的 gitlab 到真实服务地址,请注意有三个服务(分别是gitlab主站、registry镜像服务、pages静态网页服务)
需要注意的是需要在自定义设置中配置优化选项例如缓存、WS支持、SSL等,以及还需要添加自定的块,我使用 nginx proxy manager 演示
请注意每个规则的自定义配置部分都需要添加
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
3. gitlab 配置
编写 docker-compose.yaml 文件
services:gitlab:image: 'gitlab/gitlab-ee:15.11.13-ee.0'container_name: gitlabrestart: alwayshostname: 'gitlab.xxx.xxx'environment:GITLAB_OMNIBUS_CONFIG: |external_url 'https://gitlab.xxx.xxx'nginx['listen_port'] = 80nginx['listen_https'] = falsenginx['redirect_http_to_https'] = falseletsencrypt['enable'] = falsenginx['proxy_set_headers'] = {"X-Forwarded-Proto" => "https","X-Forwarded-Ssl" => "on","X-Real-IP" => "$$remote_addr","X-Forwarded-For" => "$$proxy_add_x_forwarded_for","Host" => "$$http_host"}gitlab_rails['trusted_proxies'] = ['10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16']gitlab_rails['gitlab_shell_ssh_port'] = 2222registry_external_url 'https://registry.xxx.xxx'registry['enable'] = trueregistry_nginx['listen_port'] = 80registry_nginx['listen_https'] = falseregistry_nginx['proxy_set_headers'] = {"X-Forwarded-Proto" => "https","X-Forwarded-Ssl" => "on"}pages_external_url 'https://pages.xxx.xxx'gitlab_pages['enable'] = truegitlab_pages['internal_gitlab_server'] = 'http://gitlab.xxx.xxx'gitlab_pages['artifacts_server_url'] = 'http://gitlab.xxx.xxx'pages_nginx['listen_port'] = 80pages_nginx['listen_https'] = falsepages_nginx['proxy_set_headers'] = {"X-Forwarded-Proto" => "https","X-Forwarded-Ssl" => "on"}prometheus_monitoring['enable'] = falsegitlab_rails['time_zone'] = 'Asia/Shanghai'puma['worker_processes'] = 2sidekiq['concurrency'] = 10postgresql['shared_buffers'] = "256MB"## ─── Email / SMTP ────────────────────────────────────────────# gitlab_rails['smtp_enable'] = true# gitlab_rails['smtp_address'] = "smtp.example.com"# gitlab_rails['smtp_port'] = 587# gitlab_rails['smtp_user_name'] = "user@example.com"# gitlab_rails['smtp_password'] = "smtp_password"# gitlab_rails['smtp_domain'] = "example.com"# gitlab_rails['smtp_authentication'] = "login"# gitlab_rails['smtp_enable_starttls_auto'] = true# gitlab_rails['gitlab_email_from'] = "gitlab@example.com"ports:- '2222:22' # SSH clone / push- '18080:80' # HTTP(由外部的 Nginx 代理到这个端口,处理 SSL)volumes:- './gitlab/config:/etc/gitlab'- './gitlab/logs:/var/log/gitlab'- './gitlab/data:/var/opt/gitlab'shm_size: '256m'healthcheck:test: ["CMD", "/opt/gitlab/bin/gitlab-healthcheck", "--fail", "--max-time", "10"]interval: 60stimeout: 30sretries: 5start_period: 5m
4. 启动并访问
直接docker compose pull && docker compose up -d启动等待几分钟后使用初始密码访问网页即可,初始密码获取方式
docker exec gitlab cat /etc/gitlab/initial_root_password 2>/dev/null | grep Password
参考资料
- https://todoit.tech/k8s/gitlab/
- https://www.hash070.top/archives/gitlab-ee-crack.html
- https://pengtech.net/gitlab/gitlab_ee_crack.html
- https://soulteary.com/2021/07/14/gitlab-14-lightweight-operation-solution.html