Linode 最近推出了新的数据中心 Tokyo2,我使用的是$10/月 2G RAM 配置的主机,用于搭建 Gitlab 完全足够了, 点击这里访问Linode。
我的仓库地址:https://git.webapproach.net/
进入正题,购买主机并安装 Ubuntu16.04LTS。
系统环境
Ubuntun 16.04 LTS
使用证书登录并禁用密码登录
使用 openssl 生成一对公钥(id_rsa.pub)和私钥(id_rsa)
将公钥(id_rsa.pub)上传到服务器,使用如下命令将公钥内容添加至 authorized_keys
1
|
cat id_rsa.pub >> ~/.ssh/authorized_keys
|
修改 SSH 配置禁止密码登录
1
2
3
4
5
|
vim /etc/ssh/sshd_config
修改 -> PasswordAuthentication no
/etc/init.d/ssh restart
|
安装 Docker-Engine
参考 Docker Engine Install
申请证书
安装 LetsEncrypt 证书自动申请工具
sudo apt-get install letsencrypt
letsencrypt certonly --standalone
openssl dhparam -out dhparam.pem 4096
安装 Docker-Compose
curl -L https://github.com/docker/compose/releases/download/1.9.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
使用 Docker 安装 ShadowSocks
docker pull tommylau/shadowsocks
docker run --name=ss -p 8989:8989 -d tommylau/shadowsocks -s 0.0.0.0 -p 8989 -k 'xxx' -m aes-256-cfb
使用 Docker-Compose 安装 Gitlab 以及 SMTP 邮件服务
gitlab.yml 配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
version: '2'
services:
redis:
restart: always
image: sameersbn/redis:latest
command:
- --loglevel warning
volumes:
- /srv/docker/gitlab/redis:/var/lib/redis:Z
postgresql:
restart: always
image: sameersbn/postgresql:9.5-1
volumes:
- /srv/docker/gitlab/postgresql:/var/lib/postgresql:Z
environment:
- DB_USER=gitlab
- DB_PASS=xxx
- DB_NAME=gitlabhq_production
- DB_EXTENSION=pg_trgm
postfix:
restart: always
image: catatnight/postfix:latest
ports:
- '587:587'
volumes:
- /srv/certs/webapproach.net:/etc/postfix/certs
environment:
- maildomain=webapproach.net
- smtp_user=mailer@webapproach.net:xxx
dns:
- 8.8.8.8
gitlab:
restart: always
image: sameersbn/gitlab:latest
depends_on:
- redis
- postgresql
ports:
- '10080:80'
- '1022:22'
volumes:
- /srv/docker/gitlab/gitlab:/home/git/data:Z
- /var/log/gitlab:/var/log/gitlab
environment:
- DEBUG=false
- DB_ADAPTER=postgresql
- DB_HOST=postgresql
- DB_PORT=5432
- DB_USER=gitlab
- DB_PASS=xxx
- DB_NAME=gitlabhq_production
- REDIS_HOST=redis
- REDIS_PORT=6379
- TZ=Asia/Beijing
- GITLAB_TIMEZONE=Beijing
- GITLAB_HTTPS=true
- SSL_SELF_SIGNED=false
- SSL_KEY_PATH=/srv/certs/webapproach.net/wa.crt
- SSL_CERTIFICATE_PATH=/srv/certs/webapproach.net/wa.key
- SSL_DHPARAM_PATH=/srv/certs/webapproach.net/dhparam.pem
- NGINX_HSTS_MAXAGE=2592000
- GITLAB_HOST=git.webapproach.net
- GITLAB_PORT=443
- GITLAB_SSH_PORT=1022
- GITLAB_RELATIVE_URL_ROOT=
- GITLAB_SECRETS_DB_KEY_BASE=4dya9h51h9hfa9y51nnlfa9hr9a8519h591h5hoa
- GITLAB_SECRETS_SECRET_KEY_BASE=da798hg91yf98ah51ho9fay98y51895y7hfauhfo
- GITLAB_SECRETS_OTP_KEY_BASE=yr9h159fay9ah519hfa9851h9fa9y9519hda9
- GITLAB_ROOT_PASSWORD=xxx
- GITLAB_ROOT_EMAIL=root@webapproach.net
- GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
- GITLAB_NOTIFY_PUSHER=false
- GITLAB_EMAIL=notifications@webapproach.net
- GITLAB_EMAIL_REPLY_TO=noreply@webapproach.net
- GITLAB_INCOMING_EMAIL_ADDRESS=reply@webapproach.net
- GITLAB_BACKUP_SCHEDULE=daily
- GITLAB_BACKUP_TIME=01:00
- SMTP_ENABLED=true
- SMTP_DOMAIN=webapproach.net
- SMTP_HOST=smtp.webapproach.net
- SMTP_PORT=587
- SMTP_USER=mailer@webapproach.net
- SMTP_PASS=xxx
- SMTP_STARTTLS=true
- SMTP_AUTHENTICATION=login
- IMAP_ENABLED=false
- IMAP_HOST=imap.gmail.com
- IMAP_PORT=993
- IMAP_USER=mailer@webapproach.net
- IMAP_PASS=xxx
- IMAP_SSL=true
- IMAP_STARTTLS=false
- OAUTH_ENABLED=false
- OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
- OAUTH_ALLOW_SSO=
- OAUTH_BLOCK_AUTO_CREATED_USERS=true
- OAUTH_AUTO_LINK_LDAP_USER=false
- OAUTH_AUTO_LINK_SAML_USER=false
- OAUTH_EXTERNAL_PROVIDERS=
- OAUTH_CAS3_LABEL=cas3
- OAUTH_CAS3_SERVER=
- OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
- OAUTH_CAS3_LOGIN_URL=/cas/login
- OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
- OAUTH_CAS3_LOGOUT_URL=/cas/logout
- OAUTH_GOOGLE_API_KEY=
- OAUTH_GOOGLE_APP_SECRET=
- OAUTH_GOOGLE_RESTRICT_DOMAIN=
- OAUTH_FACEBOOK_API_KEY=
- OAUTH_FACEBOOK_APP_SECRET=
- OAUTH_TWITTER_API_KEY=
- OAUTH_TWITTER_APP_SECRET=
- OAUTH_GITHUB_API_KEY=
- OAUTH_GITHUB_APP_SECRET=
- OAUTH_GITHUB_URL=
- OAUTH_GITHUB_VERIFY_SSL=
- OAUTH_GITLAB_API_KEY=
- OAUTH_GITLAB_APP_SECRET=
- OAUTH_BITBUCKET_API_KEY=
- OAUTH_BITBUCKET_APP_SECRET=
- OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
- OAUTH_SAML_IDP_CERT_FINGERPRINT=
- OAUTH_SAML_IDP_SSO_TARGET_URL=
- OAUTH_SAML_ISSUER=
- OAUTH_SAML_LABEL="Our SAML Provider"
- OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
- OAUTH_SAML_GROUPS_ATTRIBUTE=
- OAUTH_SAML_EXTERNAL_GROUPS=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=
- OAUTH_CROWD_SERVER_URL=
- OAUTH_CROWD_APP_NAME=
- OAUTH_CROWD_APP_PASSWORD=
- OAUTH_AUTH0_CLIENT_ID=
- OAUTH_AUTH0_CLIENT_SECRET=
- OAUTH_AUTH0_DOMAIN=
- OAUTH_AZURE_API_KEY=
- OAUTH_AZURE_API_SECRET=
- OAUTH_AZURE_TENANT_ID=
|
安装 LNMP
参考 https://lnmp.org/install.html
Nginx 反代 Gitlab 配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
upstream gitlab {
server 127.0.0.1:10080;
}
server
{
server_name git.webapproach.net;
listen 80;
index index.html index.htm index.php default.html default.htm default.php;
rewrite ^(.*)$ https://git.webapproach.net$1 permanent;
#error_page 404 /404.html;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://gitlab;
#proxy_redirect off;
}
access_log /home/wwwlogs/git.webapproach.net.80.log;
}
server
{
listen 443 ssl http2;
server_name git.webapproach.net;
ssl_certificate /srv/certs/webapproach.net/wa.crt;
ssl_certificate_key /srv/certs/webapproach.net/wa.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://gitlab;
}
}
|
