使用docker安装gitlab并转发22端口

2020-11-01 2586 0

首先,在宿主机上新建一个git用户,使用id git记录下git用户的uid和gid。

然后使用如下的命令安装gitlab

  1. docker run -d \
  2. --name=gitlab \
  3. --restart=unless-stopped \
  4. --hostname=git.ishield.cn \
  5. -p 10443:443 \
  6. -p 10080:80 \
  7. -p 23:22 \
  8. -v /opt/openresty/nginx/keys/ishield.cn.cer:/var/opt/gitlab/nginx/keys/ishield.cn.crt \
  9. -v /opt/openresty/nginx/keys/ishield.cn.key:/var/opt/gitlab/nginx/keys/ishield.cn.key \
  10. -v /var/lib/docker/volumes/gitlab/_data/etc:/etc/gitlab \
  11. -v /home/git/.ssh:/var/opt/gitlab/.ssh \
  12. -v /etc/localtime:/etc/localtime:ro \
  13. --ulimit sigpending=62793 --ulimit nproc=131072 \
  14. --ulimit nofile=60000 --ulimit core=0 \
  15. gitlab/gitlab-ce

启动完成后,进入到容器里修改配置文件/etc/gitlab/gitlab.rb,在底部添加如下语句使用HTTPS

  1. external_url 'https://git.ishield.cn'
  2. gitlab_rails['gitlab_shell_ssh_port'] = 22
  3. gitlab_rails['time_zone'] = 'Asia/Shanghai'
  4. nginx['ssl_certificate'] = "/var/opt/gitlab/nginx/keys/ishield.cn.crt"
  5. nginx['ssl_certificate_key'] = "/var/opt/gitlab/nginx/keys/ishield.cn.key"
  6. nginx['redirect_http_to_https'] = true

同时将容器里的/etc/passwd/etc/group文件内容拷贝到/var/lib/docker/volumes/gitlab/passwd/var/lib/docker/volumes/gitlab/group,将这两个文件中用户git的uid和gid修改为宿主机git用户的uid和gid。

修改完毕后删除gitlab容器然后重新使用下面的命令启动

  1. docker run -d \
  2. --name=gitlab \
  3. --restart=unless-stopped \
  4. --hostname=git.ishield.cn \
  5. -p 10443:443 \
  6. -p 10080:80 \
  7. -p 23:22 \
  8. -v /opt/openresty/nginx/keys/ishield.cn.cer:/var/opt/gitlab/nginx/keys/ishield.cn.crt \
  9. -v /opt/openresty/nginx/keys/ishield.cn.key:/var/opt/gitlab/nginx/keys/ishield.cn.key \
  10. -v /var/lib/docker/volumes/gitlab/_data/etc:/etc/gitlab \
  11. -v /var/lib/docker/volumes/gitlab/_data/log:/var/log/gitlab \
  12. -v /var/lib/docker/volumes/gitlab/_data/data:/var/opt/gitlab \
  13. -v /var/lib/docker/volumes/gitlab/_data/passwd:/etc/passwd:ro \
  14. -v /var/lib/docker/volumes/gitlab/_data/group:/etc/group:ro \
  15. -v /home/git/.ssh:/var/opt/gitlab/.ssh \
  16. -v /etc/localtime:/etc/localtime:ro \
  17. --ulimit sigpending=62793 --ulimit nproc=131072 \
  18. --ulimit nofile=60000 --ulimit core=0 \
  19. gitlab/gitlab-ce

/home/git/.ssh/id_rsa.pub的内容添加到/home/git/.ssh/authorized_keys,这样git用户可以无密码登录到容器里

在宿主机上新建一个可执行文件/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell来进行端口转发,内容如下:

  1. #!/bin/sh
  2. ssh -i /home/git/.ssh/id_rsa -p 23 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"

增加nginx配置,注意proxy_pass处是https

  1. server {
  2. listen 80;
  3. listen 443 ssl http2;
  4. server_name git.ishield.cn;
  5. proxy_set_header Host $host;
  6. proxy_set_header X-Real-IP $remote_addr;
  7. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  8. ssl_certificate /home/digua/projects/config/acme.sh/ishield.cn/fullchain.cer;
  9. ssl_certificate_key /home/digua/projects/config/acme.sh/ishield.cn/ishield.cn.key;
  10. location / {
  11. proxy_pass https://127.0.0.1:10443;
  12. }
  13. }

这样设置完成之后,gitlab的地址即为https,并且可以使用22端口进行clone了。

gitlab的其他配置可参考

  1. gitlab_rails['gitlab_ssh_host'] = '10.17.65.22'
  2. gitlab_rails['time_zone'] = 'Asia/Shanghai'
  3. gitlab_rails['gitlab_email_enabled'] = true
  4. gitlab_rails['gitlab_email_from'] = 'admin@guoliangwu.com'
  5. gitlab_rails['gitlab_email_display_name'] = 'Admin'
  6. gitlab_rails['gitlab_email_reply_to'] = 'no_reply@guoliangwu.com'
  7. gitlab_rails['gitlab_username_changing_enabled'] = false
  8. gitlab_rails['gitlab_default_theme'] = 4
  9. gitlab_rails['gitlab_default_projects_features_snippets'] = false
  10. gitlab_rails['gitlab_default_projects_features_builds'] = false
  11. gitlab_rails['gitlab_default_projects_features_container_registry'] = false
  12. gitlab_rails['incoming_email_enabled'] = false
  13. gitlab_rails['smtp_enable'] = true
  14. gitlab_rails['smtp_address'] = "smtp.guoliangwu.com"
  15. gitlab_rails['smtp_port'] = 465
  16. gitlab_rails['smtp_user_name'] = "admin@guoliangwu.com"
  17. gitlab_rails['smtp_password'] = "xxxx"
  18. gitlab_rails['smtp_domain'] = "guoliangwu.com"
  19. gitlab_rails['smtp_authentication'] = "login"
  20. gitlab_rails['smtp_enable_starttls_auto'] = true
  21. gitlab_rails['smtp_tls'] = true
  22. gitlab_rails['registry_enabled'] = false
  23. unicorn['worker_processes'] = 4
  24. sidekiq['concurrency'] = 15
  25. postgresql['shared_buffers'] = "2GB"
  26. prometheus['enable'] = false