使用docker安装gitlab并转发22端口
首先,在宿主机上新建一个git用户,使用id git
记录下git用户的uid和gid。
然后使用如下的命令安装gitlab
docker run -d \
--name=gitlab \
--restart=unless-stopped \
--hostname=git.ishield.cn \
-p 10443:443 \
-p 10080:80 \
-p 23:22 \
-v /opt/openresty/nginx/keys/ishield.cn.cer:/var/opt/gitlab/nginx/keys/ishield.cn.crt \
-v /opt/openresty/nginx/keys/ishield.cn.key:/var/opt/gitlab/nginx/keys/ishield.cn.key \
-v /var/lib/docker/volumes/gitlab/_data/etc:/etc/gitlab \
-v /home/git/.ssh:/var/opt/gitlab/.ssh \
-v /etc/localtime:/etc/localtime:ro \
--ulimit sigpending=62793 --ulimit nproc=131072 \
--ulimit nofile=60000 --ulimit core=0 \
gitlab/gitlab-ce
启动完成后,进入到容器里修改配置文件/etc/gitlab/gitlab.rb
,在底部添加如下语句使用HTTPS
external_url 'https://git.ishield.cn'
gitlab_rails['gitlab_shell_ssh_port'] = 22
gitlab_rails['time_zone'] = 'Asia/Shanghai'
nginx['ssl_certificate'] = "/var/opt/gitlab/nginx/keys/ishield.cn.crt"
nginx['ssl_certificate_key'] = "/var/opt/gitlab/nginx/keys/ishield.cn.key"
nginx['redirect_http_to_https'] = true
同时将容器里的/etc/passwd
和/etc/group
文件内容拷贝到/var/lib/docker/volumes/gitlab/passwd
和/var/lib/docker/volumes/gitlab/group
,将这两个文件中用户git的uid和gid修改为宿主机git用户的uid和gid。
修改完毕后删除gitlab容器然后重新使用下面的命令启动
docker run -d \
--name=gitlab \
--restart=unless-stopped \
--hostname=git.ishield.cn \
-p 10443:443 \
-p 10080:80 \
-p 23:22 \
-v /opt/openresty/nginx/keys/ishield.cn.cer:/var/opt/gitlab/nginx/keys/ishield.cn.crt \
-v /opt/openresty/nginx/keys/ishield.cn.key:/var/opt/gitlab/nginx/keys/ishield.cn.key \
-v /var/lib/docker/volumes/gitlab/_data/etc:/etc/gitlab \
-v /var/lib/docker/volumes/gitlab/_data/log:/var/log/gitlab \
-v /var/lib/docker/volumes/gitlab/_data/data:/var/opt/gitlab \
-v /var/lib/docker/volumes/gitlab/_data/passwd:/etc/passwd:ro \
-v /var/lib/docker/volumes/gitlab/_data/group:/etc/group:ro \
-v /home/git/.ssh:/var/opt/gitlab/.ssh \
-v /etc/localtime:/etc/localtime:ro \
--ulimit sigpending=62793 --ulimit nproc=131072 \
--ulimit nofile=60000 --ulimit core=0 \
gitlab/gitlab-ce
将/home/git/.ssh/id_rsa.pub
的内容添加到/home/git/.ssh/authorized_keys
,这样git用户可以无密码登录到容器里
在宿主机上新建一个可执行文件/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell
来进行端口转发,内容如下:
#!/bin/sh
ssh -i /home/git/.ssh/id_rsa -p 23 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
增加nginx配置,注意proxy_pass处是https
server {
listen 80;
listen 443 ssl http2;
server_name git.ishield.cn;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
ssl_certificate /home/digua/projects/config/acme.sh/ishield.cn/fullchain.cer;
ssl_certificate_key /home/digua/projects/config/acme.sh/ishield.cn/ishield.cn.key;
location / {
proxy_pass https://127.0.0.1:10443;
}
}
这样设置完成之后,gitlab的地址即为https,并且可以使用22端口进行clone了。
gitlab的其他配置可参考
gitlab_rails['gitlab_ssh_host'] = '10.17.65.22'
gitlab_rails['time_zone'] = 'Asia/Shanghai'
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'admin@guoliangwu.com'
gitlab_rails['gitlab_email_display_name'] = 'Admin'
gitlab_rails['gitlab_email_reply_to'] = 'no_reply@guoliangwu.com'
gitlab_rails['gitlab_username_changing_enabled'] = false
gitlab_rails['gitlab_default_theme'] = 4
gitlab_rails['gitlab_default_projects_features_snippets'] = false
gitlab_rails['gitlab_default_projects_features_builds'] = false
gitlab_rails['gitlab_default_projects_features_container_registry'] = false
gitlab_rails['incoming_email_enabled'] = false
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.guoliangwu.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "admin@guoliangwu.com"
gitlab_rails['smtp_password'] = "xxxx"
gitlab_rails['smtp_domain'] = "guoliangwu.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['registry_enabled'] = false
unicorn['worker_processes'] = 4
sidekiq['concurrency'] = 15
postgresql['shared_buffers'] = "2GB"
prometheus['enable'] = false