使用docker安装gitlab并转发22端口
首先,在宿主机上新建一个git用户,使用id git记录下git用户的uid和gid。
然后使用如下的命令安装gitlab
docker run -d \--name=gitlab \--restart=unless-stopped \--hostname=git.ishield.cn \-p 10443:443 \-p 10080:80 \-p 23:22 \-v /opt/openresty/nginx/keys/ishield.cn.cer:/var/opt/gitlab/nginx/keys/ishield.cn.crt \-v /opt/openresty/nginx/keys/ishield.cn.key:/var/opt/gitlab/nginx/keys/ishield.cn.key \-v /var/lib/docker/volumes/gitlab/_data/etc:/etc/gitlab \-v /home/git/.ssh:/var/opt/gitlab/.ssh \-v /etc/localtime:/etc/localtime:ro \--ulimit sigpending=62793 --ulimit nproc=131072 \--ulimit nofile=60000 --ulimit core=0 \gitlab/gitlab-ce
启动完成后,进入到容器里修改配置文件/etc/gitlab/gitlab.rb,在底部添加如下语句使用HTTPS
external_url 'https://git.ishield.cn'gitlab_rails['gitlab_shell_ssh_port'] = 22gitlab_rails['time_zone'] = 'Asia/Shanghai'nginx['ssl_certificate'] = "/var/opt/gitlab/nginx/keys/ishield.cn.crt"nginx['ssl_certificate_key'] = "/var/opt/gitlab/nginx/keys/ishield.cn.key"nginx['redirect_http_to_https'] = true
同时将容器里的/etc/passwd和/etc/group文件内容拷贝到/var/lib/docker/volumes/gitlab/passwd和/var/lib/docker/volumes/gitlab/group,将这两个文件中用户git的uid和gid修改为宿主机git用户的uid和gid。
修改完毕后删除gitlab容器然后重新使用下面的命令启动
docker run -d \--name=gitlab \--restart=unless-stopped \--hostname=git.ishield.cn \-p 10443:443 \-p 10080:80 \-p 23:22 \-v /opt/openresty/nginx/keys/ishield.cn.cer:/var/opt/gitlab/nginx/keys/ishield.cn.crt \-v /opt/openresty/nginx/keys/ishield.cn.key:/var/opt/gitlab/nginx/keys/ishield.cn.key \-v /var/lib/docker/volumes/gitlab/_data/etc:/etc/gitlab \-v /var/lib/docker/volumes/gitlab/_data/log:/var/log/gitlab \-v /var/lib/docker/volumes/gitlab/_data/data:/var/opt/gitlab \-v /var/lib/docker/volumes/gitlab/_data/passwd:/etc/passwd:ro \-v /var/lib/docker/volumes/gitlab/_data/group:/etc/group:ro \-v /home/git/.ssh:/var/opt/gitlab/.ssh \-v /etc/localtime:/etc/localtime:ro \--ulimit sigpending=62793 --ulimit nproc=131072 \--ulimit nofile=60000 --ulimit core=0 \gitlab/gitlab-ce
将/home/git/.ssh/id_rsa.pub的内容添加到/home/git/.ssh/authorized_keys,这样git用户可以无密码登录到容器里
在宿主机上新建一个可执行文件/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell来进行端口转发,内容如下:
#!/bin/shssh -i /home/git/.ssh/id_rsa -p 23 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
增加nginx配置,注意proxy_pass处是https
server {listen 80;listen 443 ssl http2;server_name git.ishield.cn;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;ssl_certificate /home/digua/projects/config/acme.sh/ishield.cn/fullchain.cer;ssl_certificate_key /home/digua/projects/config/acme.sh/ishield.cn/ishield.cn.key;location / {proxy_pass https://127.0.0.1:10443;}}
这样设置完成之后,gitlab的地址即为https,并且可以使用22端口进行clone了。
gitlab的其他配置可参考
gitlab_rails['gitlab_ssh_host'] = '10.17.65.22'gitlab_rails['time_zone'] = 'Asia/Shanghai'gitlab_rails['gitlab_email_enabled'] = truegitlab_rails['gitlab_email_from'] = 'admin@guoliangwu.com'gitlab_rails['gitlab_email_display_name'] = 'Admin'gitlab_rails['gitlab_email_reply_to'] = 'no_reply@guoliangwu.com'gitlab_rails['gitlab_username_changing_enabled'] = falsegitlab_rails['gitlab_default_theme'] = 4gitlab_rails['gitlab_default_projects_features_snippets'] = falsegitlab_rails['gitlab_default_projects_features_builds'] = falsegitlab_rails['gitlab_default_projects_features_container_registry'] = falsegitlab_rails['incoming_email_enabled'] = falsegitlab_rails['smtp_enable'] = truegitlab_rails['smtp_address'] = "smtp.guoliangwu.com"gitlab_rails['smtp_port'] = 465gitlab_rails['smtp_user_name'] = "admin@guoliangwu.com"gitlab_rails['smtp_password'] = "xxxx"gitlab_rails['smtp_domain'] = "guoliangwu.com"gitlab_rails['smtp_authentication'] = "login"gitlab_rails['smtp_enable_starttls_auto'] = truegitlab_rails['smtp_tls'] = truegitlab_rails['registry_enabled'] = falseunicorn['worker_processes'] = 4sidekiq['concurrency'] = 15postgresql['shared_buffers'] = "2GB"prometheus['enable'] = false
