江哥架构师笔记修改默认ssh端口:如果ssh端口修改了,修改下面的,然后重启服务
[git@localhost ~/gitlab/config]$vim gitlab.yml 263 ssh_port: 2xxxx
=========================
1、二级域名设置
这个是在阿里云的后台设置,增加一个二级域名:git.andblog.cn专门为gitlab用
2、为git.andblog.cn域名申请https证书,这里申请的时候要注意可以通过域名访问到-w设置的目录下面的页面文件
[root@localhost /data/script/letsencrypt]#./letsencrypt-auto certonly --webroot -w /web/ -d andblog.cn -d git.andblog.cn Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap) Creating virtual environment... Installing Python packages... Installation succeeded. Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: http-01 challenge for andblog.cn http-01 challenge for git.andblog.cn Using the webroot path /web for all unmatched domains. Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/andblog.cn-0001/fullchain.pem. Your cert will expire on 2017-10-02. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew *all* of your certificates, run "letsencrypt-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
3、gitlab正常安装
4、将gitlab的头像使用关闭,因为请求的链接为http协议
[git@localhost ~/gitlab/config]$vim gitlab.yml 123 gravatar: 124 enabled: false # Use user avatar image from Gravatar.com (default : true)
5、nginx配置https
[root@localhost /usr/local/nginx/conf/conf.d]#cat git.andblog.cn.conf
server {
listen 80;
server_name git.andblog.cn;
return 301 https://$server_name$request_uri;
}
upstream gitlab {
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0;
}
server {
listen 443 ssl;
server_name git.andblog.cn; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
root /home/git/gitlab/public;
## Increase this if you want to upload large attachments
## Or if you want to accept large git objects over http
client_max_body_size 100m;
ssl_certificate /etc/letsencrypt/live/andblog.cn-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/andblog.cn-0001/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparams.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
## Individual nginx logs for this GitLab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
## Serve static files from defined root folder.
## @gitlab is a named location for the upstream fallback, see below.
try_files $uri $uri/index.html $uri.html @gitlab;
}
## If a file, which is not found in the root folder is requested,
## then the proxy passes the request to the upsteam (gitlab unicorn).
location @gitlab {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab;
}
## Enable gzip compression as per rails guide:
## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
## WARNING: If you are using relative urls remove the block below
## See config/application.rb under "Relative url support" for the list of
## other files that need to be changed for relative url support
location ~ ^/(assets)/ {
root /home/git/gitlab/public;
gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
}
error_page 502 /502.html;
}
到这里就可以通过https来进行访问了,但是推送的提示仍然是http,需要修改配置文件
6、设置gitlab配置文件,改为https的设置
[git@localhost ~/gitlab/config]$vim gitlab.yml 12 production: &base 13 # 14 # 1. GitLab app settings 15 # ========================== 16 17 ## GitLab settings 18 gitlab: 19 ## Web server settings (note: host is the FQDN, do not include http://) 20 host: git.andblog.cn 21 port: 443 # Set to 443 if using HTTPS, see installation.md#using-https for additi onal HTTPS configuration details 22 https: true # Set to true if using HTTPS, see installation.md#using-https for add itional HTTPS configuration details
7、重启nginx和gitlab服务
[root@localhost ~]#service gitlab restart [root@localhost ~]#service nginx restart
8、到这里就设置好了,包括邮件发送里面都是https
9、当ssh的端口不是默认的22号端口,下面是推送示例
[root@localhost ~/lnmpr]#git config --global user.name "Administrator" [root@localhost ~/lnmpr]#git config --global user.email "contact@andblog.cn" ======================================== mkdir abc cd abc git init touch README.md git add README.md git commit -m "first commit" git remote add origin ssh://git@git.andblog.cn:2222/root/abc.git git push -u origin master ======================================= mkdir abc cd abc git init touch README.md git add README.md git commit -m "first commit" git remote add origin https://git.andblog.cn/root/abc.git git push -u origin master ==========================================
–
–
–
评论前必须登录!
注册