软件版本:
| 软件 | 版本 |
|---|---|
| CentOS | 7.5 |
| GraphicsMagick | 1.3.31 |
| Git | 2.21.0 |
| Ruby | 2.5.3 |
| Go | 1.12 |
| Node.js | 10.15.2 |
| PostgreSQL | 11.2 |
| Redis | 5.0.3 |
| GitLab | 11.8.0 汉化版 |
| Nginx | 1.14.2 |
1. 安装依赖
yum -y install libicu-devel patch gcc-c++ readline-devel zlib-devel libffi-devel openssl-devel make autoconf automake libtool bison libxml2-devel libxslt-devel libyaml-devel zlib-devel openssl-devel cpio expat-devel gettext-devel curl-devel perl-ExtUtils-CBuilder perl-ExtUtils-MakeMaker make cmake pcre-devel wget bzip2 systemd-devel2. 安装 GraphicsMagick
yum -y install libpng libjpeg libpng-devel libjpeg-devel ghostscript libtiff libtiff-devel freetype freetype-devel
cd /root/src
wget https://sourceforge.net/projects/graphicsmagick/files/graphicsmagick/1.3.31/GraphicsMagick-1.3.31.tar.xz/download -O GraphicsMagick-1.3.31.tar.xz
tar xf GraphicsMagick-1.3.31.tar.xz
cd GraphicsMagick-1.3.31
./configure --prefix=/App/GraphicsMagick
make && make install
echo 'PATH=/App/GraphicsMagick/bin:$PATH' >> /etc/profile
source /etc/profile
ln -s /App/GraphicsMagick/bin/gm /bin/3. 安装 Git
查看当前 git 版本:
git --version如果 git 版本小于2.18.0,则先卸载:
rpm -e --nodeps git编译安装:
cd /root/src/
wget https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.21.0.tar.xz
tar xf git-2.21.0.tar.xz
cd git-2.21.0
./configure --prefix=/App/git
make && make install
echo 'export PATH=/App/git/bin:$PATH' >> /etc/profile
source /etc/profile
ln -s /App/git/bin/git /bin/
ln -s /App/git/bin/git-receive-pack /bin/
ln -s /App/git/bin/git-upload-pack /bin/4. 安装 Ruby
版本需求:
- Ruby 2.5.x
- 1.5.2 <= Bundler < 2.x
cd /root/src/ wget https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.3.tar.gz tar xf ruby-2.5.3.tar.gz cd ruby-2.5.3 ./configure --prefix=/App/ruby --disable-install-rdoc make && make install ln -s /App/ruby/bin/ruby /bin/ echo 'export PATH=/App/ruby/bin:$PATH' >> /etc/profile source /etc/profile gem install bundler --no-document --version '< 2'
如果服务器在中国大陆,可以修改 RubyGems 镜像提高下载速度:
gem sources --add https://gems.ruby-china.org/ --remove https://rubygems.org/5. 安装 Go
cd /root/src/
wget https://dl.google.com/go/go1.12.linux-amd64.tar.gz
tar xf go1.12.linux-amd64.tar.gz
mv go /App/
echo 'export GOROOT=/App/go' >> /etc/profile
echo 'export GOPATH=/root/code/go' >> /etc/profile
echo 'export PATH=$GOROOT/bin:$GOPATH/bin:$PATH' >> /etc/profile
source /etc/profile6. 安装 Node.js
版本需求:
- node >= v8.10.0
- yarn >= v1.10.0
cd /root/src/ wget https://nodejs.org/dist/v10.15.2/node-v10.15.2-linux-x64.tar.xz tar xf node-v10.15.2-linux-x64.tar.xz mv node-v10.15.2-linux-x64 /App/node echo 'export PATH=/App/node/bin:$PATH' >> /etc/profile source /etc/profile npm install --global yarn
7. 创建系统 git 用户
useradd -r -s /bin/bash --comment 'GitLab' -m -d /home/git git8. 安装 PostgreSQL
版本需求:至少 9.2
cd /root/src/
wget https://ftp.postgresql.org/pub/source/v11.2/postgresql-11.2.tar.bz2
tar xf postgresql-11.2.tar.bz2
cd postgresql-11.2
./configure --prefix=/App/pgsql
make && make install
cd contrib/pg_trgm
make install
useradd postgres
mkdir -p /data/pgsql
chown postgres /data/pgsql
sudo -u postgres /App/pgsql/bin/initdb -D /data/pgsql
echo 'export PATH=/App/pgsql/bin:$PATH' >> /etc/profile
source /etc/profile添加 systemd 服务管理配置 /usr/lib/systemd/system/pgsql.service:
[Unit]
Description=PostgreSQL database server
Documentation=man:postgres(1)
[Service]
Type=notify
User=postgres
ExecStart=/App/pgsql/bin/postgres -D /data/pgsql
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
KillSignal=SIGINT
TimeoutSec=0
[Install]
WantedBy=multi-user.target启动 PostgreSQL:
systemctl enable pgsql
systemctl start pgsqlShell 终端切换为 postgres 用户,登录数据库控制台:
su - postgres
psql -d template1创建数据库账号:
CREATE USER git CREATEDB PASSWORD '数据库连接密码';创建 pg_trgm 扩展:
CREATE EXTENSION IF NOT EXISTS pg_trgm;创建数据库并授权:
CREATE DATABASE gitlabhq_production OWNER git;
\qShell终端切换为 git 用户,登录数据库控制台:
exit
su - git
psql -d gitlabhq_production检查 pg_trgm 扩展 是否启用:
SELECT true AS enabled
FROM pg_available_extensions
WHERE name = 'pg_trgm'
AND installed_version IS NOT NULL;输出结果如下,表示成功启用扩展:
enabled
---------
t
(1 row)退出数据库控制台:
\q9. 安装 Redis
版本需求:至少2.8:
exit
cd /root/src/
wget http://download.redis.io/releases/redis-5.0.3.tar.gz
tar xf redis-5.0.3.tar.gz
cd redis-5.0.3
make PREFIX=/App/redis install
echo 'export PATH=/App/redis/bin:$PATH' >> /etc/profile
source /etc/profile添加 Redis 配置 /App/redis/redis.conf:
bind 127.0.0.1
protected-mode yes
port 6379
tcp-backlog 511
timeout 0
tcp-keepalive 300
daemonize yes
supervised no
pidfile /data/redis/redis.pid
loglevel warning
logfile "/data/redis/redis.log"
syslog-enabled no
databases 16
always-show-logo yes
save ""
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /data/redis
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
replica-lazy-flush no
appendonly no
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
stream-node-max-bytes 4096
stream-node-max-entries 100
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
dynamic-hz yes
aof-rewrite-incremental-fsync yes
rdb-save-incremental-fsync yes启动 Redis:
mkdir -p /data/redis
useradd -s /sbin/nologin redis
chown redis. /data/redis
sudo -u redis /App/redis/bin/redis-server /App/redis/redis.conf10. 安装 Google RE2
cd /root/src
git clone https://code.googlesource.com/re2
cd re2
make && make install11. 安装 GitLab
修改 git 家目录权限,否则访问 gitlab.socket 报权限错误:
chmod 755 /home/git切换至 git 用户 clone 代码:
su - git
git clone https://gitlab.com/xhang/gitlab.git -b 11-8-stable-zh gitlab拷贝 GitLab 配置:
cd gitlab/
cp config/gitlab.yml.example config/gitlab.yml修改 gitlab.yml 配置,将 host: localhost 修改为本机IP地址或者域名,如为域名,确保域名已做解析。
拷贝示例配置,修改权限:
cp config/secrets.yml.example config/secrets.yml
chmod 0600 config/secrets.yml
chmod -R u+rwX,go-w log/
chmod -R u+rwX tmp/
chmod -R u+rwX tmp/pids/
chmod -R u+rwX tmp/sockets/
mkdir public/uploads/
chmod 0700 public/uploads
chmod -R u+rwX builds/
chmod -R u+rwX shared/artifacts/
chmod -R ug+rwX shared/pages/
cp config/unicorn.rb.example config/unicorn.rb
cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb
git config --global core.autocrlf input
git config --global gc.auto 0
git config --global repack.writeBitmaps true
git config --global receive.advertisePushOptions true
cp config/resque.yml.example config/resque.yml修改 Redis 相关配置 config/resque.yml 段 production内容:
url: unix:/var/run/redis/redis.sock为url: redis://127.0.0.1:6379
拷贝数据库相关配置:
cp config/database.yml.postgresql config/database.yml
chmod o-rwx config/database.yml修改 config/database.yml 段 production 内容:
password: "secure password"为password: "数据库连接密码"
安装 Gems:
bundle install --deployment --without development test mysql aws kerberos如果服务器在中国大陆,可以修改 RubyGems 镜像提高下载速度:
bundle config mirror.https://rubygems.org https://gems.ruby-china.org安装 GitLab Shell:
bundle exec rake gitlab:shell:install REDIS_URL=redis://127.0.0.1:6379 RAILS_ENV=production SKIP_STORAGE_VALIDATION=true安装 GitLab-Workhorse:
bundle exec rake "gitlab:workhorse:install[/home/git/gitlab-workhorse]" RAILS_ENV=production安装 GitLab Pages:
cd /home/git
git clone https://gitlab.com/gitlab-org/gitlab-pages.git
cd gitlab-pages
make安装 Gitaly:
cd /home/git/gitlab
bundle exec rake "gitlab:gitaly:install[/home/git/gitaly,/home/git/repositories]" RAILS_ENV=production
chmod 0700 /home/git/gitlab/tmp/sockets/private检查修改 /home/git/gitaly/config.toml,若无目录 /home/git/gitaly/bin,则:
bin_dir = "/home/git/gitaly/bin"修改为bin_dir = "/home/git/gitaly"
修改 /home/git/gitlab/lib/tasks/gitlab/setup.rake:
check_gitaly_connection行首添加#注释用以跳过检查,否则可能报错:Failed to connect to Gitaly
初始化数据库并激活高级功能:
cd /home/git/gitlab
bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=root密码GITLAB_ROOT_PASSWORD 值为 GitLab 管理员 root 密码。
切换为 root 拷贝服务管理脚本:
cp /home/git/gitlab/lib/support/init.d/gitlab /etc/init.d/配置 Logrotate:
cp /home/git/gitlab/lib/support/logrotate/gitlab /etc/logrotate.d/检查应用状态:
su - git
cd gitlab/
bundle exec rake gitlab:env:info RAILS_ENV=production编译 GetText PO 文件:
bundle exec rake gettext:compile RAILS_ENV=production编译静态文件:
yarn install --production --pure-lockfile
bundle exec rake gitlab:assets:compile RAILS_ENV=production NODE_ENV=production12. 安装 Nginx
exit
cd /root/src/
wget http://nginx.org/download/nginx-1.14.2.tar.gz
tar xf nginx-1.14.2.tar.gz
cd nginx-1.14.2
./configure --prefix=/App/nginx --with-http_stub_status_module --with-http_gzip_static_module --with-http_ssl_module --with-http_realip_module
make && make install
useradd -s /sbin/nologin nginx修改 Nginx 配置 /App/nginx/conf/nginx.conf:
user nginx nginx;
worker_processes auto;
pid logs/nginx.pid;
worker_rlimit_nofile 65536;
events
{
use epoll;
accept_mutex off;
worker_connections 65536;
}
http
{
include mime.types;
default_type text/html;
charset UTF-8;
server_names_hash_bucket_size 128;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
client_max_body_size 20m;
open_file_cache max=65536 inactive=60s;
open_file_cache_valid 80s;
open_file_cache_min_uses 1;
sendfile on;
server_tokens off;
keepalive_timeout 60;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 64k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
upstream gitlab-workhorse
{
server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
}
map $http_upgrade $connection_upgrade_gitlab
{
default upgrade;
'' close;
}
log_format gitlab_access $remote_addr - $remote_user [$time_local] "$request_method $gitlab_filtered_request_uri $server_protocol" $status $body_bytes_sent "$gitlab_filtered_http_referer" "$http_user_agent";
map $request_uri $gitlab_temp_request_uri_1
{
default $request_uri;
~(?i)^(?.*)(?[\?&]private[\-_]token)=[^&]*(?.*)$ "$start$temp=[FILTERED]$rest";
}
map $gitlab_temp_request_uri_1 $gitlab_temp_request_uri_2
{
default $gitlab_temp_request_uri_1;
~(?i)^(?.*)(?[\?&]authenticity[\-_]token)=[^&]*(?.*)$ "$start$temp=[FILTERED]$rest";
}
map $gitlab_temp_request_uri_2 $gitlab_filtered_request_uri
{
default $gitlab_temp_request_uri_2;
~(?i)^(?.*)(?[\?&]feed[\-_]token)=[^&]*(?.*)$ "$start$temp=[FILTERED]$rest";
}
map $http_referer $gitlab_filtered_http_referer
{
default $http_referer;
~^(?.*)\? $temp;
}
server
{
listen 0.0.0.0:80 default_server;
listen [::]:80 default_server;
server_name gitlab.songsong.me;
server_tokens off;
real_ip_header X-Real-IP;
real_ip_recursive off;
access_log /data/logs/nginx/access.log gitlab_access;
error_log /data/logs/nginx/error.log;
location /
{
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade_gitlab;
proxy_pass http://gitlab-workhorse;
}
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
location ~ ^/(404|422|500|502|503)\.html$
{
root /home/git/gitlab/public;
internal;
}
}
} 启动 Nginx:
mkdir -p /data/logs/nginx
chown nginx. /data/logs/nginx
/App/nginx/sbin/nginx13. SMTP 配置
复制 smtp 示例配置:
su - git
cd gitlab
cp config/initializers/smtp_settings.rb.sample config/initializers/smtp_settings.rb修改 config/initializers/smtp_settings.rb {} 内设置:
address: "smtp.exmail.qq.com",
port: 465,
user_name: "邮箱账号",
password: "邮箱密码",
domain: "exmail.qq.com",
authentication: :login,
enable_starttls_auto: true,
tls: true,
openssl_verify_mode: 'none'14. 启动 GitLab
exit
/etc/init.d/gitlab start15. 二次检查应用状态
su - git
cd gitlab
bundle exec rake gitlab:check RAILS_ENV=production所有项目检查结果显示绿色,表示安装成功。