1, 安装依赖
yum -y install libicu-devel patch gcc-c++ readline-devel zlib-devel libffi-devel openssl-devel make autoconf automake libtool bison libxml2-devel libxslt-devel libyaml-devel zlib-devel openssl-devel cpio expat-devel gettext-devel curl-devel perl-ExtUtils-CBuilder perl-ExtUtils-MakeMaker make cmake pcre-devel wget bzip2 systemd-devel
2. 安装GraphicsMagick
1 yum -y install libpng libjpeg libpng-devel libjpeg-devel ghostscript libtiff libtiff-devel freetype freetype-devel 2 cd /root/src 3 wget https://sourceforge.net/projects/graphicsmagick/files/graphicsmagick/1.3.31/GraphicsMagick-1.3.31.tar.xz/download -O GraphicsMagick-1.3.31.tar.xz 4 tar xf GraphicsMagick-1.3.31.tar.xz 5 cd GraphicsMagick-1.3.31 6 ./configure --prefix=/App/GraphicsMagick 7 make && make install 8 echo 'PATH=/App/GraphicsMagick/bin:$PATH' >> /etc/profile 9 source /etc/profile 10 ln -s /App/GraphicsMagick/bin/gm /bin/
3. 安装 Git
查看当前git版本:
git --version
如果git版本小于2.18.0, 则先卸载:
rpm -e --nodeps git
编译安装:
cd /root/src wget https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.21.0.tar.xz tar xf git-2.21.0.tar.xz cd git-2.21.0 ./configure --prefix=/App/git make && make install echo 'export PATH=/App/git/bin:$PATH' >> /etc/profile source /etc/profile ln -s /App/git/bin/git /bin/ ln -s /App/git/bin/git-receive-pack /bin/ ln -s /App/git/bin/git-upload-pack /bin/
4. 安装Ruby
版本需求:
- Ruby 2.5.X
- 1.5.2 <= Bundler < 2.x
cd /root/src/ wget https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.3.tar.gz tar xf ruby-2.5.3.tar.gz cd ruby-2.5.3 ./configure --prefix=/App/ruby --disable-install-rdoc make && make install ln -s /App/ruby/bin/ruby /bin/ echo 'export PATH=/App/ruby/bin:$PATH' >> /etc/profile source /etc/profile gem install bundler --no-document --version '< 2'
5. 安装 Go
cd /root/src/ wget https://dl.google.com/go/go1.12.linux-amd64.tar.gz tar xf go1.12.linux-amd64.tar.gz mv go /App/ echo 'export GOROOT=/App/go' >> /etc/profile echo 'export GOPATH=/root/code/go' >> /etc/profile echo 'export PATH=$GOROOT/bin:$GOPATH/bin:$PATH' >> /etc/profile source /etc/profile
6. 安装 Node.js
版本需求:
- node >= v8.10.0
- yarn >= v1.10.0
cd /root/src/ wget https://nodejs.org/dist/v10.15.2/node-v10.15.2-linux-x64.tar.xz tar xf node-v10.15.2-linux-x64.tar.xz mv node-v10.15.2-linux-x64 /App/node echo 'export PATH=/App/node/bin:$PATH' >> /etc/profile source /etc/profile npm install --global yarn
7. 创建系统git用户
useradd -r -s /bin/bash --comment 'GitLab' -m -d /home/git git
8. 安装mysql 安装步骤略,可以看我前面的文章
创建数据库账号:
CREATE USER 'git'@'localhost' IDENTIFIED BY '$password';
SET storage_engine=INNODB # 如果不行 SET default_storage_engine=INNODB
SET GLOBAL innodb_file_per_table=1, innodb_file_format=Barracuda, innodb_large_prefix=1;
SET GLOBAL log_bin_trust_function_creators = 1;
CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_general_ci`;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, CREATE TEMPORARY TABLES, DROP, INDEX, ALTER, LOCK TABLES, REFERENCES, TRIGGER ON `gitlabhq_production`.* TO 'git'@'localhost';
测试能否登录:
sudo -u git -H mysql -u git -p -D gitlabhq_production
9. 安装Redis
版本需求: 至少 2.8:
使用root用户
cd /root/src/ wget http://download.redis.io/releases/redis-5.0.3.tar.gz tar xf redis-5.0.3.tar.gz cd redis-5.0.3 make PREFIX=/App/redis install echo 'export PATH=/App/redis/bin:$PATH' >> /etc/profile source /etc/profile
添加redis配置:/App/redis/redis.conf
1 bind 127.0.0.1 2 protected-mode yes 3 port 6379 4 tcp-backlog 511 5 timeout 0 6 tcp-keepalive 300 7 daemonize yes 8 supervised no 9 pidfile /data/redis/redis.pid 10 loglevel warning 11 logfile "/data/redis/redis.log" 12 syslog-enabled no 13 databases 16 14 always-show-logo yes 15 save "" 16 stop-writes-on-bgsave-error yes 17 rdbcompression yes 18 rdbchecksum yes 19 dbfilename dump.rdb 20 dir /data/redis 21 lazyfree-lazy-eviction no 22 lazyfree-lazy-expire no 23 lazyfree-lazy-server-del no 24 replica-lazy-flush no 25 appendonly no 26 lua-time-limit 5000 27 slowlog-log-slower-than 10000 28 slowlog-max-len 128 29 latency-monitor-threshold 0 30 notify-keyspace-events "" 31 hash-max-ziplist-entries 512 32 hash-max-ziplist-value 64 33 list-max-ziplist-size -2 34 list-compress-depth 0 35 set-max-intset-entries 512 36 zset-max-ziplist-entries 128 37 zset-max-ziplist-value 64 38 hll-sparse-max-bytes 3000 39 stream-node-max-bytes 4096 40 stream-node-max-entries 100 41 activerehashing yes 42 client-output-buffer-limit normal 0 0 0 43 client-output-buffer-limit replica 256mb 64mb 60 44 client-output-buffer-limit pubsub 32mb 8mb 60 45 hz 10 46 dynamic-hz yes 47 aof-rewrite-incremental-fsync yes 48 rdb-save-incremental-fsync yes
启动redis:
mkdir -p /data/redis useradd -s /sbin/nologin redis chown redis. /data/redis sudo -u redis /App/redis/bin/redis-server /App/redis/redis.conf
10. 安装 Google RE2 # 需要梯子
cd /root/src git clone https://code.googlesource.com/re2 cd re2 make && make install
11. 安装GitLab
修改git家目录权限, 否则访问gitlab.socket报权限错误:
chmod 755 /home/git
切换至git用户clone代码:
su - git git clone https://gitlab.com/xhang/gitlab.git -b 11-8-stable-zh gitlab
拷贝gitlab配置:
cd gitlab/
cp config/gitlab.yml.example config/gitlab.yml
修改 gitlab.yml 配置, 将 host: localhost 修改为本机IP地址或者域名,如为域名,确保域名已做解析
拷贝示例配置, 修改权限:
cp config/secrets.yml.example config/secrets.yml chmod 0600 config/secrets.yml chmod -R u+rwX,go-w log/ chmod -R u+rwX tmp/ chmod -R u+rwX tmp/pids/ chmod -R u+rwX tmp/sockets/ mkdir public/uploads/ chmod 0700 public/uploads chmod -R u+rwX builds/ chmod -R u+rwX shared/artifacts/ chmod -R ug+rwX shared/pages/ cp config/unicorn.rb.example config/unicorn.rb cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb git config --global core.autocrlf input git config --global gc.auto 0 git config --global repack.writeBitmaps true git config --global receive.advertisePushOptions true cp config/resque.yml.example config/resque.yml
修改redis相关配置 config/resque.yml 段 production 内容:
- url: unix:/var/run/redis/redis.sock 为 url: redis://127.0.0.1:6379
拷贝数据库相关配置:
cp config/database.yml.mysql config/database.yml chmod o-rwx config/database.yml
修改 config/database.yml 段 production 内容:
- password: "secure password" 为 password: "数据库连接密码"
安装 Gems:
bundle install --deployment --without development test postgres aws kerberos
安装 gitlab shell:
bundle exec rake gitlab:shell:install REDIS_URL=redis://127.0.0.1:6379 RAILS_ENV=production SKIP_STORAGE_VALIDATION=true
安装 gitlab-workhorse:
bundle exec rake "gitlab:workhorse:install[/home/git/gitlab-workhorse]" RAILS_ENV=production
安装 gitlab pages:
cd /home/git git clone https://gitlab.com/gitlab-org/gitlab-pages.git cd gitlab-pages make
安装 gitaly:
cd /home/git/gitlab bundle exec rake "gitlab:gitaly:install[/home/git/gitaly,/home/git/repositories]" RAILS_ENV=production chmod 0700 /home/git/gitlab/tmp/sockets/private
检查修改 /home/git/gitaly/config.toml 若无目录 /home/git/gitaly/bin 则:
- bin_dir = "/home/git/gitaly/bin" 修改为 bin_dir = "/home/git/gitaly"
修改 /home/git/gitlab/lib/tasks/gitlab/setup.rake:
- check_gitaly_connection 行首添加 # 注释用以跳过检查, 否则可能报错: Failed to connect to gitaly
初始化数据库并激活高级功能:
cd /home/git/gitlab
bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=root密码
GITLAB_ROOT_PASSWORD 值为gitlab管理员root密码!!!
切换为root拷贝服务管理脚本:
cp /home/git/gitlab/lib/support/init.d/gitlab /etc/init.d/
配置logrotate:
cp /home/git/gitlab/lib/support/logrotate/gitlab /etc/logrotate.d/
检查应用状态:
su - git cd gitlab/ bundle exec rake gitlab:env:info RAILS_ENV=production
编译gettext po 文件:
bundle exec rake gettext:compile RAILS_ENV=production
编译静态文件:
yarn install --production --pure-lockfile bundle exec rake gitlab:assets:compile RAILS_ENV=production NODE_ENV=production
安装NGINX:
exit cd /root/src/ wget http://nginx.org/download/nginx-1.14.2.tar.gz tar xf nginx-1.14.2.tar.gz cd nginx-1.14.2 ./configure --prefix=/App/nginx --with-http_stub_status_module --with-http_gzip_static_module --with-http_ssl_module --with-http_realip_module make && make install useradd -s /sbin/nologin nginx
修改NGINX配置 /App/nginx/conf/nginx.conf:
1 user nginx nginx; 2 worker_processes auto; 3 4 pid logs/nginx.pid; 5 worker_rlimit_nofile 65536; 6 7 events 8 { 9 use epoll; 10 accept_mutex off; 11 worker_connections 65536; 12 } 13 14 http 15 { 16 include mime.types; 17 default_type text/html; 18 19 charset UTF-8; 20 server_names_hash_bucket_size 128; 21 client_header_buffer_size 4k; 22 large_client_header_buffers 4 32k; 23 client_max_body_size 20m; 24 25 open_file_cache max=65536 inactive=60s; 26 open_file_cache_valid 80s; 27 open_file_cache_min_uses 1; 28 29 sendfile on; 30 server_tokens off; 31 32 keepalive_timeout 60; 33 34 gzip on; 35 gzip_min_length 1k; 36 gzip_buffers 4 64k; 37 gzip_http_version 1.1; 38 gzip_comp_level 2; 39 gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; 40 41 upstream gitlab-workhorse 42 { 43 server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0; 44 } 45 46 map $http_upgrade $connection_upgrade_gitlab 47 { 48 default upgrade; 49 '' close; 50 } 51 52 log_format gitlab_access $remote_addr - $remote_user [$time_local] "$request_method $gitlab_filtered_request_uri $server_protocol" $status $body_bytes_sent "$gitlab_filtered_http_referer" "$http_user_agent"; 53 54 map $request_uri $gitlab_temp_request_uri_1 55 { 56 default $request_uri; 57 ~(?i)^(?.*)(? [\?&]private[\-_]token)=[^&]*(? .*)$ "$start$temp=[FILTERED]$rest"; 58 } 59 60 map $gitlab_temp_request_uri_1 $gitlab_temp_request_uri_2 61 { 62 default $gitlab_temp_request_uri_1; 63 ~(?i)^(? .*)(? [\?&]authenticity[\-_]token)=[^&]*(? .*)$ "$start$temp=[FILTERED]$rest"; 64 } 65 66 map $gitlab_temp_request_uri_2 $gitlab_filtered_request_uri 67 { 68 default $gitlab_temp_request_uri_2; 69 ~(?i)^(? .*)(? [\?&]feed[\-_]token)=[^&]*(? .*)$ "$start$temp=[FILTERED]$rest"; 70 } 71 72 map $http_referer $gitlab_filtered_http_referer 73 { 74 default $http_referer; 75 ~^(? .*)\? $temp; 76 } 77 78 server 79 { 80 listen 0.0.0.0:80 default_server; 81 listen [::]:80 default_server; 82 server_name gitlab.songsong.me; 83 server_tokens off; 84 85 real_ip_header X-Real-IP; 86 real_ip_recursive off; 87 88 access_log /data/logs/nginx/access.log gitlab_access; 89 error_log /data/logs/nginx/error.log; 90 91 location / 92 { 93 client_max_body_size 0; 94 gzip off; 95 96 proxy_read_timeout 300; 97 proxy_connect_timeout 300; 98 proxy_redirect off; 99 100 proxy_http_version 1.1; 101 102 proxy_set_header Host $http_host; 103 proxy_set_header X-Real-IP $remote_addr; 104 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 105 proxy_set_header X-Forwarded-Proto $scheme; 106 proxy_set_header Upgrade $http_upgrade; 107 proxy_set_header Connection $connection_upgrade_gitlab; 108 109 proxy_pass http://gitlab-workhorse; 110 } 111 112 error_page 404 /404.html; 113 error_page 422 /422.html; 114 error_page 500 /500.html; 115 error_page 502 /502.html; 116 error_page 503 /503.html; 117 118 location ~ ^/(404|422|500|502|503)\.html$ 119 { 120 root /home/git/gitlab/public; 121 internal; 122 } 123 } 124 }
启动NGINX:
mkdir -p /data/logs/nginx chown nginx. /data/logs/nginx /App/nginx/sbin/nginx
13. SMTP配置
复制smtp示例配置:
su - git cd gitlab cp config/initializers/smtp_settings.rb.sample config/initializers/smtp_settings.rb
修改config/initializers/smtp_settings.rb {} 内的设置:
1 address: "smtp.exmail.qq.com", 2 port: 465, 3 user_name: "邮箱账号", 4 password: "邮箱密码", 5 domain: "exmail.qq.com", 6 authentication: :login, 7 enable_starttls_auto: true, 8 tls: true, 9 openssl_verify_mode: 'none'
14. 启动gitlab
exit
/etc/init.d/gitlab start
15. 二次检查应用状态
su - git cd gitlab bundle exec rake gitlab:check RAILS_ENV=production
所有项目检查结果显示绿色,表示安装成功.