系统版本
[root@localhost ~]# cat /etc/redhat-release
Red Hat Enterprise Linux release 9.1 (Plow)
gitlab包位置
https://mirrors.tuna.tsinghua.edu.cn/gitlab-ee/yum/el9/gitlab-ee-16.7.2-ee.0.el9.x86_64.rpm
关闭防火墙
[root@localhost data]# systemctl stop firewalld
[root@localhost data]# systemctl disable firewalld
[root@localhost data]# getenforce
Enforcing
[root@localhost data]# setenforce 0
[root@localhost data]# getenforce
Permissive
[root@localhost data]# vim /etc/selinux/config
[root@localhost data]# cat /etc/selinux/config |grep -v '#'|grep 'SELINUX='
SELINUX=disabled
安装gitlab
[root@localhost data]# yum -y install gitlab-ee-16.7.2-ee.0.el9.x86_64.rpm
许可证生成
ruby安装
[root@localhost data]# yum -y install ruby.x86_64
查看ruby版本
ruby -v
安装gitlab-license
gem install gitlab-license
创建生成ruby证书的源文件 license.rb
require "openssl"
require "gitlab/license"
key_pair = OpenSSL::PKey::RSA.generate(2048)
File.open("license_key", "w") { |f| f.write(key_pair.to_pem) }
public_key = key_pair.public_key
File.open("license_key.pub", "w") { |f| f.write(public_key.to_pem) }
private_key = OpenSSL::PKey::RSA.new File.read("license_key")
Gitlab::License.encryption_key = private_key
license = Gitlab::License.new
license.licensee = {
"Name" => "none",
"Company" => "none",
"Email" => "[email protected]",
}
license.starts_at = Date.new(2020, 1, 1)
license.expires_at = Date.new(2050, 1, 1)
license.notify_admins_at = Date.new(2049, 12, 1)
license.notify_users_at = Date.new(2049, 12, 1)
license.block_changes_at = Date.new(2050, 1, 1)
license.restrictions = {
active_user_count: 10000,
}
puts "License:"
puts license
data = license.export
puts "Exported license:"
puts data
File.open("GitLabBV.gitlab-license", "w") { |f| f.write(data) }
public_key = OpenSSL::PKey::RSA.new File.read("license_key.pub")
Gitlab::License.encryption_key = public_key
data = File.read("GitLabBV.gitlab-license")
$license = Gitlab::License.import(data)
puts "Imported license:"
puts $license
unless $license
raise "The license is invalid."
end
if $license.restricted?(:active_user_count)
active_user_count = 10000
if active_user_count > $license.restrictions[:active_user_count]
raise "The active user count exceeds the allowed amount!"
end
end
if $license.notify_admins?
puts "The license is due to expire on #{$license.expires_at}."
end
if $license.notify_users?
puts "The license is due to expire on #{$license.expires_at}."
end
module Gitlab
class GitAccess
def check(cmd, changes = nil)
if $license.block_changes?
return build_status_object(false, "License expired")
end
end
end
end
puts "This instance of GitLab Enterprise Edition is licensed to:"
$license.licensee.each do |key, value|
puts "#{key}: #{value}"
end
if $license.expired?
puts "The license expired on #{$license.expires_at}"
elsif $license.will_expire?
puts "The license will expire on #{$license.expires_at}"
else
puts "The license will never expire."
end
生成证书
[root@localhost data]# ruby license.rb
License:
#
Exported license:
eyJkYXRhIjoiT0FKSDd6Mmw1S2k1Z3pWb2FJN0E5YSt1ZlE0bkxmN3JtOVQ1
bm5BVkozc29pVXN0cHNwYzdWUmN4amNyXG54dkR3QURDWkRQLzdpandMWFM0
SEozY0FYRVFHakNLbWNNaUxYQXFtanJtVitzZ0pnOGlQY1FCdlo0OUpcblpS
VjU0NkNTWEdQL1kzc081MkU5dGF3dHY1VS9YanNkbzdBczFWNmd2SittelNm
MVowRWZNaHExd0x4V1xuZEFCdk9aUklaOUM0V0xaZjk0SXRDalNjMnVFTk5H
ZkhVWDljZUxhR05wZnpMMlRLRTE3a3ZIc0xIcVdvXG5WVGEyTk83L04xVGt0
UDljTFcwOFNVRUJBZEJlK25adnBEaXNWV3JadC94UXBUVXZSV1kwcUFDU01z
NHNcbmxBYWZabWVCdFoyZUx6bnNUZW1XVnNkUDJjNDh5RTRjaGVMNUU0U3RF
V1N4cmV5bUZGam91QTlRTkF0N1xuRzBLNlV0U2MwZnRmUDNtMXpua29XQlFk
a29nNnN6dERQRTVodC9MN0lGY2txZzZ2OHc4NStlT0RRY0Y3XG4yZDZyaDZO
T1JMeWhGankwQ1Q5b1R5UDJma3VidUxtZjRjaDMrK2xaekMyT2hDdndvOG9p
SE9iSnhqRHRcbitIdGtjTXNEbTZJaFlydjlvcmliWWhNa3RabFVxNHlQRWF1
Ym5YM2k2SDZENVQ3UGRwWDhOUmNPR0VZM1xuQm04SlpDQk1HTThudUREbXY4
L2l6ZDBtczF0ajRrUm1OMnE1T3BOQzdjTVJybUw2YWU3ek9STmdMOWo1XG40
eDNDSWpzWFVXaDFMVmtvSmZqS2ZKVHlObkZneGl6dzg2RUVnMFo2R3VZR1Bj
eUFLL0YzVDRaMHpocEtcbkNRclE5Sy9FLzFQYW16UWlmcDY1UlorVlJlTTlk
ZlArdmVCRGh4V3JPRVpDXG4iLCJrZXkiOiJxeGxZMXNwWVpEMWtlOEk5ZkxY
RFBXdTRjVTBhVm0zaHhPR3VPVit2aWRrc2liT05kd1JGbFlEN1J4cEVcbmZk
L0pmMjRiVmgwWTV0dW8zVkNXTHlRTVRuSFVIa2h5SVV1aGhHNkNCZGQ5aW1O
YkVFYzFESE5ZN3N1NVxuR3lQeWNUSkxIZGxlVjRSUzIvV3VLQkwxRFcwYnRO
NmxCMGJXME5XNjdDWFRteXlFWnQ1bFdBMWtsQ1krXG5xcmRrUzZObW43cTdV
WjNxK0ZJang5Y3pld281S3lCQ2RFbUxGRG5EL2t2a1pEQlMyTTRJTC9MaTAz
dDVcbjAwMlhsb2dTSXFPM1VubGM1TUV4WkMrdnVHNGFNYVFtT29pdUhXbmhq
UVBRb3BlQlBZdENSTTJZRk9oblxuUTIyVVRMdndIUXpERDVaV08rZ2M2MURP
bTBzWWMwNlYvazcyYTZRMjF3PT1cbiIsIml2IjoiMzdGVWxtT2dkZ09ic0Nr
eVFqMk5Pdz09XG4ifQ==
Imported license:
#
This instance of GitLab Enterprise Edition is licensed to:
Name: none
Company: none
Email: [email protected]
The license will expire on 2050-01-01
生成的三个文件,GitLabBV.gitlab-license为许可证
GitLabBV.gitlab-license license_key license_key.pub
使用许可证
cp license_key.pub /opt/gitlab/embedded/service/gitlab-rails/.license_encryption_key.pub
重启gitlab加载许可证
gitlab-ctl restart
修改证书等级
vi /opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb
# 将
# restricted_attr(:plan).presence || STARTER_PLAN
# 替换成
# restricted_attr(:plan).presence || ULTIMATE_PLAN
重新加载配置
gitlab-ctl reconfigure
账密及登陆
初始账密,账户为root
cat /etc/gitlab/initial_root_password
密码更改
命令行密码更改
# cd /opt/gitlab/bin
# gitlab-rails console
[root@localhost ~]# gitlab-rails console
--------------------------------------------------------------------------------
Ruby: ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [x86_64-linux]
GitLab: 15.7.2 (a72992de385) FOSS
GitLab Shell: 14.14.0
PostgreSQL: 13.8
------------------------------------------------------------[ booted in 30.12s ]
Loading production environment (Rails 6.1.6.1)
irb(main):001:0> u=User.where(id:1).first
=> #
irb(main):002:0> User.all
=> #]>
irb(main):003:0> u.password='ghx778899'
=> "ghx778899"
irb(main):004:0> u.password_confirmation='ghx778899'
=> "ghx778899"
irb(main):005:0> u.save!
=> true
irb(main):006:0> exit
页面更改密码
http://192.168.73.150/-/profile/password/edit
填写旧密码,新密码,新密码确认,Save password
登陆gitlab,并上传许可证
http://192.168.73.30/admin/application_settings/general
Add License ➔ Expand ➔ 选择上面的 GitLabBV.gitlab-license 然后上传(Add license) ➔ 勾选服务条款 ➔ 点击 添加许可证
查看激活信息
http://192.168.73.30/admin/subscription
页面设置为中文
http://192.168.73.150/-/profile/preferences
Localization ➔ Language ➔ 简体中文 ➔ Save changes
关闭任意注册功能
http://192.168.73.30/admin/application_settings/general
注册限制 ➔ 已启用注册功能(勾选框去掉) ➔ 保存更改
更改项目中使用git push或者pull 指向的地址
vi /etc/gitlab/gitlab.rb
将 external_url 'http://gitlab.example.com'
改为 external_url 'http://192.168.73.30'
启用https
配置加密认证文件
输入的密码为: KDJF*lkskd_234KDKlk55
# openssl genrsa -des3 -out nginx.key 2048 #实际使用中看服务器性能,如果足够好也可以使用4096位秘钥
Generating RSA private key, 1024 bit long modulus
.......++++++
...++++++
e is 65537 (0x10001)
Enter pass phrase for nginx.key: #输入密码,自定义,不少于4个字符
Verifying - Enter pass phrase for nginx.key: #确认密码
# openssl req -new -key nginx.key -out nginx.csr
Enter pass phrase for nginx.key: #输入刚刚创建的密码
# openssl rsa -in nginx.key -out nginx_nopass.key
Enter pass phrase for nginx.key: #之前RSA秘钥创建时的密码
writing RSA key
# openssl x509 -req -days 3650 -in nginx.csr -signkey nginx.key -out nginx.crt
Signature ok
subject=/C=CN/ST=ShangHai/L=ShangHai/O=ACBC/OU=Tech/CN=*.mydomain.com/[email protected]
Getting Private key
Enter pass phrase for nginx.key: #RSA创建时的密码
# ls
nginx.crt nginx.csr nginx.key nginx_nopass.key
配置gitlab配置文件
[root@localhost data]# cp nginx* /etc/gitlab/
[root@localhost data]# ll /etc/gitlab/nginx*
-rw-r--r--. 1 root root 1115 1月 12 19:35 /etc/gitlab/nginx.crt
-rw-r--r--. 1 root root 952 1月 12 19:35 /etc/gitlab/nginx.csr
-rw-------. 1 root root 1854 1月 12 19:35 /etc/gitlab/nginx.key
-rw-------. 1 root root 1704 1月 12 19:35 /etc/gitlab/nginx_nopass.key
[root@localhost data]# chmod 755 /etc/gitlab/nginx*
[root@localhost data]# vim /etc/gitlab/gitlab.rb
external_url 'https://192.168.73.30'
nginx['ssl_certificate'] = "/etc/gitlab/nginx.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/nginx_nopass.key"
重新配置gitlab
[root@localhost data]# gitlab-ctl reconfigure
重新访问gitlab
gitlab新地址:
https://192.168.73.30
gitlab操作
gitlab状态查看: gitlab-ctl status
gitlab启动: gitlab-ctl start
gitlab停止: gitlab-ctl stop
gitlab重启: gitlab-ctl restart
gitlab重新加载配置文件: gitlab-ctl reconfigure