Gitlab+nginx (SSL) +mysql+ruby installation configuration in CentOS6 system

Source: Internet
Author: User
Tags hash openssl socket generate ssl certificate git client iptables git clone nginx ssl
This article chooses Nginx and MySQL to cooperate with Gitlab to realize the function of Web management, data storage and so on, the difficulty of configuration is basically in Gitlab script modification, SSH secret key connection, Nginx SSL certificate and so on, the author also consumes very big strength, Combined with a lot of documents clue and many foreigners debug comment, finally finally completed, I hope to give you a chance to explore the SCM (software configuration Management) is not in the imagination so pediatrics, a lot of logic also really need to work hard investigation.
Finally I was all the way to the north, I brought salt for myself ....
Solution:
Environment deployment
Operating system centos6.3 x64
Gitlab Gitlab 6-3-stable
Gitlab Shell 1.8.0
Ruby 2.0.0p353
NGINX nginx-1.4.0
MYSQL mysql-5.6.10
Git Server (centos6.3 x64): git.example.com
Git Client (centos6.3 x64): client.example.com
Server-side configuration:
I. Preparatory work before the installation
1. Close Iptables and SELinux
# Service Iptables Stop
# Setenforce 0
# Vi/etc/sysconfig/selinux
---------------
Selinux=disabled
---------------
2. Sync Time
# ntpdate Cn.pool.ntp.org
3. Install Lnmp
Transmission door: http://www.showerlee.com/archives/73
4. Installation of the required dependency packs and tools for Gitlab
# Su-
# RPM-UVH http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-5-4.noarch.rpm
# yum-y Groupinstall ' Development Tools '
# yum-y Install vim-enhanced readline readline-devel ncurses-devel gdbm-devel glibc-devel tcl-devel openssl-devel curl-de Vel expat-devel db4-devel byacc sqlite-devel gcc-c++ libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel Libxs Lt Libxslt-devel Libicu libicu-devel system-config-firewall-tui python-devel redis sudo wget crontabs logwatch logrotate p Erl-time-hires git
5. Configure Redis
Configure Redis Boot:
# Chkconfig Redis on
# service Redis Start
6. Change the gem source (if default cannot connect)
A. Display the currently used sources
# Gem sources
B. Delete default source
# Gem Sources-r http://rubygems.org/
C. Add a source
# Gem Sources-a http://ruby.taobao.org
D. Update Source Cache
# Gem Sources-u
6. Install Ruby
A. Source code installation Ruby
Transmission door: http://www.showerlee.com/archives/1123
B. Install the bundle components:
# gem install bundler--no-ri--no-rdoc
Two. Install Gitlab shell
1. Create User git
# Su-
# adduser--system--shell/bin/bash--comment ' Gitlab '--create-home--home-dir/home/git/git
2. Configure Gitlab Shell
The Gitlab shell is a software developed specifically for Gitlab that provides SSH access and versioning.
A. Login using git account
# Su-git
B. Cloning of the Gitlab shell
# git clone https://github.com/gitlabhq/gitlab-shell.git
C. Switch to version 1.8.0 and edit the configuration
# CD Gitlab-shell
# git checkout v1.8.0
d. Copy configuration file
# CP Config.yml.example CONFIG.YML
# VI Config.yml
—————————————————————————————————————————
# Modify Gitlab_url to Gitlab's access domain name. For example, this document: https://git.example.com/
Gitlab_url: "Https://git.example.com"
# Modify Self_signed_cert to True
Self_signed_cert:true
# Add Web site SSL Certificate
Ca_file: "/usr/local/nginx/ssl/gitlab.crt"
—————————————————————————————————————————
Note: If Gitlab is using HTTP access, you will need to replace HTTPS with HTTP, self_signed_cert in the configuration file to be modified to false, or the Gitlab shell will have an error when communicating through the API and Gitlab. Error causing project push. Because SSL is used to configure the Web server later, it is configured in SSL.
In addition, the domain name of this document is the test domain name, do not forget the domain name mapping at both ends of C/S.
E. Installing some of the required directories and files
#./bin/install
5, the configuration of MySQL database (installation process described above)
A. Log on to the database
# mysql-u Root-p
B. Create a user for Gitlab
> Create user gitlab@ ' localhost ' identified by ' 123456 ';
C. Creating a database used by Gitlaba
> CREATE DATABASE IF not EXISTS ' gitlabhq_production ' DEFAULT CHARACTER SET ' UTF8 ' COLLATE ' utf8_unicode_ci ';
D. Granting Gitlab user rights
> GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER on ' gitlabhq_production '. * to ' Gitlab ' @ ' localhost ';
Three. Install Gitlab
1. Install Gitlab in Git's home directory:
# Su-git
2. Clone gitlab and switch branches to 6-3-stable
A. Cloning of Gitlab
# git clone https://github.com/gitlabhq/gitlabhq.git Gitlab
B. Switch to 6-3-stable Branch
# Cd/home/git/gitlab
# git checkout 6-3-stable
C, configure the project
A. Replication configuration files
# CP Config/gitlab.yml.example CONFIG/GITLAB.YML
B. Modifying the access domain name in the configuration file
# sed-i ' S|localhost|git.example.com|g ' config/gitlab.yml
D. Set log and TMP directory owners and permissions
# chown-r git log/
# chown-r git tmp/
# chmod-r u+rwx log/
# chmod-r u+rwx tmp/
E. Creating a Gitlab-satellites directory
# mkdir/home/git/gitlab-satellites
F. Create tmp/pids/and tmp/sockets/directories to ensure that Gitlab has the appropriate permissions
# mkdir tmp/pids/
# mkdir tmp/sockets/
# chmod-r u+rwx tmp/pids/
# chmod-r u+rwx tmp/sockets/
G. Creating a Public/uploads directory
# mkdir Public/uploads
# chmod-r u+rwx public/uploads
H. Replication Unicorn Configuration
# CP Config/unicorn.rb.example CONFIG/UNICORN.RB
I. Keep the Unicorn profile default configuration
G. Configuring Git Users and messages
# git config--global user.name "Gitlab"
# git config--global user.email "gitlab@git.example.com"
# git config--global core.autocrlf input
K. Configuring Database Access Files
# CP Config/database.yml.mysql CONFIG/DATABASE.YML
Edit Config/database.yml to set the account password for the connection database
# VI Config/database.yml
———————————————————————————————————
#
# PRODUCTION
#
Production
Adapter:mysql2
Encoding:utf8
Reconnect:false
Database:gitlabhq_production
Pool:10
Username: Gitlab
Password: " 123456"
# Host:localhost
# Socket:/tmp/mysql.sock
———————————————————————————————————
Modify the username and password on it, where the password is the password created in the database step above to create the Gitlab user.
L. Make sure that the file is read only by the GIT account.
# chmod o-rwx config/database.yml
Four. Install Gems
1. Install Charlock_holmes
# Su-
# gem install charlock_holmes--version ' 0.6.9.4 '
# exit
2. Install MySQL Package
# cd/home/git/gitlab/
# VI Gemfile
Modify https://rubygems.org to http://ruby.taobao.org 
# Bundle Install--deployment--without Development Postgres Test Puma AWS
If you report could not find modernizr-2.6.2 the sources error, no disregard:
Repair scheme:
# VI Gemfile
Search for the line gem "Modernizr", "2.6.2"
Change to: Gem "Modernizr-rails", "2.7.1"
# VI Gemfile.lock
Search for the row Modernizr (2.6.2)
Changed to: Modernizr-rails (2.7.1)
Search for the row Modernizr (= 2.6.2):
Change to: modernizr-rails (= 2.7.1)
Re-executing
# Bundle Install--deployment--without Development Postgres Test Puma AWS
3. Initialize data and activate advanced features
# Cd/home/git/gitlab
# bundle EXEC Rake Gitlab:setup rails_env=production
Upon completion of this step, a default Administrator account/password will be born:
Admin@local.host/5ivel!fe
4. Install startup scripts
# Su-
# Wget-o/etc/init.d/gitlab Https://raw.github.com/gitlabhq/gitlab-recipes/5-0-stable/init.d/gitlab
# chmod +x/etc/init.d/gitlab
5. Boot on Boot
# chkconfig--add Gitlab
# Chkconfig Gitlab on
6. Detecting Application Status
# Su-git
# CD gitlab/
# bundle EXEC Rake Gitlab:env:info rails_env=production
# exit
You can view versions and other information about the system, Ruby, Gitlab, and gitlab shells.
7. Start Gitlab Instance
# service Gitlab Start
8. View the application more detailed information
# Su-git
# CD gitlab/
# bundle EXEC Rake Gitlab:check rails_env=production
Here you will be prompted with an init script up-to-date error, as follows:
——————————————————————————————————————————————————
Init script up-to-date? .. no
Try Fixing it:
Redownload the init script
For more information:
DOC/INSTALL/INSTALLATION.MD in section "Install Init Script"
Please fix the error above and rerun the checks.
——————————————————————————————————————————————————
Check the official documentation to indicate that this issue can be ignored.
Five. Nginx Configuration
1. Configure Gitlab virtual host and SSL connection:
# cd/usr/local/nginx/conf/vhosts/
# VI Gitlab-ssl.conf
Note: First of all, thanks to the geek who provided this script, the script changes slightly on the original basis.
The place where the content is marked with a red word is where it needs to be customized.
————————————————————————————————————————————
# # Gitlab
# # Contributors:randx, yin8086, Sashkab, Orkoden, Axilleas
# # APP version:5.4-6.0
##
# # Modified from Nginx http version
# # Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
##
# # Lines starting with two hashes (#) are comments containing-information
# # for configuration. One hash (#) comments are actual configuration parameters
# # which can comment/uncomment to your liking.
##
###################################
# # SSL Configuration # #
###################################
##
# # Optimal configuration is taken from:
# # Https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
# sure to read it and understand what each option does.
##
# # [Optional] Generate a self-signed SSL certificate:
# # mkdir/etc/nginx/ssl/
# # cd/etc/nginx/ssl/
# # sudo openssl req-newkey rsa:2048-x509-nodes-days 3560-out gitlab.crt-keyout Gitlab.key
# # sudo chmod o-r gitlab.key
##
# # Edit ' gitlab-shell/config.yml ':
# # 1] Set "Gitlab_url" param in ' gitlab-shell/config.yml ' to ' https://git.example.com '
# # 2] Set "Ca_file" to '/ETC/NGINX/SSL/GITLAB.CRT '
# # 3] Set ' Self_signed_cert ' to ' true '
# # Edit ' gitlab/config/gitlab.yml ':
# # 1 Define port for HTTP ' port:443 '
# # 2-Enable https "Https:true"
# # 3] Update SSL for Gravatar "SSL_URL:HTTPS://SECURE.GRAVATAR.COM/AVATAR/%{HASH}?S=%{SIZE}&D=MM"
##
##################################
# # chunked TRANSFER # #
##################################
##
# # It is a known issue that git-over-http requires chunked transfer encoding [0]
# # which is isn't supported by Nginx < 1.3.9 [1]. As a result, pushing a large object
# # with Git (i.e. a single large file) can leads to a 411 error. In theory/can get
# # Around this by tweaking this configuration file and either:
# #-Installing an old version of Nginx with the Chunkin module [2] compiled in, or
# #-Using a newer version of Nginx.
##
# # at the ' time ' of writing we do not know if either of this theoretical solutions works. As a workaround
# # users can use Git over SSH to push large files.
##
# # [0] Https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99
# # [1] Https://github.com/agentzh/chunkin-nginx-module#status
# # [2] Https://github.com/agentzh/chunkin-nginx-module
Upstream Gitlab {
# # Uncomment If you are have set up Puma/unicorn to listen on a UNIX socket (recommended).
Server Unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
# # Uncomment if Puma/unicorn are configured to listen on a TCP port.
# # Check the port number IN/HOME/GIT/GITLAB/CONFIG/{PUMA.RB/UNICORN.RB}
# server 127.0.0.1:8080;
}
# # is a normal HTTP host which redirects all traffic to the HTTPS host.
server {
Listen *:80;
# # Replace git.example.com with your FQDN.
server_name git.example.com;
Server_tokens off;
# # This doesn ' t have to be a valid path since we are redirecting,
# # You don ' t have to change it.
Root/nowhere;
Rewrite ^ https://$server _name$request_uri Permanent;
}
server {
Listen 443 SSL;
# # Replace git.example.com with your FQDN.
server_name git.example.com;
Server_tokens off;
Root/home/git/gitlab/public;
# # Increase this if your want to upload large attachments
# # Or If you want to accept large git objects over HTTP
Client_max_body_size 20m;
# # Strong SSL Security
# # Https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
SSL on;
ssl_certificate/usr/local/nginx/ssl/gitlab.crt;
Ssl_certificate_key/usr/local/nginx/ssl/gitlab.key;
Ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Ssl_session_cache builtin:1000 shared:ssl:10m;
#add_header strict-transport-security max-age=63072000;
#add_header x-frame-options DENY;
#add_header x-content-type-options Nosniff;
# # Individual Nginx logs for this gitlab vhost
Access_log/usr/local/nginx/logs/gitlab_access.log;
Error_log/usr/local/nginx/logs/gitlab_error.log;
Location/{
# # Serve static files from defined root folder.
# # @gitlab is a named location for the upstream fallback, in the below.
Try_files $uri $uri/index.html $uri. html @gitlab;
}
# # If A file, which is isn't found in ' root folder is requested,
# # Then the proxy pass the request to the Upsteam (Gitlab Unicorn).
Location @gitlab {
# # If with https make sure you disable gzip compression
# # to be safe against breach attack.
gzip off;
# # https://github.com/gitlabhq/gitlabhq/issues/694
# # Some requests take more than seconds.
Proxy_read_timeout 300;
Proxy_connect_timeout 300;
Proxy_redirect off;
Proxy_set_header Host $http _host;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header X-forwarded-ssl on;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Proxy_set_header X-forwarded-proto $scheme;
Proxy_pass http://127.0.0.1:8080;
}
# # Enable gzip compression as per Rails guide:
# # Http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
#location ~ ^/(assets)/{
# root/home/git/gitlab/public;
# gzip_static on; # to serve pre-gzipped version
# Expires Max;
# Add_header Cache-control public;
#}
Error_page 502/502.html;
}
————————————————————————————————————
2. Add Nginx to git user group (important)
# usermod-a-G git nginx
# chmod g+rx/home/git/
3. Generate SSL Certificate
# Mkdir/usr/local/nginx/ssl
# Cd/usr/local/nginx/ssl
# OpenSSL req-new-x509-nodes-days 3560-out gitlab.crt-keyout Gitlab.key
4. Start Nginx
# service Nginx Start
5. Open Web page git.example.com
Nginx Direct Jump URL is https://git.example.com
Note: Depending on the browser this will first prompt the certificate is not trusted, because we are here to give ourselves the certificate issued, so the unofficial CA authorization, the need to authorize friends can be purchased through many other channels.
Gitlab default account password is as follows:
Admin@local.host/5ivel!fe
Client-side configuration:
Six. Upload git warehouse
1. Client Generation secret key
# cd ~
# ssh-keygen-t RSA
generate public and secret key pairs after return all the way to the
$ cat ~/.ssh/id_rsa.pub 
—————————————————————————————————————————————————
Copy and paste all the secret keys generated here into the Gitlab web SSH keys background Save
—————————————————————————————————————————————————
after uploading as figure:
2. Test SSH Connection
# Ssh-p22 Git@git.example.com
If you report the following error:
——————————————————————————————————————
PTY allocation request failed on Channel 1
/usr/bin/env:ruby:no such file or directory
Connection to git.example.com closed.
——————————————————————————————————————
Indicates that the server-side ruby environment variable is not/usr/bin/ruby in this directory
Add this soft link to the server side:
# ln-s/usr/local/ruby/bin/ruby/usr/bin/ruby
Note: If the server-side SSH custom port, you need to add the port configuration under the client ~/.ssh/config
Suppose the custom SSH port is 2222
# echo "Port 2222" >> ~/.ssh/config
3. Reconnect
# Ssh-p22 Git@git.example.com
——————————————————————————————————————
PTY allocation request failed on Channel 1
Welcome to Gitlab, anonymous!
Connection to git.example.com closed.
——————————————————————————————————————
4. Command line upload git repository
# Su-
# mkdir Testprojiect
# CD testprojiect/
# git Init
# echo "What a fucking Hello world" > Readme.txt
# git Add.
# git commit-m ' the ' a '
# git remote add Origin git@git.example.com:root/testproject.git
# Git push-u Origin Master
————————————————————————————————————————————
Counting Objects:3, done.
Writing objects:100% (3/3), 238 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (Delta 0)
To Git@git.example.com:root/testproject.git
* [New branch] Master-> Master
Branch Master set up to track remote Branch master from Origin.
————————————————————————————————————————————
Done...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.