Enterprise-level GitLab repository Environment Construction

Source: Internet
Author: User
Tags modulus net domain

Enterprise-level GitLab repository Environment Construction

1. gitlab Introduction
2. install and configure gitlab
2.1 Introduction to the experiment environment
2.2 change the warehouse storage location
2.3 enable https access
2.4 enable the SMTP service
3. basic use of GitLab
4. backup and recovery
5. Summary

1. gitlab Introduction

GitLab is an open-source project used for warehouse management systems. A web service built on Git as a code management tool. GitLab has powerful functions to implement git repository management, code review, problem tracking, WIkI, and other functions. In addition, GitLab CI can be used to achieve continuous integration and automatic deployment. GitLab components include Packages/Dependencies, Ruby, Go, System Users, Database, Redis, GitLab, Nginx. For more information, see (http://doc.gitlab.com/ce/install/installation.html ).
2. install and configure gitlab

GitLab does not support deployment on Windows Hosts. It only hosts platforms such as Ubuntu, Debian, CentOS, and Raspberry PI, and only supports 64-bit systems, such:

GitLab can be deployed in two ways: source code deployment and general package deployment, officially known as the "Omnibus package installation" deployment. The source code deployment method is heavy and error-prone. It is strongly recommended that you use a general package for deployment. The GitLab deployed in the "Omnibus package installation" mode will use Runit to restart the GitLab process when the GitLab process crashes. If GitLab is installed from the source code, there is no Runit management method. Therefore, we recommend that you use a general package for deployment.

2.1 Introduction to the experiment environment
Platform: Debian 8.1x64
IP Address:
GitLab package: gitlab-ce_8.2.1-ce.0_amd64.deb software package: Drawing.
Note: When installing GitLab, make sure that port 80 of the host is not in use. During a test, nginx is installed on the host by default and started at startup, as a result, only the welcome page of nginx appears when I access the home page after deploying GitLab. This problem has plagued me for a long time. Later, I found that the host has listened to port 80 by default.

Root @ test1 :~ /Tools # pwd
Root @ test1 :~ /Tools # ls
Root @ test1 :~ /Tools # dpkg-I gitlab-ce_8.2.1-ce.0_amd64.deb
Selecting unselected Software Package gitlab-ce.
(Reading the database... the system currently has 94237 files and directories installed .)
Preparing to unpack gitlab-ce_8.2.1-ce.0_amd64.deb...
Unpacking gitlab-ce (8.2.1-ce.0 )...
Setting gitlab-ce (8.2.1-ce.0 )...
Gitlab: Thank you for installing GitLab!
Gitlab: To configure and start GitLab, run the following command:
Sudo gitlab-ctl reconfigure
Gitlab: GitLab shocould be reachable at http://test1.cstonline.net
Gitlab: Otherwise configure GitLab for your system by editing/etc/gitlab. rb file
Gitlab: And running reconfigure again.
Gitlab: For a comprehensive list of configuration options please see the Omnibus GitLab readme
Gitlab: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
It looks like GitLab has not been configured yet; skipping the upgrade script.

So GitLab installation is over, in the output information you can see a link (https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md), this link is very important, you can obtain detailed information about all configurations of GitLab from here, so you can read it carefully if you have time.
After GitLab is installed, you can check where the program is installed and run the following command:
Root @ test1 :~ /Tools # dpkg-L gitlab-ce | less

# A large amount of output information, please add less sub-Screen Display

2.2 change the warehouse storage location
By default, the GitLab repository is stored in "/var/opt/gitlab/git-data/repositories", which is obviously not stored in the actual production environment, generally, an independent partition is used to store the data in the repository. I plan to store the data in the "/data/git-data" directory.

Root @ test1 :~ /Tools # mkdir-pv/data/git-data
Mkdir: the directory "/data" has been created"
Mkdir: the directory "/data/git-data" has been created"
Root @ test1 :~ # Chown-R git. git/data/git-data # modify the owner and group of the Created directory as a git user
Root @ test1 :~ /Tools # cp/etc/gitlab. rb/etc/gitlab. rb. bak
Root @ test1 :~ /Tools # vim/etc/gitlab. rb
# Enable the git_data_dir parameter and modify it as follows:
Git_data_dir "/data/git-data"
# Modify the value of external_url to the planned access domain name
External_url 'HTTP: // test.gitlab.net'
Root @ test1 :~ /Tools # gitlab-ctl reconfigure # recompile the gitlab. rb file. The modification takes effect.
After the reedit, GitLab automatically creates a repositories file in the repository directory, as shown below:
Root @ test1 :~ # Ls-ld/data/git-data/repositories/
Drwxrws --- 2 git 4096 January 4 14:15/data/git-data/repositories/

Access our gitlab after domain name resolution in the Windows Host hosts, such:

The default user is "root" and the password is "5 iveL! Fe ", in order to secure the First Login, you will be asked to change the login password, such:

Here, GitLab is basically available. However, in enterprise use, GitLab services are generally not accessed through the http protocol.

2.3 enable https access

By default, omnibus-gitlab does not enable https. If we want to enable https for the test.gitlab.net domain name, we need to apply for a valid certificate for GitLab. If GitLab is only used within our enterprise, you can create a self-built CA and issue a certificate to GitLab.
2.3.1 self-built CA
Root @ test1 :~ # Mkdir-pv/etc/ssl/demoCA/{private, newcerts}
Mkdir: the directory "/etc/ssl/demoCA" has been created"
Mkdir: the directory "/etc/ssl/demoCA/private" has been created"
Mkdir: the directory "/etc/ssl/demoCA/newcerts" has been created"
Root @ test1 :~ # Cd/etc/ssl
Root @ test1:/etc/ssl # (umask 077; openssl genrsa-out./demoCA/private/cakey. pem 2048) # generate a key
Generating RSA private key, 2048 bit long modulus
........................................ ........................ ++
.................................. ++
E is 65537 (0x10001)
Root @ test1:/etc/ssl # openssl req-new-x509-key. /demoCA/private/cakey. pem-out. /demoCA/cacert. pem-days 3650 # generate a self-signed certificate
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]: CN
State or Province Name (full name) [Some-State]: ChongQing
Locality Name (eg, city) []: YuBei
Organization Name (eg, company) [Internet Widgits Pty Ltd]: SJKJ
Organizational Unit Name (eg, section) []: Operation Services
Common Name (e.g. server FQDN or YOUR name) []: test.gitlab.net # Here is the CA domain Name, which can be different from gitlab
Email Address []: admin@admin.com
Root @ test1:/etc/ssl # touch./demoCA/index.txt
Root @ test1:/etc/ssl # echo 01>./demoCA/serial

2.3.2. Apply for a certificate for gitlab and issue a CA certificate

Root @ test1 :~ # Ls/etc/gitlab/
Gitlab. rb gitlab. rb. bak gitlab-secrets.json

# Gitlab searches for the key file and Certificate file in the "/etc/gitlab/ssl" directory, and the certificate file and key file name should be the same as the domain name used to access gitlab, here we are "test.gitlab.net"

Root @ test1 :~ # Mkdir-p/etc/gitlab/ssl # The directory path cannot be changed at will
Root @ test1 :~ # Cd/etc/gitlab/ssl
Root @ test1:/etc/gitlab/ssl # (umask 077; openssl genrsa-out test.gitlab.net. key 1024)
Generating RSA private key, 1024 bit long modulus
E is 65537 (0x10001)
Root @ test1:/etc/gitlab/ssl # ls
Test.gitlab.net. key
Root @ test1:/etc/gitlab/ssl # openssl req-new-x509-key test.gitlab.net. key-out test.gitlab.net. csr # generate a Certificate Signing Request
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]: CN
State or Province Name (full name) [Some-State]: ChongQing
Locality Name (eg, city) []: YuBei
Organization Name (eg, company) [Internet Widgits Pty Ltd]: SJKJ
Organizational Unit Name (eg, section) []: Operation Services
Common Name (e.g. server FQDN or YOUR name) []: test.gitlab.net
Email Address []: test@admin.com
A challenge password []: # Press ENTER
An optional company name []: # Press ENTER
Root @ test1:/etc/gitlab/ssl # ls
Test.gitlab.net. csr test.gitlab.net. key
Root @ test1:/etc/gitlab/ssl # openssl ca-in test.gitlab.net. csr-out test.gitlab.net. crt-days 3650 # CA signs the certificate
Using configuration from/usr/lib/ssl/openssl. cnf
Error opening CA private key./demoCA/private/cakey. pem
140185766790800: error: 02001002: system library: fopen: No such file or directory: bss_file.c: 398: fopen ('./demoCA/private/cakey. pem', 'R ')
140185766790800: error: 20074002: BIO routines: FILE_CTRL: system lib: bss_file.c: 400:
Unable to load CA private key

An error is reported when the certificate is signed. According to the error message, it is found that the certificate will be searched in the current directory during signing ". /demoCA/private/cakey. pem "is the key file of the CA, so you should switch to the"/etc/ssl "directory and execute the above command, as shown below:

Root @ test1:/etc/ssl # openssl ca-in/etc/gitlab/ssl/test.gitlab.net. csr-out/etc/gitlab/ssl/test.gitlab.net. crt-days 3650
Using configuration from/usr/lib/ssl/openssl. cnf
Check that the request matches the signature
Signature OK
Certificate Details:
Serial Number: 1 (0x1)
Not Before: Jan 6 01:13:40 2016 GMT
Not After: Jan 3 01:13:40 2026 GMT
CountryName = CN
StateOrProvinceName = ChongQing
OrganizationName = SJKJ
OrganizationalUnitName = Operation Services
CommonName = test.gitlab.net
EmailAddress = test@admin.com
X509v3 extensions:
X509v3 Basic Constraints:
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
52: 95: 81: FD: 1D: D9: CE: 40: D8: 22: 9C: 95: 8D: D0: 8D: 1C: A8: 7D: 78: 4D
X509v3 Authority Key Identifier:
Keyid: 05: 0A: A9: 09: 33: 18: C3: 99: 71: 19: BD: 3F: EA: 92: EB: A5: D2: 30: 72: EB
Certificate is to be certified until Jan 3 01:13:40 2026 GMT (3650 days)
Sign the certificate? [Y/n]: y
1 out of 1 certificate requests certified, commit? [Y/n] y
Write out database with 1 new entries
Data Base Updated
Root @ test1:/etc/ssl # ls/etc/gitlab/ssl/
Test.gitlab.net. crt test.gitlab.net. csr test.gitlab.net. key
Root @ test1:/etc/ssl # rm-f/etc/gitlab/ssl/test.gitlab.net. csr # The Certificate Signing Request file can be deleted.
Root @ test1:/etc/ssl # chmod 700/etc/gitlab/ssl # change Directory Permissions
Root @ test1:/etc/ssl # ls-ld/etc/gitlab/ssl
Drwx ------ 2 root 4096 January 6 09:24/etc/gitlab/ssl

2.3.3 enable GitLab https support
Root @ test1:/etc/ssl # vim/etc/gitlab. rb
# Note the 'https' below
External_url 'https: // test.gitlab.net'
##### Open htts #####################
Nginx ['redirect _ http_to_https '] = true
Nginx ['ssl _ certificate'] = "/etc/gitlab/ssl/test.gitlab.net. crt"
Nginx ['ssl _ certificate_key '] = "/etc/gitlab/ssl/test.gitlab.net. key"

"Nginx ['redirect _ http_to_https '] = true" means to forward all http traffic to https. The following two lines represent the path of GitLab and key and certificate, from here, I guess the path for storing the key and certificate can be customized, as long as it is specified correctly here, this is not verified.

Root @ test1:/etc/ssl # gitlab-ctl reconfigure # re-compile the configuration

Running the above command will re-compile the configuration file and restart the services of various GitLab components. Now, visit our GitLab, as shown below:

Direct access to the http://test.gitlab.net will also be forcibly directed to a secure link to https.

2.3.4 enable the SMTP service

When registering a new user on GitHub, you will receive an email containing prompt information or clicking a link to change your login password, gitLab can also configure this email reminder function. If you do not have your own email server, it is generally configured to enable the Third-Party SMTP service. For more information, see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/smtp.md. The official documents do not show you how to configure SMTP for mailbox 163. Here I will take it as an example.
123456789101112 root @ test1 :~ # Vim/etc/gitlab. rb # append the following content to the end
##### Open smtp ############
Gitlab_rails ['smtp _ enable'] = true
Gitlab_rails ['smtp _ address'] = "smtp.163.com"
Githute_rails ['smtp _ port'] = 465
Gitlab_rails ['smtp _ user_name '] = "XXXXX@163.com"
Gitlab_rails ['smtp _ password'] = "***********"
Gitlab_rails ['smtp _ domain '] = "163.com"
Gitlab_rails ['smtp _ authentication '] = "login"
Gitlab_rails ['smtp _ enable_starttls_auto'] = true
Gitlab_rails ['smtp _ tls '] = true
Gitlab_rails ['gitlab _ email_from '] = "XXXX@163.com"

It takes a lot of time to enable SMTP, because each parameter must be used together, and this can only be tried by yourself.
Root @ test1 :~ # Gitlab-ctl reconfigure # recompile

Now our GitLab has enabled the SMTP function.

GitLab Installation Guide in Ubuntu 14.04

How to install Gitlab in Ubuntu Server 14.04

Install GitLab in Chinese with CentOS source code

Install GitLab on Ubuntu 12.04

GitLab 5.3 upgrade considerations

Deploy GitLab on CentOS (self-managed Git project repository)

Install GitLab 6.0.2 on RHEL6/CentOS6/ScientificLinux6

CentOS 6.5 GitLab installation tutorial and Related Problems

For more details, please continue to read the highlights on the next page:

  • 1
  • 2
  • Next Page

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.