Relk's 工作手札

在 Cloud-Native 汪洋中載浮載沉的 SRE - Service Restart Engineer

0%

[CentOS] CentOS 7 GitLab 安裝 & HTTPS 設定

安裝步驟

1. 安裝基礎套件

1
2
3
4
5
6
7
8
9
10
11
12
# 更新並安裝套件
yum update
yum install -y curl policycoreutils-python openssh-server openssh-clients
# sshd 開機啟動
systemctl enable sshd
systemctl start sshd

# 安裝 postfix
yum install postfix
# postfix 開機自動啟用
systemctl enable postfix
systemctl start postfix

2. 安裝 GitLab-CE

1
2
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
yum install -y gitlab-ce

3. 拷貝 HTTPS 證書

1
2
3
mkdir -p /etc/gitlab/ssl
chmod 700 /etc/gitlab/ssl
cp gitlab.example.com.key gitlab.example.com.crt /etc/gitlab/ssl/

4. 編輯 gitlab.rb

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# 修改配置文件
vim /etc/gitlab/gitlab.rb


# 修改對外域名
external_url 'https://gitlab.example.com'
# HTTPS 重導向
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 80
# 修改證書 & 私鑰對應檔案位置
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.example.com.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.example.com.key"

# SMTP 設定依照需求自行參考此篇
[SMTP settings](https://docs.gitlab.com/omnibus/settings/smtp.html)

# 重新加載配置文件
gitlab-ctl reconfigure

5. 防火牆放行 https 流量

1
2
firewall-cmd --permanent --add-service=https
systemctl reload firewalld

參考資料

Follow me at the links below