Ïê½âÔõÑù´î½¨GitHubЧÀÍÆ÷
githubÊÇÈ«Çò×îÊܽӴýµÄ´úÂëÍйÜƽ̨֮һ£¬ÓµÓÐÊý°ÙÍòµÄ×¢²áÓû§ºÍÊý°ÙÍòµÄ¿ªÔ´´úÂë¿â¡£¿ÉÊÇ£¬¹ØÓÚÆóÒµ»òСÎÒ˽È˶øÑÔ£¬½«´úÂëÍйÜÔÚ×Ô¼ºµÄЧÀÍÆ÷ÉÏ¿ÉÒÔÌá¸ßÇå¾²ÐÔºÍÊý¾Ý¿ØÖÆÐÔ¡£Òò´Ë£¬±¾ÎĽ«»áÏÈÈÝÔõÑù´î½¨githubЧÀÍÆ÷¡£
Ò»¡¢ÇéÐÎ×¼±¸
1.Ó²¼þ×¼±¸
GitHubЧÀÍÆ÷ËùÐèµÄÓ²¼þÒªÇó²¢²»ÊǺܸߣ¬Í¨³£Ò»Ì¨Í¨Ë×ЧÀÍÆ÷¾ÍÄÜʤÈΡ£µ«×îºÃ°ü¹ÜЧÀÍÆ÷µÄ´ø¿í´óÓÚ1Mbps£¬²¢ÇÒ±£´æ×ã¹»µÄ´æ´¢¿Õ¼äÒÔÈÝÄÉ´úÂë¿âºÍÈÕÖ¾µÈÊý¾Ý¡£
2.Èí¼þ×¼±¸
ÐèҪװÖÃÒÔÏÂÈí¼þ£º
a. GitºÍÆäËüÐëÒªµÄ¹¤¾ß
GitÊÇGitHub×î½¹µãµÄ°æ±¾¿ØÖÆϵͳ£¬ÐèÒªÏÂÔØ×°ÖÃËüµÄ¿Í»§¶Ë¡£
b. SSH
SSHÊÇÒòÌØÍøÉÏÓÃÓÚÔÚ²»Çå¾²µÄÍøÂçÖÐΪÍøÂçЧÀÍÌṩÇå¾²ÅþÁ¬µÄÒ»ÏîÍøÂçÐÒé¡£ÐèҪװÖÃSSH¿Í»§¶Ë×é¼þ¡£
c. Nginx
NginxÊÇÒ»¿îÇáÁ¿¼¶µÄwebЧÀÍÆ÷ºÍ·´ÏòÊðÀíЧÀÍÆ÷¡£ÐèҪװÖÃËüÓÃÓÚ¶ÔÍâÌṩHTTPЧÀÍ¡£
d. OpenSSL
OpenSSLÊÇÒ»¸ö¿ªÔ´µÄ¼ÓÃܿ⣬ÓÃÓÚÖ§³ÖSSLºÍTLSÐÒ飬ÌṩÇå¾²µÄͨѶÅþÁ¬¡£ÐèҪװÖøÿâÖ§³ÖHTTPSÐÒé¡£
¶þ¡¢×°ÖÃGitLab
ÔÚ×°ÖÃGitLab֮ǰ£¬ÐèҪװÖúÃÒÔÉÏÈí¼þ£¬²¢°ü¹ÜËüÃǶ¼ÄÜÕý³£ÔËÐС£
1.×°ÖÃGitLab
ÔÚGitLabµÄ¹ÙÍøÏÂÔØ×îеÄGitLab×°Öðü£¬²¢Ê¹ÓÃÒÔÏÂÏÂÁî¾ÙÐÐ×°Öãº
sudo dpkg -i gitlab-ce_*_amd64.deb
×¢ÖØ£ºÕâÀïʹÓõÄÊÇGitLabµÄ¿ªÔ´°æ±¾GitLab Community Edition£¬¶ø·ÇÆóÒµ°æ¡£
2.ÉèÖÃGitLab
1£©Æô¶¯GitLab
ÔÚ×°ÖÃÍê³Éºó£¬Ê¹ÓÃÒÔÏÂÏÂÁîÆô¶¯GitLab£º
sudo gitlab-ctl reconfigure
2£©»á¼ûGitLab
Æô¶¯Íê³Éºó£¬¿ÉÒÔͨ¹ýä¯ÀÀÆ÷»á¼ûGitLab£ºhttp://your-server-ip/£¬¾ÙÐÐÖÎÀíÔ±Õ˺ŵĽ¨É裬²¢½¨ÉèеĿÍÕ»¡£
3.ÉèÖÃNginx¡¢HTTPS
1£©ÉèÖÃNginx
ÔÚЧÀÍÆ÷ÉÏ×°ÖÃNginx£¬Ê¹ÓÃÒÔÏÂÏÂÁî¾ÙÐÐ×°Öãº
sudo apt-get install nginx
ÔÚNginxµÄÉèÖÃÎļþÖÐÌí¼ÓGitLabµÄÉèÖã¬ÈçÏ£º
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}
server {
listen 80;
server_name your-domain.com;
return 301 https://$server_name$request_uri;
}
server {
# Nginx¼àÌý8080¶Ë¿Ú£¬GitLab Puma¼àÌý8081¶Ë¿Ú
listen 8080 default;
server_name your-domain.com;
## ÐÔÄÜÓÅ»¯¿ÉÒÔʹÓÃÉèÖÃ
# server_tokens off;
## ~¿ªÍ·µÄΪÕýÔò±í´ïʽ
## /ciÕýÔòΪ½«ËùÓÐÓë /ci Ïà¹ØµÄÇëÇóת·¢µ½ GitLab Puma HTTP ЧÀÍÆ÷
location /ci {
proxy_read_timeout 300; proxy_connect_timeout 300; proxy_redirect off; proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header Connection ''; proxy_pass http://127.0.0.1:8081;
µÇ¼ºó¸´ÖÆ µÇ¼ºó¸´ÖÆ
}
}
2£©½¨ÉèSSLÖ¤Êé
ÔÚЧÀÍÆ÷ÉÏÐèÒª½¨ÉèÒ»¸öSSLÖ¤Ê飬ʹÓÃÒÔÏÂÏÂÁ
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout your-key-file.key -out your-ssl-file.crt
ÔÚNginxµÄÉèÖÃÎļþÖÐÌí¼ÓSSLÖ¤ÊéÏà¹ØµÄÉèÖãº
server {
# HTTPS ¼àÌý 443 ¶Ë¿Ú
listen 443 ssl;
server_name your-domain.com;
ssl_certificate /path/to/your-ssl-file.crt;
ssl_certificate_key /path/to/your-key-file.key;
## ~¿ªÍ·µÄΪÕýÔò±í´ïʽ
location /ci {
proxy_read_timeout 300; proxy_connect_timeout 300; proxy_redirect off; proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header Connection ''; proxy_pass http://127.0.0.1:8081;
µÇ¼ºó¸´ÖÆ µÇ¼ºó¸´ÖÆ
}
}
Èý¡¢×ܽá
±¾ÎÄÏÈÈÝÁËÔõÑù´î½¨GitHubЧÀÍÆ÷£¬°ì·¨·ÖΪ£ºÇéÐÎ×¼±¸¡¢×°ÖÃGitLab¡¢ÉèÖÃNginx¡¢ÉèÖÃHTTPS¡£Ï£ÍûÕâƪÎÄÕ¶ÔÐèÒª´î½¨GitLabЧÀÍÆ÷µÄ¶ÁÕßÓÐËù×ÊÖú¡£
ÒÔÉϾÍÊÇÏê½âÔõÑù´î½¨GitHubЧÀÍÆ÷µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡