gitlab 使用现有 nginx 服务器

Posted 2020-09-13 风与叶子

gitlab 安装自带 nginx，如果想利用原有 nginx，可按如下操作：

8.0 版本 socket 文件位置有变动，感谢评论区的同学。

• nginx 增加虚拟主机配置

  # gitlab socket 文件地址
  upstream gitlab {
    # 7.x 版本在此位置
    # server unix:/var/opt/gitlab/gitlab-rails/tmp/sockets/gitlab.socket;
    # 8.0 位置
    server unix://var/opt/gitlab/gitlab-rails/sockets/gitlab.socket;
  }
  
  server {
    listen *:80;
  
    server_name gitlab.liaohuqiu.com;   # 请修改为你的域名
  
    server_tokens off;     # don\'t show the version number, a security best practice
    root /opt/gitlab/embedded/service/gitlab-rails/public;
  
    # Increase this if you want to upload large attachments
    # Or if you want to accept large git objects over http
    client_max_body_size 250m;
  
    # individual nginx logs for this gitlab vhost
    access_log  /var/log/gitlab/nginx/gitlab_access.log;
    error_log   /var/log/gitlab/nginx/gitlab_error.log;
  
    location / {
      # serve static files from defined root folder;.
      # @gitlab is a named location for the upstream fallback, see below
      try_files $uri $uri/index.html $uri.html @gitlab;
    }
  
    # if a file, which is not found in the root folder is requested,
    # then the proxy pass the request to the upsteam (gitlab unicorn)
    location @gitlab {
      # If you use https make sure you disable gzip compression 
      # to be safe against BREACH attack
  
      proxy_read_timeout 300; # Some requests take more than 30 seconds.
      proxy_connect_timeout 300; # Some requests take more than 30 seconds.
      proxy_redirect     off;
  
      proxy_set_header   X-Forwarded-Proto $scheme;
      proxy_set_header   Host              $http_host;
      proxy_set_header   X-Real-IP         $remote_addr;
      proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header   X-Frame-Options   SAMEORIGIN;
  
      proxy_pass http://gitlab;
    }
  
    # Enable gzip compression as per rails guide: http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
    # WARNING: If you are using relative urls do remove the block below
    # See config/application.rb under "Relative url support" for the list of
    # other files that need to be changed for relative url support
    location ~ ^/(assets)/  {
      root /opt/gitlab/embedded/service/gitlab-rails/public;
      # gzip_static on; # to serve pre-gzipped version
      expires max;
      add_header Cache-Control public;
    }
  
    error_page 502 /502.html;
  }
  

• 禁用自带 nginx

  vim /etc/gitlab/gitlab.rb
  

  加入

  nginx[\'enable\'] = false
  

• 重启 nginx, 重启gitlab

  sudo /usr/local/nginx/sbin/nginx -s reload
  sudo gitlab-ctl reconfigure
  

• 权限配置

  访问会报502。原本是 nginx 用户无法访问gitlab用户的 socket 文件，用户权限配置，因人而异。粗暴地:

  sudo chmod -R o+x /var/opt/gitlab/gitlab-rails
  
  

  1. 拷贝一份内置nginx 的配置文件 gitlab-http.conf  到新的nginx的配置中
  2. 修改 /etc/gitlab/gitlab.rb ，禁用nginx  nginx[enable] = false
  3. vim /etc/gitlab/gitlab.rb
  
   external_url \'http://git.qiwenqiqu.com\' #域名配置
   unicorn[\'listen\'] = \'0.0.0.0\'
   unicorn[\'port\'] = 8081
  # git_data_dirs({ "default" => { "path" => "/var/opt/gitlab/git-data" } })
   git_data_dirs({ "default" => { "path" => "/data/git-data" } })
  
  #web_server[\'external_users\'] = [\'nginx\',\'gitlab-www\',\'git\',\'www\',\'www-data\']
  #新nginx用户www能够访问gitlab，很重要
  web_server[\'external_users\'] = [\'www\'] 
  
  #然后 gitlab-ctl reconfigure ,然后 gitlab-ctl restart

   

  #备忘录 ，比较乱 忽略
  
  gitlab 坑
  ./embedded/service/gitlab-shell/lib/gitlab_config.rb
  
  
  ./embedded/lib/ruby/gems/2.3.0/gems/omniauth-gitlab-1.0.2/lib/omniauth/strategies/gitlab.rb
  ./embedded/cookbooks/cache/cookbooks/gitlab/libraries/gitlab.rb
  ./embedded/cookbooks/gitlab/libraries/gitlab.rb
  ./embedded/service/gitlab-rails/lib/gitlab.rb
  
  
  1.［端口不通］
  vim /var/opt/gitlab/gitlab-rails/etc/unicorn.rb
  listen "0.0.0.0:8081", :tcp_nopush => true
  一定不要用 127.0.0.1
  
  firewall-cmd --permanent --add-port=8081/tcp
  firewall-cmd --reload
  
  1.[样式错乱] gitlab error compiling css asset 
  vim ./embedded/service/gitlab-rails/config/gitlab.yml
  webhook_timeout: 120
   
  
  gitlab 数据迁移
  http://blog.csdn.net/hj7jay/article/details/54311010
  
  vim /etc/gitlab/gitlab.rb
  
  external_url \'http://git.qiwenqiqu.com\' #域名配置
   unicorn[\'listen\'] = \'0.0.0.0\'
   unicorn[\'port\'] = 8081
  # git_data_dirs({ "default" => { "path" => "/var/opt/gitlab/git-data" } })
   git_data_dirs({ "default" => { "path" => "/data/git-data" } })
  ［迁移数据注意目录名称不要写错了］
   
  #web_server[\'external_users\'] = [\'nginx\',\'gitlab-www\',\'git\',\'www\',\'www-data\']
  web_server[\'external_users\'] = [\'www’]
  
  配置文件位置：
  
   [
  /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml     
   /etc/gitlab/gitlab.rb
  /opt/gitlab/embedded/service/gitlab-shell/config.yml
  ]
  
  域名配置
  vim /opt/gitlab/embedded/service/gitlab-shell/config.yml
  gitlab_url: "http://0.0.0.0:8081"
  
  
  
  ＃＃＃＃
  配置GitLab域名，否则项目git clone的地址时错
  vim  /etc/gitlab/gitlab.rb
  
  编辑：external_url \'你的网址\'
  
  例如：external_url \'http://192.168.1.100\'
  
  编辑完成后，再sudo gitlab-ctl reconfigure一下，使配置生效
  
  ＃＃＃＃
  
  ＃＃＃ gitlab配置 http://www.cnblogs.com/softidea/p/5229412.html ＃＃＃
  
  
  nginx 冲突配置
  https://docs.gitlab.com/omnibus/settings/nginx.html 
  https://gitlab.com/gitlab-org/gitlab-workhorse/issues/26
  
  $$
  2017/04/25 00:18:37 [crit] 6297#0: *32 connect() to unix:/var/opt/gitlab/gitlab-workhorse/socket failed (13: Permission denied) while connecting to upstream, client: 221.216.146.9, server: test.qiwenqiqu.com, request: "GET / HTTP/1.1", upstream: "http://unix:/var/opt/gitlab/gitlab-workhorse/socket:/", host: "test.qiwenqiqu.com"
  $$
  $$sudo usermod -aG gitlab-www www$$