Table of contents
2. Build gitlab and implement ssl
1. Configure yum source or download gitlab package
2. Install dependent software and obtain GPG key
5. Create a private certificate
6. Create a CRT signing certificate
7. Use openssl to sign the pem certificate
8. Configure the certificate to gitlab
10. Rewrite nginx configuration to https
11. Windows configuration hosts
13. Log in and modify the root initial password
14. Change the language to Chinese (optional)
16. Close account automatic registration
15. Administrators create accounts and groups
16. The administrator creates a project
17. Configure login password-free authentication
18. Assignment of authority to project members
19. Introduction to gitlab project
1. Introduction to Gitlab
1. What is Gitlab?
GitLab is an open source project for warehouse management systems, using Git as a code management tool, and a web service built on this basis.
The installation method is to refer to GitLab's Wiki page on GitHub. Gitlab is currently a widely used open source code management platform based on git. It is built on Ruby on Rails and mainly manages codes and documents generated during the software development process. Gitlab mainly manages codes and documents in two dimensions: group and project. Among them, group is a group, and project is an engineering project. A group can manage multiple projects. It can be understood that there are multiple software development tasks in a group, and a project may contain multiple branches, which means that there are multiple branches in each project. Multiple branches are independent of each other, and different branches can be merged.
2. Build gitlab and implement ssl
1. Configure yum source or download gitlab package
方法1:创建一个新的yum源文件,文件内容如下
vim /etc/yum.repos.d/gitlab.repo
[gitlab-ce]
name=Gitlab-CE
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/
#此变量$releasever表示本服务器的当前系统版本号
gpgcheck=0
enabled=1
方法2:或者直接wget下载gitlab的rpm安装包
wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-15.2.2-ce.0.el7.x86_64.rpm
2. Install dependent software and obtain GPG key
hostnamectl set-hostname gitlab.lhj.com
#修改主机名
bash
#刷新shell
echo 192.168.30.20 gitlab.lhj.com >>/etc/hosts
#将本机对应域名添加到本机hosts文件中
yum install -y curl policycoreutils openssh-server openssh-clients postfix
#安装gitlab依赖软件
curl:用于上传或者下载,可以进行数据传输
openssh-server:ssh协议远程登录服务端
openssh-clients:ssh协议远程登录客户端
postfix:邮件传输协议,用于发送邮件
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#获取GPG密钥,保证下载的gitlab包是由gitlab官方发布的不是被篡改的软件包
GPG密钥:GPG密钥可以保证软件下载的完整性和安全性。通过使用该公钥,你可以验证下载的软件包是否来自GitLab官方,从而确保GitLab安装的安全。
systemctl enable postfix --now
#开机自启postfix并现在立即启动
3. Install gitlab-ce
方法1:上面配置过gitlab的yum源了直接yum安装即可
yum install gitlab-ce -y
方法2:
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
#curl -s:静默模式常用于脚本下载。-S若出错不止是输出错误代码,要输出错误详细信息。下载gitlab官网的rpm.sh脚本传给bash执行。不用手动编辑配置yum源
yum install gitlab-ce -y
#然后再yum安装gitlab
4. Create a private key
mkdir -p /etc/gitlab/ssl
#创建存放密钥的目录
openssl genrsa -out "/etc/gitlab/ssl/gitlab.lhj.com.key" 2048
#利用openssl创建密钥-out指定密钥输入位置
Generating RSA private key, 2048 bit long modulus
........................................................................................+++
............+++
e is 65537 (0x10001)
#创建成功输出内容
cd /etc/gitlab/ssl
ls
gitlab.lhj.com.key
#进入存放密钥的目录查看有创建的私钥
5. Create a private certificate
openssl req -new -key "/etc/gitlab/ssl/gitlab.lhj.com.key" -out "/etc/gitlab/ssl/gitlab.lhj.com.csr"
#创建私有证书签名
req表示使用openssl工具生成证书签名请求。
-new:表示创建一个新的证书签名请求。
-key:表示指定使用的私钥文件
-out:表示将csr文件保存到此路径下
#填写生成证书的信息,如下:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN #国家,CN表示中国
State or Province Name (full name) []:JS #省份江苏
Locality Name (eg, city) [Default City]:NJ #城市南京
Organization Name (eg, company) [Default Company Ltd]:test #组织单位test
Organizational Unit Name (eg, section) []:test #单位名称test
Common Name (eg, your name or your server's hostname) []:gitlab.lhj.com #主机名称
Email Address []:[email protected] #邮箱地址
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456 #设置证书密码123456
An optional company name []:test #公司名称test
6. Create a CRT signing certificate
openssl x509 -req -days 365 -in "/etc/gitlab/ssl/gitlab.lhj.com.csr" -signkey "/etc/gitlab/ssl/gitlab.lhj.com.key" -out "/etc/gitlab/ssl/gitlab.lhj.com.crt"
#利用生成的私钥和私有证书签名CRT证书
-days:证书有效期为365天
-in:指定私有证书
-signkey指定私钥,生成的签名证书为gitlab.lhj.com.crt
cd /etc/gitlab/ssl/
ls
#现在应该有以下三个文件
gitlab.lhj.com.crt gitlab.lhj.com.csr gitlab.lhj.com.key
7. Use openssl to sign the pem certificate
openssl dhparam -out /etc/gitlab/ssl/dhparams.pem 2048
#dhparam:表示使用 OpenSSL 工具生成 DH 参数。
#-out /etc/gitlab/ssl/dhparams.pem:表示将生成的 DH 参数保存在指定的文件 /etc/gitlab/ssl/dhparams.pem 中。
cd /etc/gitlab/ssl/
chmod 600 *
ll
#修改ssl下所有证书权限为600
8. Configure the certificate to gitlab
[root@gitlab ssl]# vim /etc/gitlab/gitlab.rb
external_url 'https://gitlab.lhj.com'
#改为https协议和自己服务器的域名
nginx['redirect_http_to_https'] = true
#取消#号更改注释并为true,将http重定向到https
# nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.lhj.com.crt"
#更改crt证书路径
# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.lhj.com.key"
#更改路径私钥路径
# nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparams.pem"
#更改pem证书路径 后面的注释不用管# Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
9. Initialize gitlab
gitlab-ctl reconfigure
#初始化gitlab,过程时间较长耐心等待gitlab-ctl用于管理gitlab
10. Rewrite nginx configuration to https
cd /var/opt/gitlab/nginx/conf
ls
gitlab-health.conf gitlab-http.conf nginx.conf nginx-status.conf
vim gitlab-http.conf
#在server listen *:80;下一行添加
server_name gitlab.lhj.com;
#有servername就不写
rewrite ^(.*)$ https://$host$1 permanent;
#重写所有都到https,permanent永久重定向
gitlab-ctl restart
#重启gitlab
11. Windows configuration hosts
在Windows系统里C:\Windows\System32\drivers\etc\hosts 添加以下内容
192.168.30.20 gitlab.lhj.com
#配置完毕后在cmd的窗口中ping gitlab.lhj.com 查看是否能ping通
12. Windows access test
13. Log in and modify the root initial password
cat /etc/gitlab/initial_root_password
#查看gitlab初始密码
14. Change the language to Chinese (optional)
16. Close account automatic registration
15. Administrators create accounts and groups
16. The administrator creates a project
17. Configure login password-free authentication
Gitlab's password-free login authentication, after the configuration is complete, can make our Gitlab automatically execute Git commands without logging in. This step is necessary for script writing and the use of other projects (such as Jenkins).
首先,在想要进行验证的设备上执行命令:
ssh-keygen
#四个回车生成免密登录秘钥
18. Assignment of authority to project members
19. Introduction to gitlab project
①Project authority
permission name |
permission type |
Permission Description |
private |
Private |
Only members who belong to the project have permission to view and operate the project |
internal |
Internal |
Anyone with a GitLab account can clone the project after logging in |
public |
Public |
anyone can clone |
②Branch role management
Role Name |
role type |
role description |
Anonymous User |
Guest |
Visitors [can only create questions and leave comments] |
reporter |
Reporter |
Can be understood as testers, product managers, etc., generally responsible for submitting questions, etc. |
Developer |
Developer |
Responsible for project development |
manager |
Master |
Generally, the team leader is responsible for maintaining the Master branch |
owner |
Owner |
Usually the project manager [has all permissions] |
20. Common commands of gitlab
Order |
illustrate |
git add |
Add files to staging area |
git status |
View the current state of the repository, showing changed files. |
git diff |
Compare the difference between files, that is, the difference between the temporary storage area and the work area. |
git commit |
Submit the staging area to the local warehouse. |
git reset |
Fallback version. |
git rm |
Delete workspace files. |
git mv |
Move or rename workspace files. |