Gitlab configuration notes

Version

gitlab 14.6.2

Gitlab backup is uploaded to Alibaba Cloud oss

### Backup Settings
###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html

# gitlab_rails['manage_backup_path'] = true
# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"

###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions
# gitlab_rails['backup_archive_permissions'] = 0644

# gitlab_rails['backup_pg_schema'] = 'public'

###! The duration in seconds to keep backups before they are allowed to be deleted
# gitlab_rails['backup_keep_time'] = 604800
gitlab_rails['backup_keep_time'] = 1209600
# gitlab_rails['backup_upload_connection'] = {
    
    
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AKIAKIAKI',
#   'aws_secret_access_key' => 'secret123'
# }
# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
# gitlab_rails['backup_multipart_chunk_size'] = 104857600

gitlab_rails['backup_upload_connection'] = {
    
    

'provider' => 'aliyun',

'aliyun_accesskey_id' => 'xxxxx',

'aliyun_accesskey_secret' => 'xxxxx',

'aliyun_oss_endpoint' => 'http://oss-cn-shenzhen-internal.aliyuncs.com',

'aliyun_oss_bucket' => 'xxxxbackup',

'aliyun_oss_location' => 'shenzhen'

}

gitlab_rails['backup_upload_remote_directory'] = 'gitlab'
###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
###!   backups**
# gitlab_rails['backup_encryption'] = 'AES256'
###! The encryption key to use with AWS Server-Side Encryption.
###! Setting this value will enable Server-Side Encryption with customer provided keys;
###!   otherwise S3-managed keys are used.
# gitlab_rails['backup_encryption_key'] = '<base64-encoded encryption key>'

###! **Specifies Amazon S3 storage class to use for backups. Valid values
###!   include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**
# gitlab_rails['backup_storage_class'] = 'STANDARD'

###! Skip parts of the backup. Comma separated.
###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
#gitlab_rails['env'] = {
    
    
#    "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"
#}

gitlab automatic backup

[root@gitlab backups]# crontab -l
0 2 * * * /usr/bin/gitlab-rake gitlab:backup:create

Gitlab integrates openladp

gitlab_rails['ldap_enabled'] = true
gitlab_rails['prevent_ldap_sign_in'] = false
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
  main: # 'main' is the GitLab 'provider ID' of this LDAP server
    label: 'mxLDAP'           # 显示在登录页面上的名称
    host: '172.16.123.223'      # LDAP服务地址
    port: 389               # LDAP服务端口，如果LDAP基于SSL在端口通常为636
    uid: 'sAMAccountName'   # LDAP中用户名对应的属性，通常为'sAMAccountName'
    bind_dn: '[email protected]'
    password: 'xxxxx'     # 同步用户信息的账户密码
    encryption: 'plain'     # 'start_tls' or 'simple_tls' or 'plain'
    verify_certificates: false  # 如果使用SSL，则设为true
    active_directory: false     # 如果是 Active Directory LDAP server 则设为true
    allow_username_or_email_login: true  # 是否允许email登录
    lowercase_usernames: false            # 是否将用户名转为小写
    block_auto_created_users: false       # 是否自动创建用户
    base: 'ou=people,dc=xxxxx,dc=com' # 搜索LDAP用户是的BaseDN
    user_filter: ''
EOS

gitlab reload configuration

gitlab-ctl reconfigure