https://www.cnblogs.com/mafeng/p/10237474.html
Based on the specific process Docker deployed and disposed in Mac OS X, GitLab follows:
1. Install Docker for Mac (see https://docs.docker.com/docker-for-mac/install/ )
2. Download GitLab Mirror
docker pull gitlab/gitlab-ce
Documentation can be found https://docs.gitlab.com/omnibus/docker/ .
3. Run GitLab examples
sudo docker run -d \
--hostname xxxx.xxxx.xx \
--name gitlab \
--restart always \
--publish 30001:22 --publish 30000:80 --publish 30002:443 \
--volume $HOME/gitlab/data:/var/opt/gitlab \
--volume $HOME/gitlab/logs:/var/log/gitlab \
--volume $HOME/gitlab/config:/etc/gitlab \
gitlab / gitlab this
Where volume options gitlab directory mounted as a local user directory, so when the container is stopped or deleted in loss of data. publish option 30000,30001 and 30002 of the host machine mapped to the container 80 (http), 22 (ssh) and 443 (https) port.
4. Example Configuration GitLab
GitLab configuration file is stored in the /etc/gitlab/gitlab.rb.
With the command "sudo docker exec -it gitlab / bin / bash" bash in gitlab may enter the vessel, also use the command "sudo docker exec -it gitlab vi /etc/gitlab/gitlab.rb" direct execution profile vi editor GitLab . Because when you run GitLab instance, has used volume option gitlab directory mounted as a local user directory, so gitlab.rb file is actually located under $ HOME / gitlab / config directory.
After modifying the file gitlab.rb, in a container Run gitlab-ctl reconfigure reconfiguration gitlab.
4.1 Configuring GitLab server access address
4.1.1 Configuring access address http protocol used
The external_url modified to address GitLab access server:
external_url 'http://xxxx.xxxx.xxx:30000'
Due to the url defined by the port number, you need to nginx listening port number back to 80, otherwise nginx will monitor 30,000 container port, causing GitLab not be used:
nginx['listen_port'] = 80
4.1.2 Configuring ssh protocol used to access address and port
gitlab_rails['gitlab_ssh_host'] = ‘data.comdyn.cn'
gitlab_rails['gitlab_shell_ssh_port'] =30001
4.2 Configuration Mailbox
For the use of SMTP server instead of the default Sendmail to send mail, you need to modify the contents of gitlab.rb,
Below an example configuration with 163 mailbox E-mail:
gitlab_rails['gitlab_email_from'] = "[email protected]”
gitlab_rails['gitlab_email_reply_to'] = ‘[email protected]'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.163.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "[email protected]"
gitlab_rails['smtp_password'] = "xxxxpassword"
gitlab_rails['smtp_domain'] = "163.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] =true
gitlab_rails['smtp_openssl_verify_mode'] = "peer"
Finally, with the command to restart the docker restart gitlab gitlab, or Run gitlab-ctl reconfigure the vessel reconfiguration gitlab.
The import existing git repository
Existing git repository (e.g., test) introduced gitlab three steps:
5.1 all existing bare git repository library (such as test.git) are copied to gitlab directory.
When the front running gitlab example, the use of options has gitlab volume data directory as $ HOME / gitlab / data /, git repository will thus be stored in the directory $ HOME / gitlab / data / git-data / repositories /.
gitlab allows the creation of groups, a plurality of the warehouse into the group, and each group corresponds to a group name in the same subdirectory below repositories. All libraries are copied to the naked group corresponding thereto subdirectory. For example, if you want to import into sub groups test the warehouse, then you should do:
sudo cp -r test.gig $HOME/gitlab/data/git-data/repositories/sub/
5.2 using the sudo chown command, the owner of test.git user and group names changed to the same owner repositories and directories to ensure gitlab can access the repository.
5.3 Import Warehouse
Gitlab-rake execution command gitlab vessel:
sudo docker exec -it gitlab gitlab-rake gitlab:import:repos['$HOME/gitlab/data/git-data/repositories’]
Import all warehouses in the repositories, and automatically create a group. If a warehouse in gitlab already exists, the system skips warehouse.
After completion Gitlab 11.0.3 finished, need to be integrated domain controller, the domain controller configuration procedure will now be described as follows:
gitlab directory: / etc / gitlab
gitlab Profile: /etc/gitlab/gitlab.rb
Edit gitlab.rb file:
Gitlab.rb modified following configuration file, wherein:
1.host, it is built of ldap ip, modified according to the actual situation;
2.uid, you can configure cn, you can also configure the uid, you can identify (specifically why no in-depth study);
3.bind_dn, ldap administrator account, according to the practical situation;
4.password, ldap administrator, according to the practical situation;
5.active_directory, for the connection appears to be whether the domain controller is an ad marked, partly because ldap configuration, it is false;
6.allow_username_or_email_login, whether the user login name and user mailboxes can be user-friendly configuration so true;
7.base, the list of users in the same directory, because new users are in the ldap People, it is so configured, modified according to the actual situation;
My configuration is as follows:
gitlab_rails['ldap_enabled'] = true
###! **remember to close this block with 'EOS' below**
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: '**.**.**.**'
port: 389
uid: 'sAMAccountName'
bind_dn: 'cn=***,cn=Users,dc=***,dc=****,dc=COM'
password: '*****'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
verify_certificates: true
active_directory: true
allow_username_or_email_login: true
lowercase_usernames: false
block_auto_created_users: false
base: 'OU=Users,OU=*****,DC=***,DC=*****,DC=COM'
user_filter: ''
## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
#
# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
# label: 'LDAP'
# host: '_your_ldap_server'
# port: 389
# uid: 'sAMAccountName'
# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
# password: '_the_password_of_the_bind_user'
# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
# verify_certificates: true
# active_directory: true
# allow_username_or_email_login: false
# lowercase_usernames: false
# block_auto_created_users: false
# base: ''
# user_filter: ''
# ## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
EOS
Configuration parameters important to explain (a svn integrated LDAP authentication to read the article on these parameters will be better understood):
- Host: LDAP server address
- port: LDAP service port
- uid: to verify which property as property, can uid, cn, and we use uid
- Method,: If you turn tls or ssl then fill in the corresponding tls or ssl, they did not fill Plain
- bind_dn: users search search account information complete bind (requires a read permission of the account verification by the username Search user input exists)
- password: password, bind_dn two parameters bind_dn and password to log the user's LDAP server to search for users
- active_directory: LDAP services are the windows of AD, we are using OpenLDAP, here to write false
- allow_username_or_email_login : whether to allow the user name or certified mail, if the user can enter a user name or mailbox
- base: from which location the user search, for example, allows users to log in ou gitlab gitLab are in, name where you can write ou = gitlab, dc Domain =, DC = COM
- filter: filter attribute is added, for example, only a filter employe eType authentication (employeeType = developer) for the user's developer
Configured to update the configuration is complete:
gitlab-ctl reconfigure
Check whether the configuration is successful:
gitlab-rake gitlab: ldap: check (shows the first 100 users)
Restart gitlab Service:
gitlab-ctl restart
Note: Make sure that the user is not in a particular state
1. Not in the "Account disabled" state;
2. not in a "first need to log in to change the password" state;
(In any of the above state of the account will be reported when they log gitlab "Cloud not authenticate you from Ldapmain because" Invalid creadentials ".")
The figure is the search request issued by the state of the user:
Analyzing User status code: