gitlab容器--带https配置

#2.gitlab

重要目录

/home/maks/gitlab/config /etc/gitlab

/home/maks/gitlab/logs /var/log/gitlab

/home/maks/gitlab/data /var/opt/gitlab

生成证书到/home/maks/gitlab/config/ssl/目录：

openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=FR/ST=Charente/L=Mornac/O=Office/CN=dev.mdde.com" -keyout /home/maks/gitlab/config/ssl/dev.mdde.com.key -out /home/maks/gitlab/config/ssl/dev.mdde.com.crt

先启动容器

docker run --detach

--hostname dev.mdde.com

--publish 44380:44380 --publish 40022:40022

--name gitlab

--restart always

--volume /home/maks/gitlab/config:/etc/gitlab

--volume /home/maks/gitlab/data:/var/opt/gitlab

gitlab/gitlab-ce:latest

$ docker stop gitlab

停止容器后，修改配置文件：

$ vi /home/maks/gitlab/config/gitlab.rb

external_url "https://dev.mdde.com"

nginx['listen_port'] = 44380

nginx['redirect_http_to_https'] = true

nginx['ssl_certificate'] = "/etc/gitlab/ssl/dev.mdde.com.crt"

nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/server.key"

nginx['proxy_set_headers'] = {

"X-Forwarded-Proto" => "https",

"X-Forwarded-Ssl" => "on",

}

gitlab_rails['ldap_enabled'] = true

gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'

main: # 'main' is the GitLab 'provider ID' of this LDAP server

label: 'LDAP'

host: 'ad01.mdde.com'

port: 389

uid: 'sAMAccountName'

method: 'plain'

bind_dn: 'CN=gitlabadmin,CN=Users,DC=mdde,DC=com'

password: 'Mdddt88'

active_directory: true

allow_username_or_email_login: true

base: 'OU=maksad,DC=mdde,DC=com'

EOS

gitlab_rails['gitlab_shell_ssh_port'] = 40022

gitlab_rails['smtp_enable'] = true

gitlab_rails['smtp_address'] = "mail.mdde.com"

gitlab_rails['smtp_port'] = 25

gitlab_rails['smtp_user_name'] = "syssin@mdde.com"

gitlab_rails['smtp_password'] = "Masss"

gitlab_rails['smtp_domain'] = "mail.mdde.com"

gitlab_rails['smtp_authentication'] = "login"

gitlab_rails['smtp_enable_starttls_auto'] = true

gitlab_rails['smtp_tls'] = false

gitlab_rails['smtp_openssl_verify_mode'] = 'none'

$ docker start gitlab

第一次访问http://dev.mdde.com:44380/ 可能需要用Mozilla Firefox浏览器才可以，然后会提示修改密码。

=================================================================================================

启用了防火墙和SELINUX的时候需带Z

docker run --detach

--hostname dev.mdde.com

--publish 44380:44380

--publish 40022:22

--publish 80:80

--name gitlab

--restart always

--volume /home/maks/gitlab/config:/etc/gitlab:Z

--volume /home/maks/gitlab/logs:/var/log/gitlab:Z

--volume /home/maks/gitlab/data:/var/opt/gitlab:Z

gitlab/gitlab-ce:latest

https://docs.gitlab.com/omnibus/docker/

https://docs.gitlab.com/omnibus/settings/nginx.html#enable-https

https://gitlab.com/gitlab-org/gitlab-ce/issues?scope=all&utf8=%E2%9C%93&state=all