centos下gitlab私服完整安装部署（nginx+MySQL+redis+gitlab-ce+gitlab-shell+）

系统环境
cat /etc/redhat-release
CentOS release 6.8 (Final)

nginx -v
nginx version: nginx/1.9.15

redis-cli -v
redis-cli 3.9.102

mysql -V
mysql Ver 14.14 Distrib 5.5.53, for Linux (x86_64) using readline 5.1

ruby -v
ruby 2.2.5p319 (2016-04-26 revision 54774) [x86_64-linux]

git --version
git version 2.8.2

go version
go version go1.7.3 linux/amd64

参考地址：https://github.com/gitlabhq/gitlab-recipes/tree/master/install/centos
ubuntu 安装文档：http://docs.gitlab.com/ce/install/installation.html#using-https

一：添加repository
wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 https://www.fedoraproject.org/static/0608B895.txt
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
rpm -qa gpg*
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
二：Add PUIAS Computational repository
wget -O /etc/yum.repos.d/PUIAS_6_computational.repo https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/install/centos/PUIAS_6_computational.repo

2016-11-01 03:30:55 错误 404：Not Found报404错误解决方法：
vim /etc/yum.repos.d/PUIAS_6_computational.repo
[PUIAS_6_computational]
name=PUIAS computational Base $releasever - $basearch
mirrorlist=http://puias.math.ias.edu/data/puias/computational/$releasever/$basearch/mirrorlist
#baseurl=http://puias.math.ias.edu/data/puias/computational/$releasever/$basearch
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puias

wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-puias http://springdale.math.ias.edu/data/puias/6/x86_64/os/RPM-GPG-KEY-puias
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-puias
rpm -qa gpg*
yum repolist
yum -y install yum-utils
yum-config-manager –enable epel –enable PUIAS_6_computational
yum groupinstall "Development Tools" -y
yum -y install readline readline-devel ncurses-devel gdbm-devel glibc-devel tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc sqlite-devel libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui redis sudo wget crontabs logwatch logrotate perl-Time-HiRes git cmake libcom_err-devel.i686 libcom_err-devel.x86_64 nodejs

yum-config-manager –enable rhel-6-server-optional-rpms
yum -y install vim-enhanced
update-alternatives –set editor /usr/bin/vim.basic
yum -y install python-docutils
yum -y install postfix
yum -y remove git
yum install zlib-devel perl-CPAN gettext curl-devel expat-devel gettext-devel openssl-devel -y

mkdir /tmp/git && cd /tmp/git
curl –progress https://www.kernel.org/pub/software/scm/git/git-2.8.2.tar.gz|tar xz
cd git-2.8.2/
./configure
make
make prefix=/usr/local install
cd ..
git --version
mkdir /tmp/ruby && cd /tmp/ruby
tar -zxvf ruby-2.2.5.tar.gz
cd ruby-2.2.5
./configure
make
make prefix=/usr/local install
修改本地源为taobao源：
gem sources –add https://gems.ruby-china.org/ –remove https://rubygems.org/
更新gem版本
gem update --system=2.6.3
gem install bundler --no-doc
ruby -v
添加用户
adduser --system --shell /bin/bash --comment 'GitLab' --create-home --home-dir /home/git/ git
vi /etc/sudoers +79
#Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin

安装mysql 192.168.1.176
更新mysql源
yum localinstall mysql57-community-release-el6-9.noarch.rpm
vim /etc/yum.repos.d/mysql-community.repo
[mysql56-community]
name=MySQL 5.6 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.6-community/el/6/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
安装mysql
yum -y install mysql mysql-devel mysql-server
配置mysql
创建数据库： create database gitlab;
创建git账号密码： CREATE USER 'git'@'192.168.%' IDENTIFIED BY '123qwe';
使用INNODB引擎： SET storage_engine=INNODB;
创建gitlab生产数据库：CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
桌上的gitlab用户授予必要的权限：GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'git'@'192.168.%';

配置redis
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
yum -y --enablerepo=remi,remi-test install redis
cd redis-3.0.7
make
mkdir -p /usr/local/redis/{bin,etc,var}
cp -af src/{redis-benchmark,redis-check-aof,redis-check-dump,redis-cli,redis-sentinel,redis-server} /usr/local/redis/bin/
cp -a redis.conf /usr/local/redis/etc/
. /etc/profile.d/redis.sh
sed -i 's@pidfile.*@pidfile /var/run/redis.pid@' /usr/local/redis/etc/redis.conf
sed -i "s@logfile.*@logfile /usr/local/redis/var/redis.log@" /usr/local/redis/etc/redis.conf
sed -i "s@^dir.*@dir /usr/local/redis/var@" /usr/local/redis/etc/redis.conf
sed -i 's@daemonize no@daemonize yes@' /usr/local/redis/etc/redis.conf
[ -z "`grep ^maxmemory /usr/local/redis/etc/redis.conf`" ] && sed -i 's@maxmemory <bytes>@maxmemory <bytes> maxmemory 360000000@' /usr/local/redis/etc/redis.conf

如果用unix方式启动就执行以下操作
------------------------------------------------------------------------
sed -ri 's/^(port).*/1 0/' /usr/local/redis/etc/redis.conf
echo 'unixsocket /var/run/redis/redis.sock' >> /usr/local/redis/etc/redis.conf
echo 'unixsocketperm 0770' >> /usr/local/redis/etc/redis.conf
wget -q http://www.dwhd.org/script/Redis-server-init-CentOS -O /etc/init.d/redis-server
sed -i "/touch $lockfile/a chown git $(awk '/^unixsocket /{print $2}' /usr/local/redis/etc/redis.conf)" /etc/init.d/redis-server
chmod +x /etc/init.d/redis-server
service redis-server start
--------------------------------------------------------------------------
安装nginx
yum -y install pcre-devel pcre
adduser -r -s /sbin/nologin -c 'Web Server' -M www
tar zxvf nginx-1.9.15.tar.gz
cd nginx-1.9.15
./configure --prefix=/usr/local/nginx/
--user=www --group=www
--error-log-path=/tmp/nginx/error.log
--http-log-path=/tmp/nginx/access.log
--pid-path=/var/run/nginx/nginx.pid
--lock-path=/var/lock/nginx.lock
--with-pcre
--with-http_ssl_module
--with-http_flv_module
--with-http_v2_module
--with-http_gzip_static_module
--with-http_stub_status_module
--http-client-body-temp-path=/usr/local/nginx/client/
--http-proxy-temp-path=/usr/local/nginx/proxy/
--http-fastcgi-temp-path=/usr/local/nginx/fcgi/
--http-uwsgi-temp-path=/usr/local/nginx/uwsgi
--http-scgi-temp-path=/usr/local/nginx/scgi
make -j $(awk '/processor/{i++}END{print i}' /proc/cpuinfo) && make install && cd ../..
echo "export PATH=/usr/local/nginx/sbin:$PATH" > /etc/profile.d/nginx.sh
. /etc/profile.d/nginx.sh
wget -q http://www.dwhd.org/script/Nginx-init-CentOS -O /etc/rc.d/init.d/nginx
chmod +x /etc/rc.d/init.d/nginx
chkconfig nginx on
sed -i "$(awk '{a=NR}END{print a}' $nginxCONF)s@^@ include vhost/*.conf; &@" $nginxCONF
mkdir -p /usr/local/nginx/conf/vhost/
mkdir -p /var/log/nginx/
usermod -a -G git www
chmod g+rx /home/git/
添加ssl证书或者自己生成一个
cd /usr/local/nginx/
openssl req -new -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key

下载gitlab-ce 最新代码
cd /home/git/
sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git
------------------------------------
报错：Peer certificate cannot be authenticated with known CA certificates
vi /home/git/.bash_profile添加如下，不验证SSL
export GIT_SSL_NO_VERIFY=1
如果以上还是报错就用以下方法：
su -git
git config --global http.sslverify "false"
git clone https://gitlab.com/larryli/gitlab.git -b 7-5-zh gitlab

------------------------------------
mv gitlab-ce gitlab
cd gitlab/
sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
vim config/gitlab.yml +482
修改482行git bin_path为：
482 bin_path: /usr/local/bin/git
host: 192.168.1.170
port: 8000
https: false
email_from: gitlab@zhongjiu.cn
email_display_name: GitLab
email_reply_to: gitlab@zhongjiu.cn

chown -R git log/
chown -R git tmp/
chmod -R u+rwX log/
chmod -R u+rwX tmp/
sudo -u git -H mkdir /home/git/gitlab-satellites
chmod u+rwx,g=rx,o-rwx /home/git/gitlab-satellites
sudo -u git -H mkdir public/uploads
chmod -R u+rwX tmp/pids/
chmod -R u+rwX tmp/sockets/
chmod -R u+rwX public/uploads
sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb
错误日志目录：
/home/git/gitlab/log/production.log
编辑配置文件unicorn.rb
sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb
sudo -u git -H vim config/unicorn.rb
listen "192.168.1.170:8000", :tcp_nopush => true

特别注意：比较差配置的机器，注意将unicorn.rb中的timeout设置大一点，因为第一次启动的时候Gitlab需要初始化，如果timeout太小，由于需要执行较长时间，导致无法正常启动，出现502错误

拷贝配置文件rack_attack.rb
sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb
定义全局的用户和邮箱
sudo -u git -H git config --global user.name "gitLab"
sudo -u git -H git config --global user.email "gitlab@zhongjiu.com"
sudo -u git -H git config --global core.autocrlf input
编辑连接redis配置

拷贝配置
sudo -u git -H cp config/resque.yml.example config/resque.yml
连接redis配置，默认配置，未修改
vim config/resque.yml
两种方式任选其一：
#———————————–
development:
url: redis://localhost:6379
production:
url: redis://localhost:6379
development:
url: redis://localhost:6379
------------------------------
development: unix:/var/run/redis/redis.sock
test: unix:/var/run/redis/redis.sock
production: unix:/var/run/redis/redis.sock
#———————————–
配置gitlab数据库文件
sudo -u git cp config/database.yml.mysql config/database.yml
sudo -u git -H vim config/database.yml
production:
adapter: mysql2
encoding: utf8
collation: utf8_general_ci
reconnect: false
database: gitlabhq_production
pool: 10
username: git
password: "123qwe"
host: 192.168.1.170
socket: /tmp/mysql.sock
安装gems
修改默认的源为taobao源
/home/git/gitlab
vim Gemfile
#source 'https://rubygems.org'
source 'https://gems.ruby-china.org/'
----------------------------
gem update --system
gem install rubygems-update
update_rubygems
gem install rdoc-data; rdoc-data --install

bundle install
yum -y install postgresql-devel.x86_64
chmod 777 /home/git/gitlab/.bundle/config

sudo -u git -H bundle install --deployment --without development test postgres aws

安装gitlab-shell
mkdir /home/git/repositories
chown git:git /home/git/repositories/
根据自己redis启动模式来二选一
#sudo -u git -H bundle exec rake gitlab:shell:install REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production
#sudo -u git -H bundle exec rake gitlab:shell:install REDIS_URL=redis://127.0.0.1:6379 RAILS_ENV=production

vim /home/git/gitlab-shell/config.yml
---
user: git
gitlab_url: "http://192.168.1.170:8000/"
http_settings:
self_signed_cert: true
repos_path: "/home/git/repositories/"
auth_file: "/home/git/.ssh/authorized_keys"
redis:
bin: "/usr/bin/redis-cli"
host: 192.168.1.170
port: 6379
namespace: resque:gitlab

log_level: INFO
audit_usernames: false
安装
cd bin/
./install
#检查是否有问题
#/home/git/gitlab-shell/bin/check

安装gitlab-workhorse
yum -y install golang.x86_64

sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-workhorse.git
cd gitlab-workhorse
sudo -u git -H make

#设置密码(任选其一)
#第一次登陆设置
sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production
#默认设置
sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=git@123.qwe
成功提示：
== Seed from /home/git/gitlab/db/fixtures/production/001_admin.rb
Administrator account created:

login: root
password: git@123.qwe

安装启动脚本和设置开机启动
cd /home/git/gitlab/
sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab
chmod +x /etc/init.d/gitlab
chkconfig –add gitlab
chkconfig gitlab on
sudo chmod +x /home/git/gitlab/bin/background_jobs
sudo chmod +x /home/git/gitlab/bin/web
安装 Logrotate
sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
sudo chmod 700 /home/git/gitlab/public/uploads
检查GitLab及其环境的配置是否正确：
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
编译
sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
System information
System:
Current User: git
Using RVM: no
Ruby Version: 2.2.5p319
Gem Version: 2.6.8
Bundler Version:1.13.6
Rake Version: 10.5.0
Sidekiq Version:4.2.1

GitLab information
Version: 8.15.0-pre
Revision: 63b57e5
Directory: /home/git/gitlab
DB Adapter: mysql2
URL: http://localhost
HTTP Clone URL: http://localhost/some-group/some-project.git
SSH Clone URL: git@localhost:some-group/some-project.git
Using LDAP: no
Using Omniauth: no

GitLab Shell
Version: 4.0.0
Repository storage paths:
- default: /home/git/repositories/
Hooks: /home/git/gitlab-shell/hooks/
Git: /usr/local/bin/git

nginx配置：
user www www;
worker_processes auto;
#error_log logs/error.log error;
#pid logs/nginx.pid;

worker_rlimit_nofile 65536;

events
{
use epoll;
accept_mutex off;
worker_connections 65536;
}

http
{
include mime.types;
default_type application/octet-stream;
charset UTF-8;
server_names_hash_bucket_size 128;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
client_max_body_size 20m;

open_file_cache max=65536 inactive=60s;
open_file_cache_valid 80s;
open_file_cache_min_uses 1;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;
sendfile on;
server_tokens off;
keepalive_timeout 90;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 64k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
include vhost/*.conf;
}

cat /usr/local/nginx/conf/vhost/gitlab.conf
upstream gitlab {
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
}
server {
listen 80;
server_name localhost;

access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;

root /home/git/gitlab/public;

location / {
client_max_body_size 0;
gzip off;

proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;

proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://gitlab;
}

error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
location ~ ^/(404|422|500|502|503).html$ {
root /home/git/gitlab/public;
internal;
}
}

访问：

检查各个应用状态
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production

/home/git/gitlab/config/unicorn.rb：配置ruby提供的服务端口，ip

/home/git/gitlab/config/gitlab.yml：配置gitlab服务的端口，ip

/home/git/gitlab-shell/config.yml：配置gitlab-shell要调用的API接口