第一步:(安装工具包)
sudo yum install curl openssh-server postfix cronie sudo service postfix start sudo chkconfig postfix on sudo lokkit -s http -s ssh
第二步:(安装ruby,如果已安装则可跳过这个步骤)
sudo yum install ruby ruby-irb
第三步:(下载并安装gitlab-ce-xx.rpm安装包)
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash sudo yum install gitlab-ce
如果下载过于缓慢或下载失败,则可选择使用以下方式
http://pan.baidu.com/s/1kTzsCfX
如果已成功下载,则使用下面的命令安装
rpm -i gitlab-ce-XXX.rpm
第四步:(修复软连接)
首先修复modprobe
rm -f /sbin/modprobe ln -s /bin/true /sbin/modprobe
其次修复sysctl
rm -f /sbin/sysctl ln -s /bin/true /sbin/sysctl
如果在配置使用过程中,出现了以下错误,一定要使用上述操作步骤进行修复
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key error: "net.bridge.bridge-nf-call-iptables" is an unknown key error: "net.bridge.bridge-nf-call-arptables" is an unknown key error: permission denied on key 'net.ipv4.tcp_max_syn_backlog' error: permission denied on key 'net.core.netdev_max_backlog' error: permission denied on key 'net.core.wmem_default' error: permission denied on key 'net.core.rmem_default' error: permission denied on key 'net.core.rmem_max' error: permission denied on key 'net.core.wmem_max' error: permission denied on key 'net.ipv4.tcp_timestamps' error: permission denied on key 'net.ipv4.tcp_synack_retries' error: permission denied on key 'net.ipv4.tcp_syn_retries' error: permission denied on key 'net.ipv4.tcp_tw_recycle' error: permission denied on key 'net.ipv4.tcp_tw_reuse' error: permission denied on key 'net.ipv4.tcp_mem' error: permission denied on key 'net.ipv4.tcp_max_orphans' error: permission denied on key 'net.ipv4.ip_local_port_range'
第五步:(修改日志文件夹的访问权限)
sudo chmod -R 777 /var/log/gitlab
第六步:(配置gitlab.rb文件,主要看未注释掉的代码部分)
sudo nano /etc/gitlab/gitlab.rb
修改后的文件如下
## Latest options listed at https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template ## Url on which GitLab will be reachable. ## For more details on configuring external_url see: ## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#configuring-the-external-url-for-gitlab external_url 'http://localhost' ## Note: configuration settings below are optional. ## Uncomment and change the value. ############################ # gitlab.yml configuration # ############################ # gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com' # gitlab_rails['time_zone'] = 'UTC' # gitlab_rails['gitlab_email_enabled'] = true gitlab_rails['gitlab_email_from'] = 'xxxxxxxx@163.com' # gitlab_rails['gitlab_email_display_name'] = 'Example' # gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com' # gitlab_rails['gitlab_default_can_create_group'] = true # gitlab_rails['gitlab_username_changing_enabled'] = true # gitlab_rails['gitlab_default_theme'] = 2 # gitlab_rails['gitlab_restricted_visibility_levels'] = nil # to restrict public and internal: ['public', 'internal'] # gitlab_rails['gitlab_default_projects_features_issues'] = true # gitlab_rails['gitlab_default_projects_features_merge_requests'] = true # gitlab_rails['gitlab_default_projects_features_wiki'] = true # gitlab_rails['gitlab_default_projects_features_snippets'] = false # gitlab_rails['gitlab_default_projects_features_visibility_level'] = 'private' # gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories' # gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' # gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' # gitlab_rails['webhook_timeout'] = 10 ## Reply by email # You need access to IMAP-enabled email account. For details # see http://doc.gitlab.com/ce/incoming_email/README.html # gitlab_rails['incoming_email_enabled'] = true # gitlab_rails['incoming_email_address'] = "incoming+%{key}@gitlab.example.com" # gitlab_rails['incoming_email_host'] = "imap.gmail.com" # IMAP server host # gitlab_rails['incoming_email_port'] = 993 # IMAP server port # gitlab_rails['incoming_email_ssl'] = true # Whether the IMAP server uses SSL # gitlab_rails['incoming_email_start_tls'] = false # Whether the IMAP server uses StartTLS # gitlab_rails['incoming_email_email'] = "incoming@gitlab.example.com" # Email account username. Usually the full email address. # gitlab_rails['incoming_email_password'] = "password" # Email account password # gitlab_rails['incoming_email_mailbox_name'] = "inbox" # The name of the mailbox where incoming mail will end up. # gitlab_rails['incoming_email_log_directory'] = "/var/log/gitlab/mailroom" ## For setting up LDAP ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#setting-up-ldap-sign-in ## Be careful not to break the identation in the ldap_servers block. It is in ## yaml format and the spaces must be retained. Using tabs will not work. # gitlab_rails['ldap_enabled'] = false # gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below # main: # 'main' is the GitLab 'provider ID' of this LDAP server # label: 'LDAP' # host: '_your_ldap_server' # port: 389 # uid: 'sAMAccountName' # method: 'plain' # "tls" or "ssl" or "plain" # bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' # password: '_the_password_of_the_bind_user' # active_directory: true # allow_username_or_email_login: false # block_auto_created_users: false # base: '' # user_filter: '' # ## EE only # group_base: '' # admin_group: '' # sync_ssh_keys: false # # secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server # label: 'LDAP' # host: '_your_ldap_server' # port: 389 # uid: 'sAMAccountName' # method: 'plain' # "tls" or "ssl" or "plain" # bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' # password: '_the_password_of_the_bind_user' # active_directory: true # allow_username_or_email_login: false # block_auto_created_users: false # base: '' # user_filter: '' # ## EE only # group_base: '' # admin_group: '' # sync_ssh_keys: false # EOS ## Setting up Kerberos (EE only) ## See http://doc.gitlab.com/ee/integration/kerberos.html#http-git-access # gitlab_rails['kerberos_enabled'] = true # gitlab_rails['kerberos_keytab'] = /etc/http.keytab # gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM # gitlab_rails['kerberos_use_dedicated_port'] = true # gitlab_rails['kerberos_port'] = 8443 # gitlab_rails['kerberos_https'] = true ## For setting up omniauth ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#omniauth-google-twitter-github-login # gitlab_rails['omniauth_enabled'] = true # gitlab_rails['omniauth_allow_single_sign_on'] = false # gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml' # gitlab_rails['omniauth_block_auto_created_users'] = true # gitlab_rails['omniauth_auto_link_ldap_user'] = false # gitlab_rails['omniauth_providers'] = [ # { # "name" => "google_oauth2", # "app_id" => "YOUR APP ID", # "app_secret" => "YOUR APP SECRET", # "args" => { "access_type" => "offline", "approval_prompt" => "" } # } # ] # # If you setup bitbucket importer under omniauth providers you will need to add the keys # which will allow connection between bitbucket and gitlab. # For details see http://doc.gitlab.com/ce/integration/bitbucket.html # gitlab_rails['bitbucket'] = { # 'known_hosts_key' => 'bitbucket.org,207.223.240.182 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==', # 'private_key' => '-----BEGIN RSA PRIVATE KEY----- # MIIEowIBAAKCAQEAyXxYHwz2KjcwSjTREwlhYHqrf/8U0UM8ej3cqQ551gE4Wo3t # -----END RSA PRIVATE KEY-----', # 'public_key' => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJfFgfDPYqN git@gitlab.example.com' # } ## For setting up backups ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#backups # gitlab_rails['backup_path'] = "/var/opt/gitlab/backups" # gitlab_rails['backup_archive_permissions'] = 0644 # See: http://doc.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions # gitlab_rails['backup_pg_schema'] = 'public' # gitlab_rails['backup_keep_time'] = 604800 # gitlab_rails['backup_upload_connection'] = { # 'provider' => 'AWS', # 'region' => 'eu-west-1', # 'aws_access_key_id' => 'AKIAKIAKI', # 'aws_secret_access_key' => 'secret123' # } # gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket' # gitlab_rails['backup_multipart_chunk_size'] = 104857600 ## For setting up different data storing directory ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#storing-git-data-in-an-alternative-directory ## If you want to use a single non-default directory to store git data use ## a path that doesn't contain symlinks. # git_data_dir "/var/opt/gitlab/git-data" # gitlab_rails['satellites_timeout'] = 30 ## GitLab Shell settings for GitLab # gitlab_rails['gitlab_shell_ssh_port'] = 22 # gitlab_rails['git_max_size'] = 20971520 # gitlab_rails['git_timeout'] = 10 ## Extra customization # gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id' # gitlab_rails['extra_piwik_url'] = '_your_piwik_url' # gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id' # gitlab_rails['extra_sign_in_text'] = '| # ![Company Logo](http://www.companydomain.com/logo.png) # [Learn more about CompanyName](http://www.companydomain.com/)' # gitlab_rails['env'] = { # 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile", # 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin" # } # gitlab_rails['rack_attack_git_basic_auth'] = { # 'enabled' => true, # 'ip_whitelist' => ["127.0.0.1"], # 'maxretry' => 10, # 'findtime' => 60, # 'bantime' => 3600 # } # We do not recommend changing these directories. # gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails" # gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails" ############################### # GitLab application settings # ############################### # gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads" # gitlab_rails['rate_limit_requests_per_period'] = 10 # gitlab_rails['rate_limit_period'] = 60 # Change the initial default admin password. # Only applicable on inital setup, changing this setting after database is created and seeded # won't yield any change. # gitlab_rails['initial_root_password'] = "password" ############################ # GitLab database settings # ############################ ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/database.md#database-settings ## Only needed if you use an external database. # gitlab_rails['db_adapter'] = "postgresql" # gitlab_rails['db_encoding'] = "unicode" # gitlab_rails['db_database'] = "gitlabhq_production" # gitlab_rails['db_pool'] = 10 # gitlab_rails['db_username'] = "gitlab" # gitlab_rails['db_password'] = nil # gitlab_rails['db_host'] = nil # gitlab_rails['db_port'] = 5432 # gitlab_rails['db_socket'] = nil # gitlab_rails['db_sslmode'] = nil # gitlab_rails['db_sslrootcert'] = nil ######################### # GitLab redis settings # ######################### ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/redis.md#redis-settings ## Connect to your own redis instance. # gitlab_rails['redis_host'] = "127.0.0.1" # gitlab_rails['redis_port'] = nil # gitlab_rails['redis_password'] = nil # gitlab_rails['redis_database'] = 0 # gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket" ################################ # GitLab email server settings # ################################ # see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/smtp.md#smtp-settings # Use smtp instead of sendmail/postfix. gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.163.com" gitlab_rails['smtp_port'] = 25 gitlab_rails['smtp_user_name'] = "xxxxxxxx@163.com" gitlab_rails['smtp_password'] = "mjaiuhvi" gitlab_rails['smtp_domain'] = "163.com" gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_tls'] = false gitlab_rails['smtp_openssl_verify_mode'] = 'none' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert', see http://api.rubyonrails.org/classes/ActionMailer/Base.html # gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs" # gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt" ########################## # GitLab git http server # ########################## # see https://gitlab.com/gitlab-org/gitlab-git-http-server/blob/master/README.md # gitlab_git_http_server['enable'] = true # gitlab_git_http_server['ha'] = false # gitlab_git_http_server['repo_root'] = "/var/opt/gitlab/git-data/repositories" # gitlab_git_http_server['listen_network'] = "unix" # gitlab_git_http_server['listen_umask'] = 000 # gitlab_git_http_server['listen_addr'] = "/var/opt/gitlab/gitlab-git-http-server/socket" # gitlab_git_http_server['auth_backend'] = "http://localhost:8080" # gitlab_git_http_server['pprof_listen_addr'] = "''" # put an empty string on the command line # gitlab_git_http_server['dir'] = "/var/opt/gitlab/gitlab-git-http-server" # gitlab_git_http_server['log_dir'] = "/var/log/gitlab/gitlab-git-http-server" ############### # GitLab user # ############### ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#changing-the-name-of-the-git-user-group ## Modify default git user. user['username'] = "gitlab" user['group'] = "gitlab" # user['uid'] = nil # user['gid'] = nil # # The shell for the git user #user['shell'] = "/bin/sh" # # The home directory for the git user #user['home'] = "/var/opt/gitlab" #user['git_user_name'] = "GitLab" user['git_user_email'] = "xxxxxxxx@163.com" ################## # GitLab Unicorn # ################## ## Tweak unicorn settings. # unicorn['worker_timeout'] = 60 # unicorn['worker_processes'] = 2 ## Advanced settings # unicorn['listen'] = '127.0.0.1' # unicorn['port'] = 8080 # unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' # unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid' # unicorn['tcp_nopush'] = true # unicorn['backlog_socket'] = 1024 # Make sure somaxconn is equal or higher then backlog_socket # unicorn['somaxconn'] = 1024 # We do not recommend changing this setting # unicorn['log_directory'] = "/var/log/gitlab/unicorn" ## Only change these settings if you understand well what they mean ## see https://about.gitlab.com/2015/06/05/how-gitlab-uses-unicorn-and-unicorn-worker-killer/ ## and https://github.com/kzk/unicorn-worker-killer # unicorn['worker_memory_limit_min'] = "200*(1024**2)" # unicorn['worker_memory_limit_max'] = "250*(1024**2)" ################## # GitLab Sidekiq # ################## # sidekiq['log_directory'] = "/var/log/gitlab/sidekiq" # sidekiq['shutdown_timeout'] = 4 ################ # gitlab-shell # ################ # gitlab_shell['audit_usernames'] = false # gitlab_shell['log_level'] = 'INFO' # gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false} # gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/" ## If enabled, git-annex needs to be installed on the server where gitlab is setup # For Debian and Ubuntu systems this can be done with: sudo apt-get install git-annex # For CentOS: sudo yum install epel-release && sudo yum install git-annex # gitlab_shell['git_annex_enabled'] = false ##################### # GitLab PostgreSQL # ##################### postgresql['enable'] = true # postgresql['listen_address'] = nil postgresql['port'] = 5432 postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data" postgresql['shared_buffers'] = "10MB" # recommend value is 1/4 of total RAM, up to 14GB. ## Advanced settings # postgresql['ha'] = false # postgresql['dir'] = "/var/opt/gitlab/postgresql" postgresql['dir'] = "/tmp" # postgresql['log_directory'] = "/var/log/gitlab/postgresql" # postgresql['username'] = "gitlab-psql" # postgresql['uid'] = nil # postgresql['gid'] = nil # postgresql['shell'] = "/bin/sh" postgresql['home'] = "/var/opt/gitlab/postgresql" # postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH" postgresql['sql_user'] = "gitlab" postgresql['sql_ci_user'] = "gitlab_ci" postgresql['max_connections'] = 200 # postgresql['md5_auth_cidr_addresses'] = [] # postgresql['trust_auth_cidr_addresses'] = [] # postgresql['shmmax'] = 17179869184 # or 4294967295 # postgresql['shmall'] = 4194304 # or 1048575 # postgresql['work_mem'] = "8MB" # postgresql['effective_cache_size'] = "1MB" # postgresql['checkpoint_segments'] = 10 postgresql['checkpoint_timeout'] = "5min" # postgresql['checkpoint_completion_target'] = 0.9 postgresql['checkpoint_warning'] = "60s" ################ # GitLab Redis # ################ ## Can be disabled if you are using your own redis instance. # redis['enable'] = true # redis['username'] = "gitlab-redis" # redis['uid'] = nil # redis['gid'] = nil ##################### # GitLab Web server # ##################### ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/nginx.md#using-a-non-bundled-web-server ## When bundled nginx is disabled we need to add the external webserver user to the GitLab webserver group. # web_server['external_users'] = [] # web_server['username'] = 'gitlab-www' # web_server['group'] = 'gitlab-www' # web_server['uid'] = nil # web_server['gid'] = nil # web_server['shell'] = '/bin/false' # web_server['home'] = '/var/opt/gitlab/nginx' ################ # GitLab Nginx # ################ ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/nginx.md # nginx['enable'] = true # nginx['client_max_body_size'] = '250m' # nginx['redirect_http_to_https'] = false # nginx['redirect_http_to_https_port'] = 80 # nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt" # Most root CA's are included by default # nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt" # nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" # nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" # nginx['ssl_prefer_server_ciphers'] = "on" # nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" # recommended by https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ # nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html # nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html # nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem # nginx['listen_addresses'] = ['*'] # nginx['listen_port'] = nil # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port # nginx['listen_https'] = nil # override only if your reverse proxy internally communicates over HTTP: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl # nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ { deny all; } " # nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;" # nginx['proxy_read_timeout'] = 300 # nginx['proxy_connect_timeout'] = 300 ## Advanced settings # nginx['dir'] = "/var/opt/gitlab/nginx" # nginx['log_directory'] = "/var/log/gitlab/nginx" # nginx['worker_processes'] = 4 # nginx['worker_connections'] = 10240 # nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"' # nginx['sendfile'] = 'on' # nginx['tcp_nopush'] = 'on' # nginx['tcp_nodelay'] = 'on' # nginx['gzip'] = "on" # nginx['gzip_http_version'] = "1.0" # nginx['gzip_comp_level'] = "2" # nginx['gzip_proxied'] = "any" # nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ] # nginx['keepalive_timeout'] = 65 # nginx['cache_max_size'] = '5000m' ################## # GitLab Logging # ################## ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#logs # logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data # logging['svlogd_num'] = 30 # keep 30 rotated log files # logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours # logging['svlogd_filter'] = "gzip" # compress logs with gzip # logging['svlogd_udp'] = nil # transmit log messages via UDP # logging['svlogd_prefix'] = nil # custom prefix for log messages # logging['logrotate_frequency'] = "daily" # rotate logs daily # logging['logrotate_size'] = nil # do not rotate by size by default # logging['logrotate_rotate'] = 30 # keep 30 rotated logs # logging['logrotate_compress'] = "compress" # see 'man logrotate' # logging['logrotate_method'] = "copytruncate" # see 'man logrotate' # logging['logrotate_postrotate'] = nil # no postrotate command by default # Enterprise Edition only # logging['udp_log_shipping_host'] = nil # remote host to ship log messages to via UDP # logging['udp_log_shipping_port'] = 514 # remote host to ship log messages to via UDP ############# # Logrotate # ############# ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#logrotate ## You can disable built in logrotate feature. # logrotate['enable'] = true ############################# # Users and groups accounts # ############################# ## Should omnibus-gitlab package manage users and groups accounts. ## Only set if creating accounts manually ## #user['username'] = "gitlab" #user['group'] = "gitlab" # manage_accounts['enable'] = true ####### # Git # ####### ## Advanced setting for configuring git system settings for omnibus-gitlab internal git ## For multiple options under one header use array of comma separated values, eg. ## { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] } # omnibus_gitconfig['system'] = { "receive" => ["fsckObjects = true"] } ############################################ # Url on which GitLab CI will be reachable # ############################################ ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/gitlab-ci/README.md # ci_external_url 'http://ci.example.com' ################################# # application.yml configuration # ################################# # gitlab_ci['gitlab_server'] = { "url" => 'http://gitlab.example.com', "app_id" => '12345678', "app_secret" => 'QWERTY12345' } # gitlab_ci['gitlab_ci_email_from'] = 'gitlab-ci@example.com' # gitlab_ci['gitlab_ci_support_email'] = 'gitlab-ci@example.com' # gitlab_ci['gitlab_ci_all_broken_builds'] = true # gitlab_ci['gitlab_ci_add_pusher'] = true # gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds' # gitlab_ci['gravatar_enabled'] = true # gitlab_ci['gravatar_plain_url'] = "http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=mm" # gitlab_ci['gravatar_ssl_url'] = "https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm" ## For setting up backups ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#backups # gitlab_ci['backup_path'] = "/var/opt/gitlab/ci-backups" # gitlab_ci['backup_keep_time'] = 604800 # gitlab_ci['backup_upload_connection'] = { # 'provider' => 'AWS', # 'region' => 'eu-west-1', # 'aws_access_key_id' => 'AKIAKIAKI', # 'aws_secret_access_key' => 'secret123' # } # gitlab_ci['backup_upload_remote_directory'] = 'my.s3.bucket' # gitlab_ci['backup_multipart_chunk_size'] = 104857600 ############################### # GitLab CI database settings # ############################### ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/database.md#database-settings ## Only needed if you use an external database. # gitlab_ci['db_adapter'] = "postgresql" # gitlab_ci['db_encoding'] = "unicode" # gitlab_ci['db_database'] = "gitlab_ci_production" # gitlab_ci['db_pool'] = 10 # gitlab_ci['db_username'] = "gitlab_ci" # gitlab_ci['db_password'] = nil # gitlab_ci['db_host'] = nil # gitlab_ci['db_port'] = 5432 # gitlab_ci['db_socket'] = nil # gitlab_ci['db_sslmode'] = nil # gitlab_ci['db_sslrootcert'] = nil ############################ # GitLab CI redis settings # ############################ ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/redis.md#redis-settings ## Connect to your own redis instance. # gitlab_ci['redis_host'] = "127.0.0.1" # gitlab_ci['redis_port'] = nil # gitlab_ci['redis_socket'] = "/var/opt/gitlab/ci-redis/redis.socket" ################################### # GitLab CI email server settings # ################################### ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/smtp.md#smtp-settings # gitlab_ci['smtp_enable'] = true # gitlab_ci['smtp_address'] = "smtp.server" # gitlab_ci['smtp_port'] = 456 # gitlab_ci['smtp_user_name'] = "smtp user" # gitlab_ci['smtp_password'] = "smtp password" # gitlab_ci['smtp_domain'] = "example.com" # gitlab_ci['smtp_authentication'] = "login" # gitlab_ci['smtp_enable_starttls_auto'] = true # gitlab_ci['smtp_tls'] = false # gitlab_ci['smtp_openssl_verify_mode'] = false ############# # GitLab CI # ############# # gitlab_ci['schedule_builds_minute'] = "0" # gitlab_ci['env'] = { # 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-ci/Gemfile", # 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin" # } # gitlab_ci['username'] = "gitlab-ci" # gitlab_ci['uid'] = nil # gitlab_ci['gid'] = nil ##################### # GitLab CI Unicorn # ##################### ## Tweak unicorn settings. # ci_unicorn['worker_processes'] = 2 # ci_unicorn['worker_timeout'] = 60 ## Advanced settings # ci_unicorn['listen'] = '127.0.0.1' # ci_unicorn['port'] = 8181 # ci_unicorn['socket'] = '/var/opt/gitlab/gitlab-ci/sockets/gitlab.socket' # ci_unicorn['pidfile'] = '/opt/gitlab/var/ci-unicorn/unicorn.pid' # ci_unicorn['tcp_nopush'] = true # ci_unicorn['backlog_socket'] = 1024 ################### # GitLab CI Redis # ################### ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/redis.md ## You can turn off bundled redis if you want to use your own redis instanance # ci_redis['enable'] = true ################### # GitLab CI NGINX # ################### ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/nginx.md ## You can tell the bundled NGINX that it should not serve up GitLab CI by setting ci_nginx['enable'] to false. # ci_nginx['enable'] = false # ci_nginx['client_max_body_size'] = '250m' # ci_nginx['redirect_http_to_https'] = false # ci_nginx['redirect_http_to_https_port'] = 80 # ci_nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt" # ci_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" # ci_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" # ci_nginx['ssl_prefer_server_ciphers'] = "on" # ci_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" # recommended by https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ # ci_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html # ci_nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html # ci_nginx['ssl_dhparam'] = nil # Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem # ci_nginx['listen_addresses'] = ['*'] # ci_nginx['listen_port'] = nil # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port # ci_nginx['listen_https'] = nil # override only if your reverse proxy internally communicates over HTTP: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl # ci_nginx['custom_gitlab_ci_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ { deny all; } " # ci_nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;" # ci_nginx['resolver'] = "8.8.8.8 8.8.4.4" ## Advanced settings # ci_nginx['dir'] = "/var/opt/gitlab/nginx" # ci_nginx['log_directory'] = "/var/log/gitlab/nginx" # ci_nginx['worker_processes'] = 4 # ci_nginx['worker_connections'] = 10240 # ci_nginx['sendfile'] = 'on' # ci_nginx['tcp_nopush'] = 'on' # ci_nginx['tcp_nodelay'] = 'on' # ci_nginx['gzip'] = "on" # ci_nginx['gzip_http_version'] = "1.0" # ci_nginx['gzip_comp_level'] = "2" # ci_nginx['gzip_proxied'] = "any" # ci_nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ] # ci_nginx['keepalive_timeout'] = 65 # ci_nginx['cache_max_size'] = '5000m' ##################### # GitLab Mattermost # ##################### # mattermost_external_url 'http://mattermost.example.com' # # mattermost['enable'] = false # mattermost['username'] = 'mattermost' # mattermost['group'] = 'mattermost' # mattermost['home'] = '/var/opt/gitlab/mattermost' # mattermost['database_name'] = 'mattermost_production' # mattermost['log_file_directory'] = '/var/log/gitlab/mattermost' # mattermost['log_console_enable'] = true # mattermost['log_console_level'] = 'INFO' # mattermost['log_file_enable'] = false # mattermost['log_file_level'] = 'INFO' # mattermost['log_file_format'] = nil # mattermost['service_site_name'] = "GitLab Mattermost" # mattermost['service_mode'] = 'beta' # mattermost['service_allow_testing'] = false # mattermost['service_use_ssl'] = false # mattermost['service_port'] = "8065" # mattermost['service_version'] = "developer" # mattermost['service_analytics_url'] = nil # mattermost['service_use_local_storage'] = true # mattermost['service_storage_directory'] = "/var/opt/gitlab/mattermost/data" # mattermost['service_allowed_login_attempts'] = 10 # mattermost['service_disable_email_signup'] = true # mattermost['sql_driver_name'] = 'mysql' # mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8" # mattermost['sql_data_source_replicas'] = ["mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"] # mattermost['sql_max_idle_conns'] = 10 # mattermost['sql_max_open_conns'] = 10 # mattermost['sql_trace'] = false # mattermost['oauth'] = {'gitlab' => {'Allow' => true, 'Secret' => "123", 'Id' => "123", "AuthEndpoint" => "aa", "TokenEndpoint" => "bb", "UserApiEndpoint" => "cc", "Scope" => "" }} # mattermost['aws'] = {'S3AccessKeyId' => '123', 'S3SecretAccessKey' => '123', 'S3Bucket' => 'aa', 'S3Region' => 'bb'} # mattermost['image_thumbnail_width'] = 120 # mattermost['image_thumbnail_height'] = 100 # mattermost['image_preview_width'] = 1024 # mattermost['image_preview_height'] = 0 # mattermost['image_profile_width'] = 128 # mattermost['image_profile_height'] = 128 # mattermost['image_initial_font'] = 'luximbi.ttf' # mattermost['email_by_pass_email'] = true # mattermost['email_smtp_username'] = nil # mattermost['email_smtp_password'] = nil # mattermost['email_smtp_server'] = nil # mattermost['email_use_tls'] = false # mattermost['email_use_start_tls'] = false # mattermost['email_feedback_email'] = nil # mattermost['email_feedback_name'] = nil # mattermost['email_apple_push_server'] = nil # mattermost['email_apple_push_cert_public'] = nil # mattermost['email_apple_push_cert_private'] = nil # mattermost['ratelimit_use_rate_limiter'] = true # mattermost['ratelimit_per_sec'] = 10 # mattermost['ratelimit_memory_store_size'] = 10000 # mattermost['ratelimit_vary_by_remote_addr'] = true # mattermost['ratelimit_vary_by_header'] = nil # mattermost['privacy_show_email_address'] = true # mattermost['privacy_show_phone_number'] = true # mattermost['privacy_show_skype_id'] = true # mattermost['privacy_show_full_name'] = true # mattermost['team_max_users_per_team'] = 150 # mattermost['team_allow_public_link'] = true # mattermost['team_allow_valet_default'] = false # mattermost['team_terms_link'] = '/static/help/configure_links.html' # mattermost['team_privacy_link'] = '/static/help/configure_links.html' # mattermost['team_about_link'] = '/static/help/configure_links.html' # mattermost['team_help_link'] = '/static/help/configure_links.html' # mattermost['team_report_problem_link'] = '/static/help/configure_links.html' # mattermost['team_tour_link'] = '/static/help/configure_links.html' # mattermost['team_default_color'] = '#2389D7' # mattermost['team_disable_team_creation'] = true # mattermost['team_restrict_creation_to_domains'] = "gmail.com" #################### # Mattermost NGINX # #################### # mattermost_nginx['enable'] = false # mattermost_nginx['client_max_body_size'] = '250m' # mattermost_nginx['redirect_http_to_https'] = false # mattermost_nginx['redirect_http_to_https_port'] = 80 # mattermost_nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt" # mattermost_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" # mattermost_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" # mattermost_nginx['ssl_prefer_server_ciphers'] = "on" # mattermost_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" # recommended by https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ # mattermost_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html # mattermost_nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html # mattermost_nginx['ssl_dhparam'] = nil # Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem # mattermost_nginx['listen_addresses'] = ['*'] # mattermost_nginx['listen_port'] = nil # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port # mattermost_nginx['listen_https'] = nil # override only if your reverse proxy internally communicates over HTTP: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl # mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ { deny all; } " # mattermost_nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;" ## Advanced settings # mattermost_nginx['dir'] = "/var/opt/gitlab/nginx" # mattermost_nginx['log_directory'] = "/var/log/gitlab/nginx" # mattermost_nginx['worker_processes'] = 4 # mattermost_nginx['worker_connections'] = 10240 # mattermost_nginx['sendfile'] = 'on' # mattermost_nginx['tcp_nopush'] = 'on' # mattermost_nginx['tcp_nodelay'] = 'on' # mattermost_nginx['gzip'] = "on" # mattermost_nginx['gzip_http_version'] = "1.0" # mattermost_nginx['gzip_comp_level'] = "2" # mattermost_nginx['gzip_proxied'] = "any" # mattermost_nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ] # mattermost_nginx['keepalive_timeout'] = 65 # mattermost_nginx['cache_max_size'] = '5000m'
注:在这里唯一需要修改的就是把文件里xxxxxxxx@163.com这个邮件地址改为自己真实可用的邮箱地址即可,好像一共有三处;其次别忘了在这里修改自己的邮箱密码,如果是163邮箱,录入的密码不是真实的邮箱密码,而是代理密码,即一个加密后的密码串,具体情况自己可登录163邮箱查看。
gitlab_rails['smtp_user_name'] = "xxxxxxxx@163.com" gitlab_rails['smtp_password'] = "mjaiuhvi"
第七步:(修改PostgreSQL的配置文件)
在这里需要依次修改两个文件(如果你需要远程访问PostgreSQL数据库,需要再额外的修改postgresql.conf文件),分别为pg_hba.conf与postgresql.conf文件
sudo nano /var/opt/gitlab/postgresql/data/pg_hba.conf sudo nano /var/opt/gitlab/postgresql/data/postgresql.conf
1)配置待访问的主机IP(客户端)
# This file is managed by gitlab-ctl. Manual changes will be # erased! To change the contents below, edit /etc/gitlab/gitlab.rb # and run `sudo gitlab-ctl reconfigure`. # PostgreSQL Client Authentication Configuration File # =================================================== # # Refer to the "Client Authentication" section in the # PostgreSQL documentation for a complete description # of this file. A short synopsis follows. # # This file controls: which hosts are allowed to connect, how clients # are authenticated, which PostgreSQL user names they can use, which # databases they can access. Records take one of these forms: # # local DATABASE USER METHOD [OPTION] # host DATABASE USER CIDR-ADDRESS METHOD [OPTION] # hostssl DATABASE USER CIDR-ADDRESS METHOD [OPTION] # hostnossl DATABASE USER CIDR-ADDRESS METHOD [OPTION] # # (The uppercase items must be replaced by actual values.) # # The first field is the connection type: "local" is a Unix-domain socket, # "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an # SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket. # # DATABASE can be "all", "sameuser", "samerole", a database name, or # a comma-separated list thereof. # # USER can be "all", a user name, a group name prefixed with "+", or # a comma-separated list thereof. In both the DATABASE and USER fields # you can also write a file name prefixed with "@" to include names from # a separate file. # # CIDR-ADDRESS specifies the set of hosts the record matches. # It is made up of an IP address and a CIDR mask that is an integer # (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies # the number of significant bits in the mask. Alternatively, you can write # an IP address and netmask in separate columns to specify the set of hosts. # # METHOD can be "trust", "reject", "md5", "crypt", "password", "gss", "sspi", # "krb5", "ident", "pam" or "ldap". Note that "password" sends passwords # in clear text; "md5" is preferred since it sends encrypted passwords. # # OPTION is the ident map or the name of the PAM service, depending on METHOD. # # Database and user names containing spaces, commas, quotes and other special # characters must be quoted. Quoting one of the keywords "all", "sameuser" or # "samerole" makes the name lose its special character, and just match a # database or username with that name. # # This file is read on server startup and when the postmaster receives # a SIGHUP signal. If you edit the file on a running system, you have # to SIGHUP the postmaster for the changes to take effect. You can use # "pg_ctl reload" to do that. # Put your actual configuration here # ---------------------------------- # # If you want to allow non-local connections, you need to add more # "host" records. In that case you will also need to make PostgreSQL listen # on a non-local interface via the listen_addresses configuration parameter, # or via the -i or -h command line switches. # # TYPE DATABASE USER CIDR-ADDRESS METHOD # "local" is for Unix domain socket connections only local all all trust host all all 192.168.30.0/24 trust host all all 192.168.10.0/24 trust #map=gitlab
如果希望某个IP段的主机也可以访问数据库,只需再增加这个段就可以了,例如192.168.10.0~192.168.10.255,就可以写成以下的方式
host all all 192.168.10.0/24 trust
2)启用监听所有客户端
1 # This file is managed by gitlab-ctl. Manual changes will be 2 # erased! To change the contents below, edit /etc/gitlab/gitlab.rb 3 # and run `sudo gitlab-ctl reconfigure`. 4 5 # ----------------------------- 6 # PostgreSQL configuration file 7 # ----------------------------- 8 # 9 # This file consists of lines of the form: 10 # 11 # name = value 12 # 13 # (The "=" is optional.) Whitespace may be used. Comments are introduced with 14 # "#" anywhere on a line. The complete list of parameter names and allowed 15 # values can be found in the PostgreSQL documentation. 16 # 17 # The commented-out settings shown in this file represent the default values. 18 # Re-commenting a setting is NOT sufficient to revert it to the default value; 19 # you need to reload the server. 20 # 21 # This file is read on server startup and when the server receives a SIGHUP 22 # signal. If you edit the file on a running system, you have to SIGHUP the 23 # server for the changes to take effect, or use "pg_ctl reload". Some 24 # parameters, which are marked below, require a server shutdown and restart to 25 # take effect. 26 # 27 # Any parameter can also be given as a command-line option to the server, e.g., 28 # "postgres -c log_connections=on". Some parameters can be changed at run time 29 # with the "SET" SQL command. 30 # 31 # Memory units: kB = kilobytes Time units: ms = milliseconds 32 # MB = megabytes s = seconds 33 # GB = gigabytes min = minutes 34 # h = hours 35 # d = days 36 37 38 #------------------------------------------------------------------------------ 39 # FILE LOCATIONS 40 #------------------------------------------------------------------------------ 41 42 # The default values of these variables are driven from the -D command-line 43 # option or PGDATA environment variable, represented here as ConfigDir. 44 45 #data_directory = 'ConfigDir' # use data in another directory 46 # (change requires restart) 47 #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file 48 # (change requires restart) 49 #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file 50 # (change requires restart) 51 52 # If external_pid_file is not explicitly set, no extra PID file is written. 53 #external_pid_file = '(none)' # write an extra PID file 54 # (change requires restart) 55 56 57 #------------------------------------------------------------------------------ 58 # CONNECTIONS AND AUTHENTICATION 59 #------------------------------------------------------------------------------ 60 61 # - Connection Settings - 62 63 listen_addresses = '*' # what IP address(es) to listen on; 64 # comma-separated list of addresses; 65 # defaults to 'localhost', '*' = all 66 # (change requires restart) 67 port = 5432 # (change requires restart) 68 max_connections = 200 # (change requires restart) 69 # Note: Increasing max_connections costs ~400 bytes of shared memory per 70 # connection slot, plus lock space (see max_locks_per_transaction). 71 #superuser_reserved_connections = 3 # (change requires restart) 72 unix_socket_directory = '/var/opt/gitlab/postgresql' # (change requires restart) 73 #unix_socket_group = '' # (change requires restart) 74 #unix_socket_permissions = 0777 # begin with 0 to use octal notation 75 # (change requires restart) 76 #bonjour = off # advertise server via Bonjour 77 # (change requires restart) 78 #bonjour_name = '' # defaults to the computer name 79 # (change requires restart) 80 81 # - Security and Authentication - 82 83 #authentication_timeout = 1min # 1s-600s 84 #ssl = off # (change requires restart) 85 #ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers 86 # (change requires restart) 87 #ssl_renegotiation_limit = 512MB # amount of data between renegotiations 88 #password_encryption = on 89 #db_user_namespace = off 90 91 # Kerberos and GSSAPI 92 #krb_server_keyfile = '' 93 #krb_srvname = 'postgres' # (Kerberos only) 94 #krb_caseins_users = off 95 96 # - TCP Keepalives - 97 # see "man 7 tcp" for details 98 99 #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; 100 # 0 selects the system default 101 #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; 102 # 0 selects the system default 103 #tcp_keepalives_count = 0 # TCP_KEEPCNT; 104 # 0 selects the system default 105 106 107 #------------------------------------------------------------------------------ 108 # RESOURCE USAGE (except WAL) 109 #------------------------------------------------------------------------------ 110 111 # - Memory - 112 113 shared_buffers = 10MB # min 128kB 114 # (change requires restart) 115 #temp_buffers = 8MB # min 800kB 116 #max_prepared_transactions = 0 # zero disables the feature 117 # (change requires restart) 118 # Note: Increasing max_prepared_transactions costs ~600 bytes of shared memory 119 # per transaction slot, plus lock space (see max_locks_per_transaction). 120 # It is not advisable to set max_prepared_transactions nonzero unless you 121 # actively intend to use prepared transactions. 122 work_mem = 8MB # min 64kB 123 #maintenance_work_mem = 16MB # min 1MB 124 #max_stack_depth = 2MB # min 100kB 125 126 # - Kernel Resource Usage - 127 128 #max_files_per_process = 1000 # min 25 129 # (change requires restart) 130 #shared_preload_libraries = '' # (change requires restart) 131 132 # - Cost-Based Vacuum Delay - 133 134 #vacuum_cost_delay = 0ms # 0-100 milliseconds 135 #vacuum_cost_page_hit = 1 # 0-10000 credits 136 #vacuum_cost_page_miss = 10 # 0-10000 credits 137 #vacuum_cost_page_dirty = 20 # 0-10000 credits 138 #vacuum_cost_limit = 200 # 1-10000 credits 139 140 # - Background Writer - 141 142 #bgwriter_delay = 200ms # 10-10000ms between rounds 143 #bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round 144 #bgwriter_lru_multiplier = 2.0 # 0-10.0 multipler on buffers scanned/round 145 146 # - Asynchronous Behavior - 147 148 #effective_io_concurrency = 1 # 1-1000. 0 disables prefetching 149 150 151 #------------------------------------------------------------------------------ 152 # WRITE AHEAD LOG 153 #------------------------------------------------------------------------------ 154 155 # - Settings - 156 157 #wal_level = minimal # minimal, archive, or hot_standby 158 # (change requires restart) 159 #fsync = on # turns forced synchronization on or off 160 #synchronous_commit = on # synchronization level; on, off, or local 161 #wal_sync_method = fsync # the default is the first option 162 # supported by the operating system: 163 # open_datasync 164 # fdatasync (default on Linux) 165 # fsync 166 # fsync_writethrough 167 # open_sync 168 #full_page_writes = on # recover from partial page writes 169 #wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers 170 # (change requires restart) 171 #wal_writer_delay = 200ms # 1-10000 milliseconds 172 173 #commit_delay = 0 # range 0-100000, in microseconds 174 #commit_siblings = 5 # range 1-1000 175 176 # - Checkpoints - 177 178 checkpoint_segments = 10 # in logfile segments, min 1, 16MB each, default 3 179 checkpoint_timeout = 5min # range 30s-1h, default 5min 180 checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0, default 0.5 181 checkpoint_warning = 60s # 0 disables, default 30s 182 183 # - Archiving - 184 185 #archive_mode = off # allows archiving to be done 186 # (change requires restart) 187 #archive_command = '' # command to use to archive a logfile segment 188 #archive_timeout = 0 # force a logfile segment switch after this 189 # number of seconds; 0 disables 190 191 192 #------------------------------------------------------------------------------ 193 # REPLICATION 194 #------------------------------------------------------------------------------ 195 196 # - Master Server - 197 198 # These settings are ignored on a standby server 199 200 #max_wal_senders = 0 # max number of walsender processes 201 # (change requires restart) 202 #wal_sender_delay = 1s # walsender cycle time, 1-10000 milliseconds 203 #wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables 204 #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed 205 #replication_timeout = 60s # in milliseconds; 0 disables 206 #synchronous_standby_names = '' # standby servers that provide sync rep 207 # comma-separated list of application_name 208 # from standby(s); '*' = all 209 210 # - Standby Servers - 211 212 # These settings are ignored on a master server 213 214 #hot_standby = off # "on" allows queries during recovery 215 # (change requires restart) 216 #max_standby_archive_delay = 30s # max delay before canceling queries 217 # when reading WAL from archive; 218 # -1 allows indefinite delay 219 #max_standby_streaming_delay = 30s # max delay before canceling queries 220 # when reading streaming WAL; 221 # -1 allows indefinite delay 222 #wal_receiver_status_interval = 10s # send replies at least this often 223 # 0 disables 224 #hot_standby_feedback = off # send info from standby to prevent 225 # query conflicts 226 227 228 #------------------------------------------------------------------------------ 229 # QUERY TUNING 230 #------------------------------------------------------------------------------ 231 232 # - Planner Method Configuration - 233 234 #enable_bitmapscan = on 235 #enable_hashagg = on 236 #enable_hashjoin = on 237 #enable_indexscan = on 238 #enable_material = on 239 #enable_mergejoin = on 240 #enable_nestloop = on 241 #enable_seqscan = on 242 #enable_sort = on 243 #enable_tidscan = on 244 245 # - Planner Cost Constants - 246 247 #seq_page_cost = 1.0 # measured on an arbitrary scale 248 #random_page_cost = 4.0 # same scale as above 249 #cpu_tuple_cost = 0.01 # same scale as above 250 #cpu_index_tuple_cost = 0.005 # same scale as above 251 #cpu_operator_cost = 0.0025 # same scale as above 252 effective_cache_size = 2048MB # Default 128MB 253 254 # - Genetic Query Optimizer - 255 256 #geqo = on 257 #geqo_threshold = 12 258 #geqo_effort = 5 # range 1-10 259 #geqo_pool_size = 0 # selects default based on effort 260 #geqo_generations = 0 # selects default based on effort 261 #geqo_selection_bias = 2.0 # range 1.5-2.0 262 #geqo_seed = 0.0 # range 0.0-1.0 263 264 # - Other Planner Options - 265 266 #default_statistics_target = 100 # range 1-10000 267 #constraint_exclusion = partition # on, off, or partition 268 #cursor_tuple_fraction = 0.1 # range 0.0-1.0 269 #from_collapse_limit = 8 270 #join_collapse_limit = 8 # 1 disables collapsing of explicit 271 # JOIN clauses 272 273 274 #------------------------------------------------------------------------------ 275 # ERROR REPORTING AND LOGGING 276 #------------------------------------------------------------------------------ 277 278 # - Where to Log - 279 280 #log_destination = 'stderr' # Valid values are combinations of 281 # stderr, csvlog, syslog, and eventlog, 282 # depending on platform. csvlog 283 # requires logging_collector to be on. 284 285 # This is used when logging to stderr: 286 #logging_collector = off # Enable capturing of stderr and csvlog 287 # into log files. Required to be on for 288 # csvlogs. 289 # (change requires restart) 290 291 # These are only used if logging_collector is on: 292 #log_directory = 'pg_log' # directory where log files are written, 293 # can be absolute or relative to PGDATA 294 #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, 295 # can include strftime() escapes 296 #log_file_mode = 0600 # creation mode for log files, 297 # begin with 0 to use octal notation 298 #log_truncate_on_rotation = off # If on, an existing log file with the 299 # same name as the new log file will be 300 # truncated rather than appended to. 301 # But such truncation only occurs on 302 # time-driven rotation, not on restarts 303 # or size-driven rotation. Default is 304 # off, meaning append to existing files 305 # in all cases. 306 #log_rotation_age = 1d # Automatic rotation of logfiles will 307 # happen after that time. 0 disables. 308 #log_rotation_size = 10MB # Automatic rotation of logfiles will 309 # happen after that much log output. 310 # 0 disables. 311 312 # These are relevant when logging to syslog: 313 #syslog_facility = 'LOCAL0' 314 #syslog_ident = 'postgres' 315 316 #silent_mode = off # Run server silently. 317 # DO NOT USE without syslog or 318 # logging_collector 319 # (change requires restart) 320 321 322 # - When to Log - 323 324 #client_min_messages = notice # values in order of decreasing detail: 325 # debug5 326 # debug4 327 # debug3 328 # debug2 329 # debug1 330 # log 331 # notice 332 # warning 333 # error 334 335 #log_min_messages = warning # values in order of decreasing detail: 336 # debug5 337 # debug4 338 # debug3 339 # debug2 340 # debug1 341 # info 342 # notice 343 # warning 344 # error 345 # log 346 # fatal 347 # panic 348 349 #log_min_error_statement = error # values in order of decreasing detail: 350 # debug5 351 # debug4 352 # debug3 353 # debug2 354 # debug1 355 # info 356 # notice 357 # warning 358 # error 359 # log 360 # fatal 361 # panic (effectively off) 362 363 #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements 364 # and their durations, > 0 logs only 365 # statements running at least this number 366 # of milliseconds 367 368 369 # - What to Log - 370 371 #debug_print_parse = off 372 #debug_print_rewritten = off 373 #debug_print_plan = off 374 #debug_pretty_print = on 375 #log_checkpoints = off 376 #log_connections = off 377 #log_disconnections = off 378 #log_duration = off 379 #log_error_verbosity = default # terse, default, or verbose messages 380 #log_hostname = off 381 #log_line_prefix = '' # special values: 382 # %a = application name 383 # %u = user name 384 # %d = database name 385 # %r = remote host and port 386 # %h = remote host 387 # %p = process ID 388 # %t = timestamp without milliseconds 389 # %m = timestamp with milliseconds 390 # %i = command tag 391 # %e = SQL state 392 # %c = session ID 393 # %l = session line number 394 # %s = session start timestamp 395 # %v = virtual transaction ID 396 # %x = transaction ID (0 if none) 397 # %q = stop here in non-session 398 # processes 399 # %% = '%' 400 # e.g. '<%u%%%d> ' 401 #log_lock_waits = off # log lock waits >= deadlock_timeout 402 #log_statement = 'none' # none, ddl, mod, all 403 #log_temp_files = -1 # log temporary files equal or larger 404 # than the specified size in kilobytes; 405 # -1 disables, 0 logs all temp files 406 #log_timezone = '(defaults to server environment setting)' 407 408 409 #------------------------------------------------------------------------------ 410 # RUNTIME STATISTICS 411 #------------------------------------------------------------------------------ 412 413 # - Query/Index Statistics Collector - 414 415 #track_activities = on 416 #track_counts = on 417 #track_functions = none # none, pl, all 418 #track_activity_query_size = 1024 # (change requires restart) 419 #update_process_title = on 420 #stats_temp_directory = 'pg_stat_tmp' 421 422 423 # - Statistics Monitoring - 424 425 #log_parser_stats = off 426 #log_planner_stats = off 427 #log_executor_stats = off 428 #log_statement_stats = off 429 430 431 #------------------------------------------------------------------------------ 432 # AUTOVACUUM PARAMETERS 433 #------------------------------------------------------------------------------ 434 435 #autovacuum = on # Enable autovacuum subprocess? 'on' 436 # requires track_counts to also be on. 437 #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and 438 # their durations, > 0 logs only 439 # actions running at least this number 440 # of milliseconds. 441 #autovacuum_max_workers = 3 # max number of autovacuum subprocesses 442 # (change requires restart) 443 #autovacuum_naptime = 1min # time between autovacuum runs 444 #autovacuum_vacuum_threshold = 50 # min number of row updates before 445 # vacuum 446 #autovacuum_analyze_threshold = 50 # min number of row updates before 447 # analyze 448 #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum 449 #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze 450 #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum 451 # (change requires restart) 452 #autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for 453 # autovacuum, in milliseconds; 454 # -1 means use vacuum_cost_delay 455 #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for 456 # autovacuum, -1 means use 457 # vacuum_cost_limit 458 459 460 #------------------------------------------------------------------------------ 461 # CLIENT CONNECTION DEFAULTS 462 #------------------------------------------------------------------------------ 463 464 # - Statement Behavior - 465 466 #search_path = '"$user",public' # schema names 467 #default_tablespace = '' # a tablespace name, '' uses the default 468 #temp_tablespaces = '' # a list of tablespace names, '' uses 469 # only default tablespace 470 #check_function_bodies = on 471 #default_transaction_isolation = 'read committed' 472 #default_transaction_read_only = off 473 #default_transaction_deferrable = off 474 #session_replication_role = 'origin' 475 #statement_timeout = 0 # in milliseconds, 0 is disabled 476 #vacuum_freeze_min_age = 50000000 477 #vacuum_freeze_table_age = 150000000 478 #bytea_output = 'hex' # hex, escape 479 #xmlbinary = 'base64' 480 #xmloption = 'content' 481 482 # - Locale and Formatting - 483 484 datestyle = 'iso, mdy' 485 #intervalstyle = 'postgres' 486 #timezone = '(defaults to server environment setting)' 487 #timezone_abbreviations = 'Default' # Select the set of available time zone 488 # abbreviations. Currently, there are 489 # Default 490 # Australia 491 # India 492 # You can create your own file in 493 # share/timezonesets/. 494 #extra_float_digits = 0 # min -15, max 3 495 #client_encoding = sql_ascii # actually, defaults to database 496 # encoding 497 498 # These settings are initialized by initdb, but they can be changed. 499 lc_messages = 'C' # locale for system error message 500 # strings 501 lc_monetary = 'C' # locale for monetary formatting 502 lc_numeric = 'C' # locale for number formatting 503 lc_time = 'C' # locale for time formatting 504 505 # default configuration for text search 506 default_text_search_config = 'pg_catalog.english' 507 508 # - Other Defaults - 509 510 #dynamic_library_path = '$libdir' 511 #local_preload_libraries = '' 512 513 514 #------------------------------------------------------------------------------ 515 # LOCK MANAGEMENT 516 #------------------------------------------------------------------------------ 517 518 #deadlock_timeout = 1s 519 #max_locks_per_transaction = 64 # min 10 520 # (change requires restart) 521 # Note: Each lock table slot uses ~270 bytes of shared memory, and there are 522 # max_locks_per_transaction * (max_connections + max_prepared_transactions) 523 # lock table slots. 524 #max_pred_locks_per_transaction = 64 # min 10 525 # (change requires restart) 526 527 #------------------------------------------------------------------------------ 528 # VERSION/PLATFORM COMPATIBILITY 529 #------------------------------------------------------------------------------ 530 531 # - Previous PostgreSQL Versions - 532 533 #array_nulls = on 534 #backslash_quote = safe_encoding # on, off, or safe_encoding 535 #default_with_oids = off 536 #escape_string_warning = on 537 #lo_compat_privileges = off 538 #quote_all_identifiers = off 539 #sql_inheritance = on 540 #standard_conforming_strings = on 541 #synchronize_seqscans = on 542 543 # - Other Platforms and Clients - 544 545 #transform_null_equals = off 546 547 548 #------------------------------------------------------------------------------ 549 # ERROR HANDLING 550 #------------------------------------------------------------------------------ 551 552 #exit_on_error = off # terminate session on any error? 553 #restart_after_crash = on # reinitialize after backend crash? 554 555 556 #------------------------------------------------------------------------------ 557 # CUSTOMIZED OPTIONS 558 #------------------------------------------------------------------------------ 559 560 #custom_variable_classes = '' # list of custom variable class names
在这个文件中主要是修改63行的listen_addresses = ''为listen_addresses = '*',这样就可以监听所有端口了。
最后一步:(启用所有配置并启动)
sudo gitlab-ctl reconfigure
sudo gitlab-ctl start
访问http://localhost即可。
gitlab默认的数据库为gitlabhq_production,数据库登录用户名为gitlab-psql,数据库密码为空;
gitlab的用户信息分别保存在namespaces表与users表中。