zoukankan      html  css  js  c++  java
  • GitLab在Centos下的安装步骤

    第一步:(安装工具包)

    sudo yum install curl openssh-server postfix cronie
    sudo service postfix start
    sudo chkconfig postfix on
    sudo lokkit -s http -s ssh

    第二步:(安装ruby,如果已安装则可跳过这个步骤)

    sudo yum install ruby ruby-irb
    

    第三步:(下载并安装gitlab-ce-xx.rpm安装包)

    curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
    sudo yum install gitlab-ce
    

    如果下载过于缓慢或下载失败,则可选择使用以下方式

    http://pan.baidu.com/s/1kTzsCfX

    如果已成功下载,则使用下面的命令安装

    rpm -i gitlab-ce-XXX.rpm

    第四步:(修复软连接)

    首先修复modprobe

    rm -f /sbin/modprobe 
    ln -s /bin/true /sbin/modprobe
    

    其次修复sysctl

    rm -f /sbin/sysctl 
    ln -s /bin/true /sbin/sysctl
    

    如果在配置使用过程中,出现了以下错误,一定要使用上述操作步骤进行修复

    error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
    error: "net.bridge.bridge-nf-call-iptables" is an unknown key
    error: "net.bridge.bridge-nf-call-arptables" is an unknown key
    error: permission denied on key 'net.ipv4.tcp_max_syn_backlog'
    error: permission denied on key 'net.core.netdev_max_backlog'
    error: permission denied on key 'net.core.wmem_default'
    error: permission denied on key 'net.core.rmem_default'
    error: permission denied on key 'net.core.rmem_max'
    error: permission denied on key 'net.core.wmem_max'
    error: permission denied on key 'net.ipv4.tcp_timestamps'
    error: permission denied on key 'net.ipv4.tcp_synack_retries'
    error: permission denied on key 'net.ipv4.tcp_syn_retries'
    error: permission denied on key 'net.ipv4.tcp_tw_recycle'
    error: permission denied on key 'net.ipv4.tcp_tw_reuse'
    error: permission denied on key 'net.ipv4.tcp_mem'
    error: permission denied on key 'net.ipv4.tcp_max_orphans'
    error: permission denied on key 'net.ipv4.ip_local_port_range'

    第五步:(修改日志文件夹的访问权限)

    sudo chmod -R 777 /var/log/gitlab

    第六步:(配置gitlab.rb文件,主要看未注释掉的代码部分

    sudo nano /etc/gitlab/gitlab.rb

    修改后的文件如下

    ## Latest options listed at https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
    
    ## Url on which GitLab will be reachable.
    ## For more details on configuring external_url see:
    ## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#configuring-the-external-url-for-gitlab
    external_url 'http://localhost'
    
    
    ## Note: configuration settings below are optional.
    ## Uncomment and change the value.
    ############################
    # gitlab.yml configuration #
    ############################
    
    # gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
    # gitlab_rails['time_zone'] = 'UTC'
    # gitlab_rails['gitlab_email_enabled'] = true
    gitlab_rails['gitlab_email_from'] = 'xxxxxxxx@163.com'
    # gitlab_rails['gitlab_email_display_name'] = 'Example'
    # gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
    # gitlab_rails['gitlab_default_can_create_group'] = true
    # gitlab_rails['gitlab_username_changing_enabled'] = true
    # gitlab_rails['gitlab_default_theme'] = 2
    # gitlab_rails['gitlab_restricted_visibility_levels'] = nil # to restrict public and internal: ['public', 'internal']
    # gitlab_rails['gitlab_default_projects_features_issues'] = true
    # gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
    # gitlab_rails['gitlab_default_projects_features_wiki'] = true
    # gitlab_rails['gitlab_default_projects_features_snippets'] = false
    # gitlab_rails['gitlab_default_projects_features_visibility_level'] = 'private'
    # gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'
    # gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
    # gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
    # gitlab_rails['webhook_timeout'] = 10
    
    ## Reply by email
    # You need access to IMAP-enabled email account. For details
    # see http://doc.gitlab.com/ce/incoming_email/README.html
    # gitlab_rails['incoming_email_enabled'] = true
    # gitlab_rails['incoming_email_address'] = "incoming+%{key}@gitlab.example.com"
    # gitlab_rails['incoming_email_host'] = "imap.gmail.com" # IMAP server host
    # gitlab_rails['incoming_email_port'] = 993 # IMAP server port
    # gitlab_rails['incoming_email_ssl'] = true # Whether the IMAP server uses SSL
    # gitlab_rails['incoming_email_start_tls'] = false # Whether the IMAP server uses StartTLS
    # gitlab_rails['incoming_email_email'] = "incoming@gitlab.example.com"  # Email account username. Usually the full email address.
    # gitlab_rails['incoming_email_password'] = "password" # Email account password
    # gitlab_rails['incoming_email_mailbox_name'] = "inbox" # The name of the mailbox where incoming mail will end up.
    # gitlab_rails['incoming_email_log_directory'] = "/var/log/gitlab/mailroom"
    
    ## For setting up LDAP
    ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#setting-up-ldap-sign-in
    ## Be careful not to break the identation in the ldap_servers block. It is in
    ## yaml format and the spaces must be retained. Using tabs will not work.
    
    # gitlab_rails['ldap_enabled'] = false
    # gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
    #   main: # 'main' is the GitLab 'provider ID' of this LDAP server
    #     label: 'LDAP'
    #     host: '_your_ldap_server'
    #     port: 389
    #     uid: 'sAMAccountName'
    #     method: 'plain' # "tls" or "ssl" or "plain"
    #     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
    #     password: '_the_password_of_the_bind_user'
    #     active_directory: true
    #     allow_username_or_email_login: false
    #     block_auto_created_users: false
    #     base: ''
    #     user_filter: ''
    #     ## EE only
    #     group_base: ''
    #     admin_group: ''
    #     sync_ssh_keys: false
    #
    #   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
    #     label: 'LDAP'
    #     host: '_your_ldap_server'
    #     port: 389
    #     uid: 'sAMAccountName'
    #     method: 'plain' # "tls" or "ssl" or "plain"
    #     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
    #     password: '_the_password_of_the_bind_user'
    #     active_directory: true
    #     allow_username_or_email_login: false
    #     block_auto_created_users: false
    #     base: ''
    #     user_filter: ''
    #     ## EE only
    #     group_base: ''
    #     admin_group: ''
    #     sync_ssh_keys: false
    # EOS
    
    ## Setting up Kerberos (EE only)
    ## See http://doc.gitlab.com/ee/integration/kerberos.html#http-git-access
    # gitlab_rails['kerberos_enabled'] = true
    # gitlab_rails['kerberos_keytab'] = /etc/http.keytab
    # gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
    # gitlab_rails['kerberos_use_dedicated_port'] = true
    # gitlab_rails['kerberos_port'] = 8443
    # gitlab_rails['kerberos_https'] = true
    
    ## For setting up omniauth
    ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#omniauth-google-twitter-github-login
    
    # gitlab_rails['omniauth_enabled'] = true
    # gitlab_rails['omniauth_allow_single_sign_on'] = false
    # gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
    # gitlab_rails['omniauth_block_auto_created_users'] = true
    # gitlab_rails['omniauth_auto_link_ldap_user'] = false
    # gitlab_rails['omniauth_providers'] = [
    #   {
    #     "name" => "google_oauth2",
    #     "app_id" => "YOUR APP ID",
    #     "app_secret" => "YOUR APP SECRET",
    #     "args" => { "access_type" => "offline", "approval_prompt" => "" }
    #   }
    # ]
    #
    # If you setup bitbucket importer under omniauth providers you will need to add the keys
    # which will allow connection between bitbucket and gitlab.
    # For details see http://doc.gitlab.com/ce/integration/bitbucket.html
    # gitlab_rails['bitbucket'] = {
    #  'known_hosts_key' => 'bitbucket.org,207.223.240.182 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==',
    #  'private_key' => '-----BEGIN RSA PRIVATE KEY-----
    #   MIIEowIBAAKCAQEAyXxYHwz2KjcwSjTREwlhYHqrf/8U0UM8ej3cqQ551gE4Wo3t
    #   -----END RSA PRIVATE KEY-----',
    #  'public_key' => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJfFgfDPYqN git@gitlab.example.com'
    # }
    
    ## For setting up backups
    ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#backups
    
    # gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
    # gitlab_rails['backup_archive_permissions'] = 0644 # See: http://doc.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions
    # gitlab_rails['backup_pg_schema'] = 'public'
    # gitlab_rails['backup_keep_time'] = 604800
    # gitlab_rails['backup_upload_connection'] = {
    #   'provider' => 'AWS',
    #   'region' => 'eu-west-1',
    #   'aws_access_key_id' => 'AKIAKIAKI',
    #   'aws_secret_access_key' => 'secret123'
    # }
    # gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
    # gitlab_rails['backup_multipart_chunk_size'] = 104857600
    
    ## For setting up different data storing directory
    ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#storing-git-data-in-an-alternative-directory
    ## If you want to use a single non-default directory to store git data use
    ## a path that doesn't contain symlinks.
    # git_data_dir "/var/opt/gitlab/git-data"
    
    # gitlab_rails['satellites_timeout'] = 30
    
    ## GitLab Shell settings for GitLab
    # gitlab_rails['gitlab_shell_ssh_port'] = 22
    # gitlab_rails['git_max_size'] = 20971520
    # gitlab_rails['git_timeout'] = 10
    
    ## Extra customization
    # gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
    # gitlab_rails['extra_piwik_url'] = '_your_piwik_url'
    # gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id'
    # gitlab_rails['extra_sign_in_text'] = '|
    #   ![Company Logo](http://www.companydomain.com/logo.png)
    #   [Learn more about CompanyName](http://www.companydomain.com/)'
    
    # gitlab_rails['env'] = {
    #   'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
    #   'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
    # }
    
    # gitlab_rails['rack_attack_git_basic_auth'] = {
    #   'enabled' => true,
    #   'ip_whitelist' => ["127.0.0.1"],
    #   'maxretry' => 10,
    #   'findtime' => 60,
    #   'bantime' => 3600
    # }
    
    # We do not recommend changing these directories.
    # gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
    # gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
    
    ###############################
    # GitLab application settings #
    ###############################
    
    # gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
    # gitlab_rails['rate_limit_requests_per_period'] = 10
    # gitlab_rails['rate_limit_period'] = 60
    
    # Change the initial default admin password.
    # Only applicable on inital setup, changing this setting after database is created and seeded
    # won't yield any change.
    # gitlab_rails['initial_root_password'] = "password"
    
    ############################
    # GitLab database settings #
    ############################
    ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/database.md#database-settings
    ## Only needed if you use an external database.
    
    # gitlab_rails['db_adapter'] = "postgresql"
    # gitlab_rails['db_encoding'] = "unicode"
    # gitlab_rails['db_database'] = "gitlabhq_production"
    # gitlab_rails['db_pool'] = 10
    # gitlab_rails['db_username'] = "gitlab"
    # gitlab_rails['db_password'] = nil
    # gitlab_rails['db_host'] = nil
    # gitlab_rails['db_port'] = 5432
    # gitlab_rails['db_socket'] = nil
    # gitlab_rails['db_sslmode'] = nil
    # gitlab_rails['db_sslrootcert'] = nil
    
    
    #########################
    # GitLab redis settings #
    #########################
    ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/redis.md#redis-settings
    ## Connect to your own redis instance.
    
    # gitlab_rails['redis_host'] = "127.0.0.1"
    # gitlab_rails['redis_port'] = nil
    # gitlab_rails['redis_password'] = nil
    # gitlab_rails['redis_database'] = 0
    # gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
    
    ################################
    # GitLab email server settings #
    ################################
    # see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/smtp.md#smtp-settings
    # Use smtp instead of sendmail/postfix.
    
    gitlab_rails['smtp_enable'] = true
    gitlab_rails['smtp_address'] = "smtp.163.com"
    gitlab_rails['smtp_port'] = 25
    gitlab_rails['smtp_user_name'] = "xxxxxxxx@163.com"
    gitlab_rails['smtp_password'] = "mjaiuhvi"
    gitlab_rails['smtp_domain'] = "163.com"
    gitlab_rails['smtp_authentication'] = "login"
    gitlab_rails['smtp_enable_starttls_auto'] = true
    gitlab_rails['smtp_tls'] = false
    gitlab_rails['smtp_openssl_verify_mode'] = 'none' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert', see http://api.rubyonrails.org/classes/ActionMailer/Base.html
    # gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
    # gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
    
    ##########################
    # GitLab git http server #
    ##########################
    # see https://gitlab.com/gitlab-org/gitlab-git-http-server/blob/master/README.md
    
    # gitlab_git_http_server['enable'] = true
    # gitlab_git_http_server['ha'] = false
    # gitlab_git_http_server['repo_root'] = "/var/opt/gitlab/git-data/repositories"
    # gitlab_git_http_server['listen_network'] = "unix"
    # gitlab_git_http_server['listen_umask'] = 000
    # gitlab_git_http_server['listen_addr'] = "/var/opt/gitlab/gitlab-git-http-server/socket"
    # gitlab_git_http_server['auth_backend'] = "http://localhost:8080"
    # gitlab_git_http_server['pprof_listen_addr'] = "''" # put an empty string on the command line
    # gitlab_git_http_server['dir'] = "/var/opt/gitlab/gitlab-git-http-server"
    # gitlab_git_http_server['log_dir'] = "/var/log/gitlab/gitlab-git-http-server"
    
    ###############
    # GitLab user #
    ###############
    ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#changing-the-name-of-the-git-user-group
    ## Modify default git user.
    
    
    user['username'] = "gitlab"
    user['group'] = "gitlab"
    # user['uid'] = nil
    # user['gid'] = nil
    # # The shell for the git user
    #user['shell'] = "/bin/sh"
    # # The home directory for the git user
    #user['home'] = "/var/opt/gitlab"
    #user['git_user_name'] = "GitLab"
    user['git_user_email'] = "xxxxxxxx@163.com"
    
    ##################
    # GitLab Unicorn #
    ##################
    ## Tweak unicorn settings.
    
    # unicorn['worker_timeout'] = 60
    # unicorn['worker_processes'] = 2
    
    ## Advanced settings
    # unicorn['listen'] = '127.0.0.1'
    # unicorn['port'] = 8080
    # unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
    # unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid'
    # unicorn['tcp_nopush'] = true
    # unicorn['backlog_socket'] = 1024
    # Make sure somaxconn is equal or higher then backlog_socket
    # unicorn['somaxconn'] = 1024
    # We do not recommend changing this setting
    # unicorn['log_directory'] = "/var/log/gitlab/unicorn"
    
    ## Only change these settings if you understand well what they mean
    ## see https://about.gitlab.com/2015/06/05/how-gitlab-uses-unicorn-and-unicorn-worker-killer/
    ## and https://github.com/kzk/unicorn-worker-killer
    # unicorn['worker_memory_limit_min'] = "200*(1024**2)"
    # unicorn['worker_memory_limit_max'] = "250*(1024**2)"
    
    
    ##################
    # GitLab Sidekiq #
    ##################
    
    # sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
    # sidekiq['shutdown_timeout'] = 4
    
    
    ################
    # gitlab-shell #
    ################
    
    # gitlab_shell['audit_usernames'] = false
    # gitlab_shell['log_level'] = 'INFO'
    # gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false}
    # gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"
    
    ## If enabled, git-annex needs to be installed on the server where gitlab is setup
    # For Debian and Ubuntu systems this can be done with: sudo apt-get install git-annex
    # For CentOS: sudo yum install epel-release && sudo yum install git-annex
    # gitlab_shell['git_annex_enabled'] = false
    
    #####################
    # GitLab PostgreSQL #
    #####################
    
    postgresql['enable'] = true
    # postgresql['listen_address'] = nil
    postgresql['port'] = 5432
    postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data"
    postgresql['shared_buffers'] = "10MB" # recommend value is 1/4 of total RAM, up to 14GB.
    
    ## Advanced settings
    # postgresql['ha'] = false
    # postgresql['dir'] = "/var/opt/gitlab/postgresql"
    postgresql['dir'] = "/tmp"
    # postgresql['log_directory'] = "/var/log/gitlab/postgresql"
    # postgresql['username'] = "gitlab-psql"
    # postgresql['uid'] = nil
    # postgresql['gid'] = nil
    # postgresql['shell'] = "/bin/sh"
    postgresql['home'] = "/var/opt/gitlab/postgresql"
    # postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
    postgresql['sql_user'] = "gitlab"
    postgresql['sql_ci_user'] = "gitlab_ci"
    postgresql['max_connections'] = 200
    # postgresql['md5_auth_cidr_addresses'] = []
    # postgresql['trust_auth_cidr_addresses'] = []
    # postgresql['shmmax'] =  17179869184 # or 4294967295
    # postgresql['shmall'] =  4194304 # or 1048575
    # postgresql['work_mem'] = "8MB"
    # postgresql['effective_cache_size'] = "1MB"
    # postgresql['checkpoint_segments'] = 10
    postgresql['checkpoint_timeout'] = "5min"
    # postgresql['checkpoint_completion_target'] = 0.9
    postgresql['checkpoint_warning'] = "60s"
    
    
    ################
    # GitLab Redis #
    ################
    ## Can be disabled if you are using your own redis instance.
    
    # redis['enable'] = true
    # redis['username'] = "gitlab-redis"
    # redis['uid'] = nil
    # redis['gid'] = nil
    
    
    #####################
    # GitLab Web server #
    #####################
    ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/nginx.md#using-a-non-bundled-web-server
    ## When bundled nginx is disabled we need to add the external webserver user to the GitLab webserver group.
    
    # web_server['external_users'] = []
    # web_server['username'] = 'gitlab-www'
    # web_server['group'] = 'gitlab-www'
    # web_server['uid'] = nil
    # web_server['gid'] = nil
    # web_server['shell'] = '/bin/false'
    # web_server['home'] = '/var/opt/gitlab/nginx'
    
    
    ################
    # GitLab Nginx #
    ################
    ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/nginx.md
    
    # nginx['enable'] = true
    # nginx['client_max_body_size'] = '250m'
    # nginx['redirect_http_to_https'] = false
    # nginx['redirect_http_to_https_port'] = 80
    # nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt" # Most root CA's are included by default
    # nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
    # nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
    # nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
    # nginx['ssl_prefer_server_ciphers'] = "on"
    # nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" # recommended by https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
    # nginx['ssl_session_cache'] = "builtin:1000  shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html
    # nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html
    # nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
    # nginx['listen_addresses'] = ['*']
    # nginx['listen_port'] = nil # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port
    # nginx['listen_https'] = nil # override only if your reverse proxy internally communicates over HTTP: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl
    # nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {
     deny all;
    }
    "
    # nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
    # nginx['proxy_read_timeout'] = 300
    # nginx['proxy_connect_timeout'] = 300
    
    ## Advanced settings
    # nginx['dir'] = "/var/opt/gitlab/nginx"
    # nginx['log_directory'] = "/var/log/gitlab/nginx"
    # nginx['worker_processes'] = 4
    # nginx['worker_connections'] = 10240
    # nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
    # nginx['sendfile'] = 'on'
    # nginx['tcp_nopush'] = 'on'
    # nginx['tcp_nodelay'] = 'on'
    # nginx['gzip'] = "on"
    # nginx['gzip_http_version'] = "1.0"
    # nginx['gzip_comp_level'] = "2"
    # nginx['gzip_proxied'] = "any"
    # nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
    # nginx['keepalive_timeout'] = 65
    # nginx['cache_max_size'] = '5000m'
    
    
    
    ##################
    # GitLab Logging #
    ##################
    ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#logs
    
    # logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
    # logging['svlogd_num'] = 30 # keep 30 rotated log files
    # logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
    # logging['svlogd_filter'] = "gzip" # compress logs with gzip
    # logging['svlogd_udp'] = nil # transmit log messages via UDP
    # logging['svlogd_prefix'] = nil # custom prefix for log messages
    # logging['logrotate_frequency'] = "daily" # rotate logs daily
    # logging['logrotate_size'] = nil # do not rotate by size by default
    # logging['logrotate_rotate'] = 30 # keep 30 rotated logs
    # logging['logrotate_compress'] = "compress" # see 'man logrotate'
    # logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
    # logging['logrotate_postrotate'] = nil # no postrotate command by default
    # Enterprise Edition only
    # logging['udp_log_shipping_host'] = nil # remote host to ship log messages to via UDP
    # logging['udp_log_shipping_port'] = 514 # remote host to ship log messages to via UDP
    
    #############
    # Logrotate #
    #############
    ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#logrotate
    ## You can disable built in logrotate feature.
    
    # logrotate['enable'] = true
    
    #############################
    # Users and groups accounts #
    #############################
    ## Should omnibus-gitlab package manage users and groups accounts.
    ## Only set if creating accounts manually
    ##
    #user['username'] = "gitlab"
    #user['group'] = "gitlab"
    # manage_accounts['enable'] = true
    
    #######
    # Git #
    #######
    ## Advanced setting for configuring git system settings for omnibus-gitlab internal git
    ## For multiple options under one header use array of comma separated values, eg.
    ## { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] }
    
    # omnibus_gitconfig['system'] = { "receive" => ["fsckObjects = true"] }
    
    ############################################
    # Url on which GitLab CI will be reachable #
    ############################################
    ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/gitlab-ci/README.md
    
    # ci_external_url 'http://ci.example.com'
    
    
    #################################
    # application.yml configuration #
    #################################
    
    # gitlab_ci['gitlab_server'] = { "url" => 'http://gitlab.example.com', "app_id" => '12345678', "app_secret" => 'QWERTY12345' }
    
    # gitlab_ci['gitlab_ci_email_from'] = 'gitlab-ci@example.com'
    # gitlab_ci['gitlab_ci_support_email'] = 'gitlab-ci@example.com'
    # gitlab_ci['gitlab_ci_all_broken_builds'] = true
    # gitlab_ci['gitlab_ci_add_pusher'] = true
    # gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'
    
    # gitlab_ci['gravatar_enabled'] = true
    # gitlab_ci['gravatar_plain_url'] = "http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=mm"
    # gitlab_ci['gravatar_ssl_url'] =  "https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm"
    
    ## For setting up backups
    ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#backups
    
    # gitlab_ci['backup_path'] = "/var/opt/gitlab/ci-backups"
    # gitlab_ci['backup_keep_time'] = 604800
    # gitlab_ci['backup_upload_connection'] = {
    #   'provider' => 'AWS',
    #   'region' => 'eu-west-1',
    #   'aws_access_key_id' => 'AKIAKIAKI',
    #   'aws_secret_access_key' => 'secret123'
    # }
    # gitlab_ci['backup_upload_remote_directory'] = 'my.s3.bucket'
    # gitlab_ci['backup_multipart_chunk_size'] = 104857600
    
    ###############################
    # GitLab CI database settings #
    ###############################
    ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/database.md#database-settings
    ## Only needed if you use an external database.
    
    # gitlab_ci['db_adapter'] = "postgresql"
    # gitlab_ci['db_encoding'] = "unicode"
    # gitlab_ci['db_database'] = "gitlab_ci_production"
    # gitlab_ci['db_pool'] = 10
    # gitlab_ci['db_username'] = "gitlab_ci"
    # gitlab_ci['db_password'] = nil
    # gitlab_ci['db_host'] = nil
    # gitlab_ci['db_port'] = 5432
    # gitlab_ci['db_socket'] = nil
    # gitlab_ci['db_sslmode'] = nil
    # gitlab_ci['db_sslrootcert'] = nil
    
    ############################
    # GitLab CI redis settings #
    ############################
    ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/redis.md#redis-settings
    ## Connect to your own redis instance.
    
    # gitlab_ci['redis_host'] = "127.0.0.1"
    # gitlab_ci['redis_port'] = nil
    # gitlab_ci['redis_socket'] = "/var/opt/gitlab/ci-redis/redis.socket"
    
    ###################################
    # GitLab CI email server settings #
    ###################################
    ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/smtp.md#smtp-settings
    
    # gitlab_ci['smtp_enable'] = true
    # gitlab_ci['smtp_address'] = "smtp.server"
    # gitlab_ci['smtp_port'] = 456
    # gitlab_ci['smtp_user_name'] = "smtp user"
    # gitlab_ci['smtp_password'] = "smtp password"
    # gitlab_ci['smtp_domain'] = "example.com"
    # gitlab_ci['smtp_authentication'] = "login"
    # gitlab_ci['smtp_enable_starttls_auto'] = true
    # gitlab_ci['smtp_tls'] = false
    # gitlab_ci['smtp_openssl_verify_mode'] = false
    
    
    #############
    # GitLab CI #
    #############
    
    # gitlab_ci['schedule_builds_minute'] = "0"
    # gitlab_ci['env'] = {
    #   'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-ci/Gemfile",
    #   'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
    # }
    
    # gitlab_ci['username'] = "gitlab-ci"
    # gitlab_ci['uid'] = nil
    # gitlab_ci['gid'] = nil
    
    
    #####################
    # GitLab CI Unicorn #
    #####################
    ## Tweak unicorn settings.
    
    # ci_unicorn['worker_processes'] = 2
    # ci_unicorn['worker_timeout'] = 60
    ## Advanced settings
    # ci_unicorn['listen'] = '127.0.0.1'
    # ci_unicorn['port'] = 8181
    # ci_unicorn['socket'] = '/var/opt/gitlab/gitlab-ci/sockets/gitlab.socket'
    # ci_unicorn['pidfile'] = '/opt/gitlab/var/ci-unicorn/unicorn.pid'
    # ci_unicorn['tcp_nopush'] = true
    # ci_unicorn['backlog_socket'] = 1024
    
    
    ###################
    # GitLab CI Redis #
    ###################
    ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/redis.md
    ## You can turn off bundled redis if you want to use your own redis instanance
    
    # ci_redis['enable'] = true
    
    
    ###################
    # GitLab CI NGINX #
    ###################
    ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/nginx.md
    ## You can tell the bundled NGINX that it should not serve up GitLab CI by setting ci_nginx['enable'] to false.
    
    # ci_nginx['enable'] = false
    # ci_nginx['client_max_body_size'] = '250m'
    # ci_nginx['redirect_http_to_https'] = false
    # ci_nginx['redirect_http_to_https_port'] = 80
    # ci_nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
    # ci_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
    # ci_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
    # ci_nginx['ssl_prefer_server_ciphers'] = "on"
    # ci_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" # recommended by https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
    # ci_nginx['ssl_session_cache'] = "builtin:1000  shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html
    # ci_nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html
    # ci_nginx['ssl_dhparam'] = nil # Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem
    # ci_nginx['listen_addresses'] = ['*']
    # ci_nginx['listen_port'] = nil # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port
    # ci_nginx['listen_https'] = nil # override only if your reverse proxy internally communicates over HTTP: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl
    # ci_nginx['custom_gitlab_ci_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {
     deny all;
    }
    "
    # ci_nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
    # ci_nginx['resolver'] = "8.8.8.8 8.8.4.4"
    
    ## Advanced settings
    # ci_nginx['dir'] = "/var/opt/gitlab/nginx"
    # ci_nginx['log_directory'] = "/var/log/gitlab/nginx"
    # ci_nginx['worker_processes'] = 4
    # ci_nginx['worker_connections'] = 10240
    # ci_nginx['sendfile'] = 'on'
    # ci_nginx['tcp_nopush'] = 'on'
    # ci_nginx['tcp_nodelay'] = 'on'
    # ci_nginx['gzip'] = "on"
    # ci_nginx['gzip_http_version'] = "1.0"
    # ci_nginx['gzip_comp_level'] = "2"
    # ci_nginx['gzip_proxied'] = "any"
    # ci_nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
    # ci_nginx['keepalive_timeout'] = 65
    # ci_nginx['cache_max_size'] = '5000m'
    
    
    #####################
    # GitLab Mattermost #
    #####################
    
    # mattermost_external_url 'http://mattermost.example.com'
    #
    # mattermost['enable'] = false
    # mattermost['username'] = 'mattermost'
    # mattermost['group'] = 'mattermost'
    # mattermost['home'] = '/var/opt/gitlab/mattermost'
    # mattermost['database_name'] = 'mattermost_production'
    
    # mattermost['log_file_directory'] = '/var/log/gitlab/mattermost'
    # mattermost['log_console_enable'] = true
    # mattermost['log_console_level'] = 'INFO'
    # mattermost['log_file_enable'] = false
    # mattermost['log_file_level'] = 'INFO'
    # mattermost['log_file_format'] = nil
    
    # mattermost['service_site_name'] = "GitLab Mattermost"
    # mattermost['service_mode'] = 'beta'
    # mattermost['service_allow_testing'] = false
    # mattermost['service_use_ssl'] = false
    # mattermost['service_port'] = "8065"
    # mattermost['service_version'] = "developer"
    # mattermost['service_analytics_url'] = nil
    # mattermost['service_use_local_storage'] = true
    # mattermost['service_storage_directory'] = "/var/opt/gitlab/mattermost/data"
    # mattermost['service_allowed_login_attempts'] = 10
    # mattermost['service_disable_email_signup'] = true
    
    # mattermost['sql_driver_name'] = 'mysql'
    # mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
    # mattermost['sql_data_source_replicas'] = ["mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"]
    # mattermost['sql_max_idle_conns'] = 10
    # mattermost['sql_max_open_conns'] = 10
    # mattermost['sql_trace'] = false
    
    # mattermost['oauth'] = {'gitlab' => {'Allow' => true, 'Secret' => "123", 'Id' => "123", "AuthEndpoint" => "aa", "TokenEndpoint" => "bb", "UserApiEndpoint" => "cc", "Scope" => "" }}
    # mattermost['aws'] = {'S3AccessKeyId' => '123', 'S3SecretAccessKey' => '123', 'S3Bucket' => 'aa', 'S3Region' => 'bb'}
    # mattermost['image_thumbnail_width'] = 120
    # mattermost['image_thumbnail_height'] = 100
    # mattermost['image_preview_width'] = 1024
    # mattermost['image_preview_height'] = 0
    # mattermost['image_profile_width'] = 128
    # mattermost['image_profile_height'] = 128
    # mattermost['image_initial_font'] = 'luximbi.ttf'
    
    # mattermost['email_by_pass_email'] = true
    # mattermost['email_smtp_username'] = nil
    # mattermost['email_smtp_password'] = nil
    # mattermost['email_smtp_server'] = nil
    # mattermost['email_use_tls'] = false
    # mattermost['email_use_start_tls'] = false
    # mattermost['email_feedback_email'] = nil
    # mattermost['email_feedback_name'] = nil
    # mattermost['email_apple_push_server'] = nil
    # mattermost['email_apple_push_cert_public'] = nil
    # mattermost['email_apple_push_cert_private'] = nil
    
    # mattermost['ratelimit_use_rate_limiter'] = true
    # mattermost['ratelimit_per_sec'] = 10
    # mattermost['ratelimit_memory_store_size'] = 10000
    # mattermost['ratelimit_vary_by_remote_addr'] = true
    # mattermost['ratelimit_vary_by_header'] = nil
    
    # mattermost['privacy_show_email_address'] = true
    # mattermost['privacy_show_phone_number'] = true
    # mattermost['privacy_show_skype_id'] = true
    # mattermost['privacy_show_full_name'] = true
    
    # mattermost['team_max_users_per_team'] = 150
    # mattermost['team_allow_public_link'] = true
    # mattermost['team_allow_valet_default'] = false
    # mattermost['team_terms_link'] = '/static/help/configure_links.html'
    # mattermost['team_privacy_link'] = '/static/help/configure_links.html'
    # mattermost['team_about_link'] = '/static/help/configure_links.html'
    # mattermost['team_help_link'] = '/static/help/configure_links.html'
    # mattermost['team_report_problem_link'] = '/static/help/configure_links.html'
    # mattermost['team_tour_link'] = '/static/help/configure_links.html'
    # mattermost['team_default_color'] = '#2389D7'
    # mattermost['team_disable_team_creation'] = true
    # mattermost['team_restrict_creation_to_domains'] = "gmail.com"
    
    ####################
    # Mattermost NGINX #
    ####################
    
    # mattermost_nginx['enable'] = false
    # mattermost_nginx['client_max_body_size'] = '250m'
    # mattermost_nginx['redirect_http_to_https'] = false
    # mattermost_nginx['redirect_http_to_https_port'] = 80
    # mattermost_nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
    # mattermost_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
    # mattermost_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
    # mattermost_nginx['ssl_prefer_server_ciphers'] = "on"
    # mattermost_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" # recommended by https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
    # mattermost_nginx['ssl_session_cache'] = "builtin:1000  shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html
    # mattermost_nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html
    # mattermost_nginx['ssl_dhparam'] = nil # Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem
    # mattermost_nginx['listen_addresses'] = ['*']
    # mattermost_nginx['listen_port'] = nil # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port
    # mattermost_nginx['listen_https'] = nil # override only if your reverse proxy internally communicates over HTTP: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl
    # mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {
     deny all;
    }
    "
    # mattermost_nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
    
    ## Advanced settings
    # mattermost_nginx['dir'] = "/var/opt/gitlab/nginx"
    # mattermost_nginx['log_directory'] = "/var/log/gitlab/nginx"
    # mattermost_nginx['worker_processes'] = 4
    # mattermost_nginx['worker_connections'] = 10240
    # mattermost_nginx['sendfile'] = 'on'
    # mattermost_nginx['tcp_nopush'] = 'on'
    # mattermost_nginx['tcp_nodelay'] = 'on'
    # mattermost_nginx['gzip'] = "on"
    # mattermost_nginx['gzip_http_version'] = "1.0"
    # mattermost_nginx['gzip_comp_level'] = "2"
    # mattermost_nginx['gzip_proxied'] = "any"
    # mattermost_nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
    # mattermost_nginx['keepalive_timeout'] = 65
    # mattermost_nginx['cache_max_size'] = '5000m'

    注:在这里唯一需要修改的就是把文件里xxxxxxxx@163.com这个邮件地址改为自己真实可用的邮箱地址即可,好像一共有三处;其次别忘了在这里修改自己的邮箱密码,如果是163邮箱,录入的密码不是真实的邮箱密码,而是代理密码,即一个加密后的密码串,具体情况自己可登录163邮箱查看。

    gitlab_rails['smtp_user_name'] = "xxxxxxxx@163.com"
    gitlab_rails['smtp_password'] = "mjaiuhvi"

    第七步:(修改PostgreSQL的配置文件)

    在这里需要依次修改两个文件(如果你需要远程访问PostgreSQL数据库,需要再额外的修改postgresql.conf文件),分别为pg_hba.conf与postgresql.conf文件

    sudo nano /var/opt/gitlab/postgresql/data/pg_hba.conf
    sudo nano /var/opt/gitlab/postgresql/data/postgresql.conf

    1)配置待访问的主机IP(客户端)

    # This file is managed by gitlab-ctl. Manual changes will be
    # erased! To change the contents below, edit /etc/gitlab/gitlab.rb
    # and run `sudo gitlab-ctl reconfigure`.
    
    # PostgreSQL Client Authentication Configuration File
    # ===================================================
    #
    # Refer to the "Client Authentication" section in the
    # PostgreSQL documentation for a complete description
    # of this file.  A short synopsis follows.
    #
    # This file controls: which hosts are allowed to connect, how clients
    # are authenticated, which PostgreSQL user names they can use, which
    # databases they can access.  Records take one of these forms:
    #
    # local      DATABASE  USER  METHOD  [OPTION]
    # host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
    # hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
    # hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
    #
    # (The uppercase items must be replaced by actual values.)
    #
    # The first field is the connection type: "local" is a Unix-domain socket,
    # "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an
    # SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.
    #
    # DATABASE can be "all", "sameuser", "samerole", a database name, or
    # a comma-separated list thereof.
    #
    # USER can be "all", a user name, a group name prefixed with "+", or
    # a comma-separated list thereof.  In both the DATABASE and USER fields
    # you can also write a file name prefixed with "@" to include names from
    # a separate file.
    #
    # CIDR-ADDRESS specifies the set of hosts the record matches.
    # It is made up of an IP address and a CIDR mask that is an integer
    # (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies
    # the number of significant bits in the mask.  Alternatively, you can write
    # an IP address and netmask in separate columns to specify the set of hosts.
    #
    # METHOD can be "trust", "reject", "md5", "crypt", "password", "gss", "sspi",
    # "krb5", "ident", "pam" or "ldap".  Note that "password" sends passwords
    # in clear text; "md5" is preferred since it sends encrypted passwords.
    #
    # OPTION is the ident map or the name of the PAM service, depending on METHOD.
    #
    # Database and user names containing spaces, commas, quotes and other special
    # characters must be quoted. Quoting one of the keywords "all", "sameuser" or
    # "samerole" makes the name lose its special character, and just match a
    # database or username with that name.
    #
    # This file is read on server startup and when the postmaster receives
    # a SIGHUP signal.  If you edit the file on a running system, you have
    # to SIGHUP the postmaster for the changes to take effect.  You can use
    # "pg_ctl reload" to do that.
    
    # Put your actual configuration here
    # ----------------------------------
    #
    # If you want to allow non-local connections, you need to add more
    # "host" records. In that case you will also need to make PostgreSQL listen
    # on a non-local interface via the listen_addresses configuration parameter,
    # or via the -i or -h command line switches.
    #
    
    
    # TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
    
    # "local" is for Unix domain socket connections only
    local   all         all                               trust 
    host    all            all            192.168.30.0/24          trust
    host    all            all            192.168.10.0/24          trust
    #map=gitlab

    如果希望某个IP段的主机也可以访问数据库,只需再增加这个段就可以了,例如192.168.10.0~192.168.10.255,就可以写成以下的方式

    host    all            all            192.168.10.0/24          trust

    2)启用监听所有客户端

      1 # This file is managed by gitlab-ctl. Manual changes will be
      2 # erased! To change the contents below, edit /etc/gitlab/gitlab.rb
      3 # and run `sudo gitlab-ctl reconfigure`.
      4 
      5 # -----------------------------
      6 # PostgreSQL configuration file
      7 # -----------------------------
      8 #
      9 # This file consists of lines of the form:
     10 #
     11 #   name = value
     12 #
     13 # (The "=" is optional.)  Whitespace may be used.  Comments are introduced with
     14 # "#" anywhere on a line.  The complete list of parameter names and allowed
     15 # values can be found in the PostgreSQL documentation.
     16 #
     17 # The commented-out settings shown in this file represent the default values.
     18 # Re-commenting a setting is NOT sufficient to revert it to the default value;
     19 # you need to reload the server.
     20 #
     21 # This file is read on server startup and when the server receives a SIGHUP
     22 # signal.  If you edit the file on a running system, you have to SIGHUP the
     23 # server for the changes to take effect, or use "pg_ctl reload".  Some
     24 # parameters, which are marked below, require a server shutdown and restart to
     25 # take effect.
     26 #
     27 # Any parameter can also be given as a command-line option to the server, e.g.,
     28 # "postgres -c log_connections=on".  Some parameters can be changed at run time
     29 # with the "SET" SQL command.
     30 #
     31 # Memory units:  kB = kilobytes        Time units:  ms  = milliseconds
     32 #                MB = megabytes                     s   = seconds
     33 #                GB = gigabytes                     min = minutes
     34 #                                                   h   = hours
     35 #                                                   d   = days
     36 
     37 
     38 #------------------------------------------------------------------------------
     39 # FILE LOCATIONS
     40 #------------------------------------------------------------------------------
     41 
     42 # The default values of these variables are driven from the -D command-line
     43 # option or PGDATA environment variable, represented here as ConfigDir.
     44 
     45 #data_directory = 'ConfigDir'   # use data in another directory
     46           # (change requires restart)
     47 #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file
     48           # (change requires restart)
     49 #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file
     50           # (change requires restart)
     51 
     52 # If external_pid_file is not explicitly set, no extra PID file is written.
     53 #external_pid_file = '(none)'   # write an extra PID file
     54           # (change requires restart)
     55 
     56 
     57 #------------------------------------------------------------------------------
     58 # CONNECTIONS AND AUTHENTICATION
     59 #------------------------------------------------------------------------------
     60 
     61 # - Connection Settings -
     62 
     63 listen_addresses = '*'    # what IP address(es) to listen on;
     64           # comma-separated list of addresses;
     65           # defaults to 'localhost', '*' = all
     66           # (change requires restart)
     67 port = 5432        # (change requires restart)
     68 max_connections = 200      # (change requires restart)
     69 # Note:  Increasing max_connections costs ~400 bytes of shared memory per
     70 # connection slot, plus lock space (see max_locks_per_transaction).
     71 #superuser_reserved_connections = 3 # (change requires restart)
     72 unix_socket_directory = '/var/opt/gitlab/postgresql'   # (change requires restart)
     73 #unix_socket_group = ''     # (change requires restart)
     74 #unix_socket_permissions = 0777   # begin with 0 to use octal notation
     75           # (change requires restart)
     76 #bonjour = off        # advertise server via Bonjour
     77           # (change requires restart)
     78 #bonjour_name = ''      # defaults to the computer name
     79           # (change requires restart)
     80 
     81 # - Security and Authentication -
     82 
     83 #authentication_timeout = 1min    # 1s-600s
     84 #ssl = off        # (change requires restart)
     85 #ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'  # allowed SSL ciphers
     86           # (change requires restart)
     87 #ssl_renegotiation_limit = 512MB  # amount of data between renegotiations
     88 #password_encryption = on
     89 #db_user_namespace = off
     90 
     91 # Kerberos and GSSAPI
     92 #krb_server_keyfile = ''
     93 #krb_srvname = 'postgres'   # (Kerberos only)
     94 #krb_caseins_users = off
     95 
     96 # - TCP Keepalives -
     97 # see "man 7 tcp" for details
     98 
     99 #tcp_keepalives_idle = 0    # TCP_KEEPIDLE, in seconds;
    100           # 0 selects the system default
    101 #tcp_keepalives_interval = 0    # TCP_KEEPINTVL, in seconds;
    102           # 0 selects the system default
    103 #tcp_keepalives_count = 0   # TCP_KEEPCNT;
    104           # 0 selects the system default
    105 
    106 
    107 #------------------------------------------------------------------------------
    108 # RESOURCE USAGE (except WAL)
    109 #------------------------------------------------------------------------------
    110 
    111 # - Memory -
    112 
    113 shared_buffers = 10MB # min 128kB
    114           # (change requires restart)
    115 #temp_buffers = 8MB     # min 800kB
    116 #max_prepared_transactions = 0    # zero disables the feature
    117           # (change requires restart)
    118 # Note:  Increasing max_prepared_transactions costs ~600 bytes of shared memory
    119 # per transaction slot, plus lock space (see max_locks_per_transaction).
    120 # It is not advisable to set max_prepared_transactions nonzero unless you
    121 # actively intend to use prepared transactions.
    122 work_mem = 8MB                # min 64kB
    123 #maintenance_work_mem = 16MB    # min 1MB
    124 #max_stack_depth = 2MB      # min 100kB
    125 
    126 # - Kernel Resource Usage -
    127 
    128 #max_files_per_process = 1000   # min 25
    129           # (change requires restart)
    130 #shared_preload_libraries = ''    # (change requires restart)
    131 
    132 # - Cost-Based Vacuum Delay -
    133 
    134 #vacuum_cost_delay = 0ms    # 0-100 milliseconds
    135 #vacuum_cost_page_hit = 1   # 0-10000 credits
    136 #vacuum_cost_page_miss = 10   # 0-10000 credits
    137 #vacuum_cost_page_dirty = 20    # 0-10000 credits
    138 #vacuum_cost_limit = 200    # 1-10000 credits
    139 
    140 # - Background Writer -
    141 
    142 #bgwriter_delay = 200ms     # 10-10000ms between rounds
    143 #bgwriter_lru_maxpages = 100    # 0-1000 max buffers written/round
    144 #bgwriter_lru_multiplier = 2.0    # 0-10.0 multipler on buffers scanned/round
    145 
    146 # - Asynchronous Behavior -
    147 
    148 #effective_io_concurrency = 1   # 1-1000. 0 disables prefetching
    149 
    150 
    151 #------------------------------------------------------------------------------
    152 # WRITE AHEAD LOG
    153 #------------------------------------------------------------------------------
    154 
    155 # - Settings -
    156 
    157 #wal_level = minimal      # minimal, archive, or hot_standby
    158           # (change requires restart)
    159 #fsync = on       # turns forced synchronization on or off
    160 #synchronous_commit = on    # synchronization level; on, off, or local
    161 #wal_sync_method = fsync    # the default is the first option
    162           # supported by the operating system:
    163           #   open_datasync
    164           #   fdatasync (default on Linux)
    165           #   fsync
    166           #   fsync_writethrough
    167           #   open_sync
    168 #full_page_writes = on      # recover from partial page writes
    169 #wal_buffers = -1     # min 32kB, -1 sets based on shared_buffers
    170           # (change requires restart)
    171 #wal_writer_delay = 200ms   # 1-10000 milliseconds
    172 
    173 #commit_delay = 0     # range 0-100000, in microseconds
    174 #commit_siblings = 5      # range 1-1000
    175 
    176 # - Checkpoints -
    177 
    178 checkpoint_segments =  10        # in logfile segments, min 1, 16MB each, default 3
    179 checkpoint_timeout = 5min        # range 30s-1h, default 5min
    180 checkpoint_completion_target = 0.9    # checkpoint target duration, 0.0 - 1.0, default 0.5
    181 checkpoint_warning = 60s        # 0 disables, default 30s
    182 
    183 # - Archiving -
    184 
    185 #archive_mode = off   # allows archiving to be done
    186         # (change requires restart)
    187 #archive_command = ''   # command to use to archive a logfile segment
    188 #archive_timeout = 0    # force a logfile segment switch after this
    189         # number of seconds; 0 disables
    190 
    191 
    192 #------------------------------------------------------------------------------
    193 # REPLICATION
    194 #------------------------------------------------------------------------------
    195 
    196 # - Master Server -
    197 
    198 # These settings are ignored on a standby server
    199 
    200 #max_wal_senders = 0    # max number of walsender processes
    201         # (change requires restart)
    202 #wal_sender_delay = 1s    # walsender cycle time, 1-10000 milliseconds
    203 #wal_keep_segments = 0    # in logfile segments, 16MB each; 0 disables
    204 #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
    205 #replication_timeout = 60s  # in milliseconds; 0 disables
    206 #synchronous_standby_names = '' # standby servers that provide sync rep
    207         # comma-separated list of application_name
    208         # from standby(s); '*' = all
    209 
    210 # - Standby Servers -
    211 
    212 # These settings are ignored on a master server
    213 
    214 #hot_standby = off      # "on" allows queries during recovery
    215           # (change requires restart)
    216 #max_standby_archive_delay = 30s  # max delay before canceling queries
    217           # when reading WAL from archive;
    218           # -1 allows indefinite delay
    219 #max_standby_streaming_delay = 30s  # max delay before canceling queries
    220           # when reading streaming WAL;
    221           # -1 allows indefinite delay
    222 #wal_receiver_status_interval = 10s # send replies at least this often
    223           # 0 disables
    224 #hot_standby_feedback = off   # send info from standby to prevent
    225           # query conflicts
    226 
    227 
    228 #------------------------------------------------------------------------------
    229 # QUERY TUNING
    230 #------------------------------------------------------------------------------
    231 
    232 # - Planner Method Configuration -
    233 
    234 #enable_bitmapscan = on
    235 #enable_hashagg = on
    236 #enable_hashjoin = on
    237 #enable_indexscan = on
    238 #enable_material = on
    239 #enable_mergejoin = on
    240 #enable_nestloop = on
    241 #enable_seqscan = on
    242 #enable_sort = on
    243 #enable_tidscan = on
    244 
    245 # - Planner Cost Constants -
    246 
    247 #seq_page_cost = 1.0      # measured on an arbitrary scale
    248 #random_page_cost = 4.0     # same scale as above
    249 #cpu_tuple_cost = 0.01      # same scale as above
    250 #cpu_index_tuple_cost = 0.005   # same scale as above
    251 #cpu_operator_cost = 0.0025   # same scale as above
    252 effective_cache_size = 2048MB # Default 128MB
    253 
    254 # - Genetic Query Optimizer -
    255 
    256 #geqo = on
    257 #geqo_threshold = 12
    258 #geqo_effort = 5      # range 1-10
    259 #geqo_pool_size = 0     # selects default based on effort
    260 #geqo_generations = 0     # selects default based on effort
    261 #geqo_selection_bias = 2.0    # range 1.5-2.0
    262 #geqo_seed = 0.0      # range 0.0-1.0
    263 
    264 # - Other Planner Options -
    265 
    266 #default_statistics_target = 100  # range 1-10000
    267 #constraint_exclusion = partition # on, off, or partition
    268 #cursor_tuple_fraction = 0.1    # range 0.0-1.0
    269 #from_collapse_limit = 8
    270 #join_collapse_limit = 8    # 1 disables collapsing of explicit
    271           # JOIN clauses
    272 
    273 
    274 #------------------------------------------------------------------------------
    275 # ERROR REPORTING AND LOGGING
    276 #------------------------------------------------------------------------------
    277 
    278 # - Where to Log -
    279 
    280 #log_destination = 'stderr'   # Valid values are combinations of
    281           # stderr, csvlog, syslog, and eventlog,
    282           # depending on platform.  csvlog
    283           # requires logging_collector to be on.
    284 
    285 # This is used when logging to stderr:
    286 #logging_collector = off    # Enable capturing of stderr and csvlog
    287           # into log files. Required to be on for
    288           # csvlogs.
    289           # (change requires restart)
    290 
    291 # These are only used if logging_collector is on:
    292 #log_directory = 'pg_log'   # directory where log files are written,
    293           # can be absolute or relative to PGDATA
    294 #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'  # log file name pattern,
    295           # can include strftime() escapes
    296 #log_file_mode = 0600     # creation mode for log files,
    297           # begin with 0 to use octal notation
    298 #log_truncate_on_rotation = off   # If on, an existing log file with the
    299           # same name as the new log file will be
    300           # truncated rather than appended to.
    301           # But such truncation only occurs on
    302           # time-driven rotation, not on restarts
    303           # or size-driven rotation.  Default is
    304           # off, meaning append to existing files
    305           # in all cases.
    306 #log_rotation_age = 1d      # Automatic rotation of logfiles will
    307           # happen after that time.  0 disables.
    308 #log_rotation_size = 10MB   # Automatic rotation of logfiles will
    309           # happen after that much log output.
    310           # 0 disables.
    311 
    312 # These are relevant when logging to syslog:
    313 #syslog_facility = 'LOCAL0'
    314 #syslog_ident = 'postgres'
    315 
    316 #silent_mode = off      # Run server silently.
    317           # DO NOT USE without syslog or
    318           # logging_collector
    319           # (change requires restart)
    320 
    321 
    322 # - When to Log -
    323 
    324 #client_min_messages = notice   # values in order of decreasing detail:
    325           #   debug5
    326           #   debug4
    327           #   debug3
    328           #   debug2
    329           #   debug1
    330           #   log
    331           #   notice
    332           #   warning
    333           #   error
    334 
    335 #log_min_messages = warning   # values in order of decreasing detail:
    336           #   debug5
    337           #   debug4
    338           #   debug3
    339           #   debug2
    340           #   debug1
    341           #   info
    342           #   notice
    343           #   warning
    344           #   error
    345           #   log
    346           #   fatal
    347           #   panic
    348 
    349 #log_min_error_statement = error  # values in order of decreasing detail:
    350           #   debug5
    351           #   debug4
    352           #   debug3
    353           #   debug2
    354           #   debug1
    355           #   info
    356           #   notice
    357           #   warning
    358           #   error
    359           #   log
    360           #   fatal
    361           #   panic (effectively off)
    362 
    363 #log_min_duration_statement = -1  # -1 is disabled, 0 logs all statements
    364           # and their durations, > 0 logs only
    365           # statements running at least this number
    366           # of milliseconds
    367 
    368 
    369 # - What to Log -
    370 
    371 #debug_print_parse = off
    372 #debug_print_rewritten = off
    373 #debug_print_plan = off
    374 #debug_pretty_print = on
    375 #log_checkpoints = off
    376 #log_connections = off
    377 #log_disconnections = off
    378 #log_duration = off
    379 #log_error_verbosity = default    # terse, default, or verbose messages
    380 #log_hostname = off
    381 #log_line_prefix = ''     # special values:
    382           #   %a = application name
    383           #   %u = user name
    384           #   %d = database name
    385           #   %r = remote host and port
    386           #   %h = remote host
    387           #   %p = process ID
    388           #   %t = timestamp without milliseconds
    389           #   %m = timestamp with milliseconds
    390           #   %i = command tag
    391           #   %e = SQL state
    392           #   %c = session ID
    393           #   %l = session line number
    394           #   %s = session start timestamp
    395           #   %v = virtual transaction ID
    396           #   %x = transaction ID (0 if none)
    397           #   %q = stop here in non-session
    398           #        processes
    399           #   %% = '%'
    400           # e.g. '<%u%%%d> '
    401 #log_lock_waits = off     # log lock waits >= deadlock_timeout
    402 #log_statement = 'none'     # none, ddl, mod, all
    403 #log_temp_files = -1      # log temporary files equal or larger
    404           # than the specified size in kilobytes;
    405           # -1 disables, 0 logs all temp files
    406 #log_timezone = '(defaults to server environment setting)'
    407 
    408 
    409 #------------------------------------------------------------------------------
    410 # RUNTIME STATISTICS
    411 #------------------------------------------------------------------------------
    412 
    413 # - Query/Index Statistics Collector -
    414 
    415 #track_activities = on
    416 #track_counts = on
    417 #track_functions = none     # none, pl, all
    418 #track_activity_query_size = 1024   # (change requires restart)
    419 #update_process_title = on
    420 #stats_temp_directory = 'pg_stat_tmp'
    421 
    422 
    423 # - Statistics Monitoring -
    424 
    425 #log_parser_stats = off
    426 #log_planner_stats = off
    427 #log_executor_stats = off
    428 #log_statement_stats = off
    429 
    430 
    431 #------------------------------------------------------------------------------
    432 # AUTOVACUUM PARAMETERS
    433 #------------------------------------------------------------------------------
    434 
    435 #autovacuum = on      # Enable autovacuum subprocess?  'on'
    436           # requires track_counts to also be on.
    437 #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and
    438           # their durations, > 0 logs only
    439           # actions running at least this number
    440           # of milliseconds.
    441 #autovacuum_max_workers = 3   # max number of autovacuum subprocesses
    442           # (change requires restart)
    443 #autovacuum_naptime = 1min    # time between autovacuum runs
    444 #autovacuum_vacuum_threshold = 50 # min number of row updates before
    445           # vacuum
    446 #autovacuum_analyze_threshold = 50  # min number of row updates before
    447           # analyze
    448 #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
    449 #autovacuum_analyze_scale_factor = 0.1  # fraction of table size before analyze
    450 #autovacuum_freeze_max_age = 200000000  # maximum XID age before forced vacuum
    451           # (change requires restart)
    452 #autovacuum_vacuum_cost_delay = 20ms  # default vacuum cost delay for
    453           # autovacuum, in milliseconds;
    454           # -1 means use vacuum_cost_delay
    455 #autovacuum_vacuum_cost_limit = -1  # default vacuum cost limit for
    456           # autovacuum, -1 means use
    457           # vacuum_cost_limit
    458 
    459 
    460 #------------------------------------------------------------------------------
    461 # CLIENT CONNECTION DEFAULTS
    462 #------------------------------------------------------------------------------
    463 
    464 # - Statement Behavior -
    465 
    466 #search_path = '"$user",public'   # schema names
    467 #default_tablespace = ''    # a tablespace name, '' uses the default
    468 #temp_tablespaces = ''      # a list of tablespace names, '' uses
    469           # only default tablespace
    470 #check_function_bodies = on
    471 #default_transaction_isolation = 'read committed'
    472 #default_transaction_read_only = off
    473 #default_transaction_deferrable = off
    474 #session_replication_role = 'origin'
    475 #statement_timeout = 0      # in milliseconds, 0 is disabled
    476 #vacuum_freeze_min_age = 50000000
    477 #vacuum_freeze_table_age = 150000000
    478 #bytea_output = 'hex'     # hex, escape
    479 #xmlbinary = 'base64'
    480 #xmloption = 'content'
    481 
    482 # - Locale and Formatting -
    483 
    484 datestyle = 'iso, mdy'
    485 #intervalstyle = 'postgres'
    486 #timezone = '(defaults to server environment setting)'
    487 #timezone_abbreviations = 'Default'     # Select the set of available time zone
    488           # abbreviations.  Currently, there are
    489           #   Default
    490           #   Australia
    491           #   India
    492           # You can create your own file in
    493           # share/timezonesets/.
    494 #extra_float_digits = 0     # min -15, max 3
    495 #client_encoding = sql_ascii    # actually, defaults to database
    496           # encoding
    497 
    498 # These settings are initialized by initdb, but they can be changed.
    499 lc_messages = 'C'     # locale for system error message
    500           # strings
    501 lc_monetary = 'C'     # locale for monetary formatting
    502 lc_numeric = 'C'      # locale for number formatting
    503 lc_time = 'C'       # locale for time formatting
    504 
    505 # default configuration for text search
    506 default_text_search_config = 'pg_catalog.english'
    507 
    508 # - Other Defaults -
    509 
    510 #dynamic_library_path = '$libdir'
    511 #local_preload_libraries = ''
    512 
    513 
    514 #------------------------------------------------------------------------------
    515 # LOCK MANAGEMENT
    516 #------------------------------------------------------------------------------
    517 
    518 #deadlock_timeout = 1s
    519 #max_locks_per_transaction = 64   # min 10
    520           # (change requires restart)
    521 # Note:  Each lock table slot uses ~270 bytes of shared memory, and there are
    522 # max_locks_per_transaction * (max_connections + max_prepared_transactions)
    523 # lock table slots.
    524 #max_pred_locks_per_transaction = 64  # min 10
    525           # (change requires restart)
    526 
    527 #------------------------------------------------------------------------------
    528 # VERSION/PLATFORM COMPATIBILITY
    529 #------------------------------------------------------------------------------
    530 
    531 # - Previous PostgreSQL Versions -
    532 
    533 #array_nulls = on
    534 #backslash_quote = safe_encoding  # on, off, or safe_encoding
    535 #default_with_oids = off
    536 #escape_string_warning = on
    537 #lo_compat_privileges = off
    538 #quote_all_identifiers = off
    539 #sql_inheritance = on
    540 #standard_conforming_strings = on
    541 #synchronize_seqscans = on
    542 
    543 # - Other Platforms and Clients -
    544 
    545 #transform_null_equals = off
    546 
    547 
    548 #------------------------------------------------------------------------------
    549 # ERROR HANDLING
    550 #------------------------------------------------------------------------------
    551 
    552 #exit_on_error = off        # terminate session on any error?
    553 #restart_after_crash = on     # reinitialize after backend crash?
    554 
    555 
    556 #------------------------------------------------------------------------------
    557 # CUSTOMIZED OPTIONS
    558 #------------------------------------------------------------------------------
    559 
    560 #custom_variable_classes = ''   # list of custom variable class names

    在这个文件中主要是修改63行的listen_addresses = ''为listen_addresses = '*',这样就可以监听所有端口了。

    最后一步:(启用所有配置并启动)

    sudo gitlab-ctl reconfigure
    sudo gitlab-ctl start

    访问http://localhost即可。

    gitlab默认的数据库为gitlabhq_production,数据库登录用户名为gitlab-psql,数据库密码为空;

    gitlab的用户信息分别保存在namespaces表与users表中。

  • 相关阅读:
    吉哥系列故事――恨7不成妻
    K
    F
    树状数组
    34.在排序数组中查找元素的第一个和最后一个位置--二分查找
    CSS选择器及其权重
    CSS布局 圣杯和双飞翼
    983. 最低票价 -- 动态规划
    合并k个排序链表 二分
    面试题 16.03. 交点
  • 原文地址:https://www.cnblogs.com/zhengbing/p/4910569.html
Copyright © 2011-2022 走看看