1 2 3 4 |
yum -y install policycoreutils openssh-server openssh-clients postfix wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-11.4.3-ce.0.el7.x86_64.rpm yum install policycoreutils-python rpm -i gitlab-ce-11.4.3-ce.0.el7.x86_64.rpm |
证书生成:
1. 创建 Private Key,这里需要输入密码,记住下密码,在下面需要用到
1 |
openssl genrsa -des3 -out /etc/gitlab/ssl/gitlab.shooter.com.key 2048 |
2. 生成 Certificate Request
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
openssl req -new -key /etc/gitlab/ssl/gitlab.shooter.com.key -out /etc/gitlab/ssl/gitlab.shooter.com.csr 输入一些信息 Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:shanghai Locality Name (eg, city) [Default City]:shanghai Organization Name (eg, company) [Default Company Ltd]:shooter Organizational Unit Name (eg, section) []:shooter Common Name (eg, your name or your server's hostname) []:gitlab.shooter.com Email Address []:tuobalongshen@126.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: 翻译: 国家/地区名称(2个字母代码)[XX]:CN 州或省名称(全名)[]:上海 地区名称(例如城市)[默认城市]:上海 组织名称(例如公司)[默认公司有限公司]:shooter 组织单位名称(例如,科)[]:射手 通用名称(例如,您的名称或服务器的主机名)[]:这里要写你颁发证书的域名 电子邮件地址[]:tuobalongshen@126.com 请输入以下“额外”属性 与您的证书请求一起发送 质询密码[]: 可不设 可选的公司名称[]: 可不写 |
上面2条命令可以进行合并
1 |
openssl req -nodes -newkey rsa:2048 -keyout gitlab.shooter.com.key -out gitlab.shooter.com.csr |
3. 移除Private Key 中的密码短语
1 2 3 |
cp -v /etc/gitlab/ssl/gitlab.shooter.com.{key,original} openssl rsa -in /etc/gitlab/ssl/gitlab.shooter.com.original -out /etc/gitlab/ssl/gitlab.shooter.com.key rm -v /etc/gitlab/ssl/gitlab.shooter.com.original |
4. 创建证书
1 |
openssl x509 -req -days 1460 -in /etc/gitlab/ssl/gitlab.shooter.com.csr -signkey /etc/gitlab/ssl/gitlab.shooter.com.key -out /etc/gitlab/ssl/gitlab.shooter.com.crt |
5. 移除证书请求文件
1 |
rm -v /etc/gitlab/ssl/gitlab.shooter.com.csr |
6. 设置文件权限
1 |
chmod 600 /etc/gitlab/ssl/gitlab.shooter.com.* |
gitlab 配置更改
1 |
vim /etc/gitlab/gitlab.rb |
1 2 3 4 5 |
external_url 'https://gitlab.shooter.com' nginx['redirect_http_to_https'] = true nginx['ssl_certificate']= "/etc/gitlab/ssl/gitlab.shooter.com.crt" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.shooter.com.key" |
重新加载配置文件 并且重启
1 2 |
gitlab-ctl reconfigure gitlab-ctl restart |
外部NGINX配置修改
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
upstream git{ server 172.17.4.179:443 weight=1; } server { listen 443; server_name git.zhubanxian.com; ssl on; ssl_certificate /etc/nginx/vhosts/git/2220513_gitlab.shooter.com.pem; ssl_certificate_key /etc/nginx/vhosts/git/2220513_gitlab.shooter.com.key; location ~ ^/(.*){ #注意这里使用https proxy_pass https://git; proxy_set_header REMOTE_ADDR $remote_addr; proxy_set_header Host $http_host; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { listen 80; server_name gitlab.shooter.com; location ^~ /.well-known/acme-challenge/ { alias /data/sites/challenges/; try_files $uri = 404; } location / { rewrite ^/(.*)$ https://$host/$1 permanent; } } |
- 本文固定链接: https://www.yoyoask.com/?p=4495
- 转载请注明: shooter 于 SHOOTER 发表