Gitlab与ssh登陆的恩怨情仇
2015-12-21 22:17
531 查看
在center6,5上按照http://www.01happy.com/centos-6-5-install-gitlab/ 搭建了gitlab
刚开始是
出问题了找不到ruby源,后来在/home/git/gitlab/Gemfile /home/git/gitlab/Gemfile.lock
这两个文件里 把第一句改为source "https://ruby.taobao.org" 把gem "modernizr", "2.6.3" 改为gem "modernizr-rails", "2.7.1"
启动GitLab实例 service gitlab start 时候报错了、
Starting unicorn: bash: bin/web: No such file or directory [FAILED]
Starting sidekiq: bash: bin/background_jobs: No such file or directory [FAILED]
daemon --pidfile=$UPID --user=$USER "$PATH_PATCH RAILS_ENV=$RAILS_ENV bin/web start"
更改为:
daemon --pidfile=$UPID --user=$USER "$PATH_PATCH RAILS_ENV=$RAILS_ENV script/web start"
daemon --pidfile=$SPID --user=$USER "$PATH_PATCH RAILS_ENV=$RAILS_ENV bin/background_jobs start"
更改为:
daemon --pidfile=$SPID --user=$USER "$PATH_PATCH RAILS_ENV=$RAILS_ENV script/background_jobs start
接着就是挑战nginx配置了
原文里的nginx配置链接失效了后来找了一个
## 生成证书 sudo openssl req -newkey rsa:2048 -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key
## sudo chmod o-r gitlab.key
##
##编辑配置文件 Edit `gitlab-shell/config.yml`:
## 1) Set “gitlab_url” param in `gitlab-shell/config.yml` to `https://git.example.com`
## 2) Set “ca_file” to `/etc/nginx/ssl/gitlab.crt`
## 3) Set “self_signed_cert” to `true`
## Edit `gitlab/config/gitlab.yml`:
## 1) Define port for http “port: 443″
## 2) Enable https “https: true”
upstream gitlab {
## Uncomment if you have set up puma/unicorn to listen on a unix socket (recommended).
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
## Uncomment if puma/unicorn are configured to listen on a tcp port.
## Check the port number in /home/git/gitlab/config/{puma.rb/unicorn.rb}
# server 127.0.0.1:8080;
}
## This is a normal HTTP host which redirects all traffic to the HTTPS host.
server {
listen *:80;#HTTP访问的端口
## Replace git.example.com with your FQDN.
server_name baidu.com;#替换成你的域名或ip
server_tokens off;
## This doesn’t have to be a valid path since we are redirecting,
## you don’t have to change it.
root /nowhere;
rewrite ^ https://$server_name$request_uri permanent;
}
server {
listen 443 ssl;
## Replace git.example.com with your FQDN.
server_name baidu.com;#替换成你的域名或ip
server_tokens off;
root /home/git/gitlab/public;
## Increase this if you want to upload large attachments
## Or if you want to accept large git objects over http
client_max_body_size 20m;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl on;
ssl_certificate /usr/local/nginx/ssl/gitlab.crt;#证书的位置
ssl_certificate_key /usr/local/nginx/ssl/gitlab.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
#add_header Strict-Transport-Security max-age=63072000;
#add_header X-Frame-Options DENY;
#add_header X-Content-Type-Options nosniff;
## Individual nginx logs for this GitLab vhost
access_log /usr/local/nginx/logs/gitlab_access.log;
error_log /usr/local/nginx/logs/gitlab_error.log;
location / {
## Serve static files from defined root folder.
## @gitlab is a named location for the upstream fallback, see below.
try_files $uri $uri/index.html $uri.html @gitlab;
}
## If a file, which is not found in the root folder is requested,
## then the proxy pass the request to the upsteam (gitlab unicorn).
location @gitlab {
## If you use https make sure you disable gzip compression
## to be safe against BREACH attack.
gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab;#这是关键对应上面的upstream gitlab{}
}
## Enable gzip compression as per rails guide:
## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
#location ~ ^/(assets)/ {
# root /home/git/gitlab/public;
# gzip_static on; # to serve pre-gzipped version
# expires max;
# add_header Cache-Control public;
#}
error_page 502 /502.html;
}
防火墙开了443端口可以访问了
又遇到sshd的问题了登陆上gitlab后照着配置在win10上生成了公钥和私钥也传上去了一用git@ip推送就提示输入password
这里恶补下sshd登陆涉及到的文件
/etc/passwd 记录账号如git:x:497:497:GitLab:/home/git:/home/git/gitlab-shell/bin/gitlab-shell
/etc/ssh/sshd_config 是sshd 里面有一项PermitEmptyPasswords yes 要开启
最后一个提示有的git地址 gitlab里面提供的少了repositories git@ip:repositories/root/pro.git
刚开始是
bundle install --deployment --without development test postgres puma aws
出问题了找不到ruby源,后来在/home/git/gitlab/Gemfile /home/git/gitlab/Gemfile.lock
这两个文件里 把第一句改为source "https://ruby.taobao.org" 把gem "modernizr", "2.6.3" 改为gem "modernizr-rails", "2.7.1"
启动GitLab实例 service gitlab start 时候报错了、
Starting unicorn: bash: bin/web: No such file or directory [FAILED]
Starting sidekiq: bash: bin/background_jobs: No such file or directory [FAILED]
daemon --pidfile=$UPID --user=$USER "$PATH_PATCH RAILS_ENV=$RAILS_ENV bin/web start"
更改为:
daemon --pidfile=$UPID --user=$USER "$PATH_PATCH RAILS_ENV=$RAILS_ENV script/web start"
daemon --pidfile=$SPID --user=$USER "$PATH_PATCH RAILS_ENV=$RAILS_ENV bin/background_jobs start"
更改为:
daemon --pidfile=$SPID --user=$USER "$PATH_PATCH RAILS_ENV=$RAILS_ENV script/background_jobs start
接着就是挑战nginx配置了
原文里的nginx配置链接失效了后来找了一个
## 生成证书 sudo openssl req -newkey rsa:2048 -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key
## sudo chmod o-r gitlab.key
##
##编辑配置文件 Edit `gitlab-shell/config.yml`:
## 1) Set “gitlab_url” param in `gitlab-shell/config.yml` to `https://git.example.com`
## 2) Set “ca_file” to `/etc/nginx/ssl/gitlab.crt`
## 3) Set “self_signed_cert” to `true`
## Edit `gitlab/config/gitlab.yml`:
## 1) Define port for http “port: 443″
## 2) Enable https “https: true”
upstream gitlab {
## Uncomment if you have set up puma/unicorn to listen on a unix socket (recommended).
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
## Uncomment if puma/unicorn are configured to listen on a tcp port.
## Check the port number in /home/git/gitlab/config/{puma.rb/unicorn.rb}
# server 127.0.0.1:8080;
}
## This is a normal HTTP host which redirects all traffic to the HTTPS host.
server {
listen *:80;#HTTP访问的端口
## Replace git.example.com with your FQDN.
server_name baidu.com;#替换成你的域名或ip
server_tokens off;
## This doesn’t have to be a valid path since we are redirecting,
## you don’t have to change it.
root /nowhere;
rewrite ^ https://$server_name$request_uri permanent;
}
server {
listen 443 ssl;
## Replace git.example.com with your FQDN.
server_name baidu.com;#替换成你的域名或ip
server_tokens off;
root /home/git/gitlab/public;
## Increase this if you want to upload large attachments
## Or if you want to accept large git objects over http
client_max_body_size 20m;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl on;
ssl_certificate /usr/local/nginx/ssl/gitlab.crt;#证书的位置
ssl_certificate_key /usr/local/nginx/ssl/gitlab.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
#add_header Strict-Transport-Security max-age=63072000;
#add_header X-Frame-Options DENY;
#add_header X-Content-Type-Options nosniff;
## Individual nginx logs for this GitLab vhost
access_log /usr/local/nginx/logs/gitlab_access.log;
error_log /usr/local/nginx/logs/gitlab_error.log;
location / {
## Serve static files from defined root folder.
## @gitlab is a named location for the upstream fallback, see below.
try_files $uri $uri/index.html $uri.html @gitlab;
}
## If a file, which is not found in the root folder is requested,
## then the proxy pass the request to the upsteam (gitlab unicorn).
location @gitlab {
## If you use https make sure you disable gzip compression
## to be safe against BREACH attack.
gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab;#这是关键对应上面的upstream gitlab{}
}
## Enable gzip compression as per rails guide:
## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
#location ~ ^/(assets)/ {
# root /home/git/gitlab/public;
# gzip_static on; # to serve pre-gzipped version
# expires max;
# add_header Cache-Control public;
#}
error_page 502 /502.html;
}
防火墙开了443端口可以访问了
又遇到sshd的问题了登陆上gitlab后照着配置在win10上生成了公钥和私钥也传上去了一用git@ip推送就提示输入password
这里恶补下sshd登陆涉及到的文件
/etc/passwd 记录账号如git:x:497:497:GitLab:/home/git:/home/git/gitlab-shell/bin/gitlab-shell
/etc/ssh/sshd_config 是sshd 里面有一项PermitEmptyPasswords yes 要开启
最后一个提示有的git地址 gitlab里面提供的少了repositories git@ip:repositories/root/pro.git
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Linux Generating SSH Keys
- perl脚本实现限制ssh最大登录次数(支持白名单)
- rsync ssh 数据同步分析
- 搭建SSH时的思考和遇到的几个问题的解决方法
- SSH 使用原理 与解释
- SSH整合中 hibernate托管给Spring得到SessionFactory
- Linux VPS利用SSH重置ROOT密码的方法
- ssh,scp自动登陆的实现方法
- linux下使用ssh远程执行命令批量导出数据库到本地
- shell脚本实现ssh自动登录功能分享
- linux下ssh安装与scp命令使用详解
- ssh项目环境搭建步骤(web项目)
- 脚本实现SSH登录邮件报警
- Linux SSH 安全策略 限制 IP 登录方法
- 解决SSH连接超时的2个配置方法
- 用shell脚本防ssh和vsftpd暴力破解的详解讲解
- 内网ssh/mysql登录缓慢的解决方法
- Linux sshd_config配置手册中文版