- 拉取镜像
docker pull gitlab/gitlab-ce
- 运行容器
docker run --detach \--publish 9080:80 --publish 9022:22 --publish 9443:443\--name=gitlab \--restart=always \--volume /home/docker/gitlab/config:/etc/gitlab \--volume /home/docker/gitlab/logs:/var/log/gitlab \--volume /home/docker/gitlab/data:/var/opt/gitlab \--volume /home/docker/gitlab/logs/reconfigure:/var/log/gitlab/reconfigure \--volume /etc/localtime:/etc/localtime:ro\--privileged=true \gitlab/gitlab-ce:latest
说明:
--publish
指定host和容器的端口映射。为了避免gitlab端口与host nginx冲突,最好都映射一下
- 编辑gitlab配置文件
因为挂载,所以不用进入容器就能修改配置文件,
sudo vim /home/docker/gitlab/config/gitlab.rb
修改如下配置并保存:
external_url 'https://你的域名'
nginx['redirect_http_to_https'] = true
# 你需要将你的证书放在 /home/docker/gitlab/config/ssl下
nginx['ssl_certificate'] = "/etc/gitlab/ssl/xxxx.xxxx.com_bundle.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/xxxx.xxxx.com.key"
gitlab_rails['gitlab_shell_ssh_port'] = 9022
- 修改完配置后,重启容器内gitlab服务
# 停止服务
docker exec gitlab sh -c 'gitlab-ctl stop'# 重新设置gitlab配置
docker exec gitlab sh -c 'gitlab-ctl reconfigure'# 启动服务
docker exec gitlab sh -c 'gitlab-ctl start'
- Host主机Nginx配置反向代理
## 请求转发到GitLab容器
server {listen 443 ssl;server_name xxxx.xxxx.com; # 你的域名charset utf-8;access_log logs/gitlab.access.log;error_log logs/gitlab.error.log;ssl on;# 服务的证书ssl_certificate /root/cert/xxxx.xxxx.com_bundle.crt;# 服务端keyssl_certificate_key /root/cert/xxxx.xxxx.key;# session超时时间ssl_session_timeout 5m;# 加密算法ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;# 允许SSL协议ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;# 启动加密算法ssl_prefer_server_ciphers on;location /gitlab {proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto https;proxy_pass https://127.0.0.1:9443;}
}
重启nginx
nginx -s reload
- 浏览器输入
https://域名/gitlab
访问,会自动跳转到登录页面,不行的话可以多刷新几次试试。
- 重置初始密码
进入容器
docker exec -it gitlab /bin/bash
登入GitLab后台操作
gitlab-rails console -e productionirb(main):003:0> User.all=> #<ActiveRecord::Relation [#<User id:1 @root>]>irb(main):004:0> user=User.where(id:1).first=> #<User id:1 @root>irb(main):008:0> user.password='12345678'=> "12345678"irb(main):009:0> user.password_confirmation='12345678'=> "12345678"irb(main):010:0> user.save!=> true
登录成功