Loading... ## 前言 --- 记录在(家庭局域网中)`openwrt/istoreos`上部署`gitlab`服务的过程. `istoreos`中已经集成了`docker`, 并在其中部署了`portainer-ce`, 目标为通过`portainer`的`Stacks`方式部署`gitlab`. ## 部署 --- ### (可选) 部署portainer-ce ```bash # 1. 拉取镜像 docker pull portainer/portainer-ce:latest # 2.创建磁盘卷(可选) docker volume create portainer_data # 3. 创建容器 # 端口配置为仅使用传统的http端口 docker run -d --name portainer --restart=always \ -p 9000:9000 \ -v /var/run/docker.sock:/var/run/docker.sock \ -v portainer_data:/data portainer/portainer-ce:latest ``` 之后访问`http://ip:9000`完成portainer初始化即可 ### 在portainer的Stacks中新建配置并创建服务 --- 参考官方docker-compose部署示例: https://docs.gitlab.com/ee/install/docker/installation.html#install-gitlab-by-using-docker-compose <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-1cadc6a341a73689a8f91960de90068c45" aria-expanded="true"><div class="accordion-toggle"><span style="">配置</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-1cadc6a341a73689a8f91960de90068c45" class="collapse in collapse-content"><p></p> <div class="tab-container post_tab box-shadow-wrap-lg"> <ul class="nav no-padder b-b scroll-hide" role="tablist"> <li class='nav-item active' role="presentation"><a class='nav-link active' style="" data-toggle="tab" aria-controls='tabs-af71e08a9e92e61756f766c68722498b560' role="tab" data-target='#tabs-af71e08a9e92e61756f766c68722498b560'>默认</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" aria-controls='tabs-796e0bb50825eb8d4e92c47d584db948271' role="tab" data-target='#tabs-796e0bb50825eb8d4e92c47d584db948271'>扩展:自定义网桥</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" aria-controls='tabs-bad2eafde030fbee9066456bb6724f4f832' role="tab" data-target='#tabs-bad2eafde030fbee9066456bb6724f4f832'>扩展:macvlan网络扩展</a></li> </ul> <div class="tab-content no-border"> <div role="tabpanel" id='tabs-af71e08a9e92e61756f766c68722498b560' class="tab-pane fade active in"> ```bash version: '3' services: web: image: 'gitlab/gitlab-ce:latest' restart: unless-stopped # always hostname: 'gitlab.lan' environment: TZ: 'Asia/Shanghai' GITLAB_OMNIBUS_CONFIG: | external_url 'http://10.100.100.1:30080' # web站点访问地址 # Add any other gitlab.rb configuration here, each on its own line ports: - '30080:30080' # 注意宿主机和容器内部的端口要一致,否则external_url无法访问 - '30443:443' - '30022:22' volumes: - '/mnt/data/portainer-apps/app-01-gitlab/config:/etc/gitlab' - '/mnt/data/portainer-apps/app-01-gitlab/logs:/var/log/gitlab' - '/mnt/data/portainer-apps/app-01-gitlab/data:/var/opt/gitlab' shm_size: '256m' ``` </div><div role="tabpanel" id='tabs-796e0bb50825eb8d4e92c47d584db948271' class="tab-pane fade "> ```bash version: '3' services: web: image: 'gitlab/gitlab-ce:latest' restart: unless-stopped # always hostname: 'gitlab.lan' environment: TZ: 'Asia/Shanghai' GITLAB_OMNIBUS_CONFIG: | external_url 'http://10.100.100.1:30080' # web站点访问地址 # Add any other gitlab.rb configuration here, each on its own line ports: - '30080:30080' # 注意宿主机和容器内部的端口要一致,否则external_url无法访问 - '30443:443' - '30022:22' volumes: - '/mnt/data/portainer-apps/app-01-gitlab/config:/etc/gitlab' - '/mnt/data/portainer-apps/app-01-gitlab/logs:/var/log/gitlab' - '/mnt/data/portainer-apps/app-01-gitlab/data:/var/opt/gitlab' shm_size: '256m' networks: - mybridge # mybridge为手动在docker下创建好的NAT网络 networks: mybridge: external: true ``` </div><div role="tabpanel" id='tabs-bad2eafde030fbee9066456bb6724f4f832' class="tab-pane fade "> ```bash # (可选)示例创建macvlan网络: 基于openwrt的br-lan网桥 # docker network create -d macvlan --subnet=10.100.100.0/24 --gateway=10.100.100.1 -o parent=br-lan mymacvlan # Stacks配置 # 名字随意, 示例 gitlab-macvlan version: '3.6' services: web: image: 'gitlab/gitlab-ce:latest' container_name: gitlab restart: unless-stopped # always hostname: 'gitlab.lan' environment: TZ: 'Asia/Shanghai' GITLAB_OMNIBUS_CONFIG: | # Add any other gitlab.rb configuration here, each on its own line external_url 'http://gitlab.lan' # web站点访问地址 volumes: - '/mnt/data/portainer-apps/app-01-gitlab/config:/etc/gitlab' - '/mnt/data/portainer-apps/app-01-gitlab/logs:/var/log/gitlab' - '/mnt/data/portainer-apps/app-01-gitlab/data:/var/opt/gitlab' shm_size: '256m' networks: mymacvlan: ipv4_address: 10.100.100.120 # macvlan支持直接分配/使用br-lan网段IP networks: mymacvlan: external: true ``` </div> </div> </div> <p></p></div></div></div> ### gitlab服务启动与后续初始化配置 --- gitlab应用docker第一次启动的过程比较缓慢, 需要耐心等待. 可以查看日志输出, 监控执行进度 * 在containers页面, 对应app, 点击1处即可查看启动/运行日志 ![应用-日志-控制台-入口](https://zoe.red/usr/uploads/2024/10/3001738036.webp) 等待docker启动应用完毕, 此时通过上述配置的`http://[ip/domain]:端口`即可进行打开登录页面 * 默认账户信息: 用户名`root`, 密码需要在初始化日志查找 <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-e1bf7923501802e4f719cf8c95df02e980" aria-expanded="true"><div class="accordion-toggle"><span style="">脚本</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-e1bf7923501802e4f719cf8c95df02e980" class="collapse in collapse-content"><p></p> ```bash #如上图所示, 点击2处进入控制台 # 进入控制台后执行 root@gitlab:/# grep 'Password:' /etc/gitlab/initial_root_password Password: XXn2e2m2osDuGfGjYl3rLTrEBqmtqkLfnGlgdRLr9oU= ``` <p></p></div></div></div> ![gitlab登录](https://zoe.red/usr/uploads/2024/10/2902121581.webp) gitlab配置调整 * 界面语言: 默认EN, 可以修改为zh * 其它: 时区/界面风格 * 新建用户? 一个人使用可以不用设置, 使用默认的root即可 * 修改root的密码, 邮箱, SSH密钥 <span style='color:red'>扩展: istoreos配置局域网/本地DNS服务, 为本地的gitlab等设置域名访问</span> * DHCP设置首选域名解析为网关地址(即istoreos服务器本身, 次选随意设置); * 静态IP同理, 需要手动设置DNS第一解析为网关地址(即istoreos服务器本身, 次选随意设置) * 网关服务器(即istoreos服务器本身)进行如下设置 * `常规`, "DNS重定向"选项勾选 * `主机名映射`, 新增条目`gitlab.lan` * (可选)设置完毕后可能需要重启机器生效 ![添加-主机名映射](https://zoe.red/usr/uploads/2024/10/3067631719.webp) ### gitlab常用命令 --- <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-74cd4c4a3659f3fecd31461ba95481b362" aria-expanded="true"><div class="accordion-toggle"><span style="">示例</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-74cd4c4a3659f3fecd31461ba95481b362" class="collapse in collapse-content"><p></p> ```bash # 启动所有 gitlab 组件; gitlab-ctl start # 停止所有 gitlab 组件; gitlab-ctl stop # 重启所有 gitlab 组件; gitlab-ctl restart # 查看服务状态; gitlab-ctl status # 修改gitlab配置文件; vim /etc/gitlab/gitlab.rb # 重新编译gitlab的配置; gitlab-ctl reconfigure # 检查gitlab; gitlab-rake gitlab:check SANITIZE=true --trace # 查看日志; gitlab-ctl tail gitlab-ctl tail nginx/gitlab_access.log ``` <p></p></div></div></div> ## 问题记录 **时间显示异常:** * 在[用户设置]->[活动会话] 页面时间显示异常 * 或在代码仓库中时间显示异常 <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-17b8ee34e771acb7e9442b3a1d5d554971" aria-expanded="true"><div class="accordion-toggle"><span style="">修改配置文件并重新应用配置&重启服务</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-17b8ee34e771acb7e9442b3a1d5d554971" class="collapse in collapse-content"><p></p> ```bash # 解决思路: 修改时区 #1.默认UTC, 修改为如下 vim /etc/gitlab/gitlab.rb """ # gitlab_rails['time_zone'] = 'UTC' gitlab_rails[‘time_zone’] = 'Asia/Shanghai' """ # 2. 应用更新 gitlab-ctl reconfigure gitlab-ctl restart ``` <p></p></div></div></div> **开启SSL** * 编辑配置文件, 增加如下内容 * 备注: 局域网内因为区别公网环境难以进行域名验证, 从而获得证书, 所以只建议拥有公网域名的前提下, 将验证后的证书部署在局域网内; 对于局域网内部署DNS服务或者劫持DNS从而使用自定义域名的情况, 不建议开启 <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-e921adbcb2c0537106a8e822e5c0381f48" aria-expanded="true"><div class="accordion-toggle"><span style="">脚本</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-e921adbcb2c0537106a8e822e5c0381f48" class="collapse in collapse-content"><p></p> ```bash # 1.编辑追加配置 # 示例域名 gitlab.lan # 域名对应的证书已在公网环境验证过, 然后放在了/etc/gitlab/ssl目录下 vim /etc/gitlab/gitlab.rb """ external_url 'https://gitlab.lan' nginx['redirect_http_to_https'] = true nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.lan.crt" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.lan.key" """ # 2. 应用更新 gitlab-ctl reconfigure gitlab-ctl restart ``` <p></p></div></div></div> THE END 本文作者:将夜 本文链接:https://zoe.red/2024/744.html 版权声明:本博客所有文章除特别声明外,均默认采用 CC BY-NC-SA 4.0 许可协议。 最后修改:2024 年 10 月 16 日 © 允许规范转载 赞 如果觉得我的文章对你有用,请随意赞赏