GitLab
我有我的 hugo 页面项目https://sysc4ll.pages.freec0ding.dev/www/
我希望“https://sysc4ll.pages.freec0ding.dev/www/”在“https://www.sysc4ll.sh”上可用
这是我的工作:
在主机中为 gitlab 容器创建文件夹:
sudo mkdir -p \
/srv/gitlab/conf \
/srv/gitlab/log \
/srv/gitlab/data \
/srv/gitlab-runner/conf
gitlab 容器 docker 撰写文件:
volumes:
gitlab_conf:
name: gitlab-conf
driver: local
driver_opts:
type: none
o: bind
device: /srv/gitlab/conf
gitlab_log:
name: gitlab-log
driver: local
driver_opts:
type: none
o: bind
device: /srv/gitlab/log
gitlab_data:
name: gitlab-data
driver: local
driver_opts:
type: none
o: bind
device: /srv/gitlab/data
gitlab_ssl:
name: gitlab-ssl
driver: local
driver_opts:
type: none
o: bind
device: /etc/letsencrypt
gitlab_runner_conf:
name: gitlab-runner-conf
driver: local
driver_opts:
type: none
o: bind
device: /srv/gitlab-runner/conf
networks:
gitlab_network:
name: gitlab-network
# https://docs.gitlab.com/ee/administration/pages/index.html#custom-domains-with-tls-support
# Custom domains with TLS support
# Requirements: Secondary IP
gitlab_pages_network:
name: gitlab-pages-network
services:
gitlab:
container_name: gitlab-container
image: gitlab/gitlab-ce:latest
restart: always
volumes:
- gitlab_conf:/etc/gitlab
- gitlab_log:/var/log/gitlab
- gitlab_data:/var/opt/gitlab
- gitlab_ssl:/etc/letsencrypt
networks:
- gitlab_network
- gitlab_pages_network
ports:
- 22:22
shm_size: 256m
gitlab_runner:
container_name: gitlab-runner-container
image: gitlab/gitlab-runner:latest
restart: always
volumes:
- gitlab_runner_conf:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
networks:
- gitlab_network
sudo docker compose -p gitlab -f ./gitlab-docker-compose.yml up -d
配置 gitlab.rb:
sudo openssl dhparam -out /srv/gitlab/conf/dhparam.pem 2048
sudo cp /srv/gitlab/conf/gitlab.rb /srv/gitlab/conf/gitlab.rb.orig
sudo rm /srv/gitlab/conf/gitlab.rb
sudo nano /srv/gitlab/conf/gitlab.rb
### GITLAB
external_url 'https://gitlab.freec0ding.dev'
gitlab_rails['gitlab_ssh_host'] = 'freec0ding.dev'
gitlab_rails['gitlab_shell_ssh_port'] = 22
nginx['enable'] = true
nginx['listen_https'] = true
nginx['listen_port'] = 4431
nginx['ssl_dhparam'] = '/etc/gitlab/dhparam.pem'
nginx['ssl_certificate'] = '/etc/letsencrypt/live/freec0ding.dev/fullchain.pem'
nginx['ssl_certificate_key'] = '/etc/letsencrypt/live/freec0ding.dev/privkey.pem'
nginx['ssl_trusted_certificate'] = '/etc/letsencrypt/live/freec0ding.dev/chain.pem'
### GITLAB-PAGES
pages_external_url 'https://pages.freec0ding.dev'
pages_nginx['enable'] = true
pages_nginx['listen_https'] = true
pages_nginx['listen_port'] = 4432
pages_nginx['ssl_dhparam'] = '/etc/gitlab/dhparam.pem'
pages_nginx['ssl_certificate'] = '/etc/letsencrypt/live/freec0ding.dev/fullchain.pem'
pages_nginx['ssl_certificate_key'] = '/etc/letsencrypt/live/freec0ding.dev/privkey.pem'
pages_nginx['ssl_trusted_certificate'] = '/etc/letsencrypt/live/freec0ding.dev/chain.pem'
sudo docker exec gitlab-container gitlab-ctl reconfigure
使用 nginx 作为反向代理:
在主机中为 nginx 容器创建文件夹:
sudo mkdir -p \
/srv/web/nginx/conf \
/srv/web/nginx/log \
/srv/web/www-data
nginx 容器 docker 撰写文件:
volumes:
nginx_conf:
name: nginx-conf
driver: local
driver_opts:
type: none
o: bind
device: /srv/web/nginx/conf
nginx_log:
name: nginx-log
driver: local
driver_opts:
type: none
o: bind
device: /srv/web/nginx/log
nginx_ssl:
name: nginx-ssl
driver: local
driver_opts:
type: none
o: bind
device: /etc/letsencrypt
www_data:
name: www-data
driver: local
driver_opts:
type: none
o: bind
device: /srv/web/www-data
networks:
web_network:
name: web-network
gitlab_network:
name: gitlab-network
external: true
services:
nginx:
container_name: nginx-container
image: nginx:latest
restart: always
volumes:
- nginx_conf:/etc/nginx
- nginx_log:/var/log/nginx
- nginx_ssl:/etc/letsencrypt
- www_data:/usr/share/nginx/html
networks:
- web_network
- gitlab_network
ports:
- 80:80
- 443:443
sudo docker compose -p web -f ./web-docker-compose.yml up -d
nginx 的 conf 文件:
nginx gitlab.conf:
### GITLAB
server {
listen 80;
listen [::]:80;
server_name gitlab.freec0ding.dev;
server_tokens off;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
return 301 https://$http_host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name gitlab.freec0ding.dev;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/freec0ding.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/freec0ding.dev/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/freec0ding.dev/chain.pem;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache off;
proxy_pass https://gitlab:4431;
}
}
nginx gitlab-pages.conf:
### GITLAB-PAGES
server {
listen 80;
listen [::]:80;
server_name pages.freec0ding.dev;
server_tokens off;
access_log /var/log/nginx/gitlab_pages_access.log;
error_log /var/log/nginx/gitlab_pages_error.log;
return 301 https://$http_host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name pages.freec0ding.dev;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/freec0ding.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/freec0ding.dev/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/freec0ding.dev/chain.pem;
access_log /var/log/nginx/gitlab_pages_access.log;
error_log /var/log/nginx/gitlab_pages_error.log;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache off;
proxy_pass https://gitlab:4432;
}
}
nginx gitlab-pages-wildcard.conf:
### GITLAB-PAGES-WILDCARD
server {
listen 80;
listen [::]:80;
server_name *.pages.freec0ding.dev;
server_tokens off;
access_log /var/log/nginx/gitlab_pages_access.log;
error_log /var/log/nginx/gitlab_pages_error.log;
return 301 https://$http_host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name *.pages.freec0ding.dev;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/freec0ding.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/freec0ding.dev/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/freec0ding.dev/chain.pem;
access_log /var/log/nginx/gitlab_pages_access.log;
error_log /var/log/nginx/gitlab_pages_error.log;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache off;
proxy_pass https://gitlab:4432;
}
}
sudo docker exec nginx-container service nginx restart
创建项目后佩奇/雨果模板 :
export RUNNER_TOKEN='XXXXX' && \
sudo -E docker exec -it gitlab-runner-container gitlab-runner register \
--non-interactive \
--url https://gitlab.freec0ding.dev \
--token ${RUNNER_TOKEN} \
--executor "docker" \
--docker-image alpine:latest \
--description "runner"
我有我的 hugo 页面项目https://sysc4ll.pages.freec0ding.dev/www/
我希望“https://sysc4ll.pages.freec0ding.dev/www/”在“https://www.sysc4ll.sh”上可用
但是我不知道怎么做