使用 docker-compose 安装 Gitlab,traefik 反向代理 Gitlab,并开启 https
编辑 docker-compose.yaml 文件 $ mkdir gitlab $ cat << 'EOF' | tee gitlab/docker-compose.yaml version: "3" services: gitlab: image: gitlab/gitlab-ce container_name: gitlab restart: always environment: GITLAB_OMNIBUS_CONFIG: | # Gitlab访问URL external_url "https://git.YOU_DOMAIN" # Gitlab SSH端口,注意映射端口时不要与宿主机的SSH端口冲突 gitlab_rails["gitlab_shell_ssh_port"] = 22 # 时区设置 gitlab_rails["time_zone"] = "Asia/Shanghai" # 邮件设置,以QQ企业邮箱为例 gitlab_rails["smtp_enable"] = true gitlab_rails["smtp_address"] = "smtp.exmail.qq.com" gitlab_rails["smtp_port"] = 465 gitlab_rails["smtp_user_name"] = "YOU_EMAIL" gitlab_rails["smtp_password"] = "YOU_EMAIL_PASSWORD" gitlab_rails["smtp_domain"] = "exmail.qq.com" gitlab_rails["smtp_authentication"] = "login" gitlab_rails["smtp_enable_starttls_auto"] = true gitlab_rails["smtp_tls"] = true gitlab_rails["gitlab_email_enabled"] = true gitlab_rails["gitlab_email_from"] = "YOU_EMAIL" gitlab_rails["gitlab_email_display_name"] = "YOU_EMAIL_DISPLAY_NAME" gitlab_rails["gitlab_email_reply_to"] = "YOU_EMAIL" gitlab_rails["gitlab_email_subject_suffix"] = "" # 备份设置,保留14天的备份 gitlab_rails["manage_backup_path"] = true gitlab_rails["backup_path"] = "/var/opt/gitlab/backups" gitlab_rails["backup_archive_permissions"] = 0644 gitlab_rails["backup_pg_schema"] = "public" gitlab_rails["backup_keep_time"] = 1209600 # 超时设置 gitlab_rails["webhook_timeout"] = 60 unicorn["worker_timeout"] = 60 unicorn["worker_processes"] = 4 # Gitlab自带的nginx设置,使用外部的traefik反向代理 nginx["enable"] = true nginx["listen_port"] = 80 nginx["listen_https"] = false ports: - "2222:22" networks: - gitlab volumes: - "/etc/localtime:/etc/localtime" - "/data/gitlab/config:/etc/gitlab" - "/data/gitlab/logs:/var/log/gitlab" - "/data/gitlab/data:/var/opt/gitlab" labels: - "traefik.enable=true" # HTTP访问入口,HTTP自动跳转HTTPS - "traefik.http.routers.gitlab.entrypoints=web" - "traefik.http.routers.gitlab.rule=Host(`git.YOU_DOMAIN`)" - "traefik.http.routers.gitlab.middlewares=redirect-to-https" - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" # HTTPS访问入口 - "traefik.http.routers.gitlab-secure.entrypoints=websecure" - "traefik.http.routers.gitlab-secure.rule=Host(`git.YOU_DOMAIN`)" # 开启TLS,指定证书域名 - "traefik.http.routers.gitlab-secure.tls=true" - "traefik.http.routers.gitlab-secure.tls.certresolver=default" # 指定Gitlab的端口,多端口容器需要指定 - "traefik.http.services.gitlab-secure.loadbalancer.server.port=80" traefik: image: traefik:2.1 container_name: traefik restart: always command: # 开启api/dashboard - "--api.dashboard=true" # 设置provider为docker - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" # 设置http和https入口点 - "--entryPoints.web.address=:80" - "--entryPoints.websecure.address=:443" # ACME验证方式,这里选择TLS验证 - "--certificatesresolvers.default.acme.tlschallenge=true" # 申请证书的邮箱 - "--certificatesResolvers.default.acme.email=YOU_EMAIL" # 保存ACME证书的位置 - "--certificatesResolvers.default.acme.storage=/letsencrypt/acme.json" networks: - gitlab ports: - "80:80" - "443:443" volumes: - "/etc/localtime:/etc/localtime" - "./letsencrypt:/letsencrypt" - "/var/run/docker.sock:/var/run/docker.sock" networks: gitlab: driver: bridge EOF |
注意将 YOU_XXX 换成符合要求的名称,使用 TLS 验证必须将域名解析到所在服务器,CA服务器能通过解析到达此服务器(本例中 git.YOU_DOAMIN )
启动 Gitlab $ cd gitlab $ docker-compose up -d |
启动要拉取对应的 docker 镜像,等待时间可能较长,也可以预先拉取
Gitlab 备份还原 查看 Gitlab 版本 $ docker exec gitlab /opt/gitlab/bin/gitlab-rake gitlab:env:info |
$ docker exec gitlab /opt/gitlab/bin/gitlab-rake gitlab:backup:create RAILS_ENV=production |
在 Gitlab 容器的路径 /var/opt/gitlab/backups(对应于宿主机的 /data/gitlab/data/backups 目录)下会生成形如 1576482525_2019_12_16_12.5.4_gitlab_backup.tar 的备份文件
将此备份命令加入 corntab 中,定期执行即可自动定期备份
还原 Gitlab将备份文件复制到要还原的机器中(该机器安装一样版本的 Gitlab)
拷贝备份文件到 Gitlab 容器中
$ docker cp 1576482525_2019_12_16_12.5.4_gitlab_backup.tar gitlab:/var/opt/gitlab/backups/ |
交互式进入 Gitlab 容器内部
$ docker exec -it gitlab /bin/bash |
在 Gitlab 容器内执行如下还原命令(注意还原文件不需要加 _gitlab_backup.tar )
$ /opt/gitlab/bin/gitlab-rake gitlab:backup:restore RAILS_ENV=production BACKUP=/var/opt/gitlab/backups/1576482525_2019_12_16_12.5.4 |
一路敲 yes 回车即可
