2018年11月25日 星期日

GitLab 相關服務的設定

GitLab 相關服務的設定

  • SMTP
  • HTTPS


1. SMTP


開啟 Gitlab 郵件功能,在用戶註冊、密碼重置、事件通知等等時,才會收到信

參考連結 : https://docs.gitlab.com/omnibus/settings/smtp.html


1-1. 修改設定檔


修改 /etc/gitlab/gitlab.rb 
  1. sudo docker exec -it gitlab vi /etc/gitlab/gitlab.rb

Email settings
  1. gitlab_rails['gitlab_email_enabled'] = true
  2. gitlab_rails['gitlab_email_from'] = 'xxxx@example.com'
  3. gitlab_rails['gitlab_email_display_name'] = 'you nickname'
  4. gitlab_rails['gitlab_email_reply_to'] = 'xxxx@example.com'
  5. gitlab_rails['gitlab_email_subject_suffix'] = ''
  6.  
  7. gitlab_rails['smtp_enable'] = true
  8. gitlab_rails['smtp_address'] = "smtp.example.com"
  9. gitlab_rails['smtp_port'] = 25
  10. gitlab_rails['smtp_user_name'] = "xxxx@example.com"
  11. gitlab_rails['smtp_password'] = "you password"
  12. gitlab_rails['smtp_domain'] = "example.com"
  13. gitlab_rails['smtp_authentication'] = "login"
  14. gitlab_rails['smtp_enable_starttls_auto'] = true
  15. gitlab_rails['smtp_tls'] = false


1-2. 重新載入設定檔


  1. sudo docker exec -it gitlab gitlab-ctl reconfigure

1-3. 送測試信


  1. sudo docker exec -it gitlab gitlab-rails console
  2.  
  3. Notify.test_email('destination_email@address.com', 'Message Subject', 'Message Body').deliver_now



2. HTTPS


參考連結 : https://docs.gitlab.com/omnibus/settings/ssl.html


2-1. 手動設定


非常不建議!未來如果使用 GitLab Runner 或是 Git client 時,都會遇到奇妙的問題
如果是純內部網路使用的話,請直接使用 SSH

Creating the SSL Certificate
  1. sudo docker exec -it gitlab /bin/bash
  2.  
  3. openssl req -x509 -nodes \
  4.   -days 3650 \
  5.   -newkey rsa:2048 \
  6.   -keyout /etc/gitlab/ssl/gitlab.example.com.key \
  7.   -out /etc/gitlab/ssl/gitlab.example.com.crt
  8. exit

修改 /etc/gitlab/gitlab.rb
  1. sudo docker exec -it gitlab vi /etc/gitlab/gitlab.rb
開啟 HTTPS
  1. external_url 'https://gitlab.example.com'
  2.  
  3. nginx['enable'] = true
  4. nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.example.com.crt"
  5. nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.example.com.key"


2-2. Let's Encrypt


GitLab 新版本有整合 Let's Encrypt,設定也很容易,但有幾個先決條件:

  1. 要有 Domain Name,並且可以用這個 Domain Name 連到你的機器
  2. 需要同時打開 80、443 Port,不然 Let's Encrypt 驗證會失敗

參考連結 : https://gitlab.com/gitlab-org/gitlab-ce/issues/43719


修改 /etc/gitlab/gitlab.rb
  1. sudo docker exec -it gitlab vi /etc/gitlab/gitlab.rb

開啟 Let's Encrypt
  1. external_url "https://gitlab.example.com"
  2.  
  3. letsencrypt['enable'] = true
  4.  
  5. # (Optional) 當過期時,會寄信
  6. letsencrypt['contact_emails'] = ['foo@email.com']
  7.  
  8. # (Optional) 每 7 天的 12:30,會自動更新
  9. letsencrypt['auto_renew'] = true
  10. letsencrypt['auto_renew_hour'] = "12"
  11. letsencrypt['auto_renew_minute'] = "30"
  12. letsencrypt['auto_renew_day_of_month'] = "*/7"

重新載入設定檔
  1. sudo docker exec -it gitlab gitlab-ctl reconfigure

手動更新的方法
  1. sudo docker exec -it gitlab gitlab-ctl reconfigure
  2. # 或是
  3. sudo docker exec -it gitlab gitlab-ctl renew-le-certs

標籤:

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)