其實由於GitLab只負責監聽本地socket文件,而web服務器采用了Nginx等。只需要在web server上做適當的配置即可。
下面是一個采用Nginx的例子,對GitLab安裝指南下載的gitlab腳本文件做了適當的修改。
# GITLAB
# Maintainer: @randx
# App Version: 4.0
upstream gitlab {
server unix:/home/gitlab/gitlab/tmp/sockets/gitlab.socket;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/sites-available/server.crt;
ssl_certificate_key /etc/nginx/sites-available/server.key;
server_name localhost;
#Ubuntu1204-dell source.cml.com; # e.g., server_name source.example.com;
root /home/gitlab/gitlab/public;
# individual nginx logs for this gitlab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
# serve static files from defined root folder;.
# @gitlab is a named location for the upstream fallback, see below
try_files $uri $uri/index.html $uri.html @gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location @gitlab {
proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://gitlab;
}
}
注意 server { 下面的四行。
監聽443端口,啟用ssl,server.crt和server.key文件是參考Nginx的文檔生成的。
最後proxy_pass http://gitlab 不能修改,不要改成https,否則不能工作。
現在試一下用https的方式check out 代碼:
git clone https://....
報錯,說證書校驗有問題:
error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
最簡單的解決方法是加一個環境變量:
export GIT_SSL_NO_VERIFY=1
GitLab 的詳細介紹:請點這裡
GitLab 的下載地址:請點這裡
