GitLab 启用HTTPS
其实由于GitLab只负责监听本地socket文件,而web服务器采用了Nginx等。只需要在web server上做适当的配置即可。
下面是一个采用Nginx的例子,对GitLab安装指南下载的gitlab脚本文件做了适当的修改。
# GITLAB
# Maintainer: @randx
# App Version: 4.0
upstream gitlab {
server unix:/home/gitlab/gitlab/tmp/sockets/gitlab.socket;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/sites-available/server.crt;
ssl_certificate_key /etc/nginx/sites-available/server.key;
server_name localhost;
#Ubuntu1204-dell source.cml.com; # e.g., server_name source.example.com;
root /home/gitlab/gitlab/public;
# individual nginx logs for this gitlab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
# serve static files from defined root folder;.
# @gitlab is a named location for the upstream fallback, see below
try_files $uri $uri/index.html $uri.html @gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location @gitlab {
proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://gitlab;
}
}
注意 server { 下面的四行。
监听443端口,启用ssl,server.crt和server.key文件是参考Nginx的文档生成的。
最后proxy_pass http://gitlab 不能修改,不要改成https,否则不能工作。
现在试一下用https的方式check out 代码:
git clone https://....
报错,说证书校验有问题:
error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
最简单的解决方法是加一个环境变量:
export GIT_SSL_NO_VERIFY=1
GitLab 的详细介绍:请点这里
GitLab 的下载地址:请点这里