Mobile wallpaper
790 字
4 分钟

Docker搭建GitLab并使用Nginx Proxy Manager反代

2025-02-25
Docker
GitLab
浏览量 加载中...
本文主要内容

本文主要介绍了如何使用Docker搭建GitLab代码服务器,并且解决无法使用标准端口(443)可能存在的问题,最后用Nginx Proxy Manager进行反向代理。

组件说明#

  • GitLab:代码托管平台,可以自部署。
  • Nginx Proxy Manager: 提供反向代理功能

部署流程#

配置GitLab#

  1. mkdir docker_data && cd docker_data && mkdir gitlab && cd gitlab && nano docker-compose.yaml 添加以下内容: 
    services:
      gitlab:
        image: gitlab/gitlab-ee:17.4.2-ee.0
        container_name: gitlab
        restart: always
        ports:
          - 65007:80
          - 65008:443
          - 65009:22
        volumes:
          - ./config:/etc/gitlab
          - ./logs:/var/log/gitlab
          - ./data:/var/opt/gitlab
        shm_size: '256m'
        network_mode: bridge
  2. 启动服务:
    Terminal window
    sudo docker compose up -d
  3. 修改配置。nano config/gitlab.rb
    Terminal window
    # 替换eternal_url为域名(非标端口,443端口未开放的情况)
    sudo sed -i "s|# external_url 'GENERATED_EXTERNAL_URL'|external_url 'https://example.com:4433'|" config/gitlab.rb
    sudo sed -i "s|# letsencrypt\['enable'\] = nil|letsencrypt['enable'] = false|" config/gitlab.rb
    sudo sed -i "s|# nginx\['listen_port'\] = nil|nginx\['listen_port'\] = 80|" config/gitlab.rb
    sudo sed -i "s|# nginx\['listen_https'\] = nil|nginx\['listen_https'\] = false|" config/gitlab.rb
    sudo docker compose up -d --force-recreate && sudo docker compose exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
    1. external_urlhttp时,默认监听80。如果需要使用非标端口,例192.168.1.67:8008,那么docker-compose.yaml里端口映射改为65007:8008
    2. 如果为https,经过测试,默认只能是443,例如上面指定4433端口但实际还是监听443。同时当为https时,没有提供有效的证书它甚至会去申请Let’s Encrypt的证书,这一定是会失败的(因为根本没配置acme)。此时就需要修改nginx['listen_port']80,同时关闭https监听(因为我们要自己使用nginx反代)(相当于只保留了http服务)
  4. 开心版(网络收集,不确认是否有效)
    1. 先创建一个license.rbmkdir crack && cd crack && nano license.rb 
      require "openssl"
      require "gitlab/license"
      

      key_pair = OpenSSL::PKey::RSA.generate(2048)
      File.open("license_key", "w") { |f| f.write(key_pair.to_pem) }
      

      public_key = key_pair.public_key
      File.open("license_key.pub", "w") { |f| f.write(public_key.to_pem) }
      

      private_key = OpenSSL::PKey::RSA.new File.read("license_key")
      Gitlab::License.encryption_key = private_key
      

      license = Gitlab::License.new
      license.licensee = {
        "Name" => "修改为你想叫的名字",
        "Company" => "修改为你想叫的名字",
        "Email" => "修改为你想要的邮箱@example.com",
      }
      license.starts_at = Date.new(2024, 1, 1) # 开始时间
      license.expires_at = Date.new(2050, 12, 31) # 结束时间
      license.notify_admins_at = Date.new(2049, 12, 31)
      license.notify_users_at = Date.new(2049, 12, 31)
      license.block_changes_at = Date.new(2050, 12, 1)
      license.restrictions = {
        active_user_count: 100000,
        plan: "ultimate",
        id: 1,
        subscription_id: 1,
      }
      

      puts "License:"
      puts license
      

      data = license.export
      puts "Exported license:"
      puts data
      File.open("GitLabBV.gitlab-license", "w") { |f| f.write(data) }
      

      public_key = OpenSSL::PKey::RSA.new File.read("license_key.pub")
      Gitlab::License.encryption_key = public_key
      

      data = File.read("GitLabBV.gitlab-license")
      $license = Gitlab::License.import(data)
      

      puts "Imported license:"
      puts $license
      

      unless $license
        raise "The license is invalid."
      end
      

      if $license.restricted?(:active_user_count)
        active_user_count = 10000
        if active_user_count > $license.restrictions[:active_user_count]
          raise "The active user count exceeds the allowed amount!"
        end
      end
      

      if $license.notify_admins?
        puts "The license is due to expire on #{$license.expires_at}."
      end
      

      if $license.notify_users?
        puts "The license is due to expire on #{$license.expires_at}."
      end
      

      module Gitlab
        class GitAccess
          def check(cmd, changes = nil)
            if $license.block_changes?
              return build_status_object(false, "License expired")
            end
          end
        end
      end
      

      puts "This instance of GitLab Enterprise Edition is licensed to:"
      $license.licensee.each do |key, value|
        puts "#{key}: #{value}"
      end
      

      if $license.expired?
        puts "The license expired on #{$license.expires_at}"
      elsif $license.will_expire?
        puts "The license will expire on #{$license.expires_at}"
      else
        puts "The license will never expire."
      end
    2. 运行ruby镜像生成证书。sudo docker run -it --rm -v ./crack:/crack ruby:latest bash。会进入到容器内的bash界面,输入以下指令: 
      cd /crack && gem install gitlab-license && ruby license.rb
      1. 会额外生成三个文件GitLabBV.gitlab-license, license_key, license_key.pub
      2. 退出容器,进入crack文件夹,把license_key.pub拷贝到容器内。
        Terminal window
        sudo docker compose cp license_key.pub gitlab:/opt/gitlab/embedded/service/gitlab-rails/.license_encryption_key.pub
    3. 按图片操作。cat crack/GitLabBV.gitlab-licenseCleanShot 2024-10-25 at 13.46.47@2x.png

配置Nginx Proxy Manager#

  1. 没什么难度,就反代80端口就行。不再赘述了这里。

其他#

  1. 非标端口进行ssh推送
    Terminal window
    git clone ssh://[email protected]:65009/develop/test.git
Docker搭建GitLab并使用Nginx Proxy Manager反代
https://blog.useforall.com/posts/8/
作者
Lim's Blog
发布于
2025-02-25
最后更新于 2025-02-25,距今已过 264 天

部分内容可能已过时

评论区

分享你的想法,与大家交流讨论

OPNSense添加WebDAV备份插件
PVE旁路由透明代理
© 2025 Lim's Blog. All Rights Reserved. / RSS / Sitemap
Powered by Astro & Firefly

目录