gitlab 配https_GitLab + 外部 Nginx + Https 配置

安装

wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-12.9.0-ce.0.el7.x86_64.rpm

rpm -ivh gitlab-ce-12.9.0-ce.0.el7.x86_64.rpm

在 /etc/gitlab/gitlab.rb 设置

关闭内置 Nginx

external_url 'https://git.example.com'

nginx['enable'] = false

web_server['external_users'] = ['nginx-user']

gitlab_rails['trusted_proxies'] = ['127.0.0.1']

邮箱设置

gitlab_rails['gitlab_email_enabled'] = true

gitlab_rails['gitlab_email_from'] = 'system.notice@qq.com'

gitlab_rails['gitlab_email_display_name'] = 'gitlab.notice'

gitlab_rails['gitlab_email_reply_to'] = 'system.notice@qq.com'

gitlab_rails['gitlab_email_subject_suffix'] = 'gitlab'

gitlab_rails['smtp_enable'] = true

gitlab_rails['smtp_address'] = "smtp.exmail.qq.com"

gitlab_rails['smtp_port'] = 465

gitlab_rails['smtp_user_name'] = "xxxxxx@lemonit.cn"

gitlab_rails['smtp_password'] = "xxxxxxxxxxxxx"

gitlab_rails['smtp_authentication'] = "login"

gitlab_rails['smtp_enable_starttls_auto'] = true

gitlab_rails['smtp_tls'] = true

gitlab_rails['smtp_domain'] = "exmail.qq.com"

配置 Nginx

upstream gitlab-workhorse {

server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;

}

server {

listen 80;

server_name git.example.com;

server_tokens off;

return 301 https://$http_host$request_uri;

access_log /var/log/nginx/gitlab_access.log;

error_log /var/log/nginx/gitlab_error.log;

}

server {

listen 443 ssl;

server_name git.example.com;

server_tokens off;

root /opt/gitlab/embedded/service/gitlab-rails/public;

ssl on;

ssl_certificate cert/git.example.com/git.example.com.pem;

ssl_certificate_key cert/git.example.com/git.example.com.key;

ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

ssl_session_cache shared:SSL:10m;

ssl_session_timeout 5m;

access_log /var/log/nginx/gitlab_access.log;

error_log /var/log/nginx/gitlab_error.log;

location / {

client_max_body_size 0;

gzip off;

proxy_read_timeout 300;

proxy_connect_timeout 300;

proxy_redirect off;

proxy_http_version 1.1;

proxy_set_header Host $http_host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-Ssl on;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://gitlab-workhorse;

}

}

配置生效

systemctl reload nginx

gitlab-ctl reconfigure

测试 SMTP 配置

gitlab-rails console

Notify.test_email('my@email.com', 'subject', 'body').deliver_now