组件说明

• GitLab：代码托管平台，可以自部署。
• Nginx Proxy Manager: 提供反向代理功能

部署流程

配置GitLab

1. mkdir docker_data && cd docker_data && mkdir gitlab && cd gitlab && nano docker-compose.yaml 添加以下内容：

   yaml
   services:
     gitlab:
       image: gitlab/gitlab-ee:17.4.2-ee.0
       container_name: gitlab
       restart: always
       ports:
         - 65007:80
         - 65008:443
         - 65009:22
       volumes:
         - ./config:/etc/gitlab
         - ./logs:/var/log/gitlab
         - ./data:/var/opt/gitlab
       shm_size: '256m'
       network_mode: bridge
   

2. 启动服务：

   bash
   sudo docker compose up -d
   

3. 修改配置。nano config/gitlab.rb

   bash
   # 替换eternal_url为域名（非标端口，443端口未开放的情况）
   sudo sed -i "s|# external_url 'GENERATED_EXTERNAL_URL'|external_url 'https://example.com:4433'|" config/gitlab.rb
   sudo sed -i "s|# letsencrypt\['enable'\] = nil|letsencrypt['enable'] = false|" config/gitlab.rb
   sudo sed -i "s|# nginx\['listen_port'\] = nil|nginx\['listen_port'\] = 80|" config/gitlab.rb
   sudo sed -i "s|# nginx\['listen_https'\] = nil|nginx\['listen_https'\] = false|" config/gitlab.rb
   sudo docker compose up -d --force-recreate && sudo docker compose exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
   

   注

   1. external_url 为http时，默认监听80。如果需要使用非标端口，例192.168.1.67:8008，那么docker-compose.yaml里端口映射改为65007:8008
   2. 如果为https，经过测试，默认只能是443，例如上面指定4433端口但实际还是监听443。同时当为https时，没有提供有效的证书它甚至会去申请Let’s Encrypt的证书，这一定是会失败的（因为根本没配置acme）。此时就需要修改nginx['listen_port']为80，同时关闭https监听（因为我们要自己使用nginx反代）（相当于只保留了http服务）
4. 开心版（网络收集，不确认是否有效）
   1. 先创建一个license.rb 。mkdir crack && cd crack && nano license.rb

      ruby
      require "openssl"
      require "gitlab/license"
      
      key_pair = OpenSSL::PKey::RSA.generate(2048)
      File.open("license_key", "w") { |f| f.write(key_pair.to_pem) }
      
      public_key = key_pair.public_key
      File.open("license_key.pub", "w") { |f| f.write(public_key.to_pem) }
      
      private_key = OpenSSL::PKey::RSA.new File.read("license_key")
      Gitlab::License.encryption_key = private_key
      
      license = Gitlab::License.new
      license.licensee = {
        "Name" => "修改为你想叫的名字",
        "Company" => "修改为你想叫的名字",
        "Email" => "修改为你想要的邮箱@example.com",
      }
      license.starts_at = Date.new(2024, 1, 1) # 开始时间
      license.expires_at = Date.new(2050, 12, 31) # 结束时间
      license.notify_admins_at = Date.new(2049, 12, 31)
      license.notify_users_at = Date.new(2049, 12, 31)
      license.block_changes_at = Date.new(2050, 12, 1) 
      license.restrictions = {
        active_user_count: 100000,
        plan: "ultimate",
        id: 1,
        subscription_id: 1,
      }
      
      puts "License:"
      puts license
      
      data = license.export
      puts "Exported license:"
      puts data
      File.open("GitLabBV.gitlab-license", "w") { |f| f.write(data) }
      
      public_key = OpenSSL::PKey::RSA.new File.read("license_key.pub")
      Gitlab::License.encryption_key = public_key
      
      data = File.read("GitLabBV.gitlab-license")
      $license = Gitlab::License.import(data)
      
      puts "Imported license:"
      puts $license
      
      unless $license
        raise "The license is invalid."
      end
      
      if $license.restricted?(:active_user_count)
        active_user_count = 10000
        if active_user_count > $license.restrictions[:active_user_count]
          raise "The active user count exceeds the allowed amount!"
        end
      end
      
      if $license.notify_admins?
        puts "The license is due to expire on #{$license.expires_at}."
      end
      
      if $license.notify_users?
        puts "The license is due to expire on #{$license.expires_at}."
      end
      
      module Gitlab
        class GitAccess
          def check(cmd, changes = nil)
            if $license.block_changes?
              return build_status_object(false, "License expired")
            end
          end
        end
      end
      
      puts "This instance of GitLab Enterprise Edition is licensed to:"
      $license.licensee.each do |key, value|
        puts "#{key}: #{value}"
      end
      
      if $license.expired?
        puts "The license expired on #{$license.expires_at}"
      elsif $license.will_expire?
        puts "The license will expire on #{$license.expires_at}"
      else
        puts "The license will never expire."
      end
      

   2. 运行ruby镜像生成证书。sudo docker run -it --rm -v ./crack:/crack ruby:latest bash。会进入到容器内的bash界面，输入以下指令：

      cd /crack && gem install gitlab-license && ruby license.rb
      

      1. 会额外生成三个文件GitLabBV.gitlab-license, license_key, license_key.pub。
      2. 退出容器，进入crack文件夹，把license_key.pub拷贝到容器内。

         bash
         sudo docker compose cp license_key.pub gitlab:/opt/gitlab/embedded/service/gitlab-rails/.license_encryption_key.pub
         

   3. 按图片操作。cat crack/GitLabBV.gitlab-license。

配置Nginx Proxy Manager

1. 没什么难度，就反代80端口就行。不再赘述了这里。

其他

1. 非标端口进行ssh推送

   bash
   git clone ssh://git@exmaple.com:65009/develop/test.git