jlengrand/gitlab-recipes
1
0
Fork 0
mirror of https://github.com/jlengrand/gitlab-recipes.git synced 2026-03-10 08:11:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'new_structure' of /home/git/repositories/gitlab/gitlab-recipes

Browse Source
This commit is contained in:
Axilleas Pipinellis
2013-08-22 00:15:59 +00:00
parent f74b43a704 b6143521f7
commit 7953145680
35 changed files with 1376 additions and 592 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,96 @@
# Contribute to GitLab recipes
This guide details how to use issues and pull requests to improve GitLab recipes.
Please stick as close as possible to the guidelines. That way we ensure quality guides
and easy to merge requests.
Your Pull Request will be reviewed by one of our devs/volunteers and you will be
asked to reformat it if needed. We don't bite and we will try to be as flexible
as possible, so don't get intimidated by the extent of the quidelines :)
For better maintainance and clarity, some naming guidelines should be followed.
See details in each section below.
## Pull Request title
Try to be as more descriptive as you can in your Pull Request title.
Particularly if you are submitting a new script or guide, include in the title,
information about GitLab version, OS tested on and any other relevant info.
For example some good titles would be:
* [Installation script] GitLab 6.x - Ubuntu 12.04 - Apache
* [Guide] GitLab 6.1 - FreeBSD - postrges, rvm
## Guides
Each installation guide has its own namespace and it should be provided in a
`README` file so that it renders first when viewing the repository. Submit a new
one in `install/platform/README.md` (it doesn't have to be strictly in markdown though).
## Scripts
Installation scripts reside in `install/platform/scripts/`, so if you have one,
submit it there. They should named after the following scheme: `platform-platform_version`.
Example: `ubuntu-server-12.04.sh`
You are strongly encouraged to also provide a `README` file that describes
how to use the script. You may have included all the needed info in the script
itself (recommended), so you could simply write something between the lines:
> This script installs GitLab 6.0 on Archlinux. Run it with `./archlinux.sh your_domain_name`
>
> For more info and variables you can change, read the comments in the script.
### Scripts doing similar things
There is a strong possibility that your script will do similar things to what a
script already in this repo do. In that case, please work on the existing script
and enhance it with your changes. No need to duplicate things.
## What information to put on your guide/script etc (mandatory)
If you have an installation guide to provide, fill in the template and place it on top
of it or include it in your installation script (commented), again on top. Try to
include as many items of this template as you can.
### Template
```
Distribution :
GitLab version :
Web Server :
Init system :
Database :
Contributors :
Additional Notes :
```
### Explanation
| Label | Explanation |
| ---------------- | ------------------------- |
| Distribution | The official name and version of the platform/distribution, case sensitive. |
| GitLab version | GitLab version on which the guide/script was tested. |
| Web Server | The web server used to serve GitLab. May be two-fold, eg. apache with mod_passenger. |
| Init system | (Optional but recommended) The init system used by the platform if any. Examples: `sysvinit`, `systemd`, `upstart`, `openrc`, etc |
| Database | The database used for installation. Examples: `mysql`, `postrgres`, `mariadb`.
| Contributors | Your github username (recommended in order to track you and give credits) or your real name or both. Example of the latter: **thedude (Jeffrey Lebowski)** |
| Additional Notes | Anything else you want to add. Any deviations form the official guide can be reported here. Eg. using rvm for ruby install, storing in different locations, etc.|
### Example
```
Distribution : Fedora 19
GitLab version : 5.4
Web Server : apache with mod_passenger
Init system : systemd
Database : mariadb
Contributors : thedude
Additional Notes : the script uses rvm to install ruby
```

20
README.md
View File

@@ -1,10 +1,16 @@
gitlab-recipes
==============
## GitLab recipes: unofficial guides for using GitLab with different software
GitLab recipes for setup on different platforms, update etc...
Here you will find unofficial guides for using GitLab with different software (operating systems, web servers, etc.)
provided by the community, for systems other than the officially supported (Debian/Ubuntu).
### Every file should have section with maintainer name & gitlab version:
Bare in mind that this repository is co-maintained by volunteers/contributors like you.
# GITLAB
# Maintainer: @randx
# App Version: 5.0
## Contributing
See [contributing.md](CONTRIBUTING.md) for contribution guidelines.
## Notes on the reliability of guides/scripts
* We will try to test everything before accepting PRs, in a clean, newly installed platform.
* You should read a script and understand what it does prior to running it.
* If something goes wrong during installation and you think the guide/script needs fixing, file a bug report or a submit a Pull Request.

36
apache/gitlab
View File

@@ -1,36 +0,0 @@
# require apache module mod_proxy and mod_proxy_http
<VirtualHost *:80>
ServerName gitlab.example.com
#ServerAlias git.example.com
# Uncomment if you want redirect from HTTP to HTTPS
#RewriteEngine on
#RewriteCond %{SERVER_PORT} ^80$
#RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/
ProxyPreserveHost On
CustomLog /var/log/apache2/gitlab/access.log combined
ErrorLog /var/log/apache2/gitlab/error.log
</VirtualHost>
<VirtualHost *:443>
ServerName gitlab.example.com
ServerAdmin gitlab@example.com
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
#SSLCertificateChainFile /etc/apache2/ssl/cacert.pem
# Uncomment the following line to prevent redirects to http on https only vhosts
#RequestHeader set X-Forwarded-Proto "https"
ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/
ProxyPreserveHost On
CustomLog /var/log/apache2/gitlab/access.log combined
ErrorLog /var/log/apache2/gitlab/error.log
</VirtualHost>

3
app-server/README.md Normal file
View File

@@ -0,0 +1,3 @@
In this section there are provided additional configuration files for various application servers.
If you have something to contribute please read the [contributing guidelines](../contributing.md).

1
app-server/puma/README.md Normal file
View File

@@ -0,0 +1 @@
Alternative configuration file for the `puma` application server. Copy it under `/home/git/gitlab/config/`.

96
app-server/puma/puma.rb Normal file
View File

@@ -0,0 +1,96 @@
#!/usr/bin/env puma
# Start Puma with next command:
# RAILS_ENV=production bundle exec puma -C ./config/puma.rb
# uncomment and customize to run in non-root path
# note that config/gitlab.yml web path should also be changed
# ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"
application_path = '/home/git/gitlab'
directory application_path
environment 'production'
daemonize true
pidfile "#{application_path}/tmp/pids/puma.pid"
state_path "#{application_path}/tmp/pids/puma.state"
stdout_redirect "#{application_path}/log/puma.stdout.log", "#{application_path}/log/puma.stderr.log"
# Configure “min” to be the minimum number of threads to use to answer
# requests and “max” the maximum.
#
# The default is “0, 16”.
#
# threads 0, 16
# Bind the server to “url”. “tcp://”, “unix://” and “ssl://” are the only
# accepted protocols.
#
#
# The default is “tcp://0.0.0.0:9292”.
#
# bind 'tcp://0.0.0.0:9292'
# bind 'unix:///var/run/puma.sock'
# bind 'unix:///var/run/puma.sock?umask=0777'
# bind 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert'
#
## Comment the next line if you use apache.
bind "unix://#{application_path}/tmp/sockets/gitlab.socket"
# Instead of “bind 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert'” you
# can also use the “ssl_bind” option.
#
# ssl_bind '127.0.0.1', '9292', { key: path_to_key, cert: path_to_cert }
# Code to run before doing a restart. This code should
# close log files, database connections, etc.
#
# This can be called multiple times to add code each time.
#
# on_restart do
# puts 'On restart...'
# end
# Command to use to restart puma. This should be just how to
# load puma itself (ie. 'ruby -Ilib bin/puma'), not the arguments
# to puma, as those are the same as the original process.
#
# restart_command '/u/app/lolcat/bin/restart_puma'
# === Cluster mode ===
# How many worker processes to run.
#
# The default is “0”.
#
# workers 2
# GitLab cluster mode recommendations
# If you have more than 1 GB RAM, uncomment one of the following lines:
#
# workers 2 # if you have at least 1.5 GB RAM
# workers 3 # if you have at least 2 GB RAM
# workers 4 # if you have at least 2.5 GB RAM
# Code to run when a worker boots to setup the process before booting
# the app.
#
# This can be called multiple times to add hooks.
#
# on_worker_boot do
# puts 'On worker boot...'
# end
# === Puma control rack application ===
# Start the puma control rack application on “url”. This application can
# be communicated with to control the main server. Additionally, you can
# provide an authentication token, so all requests to the control server
# will need to include that token as a query parameter. This allows for
# simple authentication.
#
# Check out https://github.com/puma/puma/blob/master/lib/puma/app/status.rb
# to see what the app has available.
#
# activate_control_app 'unix:///var/run/pumactl.sock'
# activate_control_app 'unix:///var/run/pumactl.sock', { auth_token: '12345' }
# activate_control_app 'unix:///var/run/pumactl.sock', { no_token: true }

3
init/README.md Normal file
View File

@@ -0,0 +1,3 @@
In this section there are provided additional configuration files for various init systems.
If you have something to contribute please read the [contributing guidelines](../contributing.md).

43
init/systemd/README.md Normal file
View File

@@ -0,0 +1,43 @@
## GitLab startup services for systemd (Archlinux, Fedora, etc)
GitLab requires a couple of services:
* Web server (apache, nginx, etc.)
* Redis server
* Mail server (postfix or other)
* GitLab Sidekiq service (`gitlab-sidekiq.service`)
* Unicorn (`gitlab-unicorn.service`)
## Setup GitLab Sidekiq service
Copy files to `/etc/systemd/system/`:
```
su -
cd /etc/systemd/system/
wget -O gitlab-sidekiq.service https://raw.github.com/gitlabhq/gitlab-recipes/master/init/systemd/gitlab-sidekiq.service
wget -O gitlab-unicorn.service https://raw.github.com/gitlabhq/gitlab-recipes/master/init/systemd/gitlab-unicorn.service
wget -O gitlab.target https://raw.github.com/gitlabhq/gitlab-recipes/master/init/systemd/gitlab.target
```
Reload systemd:
sudo systemctl --system daemon-reload
Start the services:
sudo systemctl start gitlab-sidekiq gitlab-unicorn
Enable them to start at boot:
sudo systemctl enable gitlab-sidekiq gitlab-unicorn
## Notes
If you installed GitLab in other path than `/home/git/gitlab` change the service files accordingly.
`/etc/systemd/system/` have a higher precedence over `/lib/systemd/system`.
For older systemd versions you need to append `service` after the service name. For example:
sudo systemctl start gitlab-sidekiq.service

27
init/systemd/gitlab-sidekiq.service Normal file
View File

@@ -0,0 +1,27 @@
###########################################################################################
#
# GitLab version : 5.x - 6.x
# Contributors : davispuh, mtorromeo, axilleas
# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd
#
###########################################################################################
[Unit]
Description=GitLab Sidekiq Worker
Requires=redis.service
After=syslog.target network.target redis.service
Wants=mysqld.service
[Service]
Type=forking
User=git
WorkingDirectory=/home/git/gitlab
Environment=RAILS_ENV=production
SyslogIdentifier=gitlab-sidekiq
PidFile=/home/git/gitlab/tmp/pids/sidekiq.pid
ExecStart=/usr/bin/bundle exec rake sidekiq:start
ExecStop=/usr/bin/bundle exec rake sidekiq:stop
[Install]
WantedBy=gitlab.target

24
init/systemd/gitlab-unicorn.service Normal file
View File

@@ -0,0 +1,24 @@
###########################################################################################
#
# GitLab version : 5.x - 6.x
# Contributors : davispuh, mtorromeo, axilleas
# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd
#
###########################################################################################
[Unit]
Description=GitLab Unicorn Server
Requires=redis.service
After=network.target mysqld.service redis.service
[Service]
User=git
WorkingDirectory=/home/git/gitlab
Environment=RAILS_ENV=production
SyslogIdentifier=gitlab-unicorn
PidFile=/home/git/gitlab/tmp/pids/unicorn.pid
ExecStart=/usr/bin/bundle exec "unicorn_rails -c /home/git/gitlab/config/unicorn.rb -E production"
[Install]
WantedBy=gitlab.target

13
init/systemd/gitlab.target Normal file
View File

@@ -0,0 +1,13 @@
###########################################################################################
#
# GitLab version : 5.x - 6.x
# Contributors : davispuh, mtorromeo, axilleas
# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd
#
###########################################################################################
[Unit]
Description=GitLab - Self Hosted Git Management
[Install]
WantedBy=multi-user.target

0
init.d/ReadMe-CentOS.md → init/sysvinit/centos/README.md
View File

15
init.d/gitlab-centos → init/sysvinit/centos/gitlab-puma
View File

@@ -1,8 +1,8 @@
#!/bin/bash
#
# GitLab
# Maintainer: @elvanja, @troyanov, @eiyaya, @foyo23, @nielsbasjes
# App Version: 5.1.0
# Contributors : @elvanja, @troyanov, @eiyaya, @foyo23, @nielsbasjes, @relip, @JasonMing, @andronat
# App Version : 6.x
# chkconfig: 2345 82 55
# processname: puma
@@ -13,9 +13,17 @@
# https://github.com/gitlabhq/gitlabhq/issues/1049#issuecomment-8386882
# https://gist.github.com/3062860
# Save original $PATH
# /etc/rc.d/init.d/functions resets $PATH to default(/sbin:/usr/sbin:/bin:/usr/bin).
# Consequently, rvm and compiled ruby with custom path (which isn't /usr/bin) cannot be executed.
ORIGINAL_PATH=$PATH
# Include RedHat function library
. /etc/rc.d/init.d/functions
# Restore original $PATH
PATH=$ORIGINAL_PATH
# The name of the service
NAME=git
@@ -33,7 +41,8 @@ SLOCK=/var/lock/subsys/sidekiq
OPTS="-C $APP_PATH/config/puma.rb -e production"
# Ruby related path update
RUBY_PATH_PATCH="PATH=$PATH:/usr/local/bin:/usr/local/lib:/home/git/bin && export PATH && "
RVM_PATH="/usr/local/rvm/bin"
RUBY_PATH_PATCH="PATH=/usr/local/bin:/usr/local/lib:/home/git/bin:$RVM_PATH:$PATH && export PATH && "
start() {
cd $APP_PATH

126
init/sysvinit/centos/gitlab-unicorn Normal file
View File

@@ -0,0 +1,126 @@
#!/bin/bash
#
# GitLab
# Contributors : @elvanja, @troyanov, @eiyaya, @foyo23, @nielsbasjes, @relip, @JasonMing, @andronat
# App Version : 6.x
# chkconfig: 2345 82 55
# processname: unicorn
# processname: sidekiq
# description: Runs unicorn and sidekiq for nginx integration.
# Related (kudos @4sak3n0ne):
# https://github.com/gitlabhq/gitlabhq/issues/1049#issuecomment-8386882
# https://gist.github.com/3062860
# Save original $PATH
# /etc/rc.d/init.d/functions resets $PATH to default(/sbin:/usr/sbin:/bin:/usr/bin).
# Consequently, rvm and compiled ruby with custom path (which isn't /usr/bin) cannot be executed.
ORIGINAL_PATH=$PATH
# Include RedHat function library
. /etc/rc.d/init.d/functions
# Restore original $PATH
PATH=$ORIGINAL_PATH
# The name of the service
NAME=git
# The username and path to the gitlab source
USER=git
APP_PATH=/home/$USER/gitlab
# The PID and LOCK files used by unicorn and sidekiq
UPID=$APP_PATH/tmp/pids/unicorn.pid
ULOCK=/var/lock/subsys/unicorn
SPID=$APP_PATH/tmp/pids/sidekiq.pid
SLOCK=/var/lock/subsys/sidekiq
# The options to use when running unicorn
OPTS="-c $APP_PATH/config/unicorn.rb -D -E production"
# Ruby related path update
RVM_PATH="/usr/local/rvm/bin"
RUBY_PATH_PATCH="PATH=/usr/local/bin:/usr/local/lib:/home/git/bin:$RVM_PATH:$PATH && export PATH && "
start() {
cd $APP_PATH
# Start unicorn
echo -n $"Starting unicorn: "
daemon --pidfile=$UPID --user=$USER "$RUBY_PATH_PATCH RAILS_ENV=production bundle exec unicorn_rails $OPTS"
unicorn=$?
[ $unicorn -eq 0 ] && touch $ULOCK
echo
# Start sidekiq
echo -n $"Starting sidekiq: "
daemon --pidfile=$SPID --user=$USER "$RUBY_PATH_PATCH RAILS_ENV=production bundle exec rake sidekiq:start"
sidekiq=$?
[ $sidekiq -eq 0 ] && touch $SLOCK
echo
retval=$unicorn || $sidekiq
return $retval
}
stop() {
cd $APP_PATH
# Stop unicorn
echo -n $"Stopping unicorn: "
killproc -p $UPID
unicorn=$?
[ $unicorn -eq 0 ] && rm -f $ULOCK
echo
# Stop sidekiq
echo -n $"Stopping sidekiq: "
killproc -p $SPID
sidekiq=$?
[ $sidekiq -eq 0 ] && rm -f $SLOCK
echo
retval=$unicorn || $sidekiq
return $retval
}
restart() {
stop
start
}
get_status() {
status -p $UPID unicorn
status -p $SPID sidekiq
}
query_status() {
get_status >/dev/null 2>&1
}
case "$1" in
start)
query_status && exit 0
start
;;
stop)
query_status || exit 0
stop
;;
restart)
restart
;;
status)
get_status
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|status}" >&2
exit 1
;;
esac
exit 0

10
init/sysvinit/debian/README.md Normal file
View File

@@ -0,0 +1,10 @@
Alternative sysvinit file for puma. Tested on Debian/Ubuntu but this should work for all Debian based distros.
Make sure you have the `puma` gem installed and `puma.rb` in `/home/git/gitlab/config/`.
Get `gitlab-puma` in your `/etc/init.d/` directory:
wget -O /etc/init.d/gitlab https://raw.github.com/gitlabhq/gitlab-recipes/master/init/sysvinit/debian/gitlab-puma
Then start the service with:
service gitlab start

140
init/sysvinit/debian/gitlab-puma Normal file
View File

@@ -0,0 +1,140 @@
#! /bin/bash
# GITLAB
# Maintainer: @randx
# App Version: 5.2
### BEGIN INIT INFO
# Provides: gitlab
# Required-Start: $local_fs $remote_fs $network $syslog redis-server
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: GitLab git repository management
# Description: GitLab git repository management
### END INIT INFO
APP_ROOT="/home/git/gitlab"
APP_USER="git"
DAEMON_OPTS="-C $APP_ROOT/config/puma.rb"
PID_PATH="$APP_ROOT/tmp/pids"
SOCKET_PATH="$APP_ROOT/tmp/sockets"
SOCKET_FILE="$SOCKET_PATH/gitlab.socket"
WEB_SERVER_PID="$PID_PATH/puma.pid"
SIDEKIQ_PID="$PID_PATH/sidekiq.pid"
STOP_SIDEKIQ="RAILS_ENV=production bundle exec rake sidekiq:stop"
START_SIDEKIQ="RAILS_ENV=production bundle exec rake sidekiq:start"
NAME="gitlab"
DESC="GitLab service"
check_pid(){
if [ -f $WEB_SERVER_PID ]; then
PID=`cat $WEB_SERVER_PID`
SPID=`cat $SIDEKIQ_PID`
STATUS=`ps aux | grep $PID | grep -v grep | wc -l`
else
STATUS=0
PID=0
fi
}
execute() {
sudo -u $APP_USER -H bash -l -c "$1"
}
start() {
cd $APP_ROOT
check_pid
if [ "$PID" -ne 0 -a "$STATUS" -ne 0 ]; then
# Program is running, exit with error code 1.
echo "Error! $DESC $NAME is currently running!"
exit 1
else
if [ `whoami` = root ]; then
! [ -e $SOCKET_FILE ] || execute "rm $SOCKET_FILE"
execute "RAILS_ENV=production bundle exec puma $DAEMON_OPTS"
execute "mkdir -p $PID_PATH && $START_SIDEKIQ > /dev/null 2>&1 &"
echo "$DESC started"
fi
fi
}
stop() {
cd $APP_ROOT
check_pid
if [ "$PID" -ne 0 -a "$STATUS" -ne 0 ]; then
## Program is running, stop it.
kill -QUIT `cat $WEB_SERVER_PID`
! [ -e $SOCKET_FILE ] || execute "rm $SOCKET_FILE"
execute "mkdir -p $PID_PATH && $STOP_SIDEKIQ > /dev/null 2>&1 &"
rm "$WEB_SERVER_PID" >> /dev/null
echo "$DESC stopped"
else
## Program is not running, exit with error.
echo "Error! $DESC is not started!"
exit 1
fi
}
restart() {
cd $APP_ROOT
check_pid
if [ "$PID" -ne 0 -a "$STATUS" -ne 0 ]; then
echo "Restarting $DESC..."
kill -USR2 `cat $WEB_SERVER_PID`
execute "mkdir -p $PID_PATH && $STOP_SIDEKIQ > /dev/null 2>&1"
if [ `whoami` = root ]; then
execute "mkdir -p $PID_PATH && $START_SIDEKIQ > /dev/null 2>&1 &"
fi
echo "$DESC restarted."
else
echo "Error, $NAME not running!"
exit 1
fi
}
status() {
cd $APP_ROOT
check_pid
if [ "$PID" -ne 0 -a "$STATUS" -ne 0 ]; then
echo "$DESC / Puma with PID $PID is running."
echo "$DESC / Sidekiq with PID $SPID is running."
else
echo "$DESC is not running."
exit 1
fi
}
## Check to see if we are running as root first.
## Found at http://www.cyberciti.biz/tips/shell-root-user-check-script.html
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root"
exit 1
fi
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload|force-reload)
echo -n "Reloading $NAME configuration: "
kill -HUP `cat $PID`
echo "done."
;;
status)
status
;;
*)
echo "Usage: sudo service gitlab {start|stop|restart|reload}" >&2
exit 1
;;
esac
exit 0

476
install/CentOS_6.md
View File

@@ -1,476 +0,0 @@
# GITLAB
# Maintainer: @nielsbasjes
# App Version: 5.2
**This installation guide was created for CentOS 6.4 in combination with gitlab 5.2 and tested on it.**
We also tried this on RHEL 6.3 and found that there are subtle differences that we so far have only documented in part.
Please read `doc/install/requirements.md` for hardware and platform requirements.
## Overview ##
This guide installs gitlab on a bare system from scratch using MySQL as the database. All Postgress installation steps are absent as they have not been tested yet.
**Important Note:**
The following steps have been known to work.
If you deviate from this guide, do it with caution and make sure you don't
violate any assumptions GitLab makes about its environment.
**Important Note:**
If you find a bug/error in this guide please submit an issue or pull request
following the contribution guide (see `CONTRIBUTING.md`).
**Note about accounts:**
In most cases you are required to run commands as the 'root' user.
When it is required you should be either the 'git' or 'root' user it will be indicated with a line like this
*logged in as **git***
The best way to become that user is by logging in as root and typing
su - git
**Note about security:**
Many setup guides of Linux software simply state: "disable selinux and firewall".
The original gitlab installation for ubuntu disables StrictHostKeyChecking completely.
This guide does not disable any of them, we simply configure them as they were intended.
- - -
# Overview
The GitLab installation consists of setting up the following components:
1. Installing the base operating system (CentOS 6.4 Minimal) and Packages / Dependencies
2. Ruby
3. System Users
4. GitLab shell
5. GitLab
----------
# 1. Installing the operating system (CentOS 6.4 Minimal)
We start with a completely clean CentOS 6.4 "minimal" installation which can be accomplished by downloading the appropriate installation iso file. Just boot the system of the iso file and install the system.
Note that during the installation you use the *"Configure Network"* option (it's a button in the same screen where you specify the hostname) to enable the *"Connect automatically"* option for the network interface and hand (usually eth0).
**If you forget this option the network will NOT start at boot.**
The end result is a bare minimum CentOS installation that effectively only has network connectivity and (almost) no services at all.
## Updating and adding basic software and services
### Add EPEL repository
*logged in as **root***
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
### Install the required tools for gitlab
*logged in as **root***
yum -y groupinstall 'Development Tools'
### 'Additional Development'
yum -y install vim-enhanced httpd readline readline-devel ncurses-devel gdbm-devel glibc-devel \
tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc \
sqlite-devel gcc-c++ libyaml libyaml-devel libffi libffi-devel \
libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel \
system-config-firewall-tui python-devel redis sudo mysql-server wget \
mysql-devel crontabs logwatch logrotate sendmail-cf qtwebkit qtwebkit-devel \
perl-Time-HiRes
**IMPORTANT NOTE About Redhat EL 6**
During an installation on an official RHEL 6.3 we found that some packages (in our case gdbm-devel, libffi-devel and libicu-devel) were NOT installed. You MUST make sure that all the packages are installed. Someone told me that you can get these "packages direct from RHEL by enabling the “RHEL Server Optional” Channel in RHN.". I haven't tried this yet.
### Update CentOS to the latest set of patches
*logged in as **root***
yum -y update
## Git
For some reason gitlab has been written in such a way that it will only work correctly with git version 1.8.x or newer. At the time of writing [this commit](https://github.com/gitlabhq/gitlabhq/commit/b1a8fdd84d5a7cdbdb5ef3829b59a73db0f4d2dd) was the culprit that enforced this requirement.
In case this has not been resolved when you read this you must either update your git to > 1.8.x or revert the above mentioned change manually.
Have a look at [this HowTo](http://www.pickysysadmin.ca/2013/05/21/commit-comments-not-appearing-in-gitlab-on-centos/) on one possible way of updating the git version.
## Configure redis
Just make sure it is started at the next reboot
*logged in as **root***
chkconfig redis on
## Configure mysql
Make sure it is started at the next reboot and start it immediately so we can configure it.
*logged in as **root***
chkconfig mysqld on
service mysqld start
Secure MySQL by entering a root password and say "Yes" to all questions with the next command
/usr/bin/mysql_secure_installation
## Configure httpd
We use Apache HTTPD in front of gitlab
Just make sure it is started at the next reboot
chkconfig httpd on
We want to be able to reach gitlab using the normal http ports (i.e. not the :9292 thing)
So we create a file called **/etc/httpd/conf.d/gitlab.conf** with this content (replace the git.example.org with your hostname!!).
<VirtualHost *:80>
ServerName git.example.org
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyPass / http://localhost:9292/
ProxyPassReverse / http://localhost:9292/
</VirtualHost>
OPTIONAL: If you want to run other websites on the same system you'll need to enable in **/etc/httpd/conf/httpd.conf** the setting
NameVirtualHost *:80
Poke a selinux hole for httpd so it can httpd can be in front of gitlab
setsebool -P httpd_can_network_connect on
## Configure firewall
Poke an iptables hole so uses can access the httpd (http and https ports) and ssh.
The quick way is to put this in the file called **/etc/sysconfig/iptables**
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
## Configure email
cd /etc/mail
vim /etc/mail/sendmail.mc
Add a line with the smtp gateway hostname
define(`SMART_HOST', `smtp.example.com')dnl
Then comment out this line
EXPOSED_USER(`root')dnl
by putting 'dnl ' in front of it like this
dnl EXPOSED_USER(`root')dnl
Now enable these settings
make
chkconfig sendmail on
## Reboot
Now that we have the basics right we reboot the system to load the new kernel and everything.
After the reboot all of the so far installed services will startup automatically.
reboot
----------
# 2. Ruby
Download and compile it:
*logged in as **root***
mkdir /tmp/ruby && cd /tmp/ruby
wget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p392.tar.gz
tar xfvz ruby-1.9.3-p392.tar.gz
cd ruby-1.9.3-p392
./configure
make
make install
Install the Bundler Gem:
*logged in as **root***
gem install bundler
----------
# 3. System Users
## Create user for Git
*logged in as **root***
adduser \
--system \
--shell /bin/bash \
--comment 'Git Version Control' \
--create-home \
--home-dir /home/git \
git
We do NOT set the password so this user cannot login.
## Forwarding all emails
Now we want all logging of the system to be forwarded to a central email address
*logged in as **root***
echo adminlogs@example.com > /root/.forward
chown root /root/.forward
chmod 600 /root/.forward
restorecon /root/.forward
echo adminlogs@example.com > /home/git/.forward
chown git /home/git/.forward
chmod 600 /home/git/.forward
restorecon /home/git/.forward
## Database user
*logged in as **root***
su - git
*logged in as **git***
# Login to MySQL
mysql -u root -p
# Create a user for GitLab. (change supersecret to a real password)
CREATE USER 'gitlab'@'localhost' IDENTIFIED BY 'supersecret';
# Create the GitLab production database
CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
# Grant the GitLab user necessary permissopns on the table.
GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'gitlab'@'localhost';
# Quit the database session
\q
Try connecting to the new database with the new user
mysql -u gitlab -p -D gitlabhq_production
----------
# 4. GitLab shell
GitLab Shell is a ssh access and repository management software developed specially for GitLab.
# Login as git
su - git
*logged in as **git***
# Go to home directory
cd /home/git
# Clone gitlab shell
git clone https://github.com/gitlabhq/gitlab-shell.git
cd gitlab-shell
# switch to right version
git checkout v1.4.0
cp config.yml.example config.yml
# Edit config and replace gitlab_url
# with something like 'http://domain.com/'
vim config.yml
# Do setup
./bin/install
----------
# 5. GitLab
*logged in as **git***
# We'll install GitLab into home directory of the user "git"
cd /home/git
## Clone the Source
# Clone GitLab repository
git clone https://github.com/gitlabhq/gitlabhq.git gitlab
# Go to gitlab dir
cd /home/git/gitlab
# Checkout to stable release
git checkout 5-2-stable
**Note:**
You can change `5-2-stable` to `master` if you want the *bleeding edge* version, but
do so with caution!
## Configure it
Copy the example GitLab config
cp /home/git/gitlab/config/gitlab.yml{.example,}
Edit the gitlab config to make sure to change "localhost" to the fully-qualified domain name of your host serving GitLab where necessary. Also review the other settings to match your setup.
vim /home/git/gitlab/config/gitlab.yml
*logged in as **root***
# Make sure GitLab can write to the log/ and tmp/ directories
chown -R git /home/git/gitlab/log/
chown -R git /home/git/gitlab/tmp/
chmod -R u+rwX /home/git/gitlab/log/
chmod -R u+rwX /home/git/gitlab/tmp/
*logged in as **git***
# Create directory for satellites
mkdir /home/git/gitlab-satellites
# Create directories for sockets/pids and make sure GitLab can write to them
mkdir /home/git/gitlab/tmp/pids/
mkdir /home/git/gitlab/tmp/sockets/
chmod -R u+rwX /home/git/gitlab/tmp/pids/
chmod -R u+rwX /home/git/gitlab/tmp/sockets/
# Create public/uploads directory otherwise backup will fail
mkdir /home/git/gitlab/public/uploads
chmod -R u+rwX /home/git/gitlab/public/uploads
# Copy the example Puma config
cp /home/git/gitlab/config/puma.rb{.example,}
# Configure Git global settings for git user, useful when editing via web
# Edit user.email according to what is set in gitlab.yml
git config --global user.name "GitLab"
git config --global user.email "gitlab@localhost"
**Important Note:**
Make sure to edit both `gitlab.yml` and `puma.rb` to match your setup.
Specifically for our setup behind Apache edit the puma config
vim /home/git/gitlab/config/puma.rb
Change the bind parameter so that it reads:
bind 'tcp://127.0.0.1:9292'
## Configure GitLab DB settings
# MySQL
cp /home/git/gitlab/config/database.yml{.mysql,}
Edit the database config and set the correct username/password
vim /home/git/gitlab/config/database.yml
The config should look something like this (where *supersecret* is replaced with your real password):
production:
adapter: mysql2
encoding: utf8
reconnect: false
database: gitlabhq_production
pool: 5
username: gitlab
password: supersecret
# host: localhost
# socket: /tmp/mysql.sock
## Install Gems
*logged in as **git***
logout
*logged in as **root***
cd /home/git/gitlab
gem install charlock_holmes --version '0.6.9.4'
su - git
*logged in as **git***
cd /home/git/gitlab
# For mysql db
bundle install --deployment --without development test postgres
## Initialize Database and Activate Advanced Features
*logged in as **git***
cd /home/git/gitlab
bundle exec rake gitlab:setup RAILS_ENV=production
## Install Init Script
Download the init script (will be /etc/init.d/gitlab)
*logged in as **git***
logout
*logged in as **root***
**Double check the url for this next one!!**
curl https://raw.github.com/gitlabhq/gitlab-recipes/5-2-stable/init.d/gitlab-centos > /etc/init.d/gitlab
chmod +x /etc/init.d/gitlab
chkconfig --add gitlab
Make GitLab start on boot:
chkconfig gitlab on
Start your GitLab instance:
service gitlab start
# or
/etc/init.d/gitlab start
# Done!
Visit YOUR_SERVER for your first GitLab login.
The setup has created an admin account for you. You can use it to log in:
admin@local.host
5iveL!fe
**Important Note:**
Please go over to your profile page and immediately change the password, so
nobody can access your GitLab by using this login information later on.
**Enjoy!**

3
install/README.md Normal file
View File

@@ -0,0 +1,3 @@
In this section there are provided additional installation guides and scripts for various platforms.
If you have something to contribute please read the [contributing guidelines](../contributing.md).

14
install/archlinux/README.md Normal file
View File

@@ -0,0 +1,14 @@
Welcome to the Archlinux GitLab recipes. Here you will find installation scripts,
guides, how-tos and some useful links that will help you install GitLab on Archlinux.
## Useful links
* [GitLab Wiki][]
* [GitLab PKGBUILD][]
* [gitlab-shell PKGBUILD][]
[GitLab Wiki]: https://wiki.archlinux.org/index.php/Gitlab
[GitLab PKGBUILD]: https://github.com/mtorromeo/archlinux-packages/tree/master/gitlab
[gitlab-shell PKGBUILD]: https://github.com/mtorromeo/archlinux-packages/tree/master/gitlab-shell

557
install/centos/README.md Normal file
View File

@@ -0,0 +1,557 @@
```
Distribution : CentOS 6.4
GitLab version : 6.0
Web Server : Apache, Nginx
Init system : sysvinit
Database : mysql
Contributors : @nielsbasjes, @axilleas, @mairin
Additional Notes : In order to get the latest git version we build it from source
```
## Overview
Please read `doc/install/requirements.md` for hardware and platform requirements.
This guide installs GitLab on a bare system from scratch, using MySQL as the database.
All Postgres installation steps are absent as they have not been tested yet.
Pull requests with tested Postgres are welcome!
### Important Notes
The following steps have been known to work and should be followed from up to bottom.
If you deviate from this guide, do it with caution and make sure you don't violate
any assumptions GitLab makes about its environment. We have also tried this on
RHEL 6.3 and found that there are subtle differences which are documented in part.
Look for the **RHEL Notes** note.
#### If you find a bug
If you find a bug/error in this guide please submit an issue or pull request
following the contribution guide (see `../../contributing.md`).
#### Security
Many setup guides of Linux software simply state: "disable selinux and firewall".
This guide does not disable any of them, we simply configure them as they were intended.
- - -
The GitLab installation consists of setting up the following components:
1. Install the base operating system (CentOS 6.4 Minimal) and Packages / Dependencies
2. Ruby
3. System Users
4. GitLab shell
5. Database
6. GitLab
7. Web server
8. Firewall
----------
## 1. Installing the operating system (CentOS 6.4 Minimal)
We start with a completely clean CentOS 6.4 "minimal" installation which can be
accomplished by downloading the appropriate installation iso file. Just boot the
system of the iso file and install the system.
Note that during the installation you use the *"Configure Network"* option (it's a
button in the same screen where you specify the hostname) to enable the *"Connect automatically"*
option for the network interface and hand (usually eth0).
**If you forget this option the network will NOT start at boot.**
The end result is a bare minimum CentOS installation that effectively only has
network connectivity and (almost) no services at all.
## Updating and adding basic software and services
### Add EPEL repository
[EPEL][] is a volunteer-based community effort from the Fedora project to create
a repository of high-quality add-on packages that complement the Fedora-based
Red Hat Enterprise Linux (RHEL) and its compatible spinoffs, such as CentOS and Scientific Linux.
As part of the Fedora packaging community, EPEL packages are 100% free/libre open source software (FLOSS).
Download the GPG key for EPEL repository from [fedoraproject][keys] and install it on your system:
sudo wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 https://fedoraproject.org/static/0608B895.txt
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Verify that the key got installed successfully:
sudo rpm -qa gpg*
gpg-pubkey-0608b895-4bd22942
Now install the `epel-release-6-8.noarch` package, which will enable EPEL repository on your system:
sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
**Note:** Don't mind the `x86_64`, if you install on a i686 system you can use the same commands.
Verify that the EPEL repository is enabled as shown below. Now, youll see epel
repository (apart from the standard base, updates and extras repositories):
sudo yum repolist
repo id repo name status
base CentOS-6 - Base 4,802
epel Extra Packages for Enterprise Linux 6 - x86_64 7,879
extras CentOS-6 - Extras 12
updates CentOS-6 - Updates 814
repolist: 13,507
If you can't see it listed, use the folowing command to enable it:
sudo yum-config-manager --enable epel
### Install the required tools for GitLab
su -
yum -y update
yum -y groupinstall 'Development Tools'
### 'Additional Development'
yum -y install vim-enhanced readline readline-devel ncurses-devel gdbm-devel glibc-devel tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc sqlite-devel gcc-c++ libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui python-devel redis sudo wget crontabs logwatch logrotate perl-Time-HiRes
**RHEL Notes**
If some packages (eg. gdbm-devel, libffi-devel and libicu-devel) are NOT installed,
add the rhel6 optional packages repo to your server to get those packages:
yum-config-manager --enable rhel-6-server-optional-rpms
Tip taken from [here](https://github.com/gitlabhq/gitlab-recipes/issues/62).
### Git
GitLab will only work correctly with git version 1.8.x or newer. The problem is
that the available rpms for CentOS stop at git 1.7.1 which is too old for GitLab.
In order to update, you have to build git from source as it is not yet in any repository:
su -
cd /tmp
yum -y install git perl-ExtUtils-MakeMaker
git clone git://github.com/git/git.git
cd /tmp/git/
git checkout v1.8.3.4
autoconf
./configure --prefix=/usr/local
make && make install
rm -rf /tmp/git/
yum erase git
Logout and login again for the `$PATH` to take effect. Check that git is properly
installed with:
which git
# /usr/local/bin/git
git --version
# git version 1.8.3.4
### Configure redis
Make sure redis is started on boot:
sudo chkconfig redis on
### Configure sendmail
su -
yum -y install sendmail-cf
cd /etc/mail
vim /etc/mail/sendmail.mc
Add a line with the smtp gateway hostname
define(`SMART_HOST', `smtp.example.com')dnl
Then replace this line:
EXPOSED_USER(`root')dnl
with:
dnl EXPOSED_USER(`root')dnl
Now enable these settings:
make
chkconfig sendmail on
Alternatively you can install `postfix`.
----------
## 2. Ruby
Download and compile it:
su -
mkdir /tmp/ruby && cd /tmp/ruby
curl --progress ftp://ftp.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p247.tar.gz | tar xz
cd ruby-2.0.0-p247
./configure --prefix=/usr/local/
make && make install
Logout and login again for the `$PATH` to take effect. Check that ruby is properly
installed with:
which ruby
# /usr/local/bin/ruby
ruby -v
# ruby 2.0.0p247 (2013-06-27 revision 41674) [x86_64-linux]
Install the Bundler Gem:
sudo gem install bundler --no-ri --no-rdoc
**NOTE:** If you get an error like `sudo: gem: command not found`, it is because
CentOS has sudo built with the `--with-secure-path` flag. See this post on [stackoverflow][sudo]
on how to deal with it. Alternatively, login as root and run the command.
----------
## 3. System Users
### Create user for Git
su -
adduser --system --shell /bin/bash --comment 'GitLab' --create-home --home-dir /home/git/ git
We do NOT set the password so this user cannot login.
### Forwarding all emails
Now we want all logging of the system to be forwarded to a central email address:
su -
echo adminlogs@example.com > /root/.forward
chown root /root/.forward
chmod 600 /root/.forward
restorecon /root/.forward
echo adminlogs@example.com > /home/git/.forward
chown git /home/git/.forward
chmod 600 /home/git/.forward
restorecon /home/git/.forward
----------
## 4. GitLab shell
GitLab Shell is a ssh access and repository management software developed specially for GitLab.
```
# First login as root
su -
# Login as git
su - git
# Clone gitlab shell
git clone https://github.com/gitlabhq/gitlab-shell.git
cd gitlab-shell
# Switch to right version
git checkout v1.7.0
cp config.yml.example config.yml
# Edit config and replace gitlab_url with something like 'http://domain.com/'
# Do setup
./bin/install
```
----------
## 5. Database
Install `mysql` and enable the `mysqld` service to start on boot:
su -
yum install -y mysql-server mysql-devel
chkconfig mysqld on
service mysqld start
Secure MySQL by entering a root password and say "Yes" to all questions:
/usr/bin/mysql_secure_installation
Create a new user and database for GitLab:
# Login to MySQL
mysql -u root -p
# Type the database root password
# Create a user for GitLab. (change supersecret to a real password)
CREATE USER 'gitlab'@'localhost' IDENTIFIED BY 'supersecret';
# Create the GitLab production database
CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
# Grant the GitLab user necessary permissopns on the table.
GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'gitlab'@'localhost';
# Quit the database session
\q
Try connecting to the new database with the new user:
mysql -u gitlab -p -D gitlabhq_production
# Type the password you replaced supersecret with earlier
# Quit the database session
\q
----------
## 6. GitLab
We'll install GitLab into home directory of the user `git`:
su -
su - git
### Clone the Source
# Clone GitLab repository
git clone https://github.com/gitlabhq/gitlabhq.git gitlab
# Go to gitlab directory
cd /home/git/gitlab
# Checkout to stable release
git checkout 6-0-stable
**Note:**
You can change `6-0-stable` to `master` if you want the *bleeding edge* version, but
do so with caution!
### Configure it
```
# Copy the example GitLab config
cp config/gitlab.yml.example config/gitlab.yml
# Replace your_domain_name with the fully-qualified domain name of your host serving GitLab
sed -i 's|localhost|your_domain_name|g' config/gitlab.yml
# Change git's path to point to /usr/local/bin/git
sed -i 's|/usr/bin/git|/usr/local/bin/git|' config/gitlab.yml
# Make sure GitLab can write to the log/ and tmp/ directories
chown -R git log/
chown -R git tmp/
chmod -R u+rwX log/
chmod -R u+rwX tmp/
# Create directory for satellites
mkdir /home/git/gitlab-satellites
# Create directories for sockets/pids and make sure GitLab can write to them
mkdir tmp/pids/
mkdir tmp/sockets/
chmod -R u+rwX tmp/pids/
chmod -R u+rwX tmp/sockets/
# Create public/uploads directory otherwise backup will fail
mkdir public/uploads
chmod -R u+rwX public/uploads
# Copy the example Unicorn config
cp config/unicorn.rb.example config/unicorn.rb
# Enable cluster mode if you expect to have a high load instance
# E.g. change amount of workers to 3 for 2GB RAM server
editor config/unicorn.rb
# Configure Git global settings for git user, useful when editing via web
# Edit user.email according to what is set in gitlab.yml
git config --global user.name "GitLab"
git config --global user.email "gitlab@your_domain_name"
git config --global core.autocrlf input
```
**Important:** Make sure to edit both `gitlab.yml` and `unicorn.rb` to match your setup.
### Configure GitLab DB settings
# MySQL
cp config/database.yml{.mysql,}
Make sure to update username/password in `config/database.yml`. You only need to adapt the production settings (first part).
If you followed the database guide then please do as follows:
* Change `root` to `gitlab`.
* Change `secure password` with the value you have given to supersecret.
You can keep the double quotes around the password.
editor config/database.yml
Make config/database.yml readable to git only
chmod o-rwx config/database.yml
### Install Gems
su -
gem install charlock_holmes --version '0.6.9.4'
exit
For MySQL (note, the option says "without ... postgres"):
cd /home/git/gitlab/
bundle install --deployment --without development test postgres puma aws
### Initialize Database and Activate Advanced Features
cd /home/git/gitlab
bundle exec rake gitlab:setup RAILS_ENV=production
Type 'yes' to create the database.
When done you see 'Administrator account created:'
### Install Init Script
Download the init script (will be /etc/init.d/gitlab):
su -
wget -O /etc/init.d/gitlab https://raw.github.com/gitlabhq/gitlab-recipes/master/init/sysvinit/centos/gitlab-unicorn
chmod +x /etc/init.d/gitlab
chkconfig --add gitlab
Make GitLab start on boot:
chkconfig gitlab on
### Check Application Status
Check if GitLab and its environment are configured correctly:
su - git
cd gitlab/
bundle exec rake gitlab:env:info RAILS_ENV=production
exit
### Start your GitLab instance:
service gitlab start
### Double-check Application Status
To make sure you didn't miss anything run a more thorough check with:
su - git
cd gitlab/
bundle exec rake gitlab:check RAILS_ENV=production
If all items are green, then congratulations on successfully installing GitLab!
However there are still a few steps left.
## 7. Configure the web server
### Nginx
```
su -
yum -y install nginx
chkconfig nginx on
mkdir /etc/nginx/sites-{available,enabled}
wget -O /etc/nginx/sites-available/gitlab https://raw.github.com/gitlabhq/gitlab-recipes/master/web-server/nginx/gitlab-ssl
ln -sf /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab
```
Edit `/etc/nginx/nginx.conf` and replace `include /etc/nginx/conf.d/*.conf;`
with `/etc/nginx/sites-enabled/*;`
Add `nginx` user to `git` group.
usermod -a -G git nginx
chmod g+rx /home/git/
Finally start nginx with:
service nginx start
### Apache
We will configure apache with module `mod_proxy` which is loaded by default when
installing apache:
```
su -
yum -y install httpd mod_ssl
chkconfig httpd on
wget -O /etc/httpd/conf.d/gitlab.conf https://raw.github.com/gitlabhq/gitlab-recipes/master/web-server/apache/gitlab.conf
```
Open `/etc/httpd/conf.d/gitlab.conf` with your editor and replace `git.example.org` with your FQDN.
Add `LoadModule ssl_module /etc/httpd/modules/mod_ssl.so` in `/etc/httpd/conf/httpd.conf`
If you want to run other websites on the same system, you'll need to add in `/etc/httpd/conf/httpd.conf`:
```
NameVirtualHost *:80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/httpd/conf.d/gitlab.conf
# to <VirtualHost *:443>
NameVirtualHost *:443
Listen 443
</IfModule>
```
Poke a selinux hole for httpd so it can be in front of GitLab:
setsebool -P httpd_can_network_connect on
Start apache:
service httpd start
## 8. Configure the firewall
Poke an iptables hole so users can access the httpd (http and https ports) and ssh.
The quick way is to put this in the file called `/etc/sysconfig/iptables`:
```
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
```
Restart the service for the changes to take effect:
service iptables restart
## Done!
Visit YOUR_SERVER for your first GitLab login.
The setup has created an admin account for you. You can use it to log in:
admin@local.host
5iveL!fe
You will then be redirected to change the default admin password.
## Links used in this guide
- [EPEL information](http://www.thegeekstuff.com/2012/06/enable-epel-repository/)
- [git update to 1.8.x](http://www.pickysysadmin.ca/2013/05/21/commit-comments-not-appearing-in-gitlab-on-centos/)
- [SELinux booleans](http://wiki.centos.org/TipsAndTricks/SelinuxBooleans)
[EPEL]: https://fedoraproject.org/wiki/EPEL
[keys]: https://fedoraproject.org/keys
[sudo]: http://stackoverflow.com/questions/257616/sudo-changes-path-why

0
install/debian/README.md Normal file
View File

0
install/fedora/README.md Normal file
View File

5
install/gentoo/README.md Normal file
View File

@@ -0,0 +1,5 @@
## Links
* http://wiki.gentoo.org/wiki/GitLab
* https://gist.github.com/int128/2360407
* https://github.com/cvut/gentoo-overlay/tree/master/www-apps/gitlabhq

0
install/opensuse/README.md Normal file
View File

0
install/v4/README.md → install/ubuntu/README.md
View File

0
install/v4/ubuntu_server_1204.sh → install/ubuntu/ubuntu_server_1204.sh
View File

9
nginx/ReadMe-CentOS.md
View File

@@ -1,9 +0,0 @@
# CentOS related Nginx notes
If nginx installed through package manager, adjust sites in conf.d instead of sites-enabled.
Set user gitlab in group root for user in nginx.conf:
#user nginx;
user gitlab root;

61
nginx/gitlab-https
View File

@@ -1,61 +0,0 @@
# GITLAB
# Maintainer: @yin8086
# App Version: 4.1
# Modified from nginx http version
# Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
# You need from run openssl to generate the ssl certificate.
# $ sudo openssl req -new -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key
# $ sudo chmod o-r gitlab.key
upstream gitlab {
server unix:/home/gitlab/gitlab/tmp/sockets/gitlab.socket;
}
# This is a normal HTTP host which redirects all traffic to the HTTPS host.
server {
listen 80;
server_name Domain_NAME;
server_tokens off;
root /nowhere;
rewrite ^ https://gitlab.stardrad.com$request_uri permanent;
}
server {
listen 443;
server_name Domain_NAME;
server_tokens off;
root /home/gitlab/gitlab/public;
ssl on;
ssl_certificate gitlab.crt;
ssl_certificate_key gitlab.key;
ssl_protocols SSLv3 TLSv1 TLSv2;
ssl_ciphers AES:HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
# individual nginx logs for this gitlab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
# serve static files from defined root folder;.
# @gitlab is a named location for the upstream fallback, see below
try_files $uri $uri/index.html $uri.html @gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location @gitlab {
proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_redirect off;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://gitlab;
}
}

3
web-server/README.md Normal file
View File

@@ -0,0 +1,3 @@
In this section there are provided additional configuration files for various web servers.
If you have something to contribute please read the [contributing guidelines](../contributing.md).

25
web-server/apache/README.md Normal file
View File

@@ -0,0 +1,25 @@
## CentOS notes
In CentOS the apache logs are under `/var/log/httpd` so you have to either replace
`apache` with `httpd` in `gitlab.conf` or create the `/var/log/apache2` directory.
## Puma or unicorn
### unicorn
Make sure that `/home/git/gitlab/config/unicorn.rb` exists
The default server is unicorn, so `gitlab.conf` is configured to listen on port `8080`.
### puma
Info taken from [PR #87](https://github.com/gitlabhq/gitlab-recipes/pull/87).
As apache's mod_proxy [doesn't support][sock] sockets, we have to configure the
proxy URL to use tcp instead of unix sockets. First make sure that `/home/git/gitlab/config/puma.rb` exists.
Then you have to make 2 changes:
1. In `gitlab.conf` replace `http://127.0.0.1:8080/ ` with `http://0.0.0.0:9292/`
2. Edit `puma.rb`: comment out `bind 'tcp://0.0.0.0:9292'` and comment `bind "unix://#{application_path}/tmp/sockets/gitlab.socket"`
[sock]: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html

66
web-server/apache/gitlab.conf Normal file
View File

@@ -0,0 +1,66 @@
# Requires apache modules: mod_proxy and mod_proxy_http
# In Debian based distros enable with: sudo a2enmod mod_proxy mod_proxy_http
# Change ServerName to your fqdn
#
# You need to run openssl to generate a self-signed ssl certificate:
# cd /etc/apache2 (or /etc/httpd)
# sudo openssl req -new -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key
# sudo chmod o-r gitlab.key
<VirtualHost *:80>
ServerName gitlab.example.com
#ServerAlias git.example.com
# Uncomment the following 3 lines if you want to redirect HTTP to HTTPS
#RewriteEngine on
#RewriteCond %{SERVER_PORT} ^80$
#RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
ProxyPass /uploads !
ProxyPass /error !
# If you use puma, see https://github.com/gitlabhq/gitlab-recipes/blob/master/web-server/apache/README.md
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ProxyPreserveHost On
CustomLog /var/log/apache2/gitlab/access.log combined
ErrorLog /var/log/apache2/gitlab/error.log
# Modify path to your needs (needed for downloading attachments)
DocumentRoot /home/git/gitlab/public
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerName gitlab.example.com
ServerAdmin gitlab@example.com
SSLEngine On
SSLCertificateFile /etc/apache2/gitlab.crt
SSLCertificateKeyFile /etc/apache2/gitlab.key
ProxyPass /uploads !
ProxyPass /error !
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ProxyPreserveHost On
CustomLog /var/log/apache2/gitlab/access.log combined
ErrorLog /var/log/apache2/gitlab/error.log
# Modify path to your needs (needed for downloading attachments)
DocumentRoot /home/git/gitlab/public
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

0
lighttpd/10-gitlab.conf → web-server/lighttpd/10-gitlab.conf
View File

0
lighttpd/README.md → web-server/lighttpd/README.md
View File

27
web-server/nginx/README.md Normal file
View File

@@ -0,0 +1,27 @@
## CentOS related Nginx notes
### Different conf directories
If nginx is installed through the package manager, adjust sites in `/etc/nginx/conf.d/`
instead of `/etc/nginx/sites-available/` or create those directories and tell `nginx`
to monitor them:
sudo mkdir /etc/nginx/sites-{available,enabled}
Then edit `/etc/nginx/nginx.conf` and replace `include /etc/nginx/conf.d/*.conf;`
with `/etc/nginx/sites-enabled/*;`
### Give nginx access to git group
In order for GitLab to display properly you have to make either one of the changes
below. The first one is recommended.
Add `nginx` user to `git` group:
sudo usermod -a -G git nginx
sudo chmod g+rx /home/git/
or replace the default `nginx` user with `git` and group `root` in `/etc/nginx/nginx.conf`:
#user nginx;
user git root;

69
web-server/nginx/gitlab-ssl Normal file
View File

@@ -0,0 +1,69 @@
# GITLAB
# Contributors: yin8086, sashkab, orkoden, axilleas
# App Version: 5.4 - 6.0
# Modified from nginx http version
# Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
# You need to run openssl to generate a self-signed ssl certificate.
# cd /etc/nginx/
# sudo openssl req -new -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key
# sudo chmod o-r gitlab.key
upstream gitlab {
## Uncomment if you have set up puma/unicorn to listen on a unix socket (recommended).
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
## Uncomment if puma/unicorn are configured to listen on a tcp port.
## Check the port number in /home/git/gitlab/config/{puma.rb/unicorn.rb}
# server 127.0.0.1:9292;
}
# This is a normal HTTP host which redirects all traffic to the HTTPS host.
# Replace git.example.com with your FQDN.
server {
listen *:80;
server_name git.example.com;
server_tokens off;
root /nowhere; # this doesn't have to be a valid path since we are redirecting, you don't have to change it.
rewrite ^ https://$server_name$request_uri permanent;
}
server {
listen 443;
server_name git.example.com;
server_tokens off;
root /home/git/gitlab/public;
ssl on;
ssl_certificate /etc/nginx/gitlab.crt;
ssl_certificate_key /etc/nginx/gitlab.key;
ssl_protocols SSLv3 TLSv1 TLSv1.2;
ssl_ciphers AES:HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
# individual nginx logs for this gitlab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
# serve static files from defined root folder;.
# @gitlab is a named location for the upstream fallback, see below
try_files $uri $uri/index.html $uri.html @gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location @gitlab {
proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_redirect off;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://gitlab;
}
}