我想大多数个人用户都不会专门去租一台VPS来运行GitLab,否则VPS月费还不如买GitHub的升级套餐更省心省力.这篇文章的最终目的是在一台VPS上使用一个IP和独立的Nginx运行一个PHP+MySQL的个人Blog(或者其他的什么PHP程序) and GitLab,并开启全站HTTPS.

HTTPS证书推荐Lets Encrypt,纯免费.

你需要设置两个域名解析指向你的VPS,比如你的VPS IP是1.2.3.4,域名是name.com.可以分别创建两条DNS解析name.comgitlab.name.com同时指向1.2.3.4.安装配置完成之后使用gitlab.name.com访问你的GitLab,使用name.com访问你的PHP Blog.还需要为两个域名单独申请创建两个HTTPS证书.

之后就可以开始安装设置了.

这篇文章基于Ubuntu Server 16.04 LTS, Nginx 1.10.0, PHP 7.0.15, GitLab 8.17.3

Install GitLab

  • 安装GitLab需求组件
$sudo apt-get install curl openssh-server ca-certificates postfix
  • 使用GitLab官方源安装
$curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
$sudo apt install gitlab-ce

Install Nginx PHP7.0 MySQl

  • 安装Nginx
$apt install nginx
  • 安装PHP7.0 and MySQL
$apt install php7.0 php7.0-fpm php7.0-mysql php7.0-curl mysql-server

Config GitLab Nginx

  • 初始化GitLab
$sudo gitlab-ctl reconfigure
  • 修改GitLab配置文件
$sudo vim /etc/gitlab/gitlab.rb
--------------------------------
external_url https://gitlab.name.com # 指向你的GitLab子域名  
nginx['enable'] = false # 禁用GitLab自带的Nginx  
web_server['external_users'] = ['www-data'] # 设置独立Nginx运行权限账户,Ubuntu默认为`www-data`.  
nginx['ssl_certificate'] =/etc/nginx/ssl/gitlab.name.com.crt # 指向你的GitLab子域名证书  
nginx['ssl_certificate_key'] = /etc/nginx/ssl/gitlab.name.com.key # 指向你的GitLab子域名证书  
  • 修改Nginx配置文件
$rm /etc/nginx/site-enable/default # 删除Nginx的默认配置文件
$touch /etc/nginx/conf.d/www.conf # PHP网站程序的配置
$touch /etc/nginx/conf.d/gitlab.conf # GitLab的配置
  • 按以下模版修改www.confgitlab.conf
## gitlab.conf

upstream gitlab-workhorse {  
  server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
}
server {  
  listen 0.0.0.0:80;
  listen [::]:80 ipv6only=on default_server;
  server_name gitlab.name.com;
  server_tokens off; 
  return 301 https://$http_host$request_uri;
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
}

server {  
  listen 0.0.0.0:443 ssl;
  listen [::]:443 ipv6only=on ssl default_server;
  server_name gitlab.name.com;
  server_tokens off;
  root /opt/gitlab/embedded/service/gitlab-rails/public;

  ssl on;
  ssl_certificate /etc/nginx/ssl/gitlab.name.com.crt;
  ssl_certificate_key /etc/nginx/ssl/gitlab.name.com.key;
  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 5m;

  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
  location / {
    client_max_body_size 0;
    gzip off;
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;
    proxy_http_version 1.1;
    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_pass http://gitlab-workhorse;
  }
}
## www.conf

server {  
  listen 0.0.0.0:443 ssl;
  server_name name.com; # 指向你的Blog域名
  server_tokens off;
  root /var/www; # 你的PHP Blog存放路径
  index index.php index.html index.htm index.nginx-debian.html;
  ssl on;
  ssl_certificate /etc/nginx/ssl/name.com.crt # 指向你的Blog证书
  ssl_certificate_key /etc/nginx/ssl/name.com.key # 指向你的Blog证书
  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 5m;
  access_log  /var/log/nginx/www_access.log;
  error_log   /var/log/nginx/www_error.log;
  location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }
}
  • 载入GitLab配置
$sudo gitlab-ctl reconfigure
  • 重启Nginx
$sudo service nginx restart

最后使用name.comgitlab.name.com测试访问你的Blog与GitLab.