ubuntu服务器部署gitlab docker并配置nginx反向代理https访问

1. 拉取镜像

 docker pull gitlab/gitlab-ce

2. 运行容器

docker run --detach \
 --publish 9080:80 --publish 9022:22  --publish 9443:443\
 --name=gitlab \
 --restart=always \
 --volume /home/docker/gitlab/config:/etc/gitlab \
 --volume /home/docker/gitlab/logs:/var/log/gitlab \
 --volume /home/docker/gitlab/data:/var/opt/gitlab \
 --volume /home/docker/gitlab/logs/reconfigure:/var/log/gitlab/reconfigure \
 --volume /etc/localtime:/etc/localtime:ro\
 --privileged=true \
 gitlab/gitlab-ce:latest

说明：

• --publish指定host和容器的端口映射。为了避免gitlab端口与host nginx冲突，最好都映射一下

3. 编辑gitlab配置文件

因为挂载，所以不用进入容器就能修改配置文件，

sudo vim /home/docker/gitlab/config/gitlab.rb

修改如下配置并保存：

external_url 'https://你的域名'
nginx['redirect_http_to_https'] = true
# 你需要将你的证书放在 /home/docker/gitlab/config/ssl下
nginx['ssl_certificate'] = "/etc/gitlab/ssl/xxxx.xxxx.com_bundle.crt" 
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/xxxx.xxxx.com.key"
gitlab_rails['gitlab_shell_ssh_port'] = 9022

4. 修改完配置后，重启容器内gitlab服务

# 停止服务
docker exec gitlab sh -c 'gitlab-ctl stop'

# 重新设置gitlab配置
docker exec gitlab  sh -c 'gitlab-ctl reconfigure'

# 启动服务
docker exec gitlab  sh -c 'gitlab-ctl start'

5. Host主机Nginx配置反向代理

## 请求转发到GitLab容器
server {
    listen       443 ssl;
    server_name  xxxx.xxxx.com; # 你的域名
    charset utf-8;
    access_log  logs/gitlab.access.log;
    error_log  logs/gitlab.error.log;

    ssl on;
	# 服务的证书
    ssl_certificate /root/cert/xxxx.xxxx.com_bundle.crt;
	# 服务端key
    ssl_certificate_key /root/cert/xxxx.xxxx.key;
	# session超时时间
    ssl_session_timeout 5m;
	# 加密算法
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
	# 允许SSL协议
    ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
	# 启动加密算法
    ssl_prefer_server_ciphers on;

    location /gitlab {
       	proxy_set_header Host $host;
       	proxy_set_header X-Real-IP $remote_addr;
      	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto https;
		proxy_pass https://127.0.0.1:9443;
	}
}

重启nginx

 nginx -s reload

6. 浏览器输入https://域名/gitlab访问，会自动跳转到登录页面，不行的话可以多刷新几次试试。
   
7. 重置初始密码

进入容器

docker exec -it gitlab /bin/bash

登入GitLab后台操作

gitlab-rails console -e production


irb(main):003:0> User.all

=> #<ActiveRecord::Relation [#<User id:1 @root>]>

irb(main):004:0> user=User.where(id:1).first

=> #<User id:1 @root>

irb(main):008:0> user.password='12345678'

=> "12345678"

irb(main):009:0> user.password_confirmation='12345678'

=> "12345678"

irb(main):010:0> user.save!

=> true

登录成功