安装 gitlab

Requirements

https://docs.gitlab.com/ee/install/requirements.html

CPU:

• 4 cores is the recommended minimum number of cores and supports up to 500 users
• 8 cores supports up to 1000 users

Memory:

• 4 GB RAM is the required minimum memory size and supports up to 500 users
• 8 GB RAM supports up to 1000 users

推荐 4核，4G

Install Gitlab using Docker Engine

https://docs.gitlab.com/ee/install/docker.html

https://docs.gitlab.com/ee/install/docker/configuration.html

https://docs.gitlab.com/omnibus/settings/ssl/index.html

GITLAB_HOME=/srv/docker/gitlab
sudo docker run --detach \
  --hostname gitlab.mydomain.com \
  --env GITLAB_OMNIBUS_CONFIG="external_url 'http://gitlab.mydomain.com'" \
  --publish 0.0.0.0:2022:22 \
  --name gitlab \
  --restart always \
  --volume $GITLAB_HOME/config:/etc/gitlab \
  --volume $GITLAB_HOME/logs:/var/log/gitlab \
  --volume $GITLAB_HOME/data:/var/opt/gitlab \
  --network frontend \
  --shm-size 256m \
  gitlab/gitlab-ce:18.8.0-ce.0

启用 https

mkdir -p /srv/docker/gitlab/config/ssl
cd /srv/docker/gitlab/config/ssl

openssl genrsa -out gitlab.example.com.key 4096

openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=exampleOrg/CN=gitlab.example.com" \
-key gitlab.example.com.key \
-out gitlab.example.com.csr

openssl x509 -req  -days 3650 \
-in gitlab.example.com.csr \
-signkey gitlab.example.com.key \
-out gitlab.example.com.crt

修改配置文件

vi /srv/docker/gitlab/config/gitlab.rb

external_url 'https://gitlab.example.com'
nginx['redirect_http_to_https'] = true
gitlab_rails['gitlab_shell_ssh_port'] = 2022

内存如果有限可以设置一下两个参数，但会增加CPU运算

# 禁用 Puma 集群模式，减少内存占用
puma['worker_processes'] = 1
puma['min_threads'] = 1
puma['max_threads'] = 2
puma['per_worker_max_memory_mb'] = 256

# 设置 Sidekiq 进程数量
sidekiq['concurrency'] = 5

gitlab_ci['enable'] = false

# https://docs.gitlab.com/administration/monitoring/prometheus/
prometheus_monitoring['enable'] = false
sidekiq['metrics_enabled'] = false
puma['exporter_enabled'] = false

docker restart gitlab

Security

禁用注册

/help, /explore 暴漏项目，建议所有项目私有

Upgrade

https://docs.gitlab.com/update/upgrade_paths/