Install
create folder /app/gitlab/config, /app/gitlab/logs, /app/gitlab/data, for data storage.
sudo docker run --detach \
--hostname gitlab.beekc.top \
--publish 8300:80 --publish 8301:22 \
--name gitlab \
--restart always \
--volume /app/gitlab/config:/etc/gitlab \
--volume /app/gitlab/logs:/var/log/gitlab \
--volume /app/gitlab/data:/var/opt/gitlab \
--shm-size 256m \
gitlab/gitlab-ce:latestIn this example, use port 8300 for http, port 8301 for ssh.
Server data transfer
Backup
execute gitlab-rake gitlab:backup:create in previous server. This command will backup server data. Backup file is generated in /var/opt/gitlab/backups/. use scp copy backup file to the new server under /app/gitlab/data/backups/.
gitlab.rb and gitlab-secrets.json are not included in the backup. gitlab.rb contain configurations and gitlab-secrets.json saving user secrets. You may send to new server too.
Configure PostgreSQL
PostgreSQL need be configure according to Gitlab 数据备份和还原, or will get error message
Restoring PostgreSQL database gitlabhq_production … ERROR: must be owner of extension pg_trgm
ERROR: must be owner of extension btree_gist
ERROR: must be owner of extension btree_gist
ERROR: must be owner of extension pg_trgmBut i ignore those message gitlab still work fine.
Restore
use sudo chmode 777 change backup file mode.
close some gitlab server
sudo gitlab-ctl stop unicorn
sudo gitlab-ctl stop sidekiqRestore data
gitlab-rake gitlab:backup:restore BACKUP=1688374217_2023_07_03_12.9.2SSH
add gitlab_rails['gitlab_shell_ssh_port'] = 8301 to /app/gitlab/config/gitlab.rb.
Nginx Reverse Proxy
## Redirects all HTTP traffic to the HTTPS host
server {
listen 80;
server_name gitlab.beekc.top; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
return 301 https://$http_host$request_uri;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
}
## HTTPS host
server {
listen 443;
server_name gitlab.beekc.top; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
## Strong SSL Security
ssl on;
ssl_certificate /etc/letsencrypt/live/beekc.top/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/beekc.top/privkey.pem;
# GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
## Individual nginx logs for this GitLab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
proxy_pass http://localhost:8300;
client_max_body_size 0;
gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# proxy_pass http://gitlab-workhorse;
}
}Reduce Memory Use
In /etc/gitlab/gitlab.rb:
# Optimize Sidekiq
sidekiq['max_concurrency'] = 10
# Optimize Gitaly
gitaly['configuration'] = {
concurrency: [
{
'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
'max_per_repo' => 3,
}, {
'rpc' => "/gitaly.SSHService/SSHUploadPack",
'max_per_repo' => 3,
},
],
cgroups: {
repositories: {
count: 2,
},
mountpoint: '/sys/fs/cgroup',
hierarchy_root: 'gitaly',
memory_bytes: 500000,
cpu_shares: 512,
},
}
gitaly['env'] = {
'GITALY_COMMAND_SPAWN_MAX_PARALLEL' => '2'
}
# Configure how GitLab handles memory
gitlab_rails['env'] = {
'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000'
}
gitaly['env'] = {
'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000'
}Reconfigure gitlab to use the new setting:
sudo gitlab-ctl reconfigure