如何为Gitlab Omnibus服务器旁边的其他虚拟主机提供服务? [完整的分步解决方案] [英] How to serve other vhosts next to Gitlab Omnibus server? [Full step-by-step solution]

问题描述

我在具有 Omnibus软件包的专用Ubuntu 14.04服务器版本上安装了 Gitlab CE .

I installed Gitlab CE on a dedicated Ubuntu 14.04 server edition with Omnibus package.

现在，我想在gitlab旁边安装另外三台虚拟主机.

Now I would want to install three other virtual hosts next to gitlab.

两个是由运行在两个不同的ports > 1024上的non-root user启动的node.js Web应用程序，第三个是需要从中启动Web服务器的PHP Web应用程序.

Two are node.js web applications launched by a non-root user running on two distinct ports > 1024, the third is a PHP web application that need a web server to be launched from.

有:

• 在8081(node.js)上运行的私人凉亭注册表
• 在8082(node.js)上运行的私人npm注册表
• 私人作曲家注册表(PHP)

• a private bower registry running on 8081 (node.js)
• a private npm registry running on 8082 (node.js)
• a private composer registry (PHP)

但是 Omnibus监听80 ，并且似乎既不使用Apache2也不使用Nginx，因此，我无法使用它们来为我的PHP应用程序提供服务并为我的另外两个节点应用程序提供反向代理.

But Omnibus listen 80 and doesn't seem to use neither Apache2 or Nginx, thus I can't use them to serve my PHP app and reverse-proxy my two other node apps.

Gitlab Omnibus用于listen 80的服务机制是什么? 我应该如何创建其他三个虚拟主机以提供以下vHost?

What serving mechanics Gitlab Omnibus uses to listen 80 ? How should I create the three other virtual hosts to be able to provide the following vHosts ?

• gitlab.mycompany.com(:80)-已在使用中
• bower.mycompany.com(:80)
• npm.mycompany.com(:80)
• packagist.mycompany.com(:80)

• gitlab.mycompany.com (:80) -- already in use
• bower.mycompany.com (:80)
• npm.mycompany.com (:80)
• packagist.mycompany.com (:80)

推荐答案

关于这些

但是Omnibus听80，似乎没有使用Apache2或Nginx [，因此...] .

和@stdob评论:

综合没有将nginx用作Web服务器吗??? –

Did omnibus not use nginx as a web server ??? –

我回答了

我想不是因为nginx软件包没有安装在系统中...

I guess not because nginx package isn't installed in the system ...

事实

来自Gitlab官方文档:

In facts

From Gitlab official docs :

默认情况下，omnibus-gitlab使用捆绑的Nginx安装GitLab.

By default, omnibus-gitlab installs GitLab with bundled Nginx.

是的！

Omnibus软件包实际上使用了Nginx！

但是它被捆绑了，解释了为什么不需要从主机操作系统安装它作为依赖项.

but it was bundled, explaining why it doesn't require to be installed as dependency from the host OS.

因此是！ Nginx可以并且应该用于服务我的PHP应用程序和反向代理我的另外两个节点应用程序.

Omnibus-gitlab允许通过驻留的用户gitlab-www访问Web服务器 在具有相同名称的组中.允许外部Web服务器访问 GitLab，外部Web服务器用户需要添加gitlab-www组.

Omnibus-gitlab allows webserver access through user gitlab-www which resides in the group with the same name. To allow an external webserver access to GitLab, external webserver user needs to be added gitlab-www group.

要使用其他Web服务器(如Apache)或现有的Nginx安装，您必须做 以下步骤:

To use another web server like Apache or an existing Nginx installation you will have to do the following steps:

通过在/etc/gitlab/gitlab.rb

nginx['enable'] = false
# For GitLab CI, use the following:
ci_nginx['enable'] = false

检查非捆绑式Web服务器用户的用户名.默认情况下，omnibus-gitlab没有外部Web服务器用户的默认设置. 您必须在配置中指定外部Web服务器用户用户名！ 例如，假设Web服务器用户为www-data. 在/etc/gitlab/gitlab.rb设置

Check the username of the non-bundled web-server user. By default, omnibus-gitlab has no default setting for external webserver user. You have to specify the external webserver user username in the configuration! Let's say for example that webserver user is www-data. In /etc/gitlab/gitlab.rb set

web_server['external_users'] = ['www-data']

此设置是一个数组，因此您可以指定多个用户添加到gitlab-www组.

运行sudo gitlab-ctl reconfigure以使更改生效.

默认情况下，NGINX将接受所有本地IPv4地址上的传入连接. 您可以在/etc/gitlab/gitlab.rb中更改地址列表.

By default NGINX will accept incoming connections on all local IPv4 addresses. You can change the list of addresses in /etc/gitlab/gitlab.rb.

nginx['listen_addresses'] = ["0.0.0.0", "[::]"] # listen on all IPv4 and IPv6 addresses

对于GitLab CI，请使用ci_nginx['listen_addresses']设置.

For GitLab CI, use the ci_nginx['listen_addresses'] setting.

默认情况下，NGINX将侦听external_url中指定的端口，或者 隐式使用正确的端口(对于HTTP为80，对于HTTPS为443).如果您正在跑步 逆向代理后面的GitLab，您可能需要覆盖监听端口 其他的东西.例如，使用端口8080:

By default NGINX will listen on the port specified in external_url or implicitly use the right port (80 for HTTP, 443 for HTTPS). If you are running GitLab behind a reverse proxy, you may want to override the listen port to something else. For example, to use port 8080:

nginx['listen_port'] = 8080

类似地，对于GitLab CI:

Similarly, for GitLab CI:

ci_nginx['listen_port'] = 8081

支持代理SSL

默认情况下，如果external_url，NGINX将自动检测是否使用SSL 包含https://.如果您在反向代理后面运行GitLab，则您 可能希望将external_url保留为HTTPS地址，但要与之通信 通过HTTP在内部使用GitLab NGINX.为此，您可以使用禁用HTTPS listen_https选项:

Supporting proxied SSL

By default NGINX will auto-detect whether to use SSL if external_url contains https://. If you are running GitLab behind a reverse proxy, you may wish to keep the external_url as an HTTPS address but communicate with the GitLab NGINX internally over HTTP. To do this, you can disable HTTPS using the listen_https option:

nginx['listen_https'] = false

类似地，对于GitLab CI:

Similarly, for GitLab CI:

ci_nginx['listen_https'] = false

请注意，您可能需要配置反向代理以转发某些 标头(例如Host，X-Forwarded-Ssl，X-Forwarded-For，X-Forwarded-Port)到GitLab.

Note that you may need to configure your reverse proxy to forward certain headers (e.g. Host, X-Forwarded-Ssl, X-Forwarded-For, X-Forwarded-Port) to GitLab.

您可能会看到不正确的重定向或错误(例如"422无法处理的实体"， 如果您忘记了此步骤，则无法验证CSRF令牌的真实性".欲了解更多 信息，请参阅:

You may see improper redirections or errors (e.g. "422 Unprocessable Entity", "Can't verify CSRF token authenticity") if you forget this step. For more information, see:

• https://wiki.apache.org/couchdb/Nginx_As_a_Reverse_Proxy

• What's the de facto standard for a Reverse Proxy to tell the backend SSL is used?
• https://wiki.apache.org/couchdb/Nginx_As_a_Reverse_Proxy

要走得更远，您可以在

配置gitlab虚拟主机

安装Phusion乘客

我们需要在操作系统中全局安装ruby(带有捆绑的ruby的gitlab，在Omnibus中运行)

Configuring our gitlab virtual host

Installing Phusion Passenger

We need to install ruby (gitlab run in omnibus with a bundled ruby) globally in the OS

$ sudo apt-get update 
$ sudo apt-get install ruby
$ sudo gem install passenger

使用乘客模块重新编译nginx

例如，nginx无法代替Apache2即时插入二进制模块.必须为要添加的每个新插件重新编译它.

Recompile nginx with the passenger module

Instead of Apache2 for example, nginx isn't able to be plugged with binary modules on-the-fly. It must be recompiled for each new plugin you want to add.

Phusion乘客开发人员团队努力工作，说:"捆绑的Nginx版本passenger :使用乘客插件编译的nginx容器.

Phusion passenger developer team worked hard to provide saying, "a bundled nginx version of passenger" : nginx bins compiled with passenger plugin.

所以，让我们使用它:

要求:我们需要打开TCP端口11371(APT key端口).

requirement: we need to open our TCP port 11371 (the APT key port).

$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7
$ sudo apt-get install apt-transport-https ca-certificates

创建passenger.list

$ sudo nano /etc/apt/sources.list.d/passenger.list

用这些木质素

# Ubuntu 14.04
deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main

为您的ubuntu版本使用正确的存储库.以Ubuntu 15.04为例: deb https://oss-binaries.phusionpassenger.com/apt/passenger 生动的主画面

use the right repo for your ubuntu version. For Ubuntu 15.04 for example: deb https://oss-binaries.phusionpassenger.com/apt/passenger vivid main

编辑权限:

$ sudo chown root: /etc/apt/sources.list.d/passenger.list
$ sudo chmod 600 /etc/apt/sources.list.d/passenger.list

更新软件包列表:

$ sudo apt-get update

允许它为unattended-upgrades

$ sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

在文件顶部查找或创建此配置块:

Find or create this config block on top of the file:

// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {

  // you may have some instructions here

};

添加以下内容:

// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {

  // you may have some instructions here

  // To check "Origin:" and "Suite:", you could use e.g.:
  // grep "Origin\|Suite" /var/lib/apt/lists/oss-binaries.phusionpassenger.com*
    "Phusion:stable";

};

现在(重新)安装nginx-extra和passenger:

Now (re)install nginx-extra and passenger:

$ sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak_"$(date +%Y-%m-%d_%H:%M)"
$ sudo apt-get install nginx-extras passenger

配置

取消注释/etc/nginx/nginx.conf文件中的passenger_root和passenger_ruby指令:

configure it

Uncomment the passenger_root and passenger_ruby directives in the /etc/nginx/nginx.conf file:

$ sudo nano /etc/nginx/nginx.conf

...获得类似的内容

... to obtain something like:

##
# Phusion Passenger config
##
# Uncomment it if you installed passenger or passenger-enterprise
##

passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
passenger_ruby /usr/bin/passenger_free_ruby;

创建nginx站点配置(虚拟主机conf)

$ nano /etc/nginx/sites-available/gitlab.conf

server {
  listen *:80;
  server_name gitlab.mycompany.com;
  server_tokens off;
  root /opt/gitlab/embedded/service/gitlab-rails/public;

  client_max_body_size 250m;
  access_log  /var/log/gitlab/nginx/gitlab_access.log;
  error_log   /var/log/gitlab/nginx/gitlab_error.log;

  # Ensure Passenger uses the bundled Ruby version
  passenger_ruby /opt/gitlab/embedded/bin/ruby;

  # Correct the $PATH variable to included packaged executables
  passenger_env_var PATH "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/usr/local/bin:/usr/bin:/bin";

  # Make sure Passenger runs as the correct user and group to
  # prevent permission issues
  passenger_user git;
  passenger_group git;

  # Enable Passenger & keep at least one instance running at all times
  passenger_enabled on;
  passenger_min_instances 1;

  error_page 502 /502.html;
}

现在我们可以启用它:

$ sudo ln -s /etc/nginx/sites-available/gitlab.cong /etc/nginx/sites-enabled/

nginx本身没有与a2ensite等效的内容，因此我们使用ln，但是如果您愿意，可以在github上找到一个项目: nginx_ensite : nginx_ensite和nginx_dissite用于快速启用和禁用虚拟主机

There is no a2ensite equivalent coming natively with nginx, so we use ln, but if you want, there is a project on github: nginx_ensite: nginx_ensite and nginx_dissite for quick virtual host enabling and disabling

这是一个Shell(Bash)脚本，为nginx复制了Debian a2ensite和a2dissite，以便在Apache 2.2/2.4中启用和禁用站点作为虚拟主机.

This is a shell (Bash) script that replicates for nginx the Debian a2ensite and a2dissite for enabling and disabling sites as virtual hosts in Apache 2.2/2.4.

完成了:-).最后，重新启动nginx

$ sudo service nginx restart

使用此新配置，您可以在gitlab旁边运行其他虚拟主机以提供所需的内容

只需在/etc/nginx/sites-available中创建新配置.

With this new configuration, you are able to run other virtual hosts next to gitlab to serve what you want

Just create new configs in /etc/nginx/sites-available.

就我而言，我是在同一主机上以这种方式运行和提供服务的:

In my case, I made running and serving this way on the same host :

• gitlab.mycompany.com-用ruby编写的很棒的git平台
• ci.mycompany.com-用ruby编写的 gitlab持续集成服务器
>
• npm.mycompany.com-用node.js
编写的私有 npm 注册表
• bower.mycompany.com-用node.js
编写的私有 bower 注册表
• packagist.mycompany.com-用于 packagist . org/"rel =" noreferrer> composer 用php编写的注册表
• gitlab.mycompany.com - the awesome git platform written in ruby
• ci.mycompany.com - the gitlab continuous integration server written in ruby
• npm.mycompany.com - a private npm registry written in node.js
• bower.mycompany.com - a private bower registry written in node.js
• packagist.mycompany.com - a private packagist for composer registry written in php

例如，投放npm.mycompany.com:

为日志创建目录:

$ sudo mkdir -p /var/log/private-npm/nginx/

并填充一个新的虚拟主机配置文件:

And fill a new vhost config file:

$ sudo nano /etc/nginx/sites-available/npm.conf

使用此配置

server {
  listen *:80;
  server_name npm.mycompany.com

  client_max_body_size 5m;
  access_log  /var/log/private-npm/nginx/npm_access.log;
  error_log   /var/log/private-npm/nginx/npm_error.log;

  location / {
    proxy_pass http://localhost:8082;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}

然后启用它并重新启动它:

Then enable it and restart it:

$ sudo ln -s /etc/nginx/sites-available/npm.conf /etc/nginx/sites-enabled/
$ sudo service nginx restart

这篇关于如何为Gitlab Omnibus服务器旁边的其他虚拟主机提供服务? [完整的分步解决方案]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！