如何为Gitlab Omnibus服务器旁边的其他虚拟主机提供服务? [完整的分步解决方案] [英] How to serve other vhosts next to Gitlab Omnibus server? [Full step-by-step solution]
问题描述
我在具有 Omnibus软件包的专用Ubuntu 14.04服务器版本上安装了 Gitlab CE .
I installed Gitlab CE on a dedicated Ubuntu 14.04 server edition with Omnibus package.
现在,我想在gitlab旁边安装另外三台虚拟主机.
Now I would want to install three other virtual hosts next to gitlab.
两个是由运行在两个不同的ports > 1024
上的non-root user
启动的node.js Web应用程序,第三个是需要从中启动Web服务器的PHP Web应用程序.
Two are node.js web applications launched by a non-root user
running on two distinct ports > 1024
, the third is a PHP web application that need a web server to be launched from.
有:
- 在
8081
(node.js
)上运行的私人凉亭注册表 - 在
8082
(node.js
)上运行的私人npm注册表 - 私人作曲家注册表(
PHP
)
- a private bower registry running on
8081
(node.js
) - a private npm registry running on
8082
(node.js
) - a private composer registry (
PHP
)
但是 Omnibus监听80 ,并且似乎既不使用Apache2也不使用Nginx,因此,我无法使用它们来为我的PHP应用程序提供服务并为我的另外两个节点应用程序提供反向代理.
But Omnibus listen 80 and doesn't seem to use neither Apache2 or Nginx, thus I can't use them to serve my PHP app and reverse-proxy my two other node apps.
Gitlab Omnibus用于
listen 80
的服务机制是什么? 我应该如何创建其他三个虚拟主机以提供以下vHost?
What serving mechanics Gitlab Omnibus uses to
listen 80
? How should I create the three other virtual hosts to be able to provide the following vHosts ?
-
gitlab.mycompany.com
(:80
)-已在使用中 -
bower.mycompany.com
(:80
) -
npm.mycompany.com
(:80
) -
packagist.mycompany.com
(:80
)
gitlab.mycompany.com
(:80
) -- already in usebower.mycompany.com
(:80
)npm.mycompany.com
(:80
)packagist.mycompany.com
(:80
)
推荐答案
关于这些
但是Omnibus听80,似乎没有使用Apache2或Nginx [,因此...] .
和@stdob评论:
综合没有将nginx用作Web服务器吗??? –
Did omnibus not use nginx as a web server ??? –
我回答了
我想不是因为nginx软件包没有安装在系统中...
I guess not because nginx package isn't installed in the system ...
事实
来自Gitlab官方文档:
In facts
From Gitlab official docs :
默认情况下,omnibus-gitlab使用捆绑的Nginx安装GitLab.
By default, omnibus-gitlab installs GitLab with bundled Nginx.
是的!
Omnibus软件包实际上使用了Nginx!
但是它被捆绑了,解释了为什么不需要从主机操作系统安装它作为依赖项.
but it was bundled, explaining why it doesn't require to be installed as dependency from the host OS.
因此是! Nginx可以并且应该用于服务我的PHP应用程序和反向代理我的另外两个节点应用程序.
Omnibus-gitlab允许通过驻留的用户gitlab-www
访问Web服务器
在具有相同名称的组中.允许外部Web服务器访问
GitLab,外部Web服务器用户需要添加gitlab-www
组.
Omnibus-gitlab allows webserver access through user gitlab-www
which resides
in the group with the same name. To allow an external webserver access to
GitLab, external webserver user needs to be added gitlab-www
group.
要使用其他Web服务器(如Apache)或现有的Nginx安装,您必须做 以下步骤:
To use another web server like Apache or an existing Nginx installation you will have to do the following steps:
通过在/etc/gitlab/gitlab.rb
nginx['enable'] = false
# For GitLab CI, use the following:
ci_nginx['enable'] = false
检查非捆绑式Web服务器用户的用户名.默认情况下,omnibus-gitlab
没有外部Web服务器用户的默认设置.
您必须在配置中指定外部Web服务器用户用户名!
例如,假设Web服务器用户为www-data
.
在/etc/gitlab/gitlab.rb
设置
Check the username of the non-bundled web-server user. By default, omnibus-gitlab
has no default setting for external webserver user.
You have to specify the external webserver user username in the configuration!
Let's say for example that webserver user is www-data
.
In /etc/gitlab/gitlab.rb
set
web_server['external_users'] = ['www-data']
此设置是一个数组,因此您可以指定多个用户添加到gitlab-www组.
运行sudo gitlab-ctl reconfigure
以使更改生效.
默认情况下,NGINX将接受所有本地IPv4地址上的传入连接.
您可以在/etc/gitlab/gitlab.rb
中更改地址列表.
By default NGINX will accept incoming connections on all local IPv4 addresses.
You can change the list of addresses in /etc/gitlab/gitlab.rb
.
nginx['listen_addresses'] = ["0.0.0.0", "[::]"] # listen on all IPv4 and IPv6 addresses
对于GitLab CI,请使用ci_nginx['listen_addresses']
设置.
For GitLab CI, use the ci_nginx['listen_addresses']
setting.
默认情况下,NGINX将侦听external_url
中指定的端口,或者
隐式使用正确的端口(对于HTTP为80,对于HTTPS为443).如果您正在跑步
逆向代理后面的GitLab,您可能需要覆盖监听端口
其他的东西.例如,使用端口8080:
By default NGINX will listen on the port specified in external_url
or
implicitly use the right port (80 for HTTP, 443 for HTTPS). If you are running
GitLab behind a reverse proxy, you may want to override the listen port to
something else. For example, to use port 8080:
nginx['listen_port'] = 8080
类似地,对于GitLab CI:
Similarly, for GitLab CI:
ci_nginx['listen_port'] = 8081
支持代理SSL
默认情况下,如果external_url
,NGINX将自动检测是否使用SSL
包含https://
.如果您在反向代理后面运行GitLab,则您
可能希望将external_url
保留为HTTPS地址,但要与之通信
通过HTTP在内部使用GitLab NGINX.为此,您可以使用禁用HTTPS
listen_https
选项:
Supporting proxied SSL
By default NGINX will auto-detect whether to use SSL if external_url
contains https://
. If you are running GitLab behind a reverse proxy, you
may wish to keep the external_url
as an HTTPS address but communicate with
the GitLab NGINX internally over HTTP. To do this, you can disable HTTPS using
the listen_https
option:
nginx['listen_https'] = false
类似地,对于GitLab CI:
Similarly, for GitLab CI:
ci_nginx['listen_https'] = false
请注意,您可能需要配置反向代理以转发某些
标头(例如Host
,X-Forwarded-Ssl
,X-Forwarded-For
,X-Forwarded-Port
)到GitLab.
Note that you may need to configure your reverse proxy to forward certain
headers (e.g. Host
, X-Forwarded-Ssl
, X-Forwarded-For
, X-Forwarded-Port
) to GitLab.
您可能会看到不正确的重定向或错误(例如"422无法处理的实体", 如果您忘记了此步骤,则无法验证CSRF令牌的真实性".欲了解更多 信息,请参阅:
You may see improper redirections or errors (e.g. "422 Unprocessable Entity", "Can't verify CSRF token authenticity") if you forget this step. For more information, see:
- What's the de facto standard for a Reverse Proxy to tell the backend SSL is used?
- https://wiki.apache.org/couchdb/Nginx_As_a_Reverse_Proxy
要走得更远,您可以在
配置gitlab虚拟主机
安装Phusion乘客
我们需要在操作系统中全局安装ruby(带有捆绑的ruby的gitlab,在Omnibus中运行)
Configuring our gitlab virtual host
Installing Phusion Passenger
We need to install ruby (gitlab run in omnibus with a bundled ruby) globally in the OS
$ sudo apt-get update $ sudo apt-get install ruby $ sudo gem install passenger
使用乘客模块重新编译nginx
例如,nginx无法代替
Apache2
即时插入二进制模块.必须为要添加的每个新插件重新编译它.
Recompile nginx with the passenger module
Instead of
Apache2
for example, nginx isn't able to be plugged with binary modules on-the-fly. It must be recompiled for each new plugin you want to add.Phusion乘客开发人员团队努力工作,说:"捆绑的Nginx版本passenger :使用乘客插件编译的nginx容器.
Phusion passenger developer team worked hard to provide saying, "a bundled nginx version of passenger" : nginx bins compiled with passenger plugin.
所以,让我们使用它:
要求:我们需要打开
TCP
端口11371
(APT key
端口).requirement: we need to open our
TCP
port11371
(theAPT key
port).
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7 $ sudo apt-get install apt-transport-https ca-certificates
创建
passenger.list
$ sudo nano /etc/apt/sources.list.d/passenger.list
用这些木质素
# Ubuntu 14.04 deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main
为您的ubuntu版本使用正确的存储库.以Ubuntu 15.04为例: deb https://oss-binaries.phusionpassenger.com/apt/passenger 生动的主画面
use the right repo for your ubuntu version. For Ubuntu 15.04 for example: deb https://oss-binaries.phusionpassenger.com/apt/passenger vivid main
编辑权限:
$ sudo chown root: /etc/apt/sources.list.d/passenger.list $ sudo chmod 600 /etc/apt/sources.list.d/passenger.list
更新软件包列表:
$ sudo apt-get update
允许它为
unattended-upgrades
$ sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
在文件顶部查找或创建此配置块:
Find or create this config block on top of the file:
// Automatically upgrade packages from these (origin:archive) pairs Unattended-Upgrade::Allowed-Origins { // you may have some instructions here };
添加以下内容:
// Automatically upgrade packages from these (origin:archive) pairs Unattended-Upgrade::Allowed-Origins { // you may have some instructions here // To check "Origin:" and "Suite:", you could use e.g.: // grep "Origin\|Suite" /var/lib/apt/lists/oss-binaries.phusionpassenger.com* "Phusion:stable"; };
现在(重新)安装
nginx-extra
和passenger
:
Now (re)install
nginx-extra
andpassenger
:
$ sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak_"$(date +%Y-%m-%d_%H:%M)" $ sudo apt-get install nginx-extras passenger
配置
取消注释
/etc/nginx/nginx.conf
文件中的passenger_root
和passenger_ruby
指令:
configure it
Uncomment the
passenger_root
andpassenger_ruby
directives in the/etc/nginx/nginx.conf
file:
$ sudo nano /etc/nginx/nginx.conf
...获得类似的内容
... to obtain something like:
## # Phusion Passenger config ## # Uncomment it if you installed passenger or passenger-enterprise ## passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini; passenger_ruby /usr/bin/passenger_free_ruby;
创建nginx站点配置(虚拟主机conf)
$ nano /etc/nginx/sites-available/gitlab.conf server { listen *:80; server_name gitlab.mycompany.com; server_tokens off; root /opt/gitlab/embedded/service/gitlab-rails/public; client_max_body_size 250m; access_log /var/log/gitlab/nginx/gitlab_access.log; error_log /var/log/gitlab/nginx/gitlab_error.log; # Ensure Passenger uses the bundled Ruby version passenger_ruby /opt/gitlab/embedded/bin/ruby; # Correct the $PATH variable to included packaged executables passenger_env_var PATH "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/usr/local/bin:/usr/bin:/bin"; # Make sure Passenger runs as the correct user and group to # prevent permission issues passenger_user git; passenger_group git; # Enable Passenger & keep at least one instance running at all times passenger_enabled on; passenger_min_instances 1; error_page 502 /502.html; }
现在我们可以启用它:
$ sudo ln -s /etc/nginx/sites-available/gitlab.cong /etc/nginx/sites-enabled/
nginx本身没有与
a2ensite
等效的内容,因此我们使用ln
,但是如果您愿意,可以在github上找到一个项目: nginx_ensite : nginx_ensite和nginx_dissite用于快速启用和禁用虚拟主机There is no
a2ensite
equivalent coming natively with nginx, so we useln
, but if you want, there is a project on github: nginx_ensite: nginx_ensite and nginx_dissite for quick virtual host enabling and disabling这是一个Shell(Bash)脚本,为nginx复制了Debian a2ensite和a2dissite,以便在Apache 2.2/2.4中启用和禁用站点作为虚拟主机.
This is a shell (Bash) script that replicates for nginx the Debian a2ensite and a2dissite for enabling and disabling sites as virtual hosts in Apache 2.2/2.4.
完成了:-).最后,重新启动nginx
$ sudo service nginx restart
使用此新配置,您可以在gitlab旁边运行其他虚拟主机以提供所需的内容
只需在
/etc/nginx/sites-available
中创建新配置.
With this new configuration, you are able to run other virtual hosts next to gitlab to serve what you want
Just create new configs in
/etc/nginx/sites-available
.就我而言,我是在同一主机上以这种方式运行和提供服务的:
In my case, I made running and serving this way on the same host :
- gitlab.mycompany.com-用ruby编写的很棒的git平台
- ci.mycompany.com-用ruby编写的 gitlab持续集成服务器
>- npm.mycompany.com-用
编写的私有 npm 注册表node.js
- bower.mycompany.com-用
编写的私有 bower 注册表node.js
- packagist.mycompany.com-用于
packagist . org/"rel =" noreferrer> composer 用php编写的注册表
- gitlab.mycompany.com - the awesome git platform written in ruby
- ci.mycompany.com - the gitlab continuous integration server written in ruby
- npm.mycompany.com - a private npm registry written in
node.js
- bower.mycompany.com - a private bower registry written in
node.js
- packagist.mycompany.com - a private packagist for composer registry written in php
例如,投放
npm.mycompany.com
:为日志创建目录:
$ sudo mkdir -p /var/log/private-npm/nginx/
并填充一个新的虚拟主机配置文件:
And fill a new vhost config file:
$ sudo nano /etc/nginx/sites-available/npm.conf
使用此配置
server { listen *:80; server_name npm.mycompany.com client_max_body_size 5m; access_log /var/log/private-npm/nginx/npm_access.log; error_log /var/log/private-npm/nginx/npm_error.log; location / { proxy_pass http://localhost:8082; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } }
然后启用它并重新启动它:
Then enable it and restart it:
$ sudo ln -s /etc/nginx/sites-available/npm.conf /etc/nginx/sites-enabled/ $ sudo service nginx restart
这篇关于如何为Gitlab Omnibus服务器旁边的其他虚拟主机提供服务? [完整的分步解决方案]的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!