如何在 Gitlab Omnibus 服务器旁边为其他虚拟主机提供服务?[完整的分步解决方案] [英] How to serve other vhosts next to Gitlab Omnibus server? [Full step-by-step solution]

查看:32
本文介绍了如何在 Gitlab Omnibus 服务器旁边为其他虚拟主机提供服务?[完整的分步解决方案]的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在带有 Omnibus 包的专用 Ubuntu 14.04 服务器版本上安装了 Gitlab CE.

现在我想在 gitlab 旁边安装另外三个虚拟主机.

两个是由 non-root 用户 启动的 node.js Web 应用程序,运行在两个不同的 端口 >1024,第三个是PHP Web应用程序,需要一个Web服务器才能启动.

有:

  • 运行在 8081 (node.js) 上的私有 bower 注册表
  • 8082 (node.js) 上运行的私有 npm 注册表
  • 一个私有的作曲家注册表(PHP)

但是 Omnibus 监听 80 并且似乎既不使用 Apache2 也不使用 Nginx,因此我无法使用它们来为我的 PHP 应用程序提供服务并反向代理我的另外两个节点应用程序.

<块引用>

Gitlab Omnibus 使用什么服务机制来listen 80?我应该如何创建其他三个虚拟主机才能提供以下虚拟主机?

  • gitlab.mycompany.com (:80) -- 已在使用
  • bower.mycompany.com (:80)
  • npm.mycompany.com (:80)
  • packagist.mycompany.com (:80)

解决方案

关于这些

<块引用>

但是 Omnibus 监听 80 并且似乎既不使用 Apache2 也不使用 Nginx [,因此...].

和@stdob 评论:

<块引用>

难道综合没有使用 nginx 作为网络服务器???——

我已经回复了

<块引用>

我猜不是因为系统中没有安装 nginx 包...

事实

来自 Gitlab 官方文档:

<块引用>

默认情况下,omnibus-gitlab 使用捆绑的 Nginx 安装 GitLab.

是的!

<块引用>

Omnibus 包实际上使用了 Nginx !

但它是捆绑的,解释了为什么它不需要作为主机操作系统的依赖项安装.

因此是的!Nginx 可以并且应该用于为我的 PHP 应用提供服务,并反向代理我的另外两个节点应用.

那么现在

Omnibus-gitlab 允许通过驻留的用户 gitlab-www 访问网络服务器在同名组中.允许外部网络服务器访问GitLab,外部webserver用户需要添加gitlab-www组.

要使用其他 Web 服务器(如 Apache 或现有的 Nginx 安装),您必须执行以下步骤:

通过在/etc/gitlab/gitlab.rb

中指定禁用捆绑的Nginx

nginx['enable'] = false# 对于 GitLab CI,使用以下命令:ci_nginx['启用'] = 假

检查非捆绑网络服务器用户的用户名.默认情况下,omnibus-gitlab 没有外部网络服务器用户的默认设置.您必须在配置中指定外部网络服务器用户名!例如,假设网络服务器用户是 www-data.在 /etc/gitlab/gitlab.rb 设置

web_server['external_users'] = ['www-data']

此设置是一个数组,因此您可以指定多个用户添加到 gitlab-www 组.

运行 sudo gitlab-ctl reconfigure 以使更改生效.

设置 NGINX 监听地址

默认情况下,NGINX 将接受所有本地 IPv4 地址上的传入连接.您可以在 /etc/gitlab/gitlab.rb 中更改地址列表.

nginx['listen_addresses'] = ["0.0.0.0", "[::]"] # 监听所有 IPv4 和 IPv6 地址

对于 GitLab CI,使用 ci_nginx['listen_addresses'] 设置.

设置NGINX监听端口

默认情况下,NGINX 将侦听 external_url 中指定的端口或隐式使用正确的端口(HTTP 为 80,HTTPS 为 443).如果你正在跑步反向代理后面的 GitLab,您可能希望将监听端口覆盖为别的东西.例如使用 8080 端口:

nginx['listen_port'] = 8080

同样,对于 GitLab CI:

ci_nginx['listen_port'] = 8081

支持代理 SSL

默认情况下,如果 external_url,NGINX 会自动检测是否使用 SSL包含 https://.如果你在反向代理后面运行 GitLab,你可能希望将 external_url 保留为 HTTPS 地址,但与GitLab NGINX 在内部通过 HTTP.为此,您可以使用禁用 HTTPSlisten_https 选项:

nginx['listen_https'] = false

同样,对于 GitLab CI:

ci_nginx['listen_https'] = false

请注意,您可能需要配置反向代理以转发某些标头(例如 HostX-Forwarded-SslX-Forwarded-ForX-Forwarded-Port) 到 GitLab.

您可能会看到不正确的重定向或错误(例如422 Unprocessable Entity",如果您忘记了这一步,无法验证 CSRF 令牌的真实性").更多信息,见:

<块引用>

要更进一步,您可以按照 https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#using-a-non-bundled-网络服务器

配置我们的 gitlab 虚拟主机

安装 Phusion 乘客

我们需要在 OS 中全局安装 ruby​​(gitlab 使用捆绑的 ruby​​ 运行在 omnibus 中)

$ sudo apt-get 更新$ sudo apt-get install ruby$ sudo gem 安装乘客

使用passenger模块重新编译nginx

例如,与 Apache2 不同,nginx 无法即时插入二进制模块.必须为每个要添加的新插件重新编译它.

Phusion 乘客开发团队努力提供捆绑的 nginx 版本乘客":使用乘客插件编译的nginx bins.

所以,让我们使用它:

<块引用>

要求:我们需要打开我们的TCP端口11371(APT key端口).>

$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7$ sudo apt-get install apt-transport-https ca-certificates

创建passenger.list

$ sudo nano/etc/apt/sources.list.d/passenger.list

用这些线

# Ubuntu 14.04deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main

<块引用>

为您的 ubuntu 版本使用正确的存储库.以 Ubuntu 15.04 为例:deb https://oss-binaries.phusionpassenger.com/apt/passenger生动主

编辑权限:

$ sudo chown root:/etc/apt/sources.list.d/passenger.list$ sudo chmod 600/etc/apt/sources.list.d/passenger.list

更新包列表:

$ sudo apt-get 更新

允许它作为无人值守升级

$ sudo nano/etc/apt/apt.conf.d/50unattended-upgrades

在文件顶部查找或创建此配置块:

//从这些 (origin:archive) 对中自动升级包无人值守升级::Allowed-Origins {//你可能在这里有一些说明};

添加以下内容:

//从这些 (origin:archive) 对中自动升级包无人值守升级::Allowed-Origins {//你可能在这里有一些说明//要检查Origin:"和Suite:",您可以使用例如://grep "Origin|Suite"/var/lib/apt/lists/oss-binaries.phusionpassenger.com*"Phusion:稳定";};

现在(重新)安装 nginx-extrapassenger:

$ sudo cp/etc/nginx/nginx.conf/etc/nginx/nginx.conf.bak_"$(date +%Y-%m-%d_%H:%M)"$ sudo apt-get install nginx-extras 乘客

配置它

取消注释 /etc/nginx/nginx.conf 文件中的 passenger_rootpassenger_ruby 指令:

$ sudo nano/etc/nginx/nginx.conf

...获得类似的东西:

### Phusion 乘客配置### 如果你安装了passenger 或者passenger-enterprise 取消注释##passenger_root/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;passenger_ruby/usr/bin/passenger_free_ruby;

创建nginx站点配置(虚拟主机conf)

$ nano/etc/nginx/sites-available/gitlab.conf服务器 {听 *:80;服务器名称 gitlab.mycompany.com;server_tokens 关闭;root/opt/gitlab/embedded/service/gitlab-rails/public;client_max_body_size 250m;access_log/var/log/gitlab/nginx/gitlab_access.log;error_log/var/log/gitlab/nginx/gitlab_error.log;# 确保乘客使用捆绑的 Ruby 版本passenger_ruby/opt/gitlab/embedded/bin/ruby;# 更正 $PATH 变量以包含打包的可执行文件乘客环境变量路径/opt/gitlab/bin:/opt/gitlab/embedded/bin:/usr/local/bin:/usr/bin:/bin";# 确保乘客以正确的用户和组运行# 防止权限问题乘客用户 git;乘客组 git;# 启用乘客 &始终保持至少一个实例运行乘客启用;乘客最小实例 1;error_page 502/502.html;}

现在我们可以启用它:

$ sudo ln -s/etc/nginx/sites-available/gitlab.cong/etc/nginx/sites-enabled/

<块引用>

nginx 本身没有 a2ensite 等价物,所以我们使用 ln,但如果你愿意,github 上有一个项目:nginx_ensite:nginx_ensite 和 nginx_dissite 用于快速启用和禁用虚拟主机

这是一个 shell (Bash) 脚本,它为 nginx 复制了 Debian a2ensite 和 a2dissite,用于在 Apache 2.2/2.4 中启用和禁用站点作为虚拟主机.

完成了:-).最后重启nginx

$ sudo service nginx restart

通过这个新配置,你可以在 gitlab 旁边运行其他虚拟主机来提供你想要的服务

只需在 /etc/nginx/sites-available 中创建新配置.

<块引用>

就我而言,我在同一台主机上以这种方式运行和服务:

  • gitlab.mycompany.com - 用 ruby​​ 编写的很棒的 git 平台
  • ci.mycompany.com - 用 ruby​​ 编写的 gitlab 持续集成服务器
  • npm.mycompany.com - 用 node.jsnpm 注册表>
  • bower.mycompany.com - 用 node.jsbower 注册表>
  • packagist.mycompany.com - packagist.org/" rel="noreferrer">composer 用 php 编写的注册表

例如,为 npm.mycompany.com 提供服务:

为日志创建一个目录:

$ sudo mkdir -p/var/log/private-npm/nginx/

并填写一个新的 vhost 配置文件:

$ sudo nano/etc/nginx/sites-available/npm.conf

有了这个配置

服务器{听 *:80;server_name npm.mycompany.comclient_max_body_size 5m;access_log/var/log/private-npm/nginx/npm_access.log;error_log/var/log/private-npm/nginx/npm_error.log;地点/{proxy_pass http://localhost:8082;proxy_http_version 1.1;proxy_set_header 升级 $http_upgrade;proxy_set_header 连接'升级';proxy_set_header 主机 $host;proxy_cache_bypass $http_upgrade;}}

然后启用它并重新启动它:

$ sudo ln -s/etc/nginx/sites-available/npm.conf/etc/nginx/sites-enabled/$ sudo 服务 nginx 重启

I installed Gitlab CE on a dedicated Ubuntu 14.04 server edition with Omnibus package.

Now I would want to install three other virtual hosts next to gitlab.

Two are node.js web applications launched by a non-root user running on two distinct ports > 1024, the third is a PHP web application that need a web server to be launched from.

There are:

  • a private bower registry running on 8081 (node.js)
  • a private npm registry running on 8082 (node.js)
  • a private composer registry (PHP)

But Omnibus listen 80 and doesn't seem to use neither Apache2 or Nginx, thus I can't use them to serve my PHP app and reverse-proxy my two other node apps.

What serving mechanics Gitlab Omnibus uses to listen 80 ? How should I create the three other virtual hosts to be able to provide the following vHosts ?

  • gitlab.mycompany.com (:80) -- already in use
  • bower.mycompany.com (:80)
  • npm.mycompany.com (:80)
  • packagist.mycompany.com (:80)

解决方案

About these

But Omnibus listen 80 and doesn't seem to use neither Apache2 or Nginx [, thus ...].

and @stdob comment :

Did omnibus not use nginx as a web server ??? –

Wich I responded

I guess not because nginx package isn't installed in the system ...

In facts

From Gitlab official docs :

By default, omnibus-gitlab installs GitLab with bundled Nginx.

So yes!

Omnibus package actually uses Nginx !

but it was bundled, explaining why it doesn't require to be installed as dependency from the host OS.

Thus YES! Nginx can, and should be used to serve my PHP app and reverse-proxy my two other node apps.

Then now

Omnibus-gitlab allows webserver access through user gitlab-www which resides in the group with the same name. To allow an external webserver access to GitLab, external webserver user needs to be added gitlab-www group.

To use another web server like Apache or an existing Nginx installation you will have to do the following steps:

Disable bundled Nginx by specifying in /etc/gitlab/gitlab.rb

nginx['enable'] = false
# For GitLab CI, use the following:
ci_nginx['enable'] = false

Check the username of the non-bundled web-server user. By default, omnibus-gitlab has no default setting for external webserver user. You have to specify the external webserver user username in the configuration! Let's say for example that webserver user is www-data. In /etc/gitlab/gitlab.rb set

web_server['external_users'] = ['www-data']

This setting is an array so you can specify more than one user to be added to gitlab-www group.

Run sudo gitlab-ctl reconfigure for the change to take effect.

Setting the NGINX listen address or addresses

By default NGINX will accept incoming connections on all local IPv4 addresses. You can change the list of addresses in /etc/gitlab/gitlab.rb.

nginx['listen_addresses'] = ["0.0.0.0", "[::]"] # listen on all IPv4 and IPv6 addresses

For GitLab CI, use the ci_nginx['listen_addresses'] setting.

Setting the NGINX listen port

By default NGINX will listen on the port specified in external_url or implicitly use the right port (80 for HTTP, 443 for HTTPS). If you are running GitLab behind a reverse proxy, you may want to override the listen port to something else. For example, to use port 8080:

nginx['listen_port'] = 8080

Similarly, for GitLab CI:

ci_nginx['listen_port'] = 8081

Supporting proxied SSL

By default NGINX will auto-detect whether to use SSL if external_url contains https://. If you are running GitLab behind a reverse proxy, you may wish to keep the external_url as an HTTPS address but communicate with the GitLab NGINX internally over HTTP. To do this, you can disable HTTPS using the listen_https option:

nginx['listen_https'] = false

Similarly, for GitLab CI:

ci_nginx['listen_https'] = false

Note that you may need to configure your reverse proxy to forward certain headers (e.g. Host, X-Forwarded-Ssl, X-Forwarded-For, X-Forwarded-Port) to GitLab.

You may see improper redirections or errors (e.g. "422 Unprocessable Entity", "Can't verify CSRF token authenticity") if you forget this step. For more information, see:

To go further you can follow the official docs at https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#using-a-non-bundled-web-server

Configuring our gitlab virtual host

Installing Phusion Passenger

We need to install ruby (gitlab run in omnibus with a bundled ruby) globally in the OS

$ sudo apt-get update 
$ sudo apt-get install ruby
$ sudo gem install passenger

Recompile nginx with the passenger module

Instead of Apache2 for example, nginx isn't able to be plugged with binary modules on-the-fly. It must be recompiled for each new plugin you want to add.

Phusion passenger developer team worked hard to provide saying, "a bundled nginx version of passenger" : nginx bins compiled with passenger plugin.

So, lets use it:

requirement: we need to open our TCP port 11371 (the APT key port).

$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7
$ sudo apt-get install apt-transport-https ca-certificates

creating passenger.list 

$ sudo nano /etc/apt/sources.list.d/passenger.list

with these lignes

# Ubuntu 14.04
deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main

use the right repo for your ubuntu version. For Ubuntu 15.04 for example: deb https://oss-binaries.phusionpassenger.com/apt/passenger vivid main

Edit permissions: 

$ sudo chown root: /etc/apt/sources.list.d/passenger.list
$ sudo chmod 600 /etc/apt/sources.list.d/passenger.list

Updating package list:

$ sudo apt-get update

Allowing it as unattended-upgrades

$ sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Find or create this config block on top of the file:

// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {

  // you may have some instructions here

};

Add the following:

// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {

  // you may have some instructions here

  // To check "Origin:" and "Suite:", you could use e.g.:
  // grep "Origin|Suite" /var/lib/apt/lists/oss-binaries.phusionpassenger.com*
    "Phusion:stable";

};

Now (re)install nginx-extra and passenger:

$ sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak_"$(date +%Y-%m-%d_%H:%M)"
$ sudo apt-get install nginx-extras passenger

configure it

Uncomment the passenger_root and passenger_ruby directives in the /etc/nginx/nginx.conf file:

$ sudo nano /etc/nginx/nginx.conf

... to obtain something like:

##
# Phusion Passenger config
##
# Uncomment it if you installed passenger or passenger-enterprise
##

passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
passenger_ruby /usr/bin/passenger_free_ruby;

create the nginx site configuration (the virtual host conf)

$ nano /etc/nginx/sites-available/gitlab.conf

server {
  listen *:80;
  server_name gitlab.mycompany.com;
  server_tokens off;
  root /opt/gitlab/embedded/service/gitlab-rails/public;

  client_max_body_size 250m;
  access_log  /var/log/gitlab/nginx/gitlab_access.log;
  error_log   /var/log/gitlab/nginx/gitlab_error.log;

  # Ensure Passenger uses the bundled Ruby version
  passenger_ruby /opt/gitlab/embedded/bin/ruby;

  # Correct the $PATH variable to included packaged executables
  passenger_env_var PATH "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/usr/local/bin:/usr/bin:/bin";

  # Make sure Passenger runs as the correct user and group to
  # prevent permission issues
  passenger_user git;
  passenger_group git;

  # Enable Passenger & keep at least one instance running at all times
  passenger_enabled on;
  passenger_min_instances 1;

  error_page 502 /502.html;
}

Now we can enable it:

$ sudo ln -s /etc/nginx/sites-available/gitlab.cong /etc/nginx/sites-enabled/

There is no a2ensite equivalent coming natively with nginx, so we use ln, but if you want, there is a project on github: nginx_ensite: nginx_ensite and nginx_dissite for quick virtual host enabling and disabling

This is a shell (Bash) script that replicates for nginx the Debian a2ensite and a2dissite for enabling and disabling sites as virtual hosts in Apache 2.2/2.4.

It' done :-). Finally, restart nginx

$ sudo service nginx restart

With this new configuration, you are able to run other virtual hosts next to gitlab to serve what you want

Just create new configs in /etc/nginx/sites-available.

In my case, I made running and serving this way on the same host :

For example, to serve npm.mycompany.com :

Create a directory for logs:

$ sudo mkdir -p /var/log/private-npm/nginx/

And fill a new vhost config file:

$ sudo nano /etc/nginx/sites-available/npm.conf

With this config

server {
  listen *:80;
  server_name npm.mycompany.com

  client_max_body_size 5m;
  access_log  /var/log/private-npm/nginx/npm_access.log;
  error_log   /var/log/private-npm/nginx/npm_error.log;

  location / {
    proxy_pass http://localhost:8082;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}

Then enable it and restart it:

$ sudo ln -s /etc/nginx/sites-available/npm.conf /etc/nginx/sites-enabled/
$ sudo service nginx restart

这篇关于如何在 Gitlab Omnibus 服务器旁边为其他虚拟主机提供服务?[完整的分步解决方案]的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆