docker部署gitlab时配置内网https
创建配置文件openssl.conf
[req] distinguished_name = req_distinguished_name req_extensions = v5_req [req_distinguished_name] countryName = Country Name (2 letter code) countryName_default = CN #国家 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = BEIJING localityName = Locality Name (eg, city) localityName_default = BEIJING organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = MYORG commonName = TEST #此处修改域名或者ip commonName_max = 64 emailAddress = test@163.com [v5_req] # Extensions to add to a certificate request basicConstraints = CA:FALSE subjectAltName = @alt_names [alt_names] #此处增加域名和ip,使用https服务器的局域网ip即可,ip可以配置多个,只要一个自行删除 IP.1 = 192.168.0.11 IP.2 = 127.0.0.1 生成证书
openssl genrsa -out server.key 2048 openssl req -new -out server.csr -key server.key -config openssl.conf openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt -extensions v5_req -extfile openssl.conf openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "server" # 在网上找到个shell脚本生成证书文件,不过本人写文章时看到的,所以没有尝试。 #!/bin/sh # create self-signed server certificate: read -p "Enter your hostname or IP : " DOMAIN echo "Create server key..." openssl genrsa -des3 -out $DOMAIN.key 1024 echo "Create server certificate signing request..." SUBJECT="/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=$DOMAIN" openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr echo "Remove password..." mv $DOMAIN.key $DOMAIN.origin.key openssl rsa -in $DOMAIN.origin.key -out $DOMAIN.key echo "Sign SSL certificate..." openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt echo "TODO:" echo "Copy $DOMAIN.crt to /home/data/Gitlab/config/ssl/$DOMAIN.crt" echo "Copy $DOMAIN.key to /home/data/Gitlab/config/ssl/$DOMAIN.key" echo "Add nginx configuration in /home/data/Gitlab/config/gitlab.rb" # sh 执行脚本 # 第一步要求输入域名或IP地址 # 第二步要求输入密码,至少四位 # 后面会要求确认输入密码 关于server.p12文件使用参考:https://blog.csdn.net/z2926781/article/details/119675720,这里下面没有使用该文件。
# 创建ssl目录,将server.crt,server.key放进去 cd /etc/gitlab mkdir ssl mv /opt/server.crt /etc/gitlab/ssl/ mv /opt/server.key /etc/gitlab/ssl/ 修改gitlab.rb文件
vim /etc/gitlab/gitlab.rb
external_url 'https://192.168.0.11:5443' nginx['ssl_certificate'] = "/etc/gitlab/ssl/server.crt" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/server.key" # 下面为http跳转https配置,不需要可以不加 nginx['redirect_http_to_https'] = true nginx['redirect_http_to_https_port'] = 80 nginx['listen_port'] = 443 #docker部署,容器内端口 gitlab-ctl reconfigure重启生效
将server.crt文件取出,双击一直下一步即可
两种解决办法:
第一种:指定验证证书
git config --system http.sslcainfo "E:\server.crt" 第二种:取消证书验证
git config --system http.sslverify false 本以为终于解决时,却发现在使用jenkins拉取gitlab的代码时,又出现了该报错。如果jenkins部署在裸机上可以通过上述方法解决。但是因为jenkins跑在docker上,所以需要修改一下jenkins关于git的配置文件:
vim /etc/gitconfig [http] sslVerify = false gitconfig文件不一定在哪,裸机部署的好像存放在~/.gitcofnig,这个需要找一下。好了问题到此结束,恭喜终于成功啦
原文链接:https://blog.csdn.net/weixin_42603477/article/details/126159760?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522171836884016800182130287%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=171836884016800182130287&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~times_rank-30-126159760-null-null.nonecase&utm_term=docker%E9%83%A8%E7%BD%B2
