gitlab启用https

2018-03-02 08:27:25来源:cnblogs.com作者:河岸飞流人点击

分享

为了防止内网渗透,将gitlab服务的访问添加了ssl,具体步骤如下:

  1. 修改配置文件

    [[email protected]_177_101_centos gitlab]$ sudo vim /etc/gitlab/gitlab.rb#13行的 http >> httpsexternal_url 'https://ip:port'#修改nginx配置 810行nginx['redirect_http_to_https'] =truenginx['ssl_certificate'] = "/etc/gitlab/ssl/server.crt"nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/server.key"
  2. 生成秘钥与证书

    #秘钥脚本,将以下内容保存为shell脚本,然后运行#出现提示输入信息的地方输入信息,先输入域名然后4次证书密码,任意密码,四次保持一致。#!/bin/sh# create self-signed server certificate:read -p "Enter your domain [139.199.125.93]: " DOMAINecho "Create server key..."openssl genrsa -des3 -out $DOMAIN.key 1024echo "Create server certificate signing request..."SUBJECT="/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=$DOMAIN"openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csrecho "Remove password..."mv $DOMAIN.key $DOMAIN.origin.keyopenssl rsa -in $DOMAIN.origin.key -out $DOMAIN.keyecho "Sign SSL certificate..."openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crtecho "TODO:"echo "Copy $DOMAIN.crt to /etc/nginx/ssl/$DOMAIN.crt"echo "Copy $DOMAIN.key to /etc/nginx/ssl/$DOMAIN.key"echo "Add configuration in nginx:"echo "server {"echo "    ..."echo "    listen 443 ssl;"echo "    ssl_certificate     /etc/nginx/ssl/$DOMAIN.crt;"echo "    ssl_certificate_key /etc/nginx/ssl/$DOMAIN.key;"echo "}"#执行成功后生成文件如下:[[email protected]_177_101_centos src]$ ls139.199.125.93.crt  139.199.125.93.origin.key             nginx-1.7.12   vim-7.3.tar.bz2139.199.125.93.csr  apache-tomcat-8.5.28.tar.gz           ssl_genKey.sh  vimcdoc-1.8.0139.199.125.93.key  gitlab-ce-10.0.0-ce.0.el7.x86_64.rpm  vim73          vimcdoc-1.8.0.tar.gz#移动到相应的位置sudo mkdir -p /etc/gitlab/sslsudo chmod 700 /etc/gitlab/ssl/ -Rsu cp 139.199.125.93.crt /etc/gitlab/ssl/server.crtsudo cp 139.199.125.93.key /etc/gitlab/ssl/server.key
  3. 重建配置:

    sudo gitlab-ctl reconfigure

    浏览器进行https访问:

相关文章

    无相关信息

最新文章

123

最新摄影

微信扫一扫

第七城市微信公众平台