【x509: certificate relies on legacy Common Name field, use SANs instead】 https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28841
Change all example.com for your domain openssl genrsa -out ca.key 2048 openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt openssl req -newkey rsa:2048 -nodes -keyout example.com.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=*.example.com" -out example.com.csr openssl x509 -req -extfile <(printf "subjectAltName=DNS:example.com,DNS:www.example.com") -days 365 -in example.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out example.com.crt Put crt and key to gitlab ssl.
check version http://xxx.xxx.xxx.xxx/help
1. https://packages.gitlab.com/gitlab/gitlab-ce
2. example https://packages.gitlab.com/gitlab/gitlab-ce/packages/el/7/gitlab-ce-9.5.4-ce.0.el7.x86_64.rpm
curl -s https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash sudo yum install gitlab-ce-9.5.4-ce.0.el7.x86_64 ps: https://docs.gitlab.com/omnibus/manual_install.html
3. http://sueboy.blogspot.com/2018/12/gitlab.html
sudo nano /etc/gitlab/gitlab.rb
可以在裡面找到external_url
sudo gitlab-ctl reconfigure
sudo gitlab-ctl status
4. open firewall
firewall-cmd –zone=public –add-port=80/tcp –permanent
firewall-cmd –list-all –permanent
5. backup restore
https://docs.gitlab.com/ee/raketasks/backup_restore.html
https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/raketasks/backup_restore.md
6. upgrade
https://docs.gitlab.com/omnibus/update/
gitlab Maintenance Policy Upgrade recommendations
https://docs.gitlab.com/ee/policy/maintenance.html#upgrade-recommendations
9.5 to 10
https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/update/9.5-to-10.0.md
================================
目前已經在測試環境模擬過,安全可行方式:
建立一台新的centos 灌gitlab 9.5.4,還原 目前9.5.4,確認是否能正常執行gitlab 開始升級 9.5.4 -> 11.
https://gist.github.com/avence12/70fc35963444d096d1bdb558b252327a
https://www.lightblue.asia/gitlab-backup-script/?doing_wp_cron=1545378263.6541728973388671875000
Change:
1. http token: kzy3x2TSeukztpvzBiYA token from gitlab Personal Access Token, Don’t use Account Private Tokens. Need to product Personal Access Token
GLAB_GIT_CLONE_CMD="git clone --quiet --mirror git@${GLAB_GITHOST}:" GLAB_GIT_CLONE_CMD="git clone --quiet --mirror http://oauth2:${GLAB_TOKEN}@${GLAB_GITHOST}/" PS:GLAB_TOKEN use in GLAB_PROJ_API, Personal Access Token or Account Private Tokens both is ok
REPO have bug:REPO have " must remove, so add line under
https://stackoverflow.com/questions/13570327/how-to-delete-a-substring-using-shell-script for REPO in $REPOLIST; do for REPO in $REPOLIST; do REPO=${REPO%\"} ALL
https://xenby.com/b/131-%E6%8E%A8%E8%96%A6-gitlab%E5%AE%89%E8%A3%9D%E8%88%87%E5%9F%BA%E6%9C%AC%E8%A8%AD%E5%AE%9A%E6%95%99%E5%AD%B8
https://gitlab.com/gitlab-org/gitlab-ce/#installation
sudo nano /etc/gitlab/gitlab.rb
可以在裡面找到external_url
sudo gitlab-ctl reconfigure
1、virtualbox create vm
2core ram 2G hdd 20G
2、download ubuntu 15 server, best new version iso
3、install ubuntu,no need add any server.
4、change ip dhcp to static PS:new ubuntu eth0 maybe become to enp0s3 , don’t warring.
sudo nano /etc/newwork/interfaces
auto eth0
iface eth0 inet static
address 192.168.x.x #IP位址
netmask 255.255.255.0 #網路遮罩
gateway 192.168.x.x #預設閘道
/etc/init.d/networking restart
5、change dns
sudo nano /etc/newwork/interfaces
dns-nameservers 8.8.8.8 8.8.4.4
/etc/init.
This problem is root user, No Have .ssh folder
1、mkdir .ssh
2、chmod 700 .ssh
3、nano authorized_keys
copy gitlab ssh keys, put inside
4、chmod 600 authorized_keys
5、sudo service sshd restart
use tortoiesgit git clone, now usually no error msg :Server refused our key.