腾讯云CentOS7安装基于gogs的git平台

github大家都已经很熟悉了，但是github上面不能免费建私有仓库；如果你需要开发一些不适宜公开的项目，那么便需要自己搭建代码版本管理平台。

而由于gitlab相对要复杂一点，所以我选择了超级简单的一个私有git仓库工具—gogs。

jenkins.gitlab-ci.yml

安装mysql

为了使得mysql可以通过yum升级，所以我们这里采用mysql官方提供的添加yum仓库源的方式进行MySQL安装。文档可参考这里，或根据我的步骤操作:

1
2

scp ./mysql80-community-release-el7-1.noarch.rpm root@yourip:/root/software
sudo rpm -Uvh mysql80-community-release-el7-1.noarch.rpm

1
2
3

mysql-connectors-community/x86_64 MySQL Connectors Community                  51
mysql-tools-community/x86_64      MySQL Tools Community                       63
mysql80-community/x86_64          MySQL 8.0 Community Server                  17

1

yum install mysql-community-server

1
2
3
4
5
6

# 获取mysql8的工具集合tar打包文件(是一些rpm包)
wget https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-8.0.11-1.el7.x86_64.rpm-bundle.tar
# 解压
tar xvf ./mysql-xxx.bundle.tar
# 执行rpm方式的安装
yum install mysql-community-{server,client,common,libs}-*

1
2

systemctl start mysqld.service
systemctl status mysqld.service

1
2
3

firewall-cmd --permanent --zone=public --add-port=3306/tcp
firewall-cmd --permanent --zone=public --add-port=3306/udp
firewall-cmd --reload（使最新的防火墙规则生效）

1
2
3

sudo grep 'temporary password' /var/log/mysqld.log // 获取首次临时密码
mysql -uroot -p // 登录
ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass4!'; // 修改密码

mysql基本配置

1
2
3

CREATE USER dbreader IDENTIFIED BY 'test';
grant select on tq.* to dbreader@"%" identified by "test";
flush privileges; // 立即刷新权限

1

bind-address=0.0.0.0

1

mysql -usheldoncui -p -hcvm.cuiyongjian.com -Dlimegou

gogs安装

为gogs运行建立专门的git用户

git

1
2
3
4

useradd -g git -d /home/git git
passwd git
chown -R git:git /home/git
chmod -R 755 /home/git

安装gogs

gogs安装过程很简单，只需要按照官方的gogs教程
https://gogs.io/docs/installation
下载解压执行安装命令即可。

下载二进制解压

/home/git

开机自启动

systemdsystemdsystemdsystemctl

1

cp ./script/systemd/gogs.service /lib/systemd/system/

gogs.servicegit

1
2

systemctl start gogs.service
systemctl enable gogs.service

当然，也可以使用以往的init脚本的方式来实现开机自启动, 请参考官网这篇文章

查看是否启动且正在监听端口

ps -ef | grep gogsnetstat -nutpl

1
2
3
4
5
6
7
8
9

$ netstat -nutpl
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      772/mysqld
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      6545/nginx: master
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      704/sshd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      6545/nginx: master
tcp6       0      0 :::22                   :::*                    LISTEN      704/sshd
tcp6       0      0 :::8020                 :::*                    LISTEN      10612/gogs
tcp6       0      0 :::33060                :::*                    LISTEN      772/mysqld

对外暴露gogs服务: nginx https转发配置

如果你的gogs是自托管且直接对外提供服务的，那么你需要对gogs进行https证书的配置:

1
2
3
4
5

[server]
PROTOCOL = https
ROOT_URL = https://try.gogs.io/
CERT_FILE = custom/https/cert.pem
KEY_FILE = custom/https/key.pem

Let's Encrypt

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

server {
    listen      80;
    server_name git.limefe.com;
    return      301         https://git.limefe.com$request_uri;
}
server {
    listen      443;
    server_name  git.limefe.com;
    keepalive_timeout 70;
    ssl on;
    ssl_certificate /root/.acme.sh/limefe.com/fullchain.cer;
    ssl_certificate_key /root/.acme.sh/limefe.com/limefe.com.key;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;
    access_log  /root/weblogs/nginxlog/git.limefe.com.access.log  main;
    error_log   /root/weblogs/nginxlog/git.limefe.com.error.log;

    # gogs监听的是8020端口
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Nginx_proxy true;
        proxy_pass http://127.0.0.1:8020;
    }
    
    # error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

systemctl reload nginx

gogs初始化

启动后，需要通过界面进行数据库等的设置

初始化gogs数据库

gogs的初始化sql脚本放置在scripts目录下

1

mysql -uroot -p你的密码 < ./scripts/mysql.sql

这里要注意一个坑: 在MySQL8当中:

In MySQL 8.0, the option innodb_file_format is removed.

innodb_file_format

1
2
3
4
5

SET GLOBAL innodb_file_per_table = ON,
           innodb_file_format = Barracuda,
           innodb_large_prefix = ON;
DROP DATABASE IF EXISTS gogs;
CREATE DATABASE IF NOT EXISTS gogs CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;

innodb_large_prefixmysql.sql

初始化gogs站点

custom/conf/app.ini

邮箱设置

custom/conf/app.inismtp.exmail.qq.com:465

修改gogs依赖的的ssh配置

START_SSH_SERVER

踩坑

1

yum install mysql-community-{server,client,common,libs}-*

1

default_authentication_plugin=mysql_native_password

1

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password value'

1
2
3
4
5
6

[mailer]
ENABLED = true
HOST    = smtp.exmail.qq.com:465
FROM    = "noreply" <git@limefe.com>
USER    = git@limefe.com
PASSWD  = *******

refer