GitLab – Requirements

Posted on 2014 年 10 月 23 日 by cowman.chiang

Source :

Hardware requirements

CPU

1 core works supports up to 100 users but the application can be a bit slower due to having all workers and background jobs running on the same core
2 cores is the recommended number of cores and supports up to 500 users
4 cores supports up to 2,000 users
8 cores supports up to 5,000 users
16 cores supports up to 10,000 users
32 cores supports up to 20,000 users
64 cores supports up to 40,000 users
Memory

512MB is the absolute minimum but we do not recommend this amount of memory. You will either need to configure 512MB or 1.5GB of swap space. With 512MB of swap space you must configure only one unicorn worker. With one unicorn worker only git over ssh access will work because the git over http access requires two running workers (one worker to receive the user request and one worker for the authorization check). If you use SSD storage and configure 1.5GB of swap space you can use two Unicorn workers, this will allow http access but it will still be slow.
1GB RAM + 1GB swap supports up to 100 users
2GB RAM is the recommended memory size and supports up to 500 users
4GB RAM supports up to 2,000 users
8GB RAM supports up to 5,000 users
16GB RAM supports up to 10,000 users
32GB RAM supports up to 20,000 users
64GB RAM supports up to 40,000 users

Posted in Git | Leave a comment

Git Server 安裝 (New)

Posted on 2014 年 10 月 23 日 by cowman.chiang

OS: Ubuntu 14.04 Server x64

安裝Gitlab + MySQL + Nginx

  1. 系統更新
apt-get update
apt-get upgrade -y
apt-get dist-upgrade
  1. 安裝基本需求
# 記得要先裝vim
update-alternatives --set editor /usr/bin/vim.basic
sudo apt-get install -y build-essential zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libreadline-dev libncurses5-dev libffi-dev curl openssh-server redis-server checkinstall libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev logrotate cmake
  1. 安裝python
sudo apt-get install -y python
python --version
python2 --version
# 確認 python版本,如果版本是3.x以上,則需額外安裝2.x版
# sudo apt-get install -y python2.7
# python --version # Python 2.7.3

# python2 --version # 命令執行會採用 python2, 所以需要確認 python2 的版本
# python2 不存在的話, 需要把 python 2.7 版 的 ln 過去.
# sudo ln -s /usr/bin/python /usr/bin/python2

apt-get install -y python-docutils
  1. 安裝Git
# 檢查Git目前可apt安裝的版本
apt-cache showpkg git-core

# 如果版本大於1.7.10,則可以直接使用~否則建議手動安裝新版本
# 直接安裝 => apt-get install -y git-core
# 如果原本就安裝舊有版本,移除 => apt-get remove git-core

# 手動安裝Git
apt-get install -y libcurl4-openssl-dev libexpat1-dev gettext libz-dev libssl-dev build-essential
cd /tmp
curl --progress https://git-core.googlecode.com/files/git-1.9.0.tar.gz | tar xz
cd git-1.9.0/
make prefix=/usr/local all
make prefix=/usr/local install
  1. 安裝Ruby
# 如果裝有1.8版,先行移除
# apt-get remove ruby1.8

mkdir /tmp/ruby && cd /tmp/ruby
curl --progress ftp://ftp.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p481.tar.gz | tar xz
cd ruby-2.0.0-p481/
./configure --disable-install-rdoc
# 下面這行可以用 make 就好
make -j  `cat /proc/cpuinfo | grep 'cpu cores' | awk '{if ($4=1) print $4; else print $4-1}'`

make install
gem install bundler --no-ri --no-rdoc
  1. 新增Gitlab系統帳號
adduser --disabled-login --gecos 'GitLab' git
  1. 安裝GitLab Shell
cd /home/git
sudo -u git -H git clone https://github.com/gitlabhq/gitlab-shell.git
cd gitlab-shell

# 查看最新版本為何
# 或是使用 sudo -u git -H git checkout `sudo -u git -H git describe --abbrev=0 --tags` 自動判斷安裝最新版
sudo -u git -H git tag 
sudo -u git -H git checkout v2.1.0

sudo -u git -H cp config.yml.example config.yml

#修改gitlab_url,改成要使用的domain
sudo -u git -H editor config.yml

sudo -u git -H ./bin/install
  1. 安裝MySQL Database
apt-get install -y mysql-server mysql-client libmysqlclient-dev
mysql -u root -p
#修改密碼
> CREATE USER 'gitlab'@'localhost' IDENTIFIED BY 'GITLAB_PASSWORD';
> CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
>GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'gitlab'@'localhost';

# 使用gitlab帳號測試MySQL
sudo -u git -H mysql -u gitlab -p -D gitlabhq_production
  1. 安裝GitLab
cd /home/git
sudo -u git -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab
cd /home/git/gitlab

# 檢查版本,找stable的
# 或是使用下面自動判斷最新且stable的版本進行安裝
# sudo -u git -H git checkout `sudo -u git -H git branch -a | grep 'stable' | awk 'E
ND{print}' | awk 'split($1, version, "/") {print version[3]}'`
sudo -u git -H git branch -a
sudo -u git -H git checkout 7-0-stable
  1. 設定GitLab
cd /home/git/gitlab
sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml

# 所有 localhost 改成要使用的domain. 
# /usr/bin/git 改成 /usr/local/bin/git
sudo -u git -H editor config/gitlab.yml

#調整檔案權限
chown -R git log/
chown -R git tmp/
chmod -R u+rwX  log/
chmod -R u+rwX  tmp/
sudo -u git -H mkdir /home/git/gitlab-satellites
sudo -u git -H mkdir tmp/pids/
sudo -u git -H mkdir tmp/sockets/
chmod -R u+rwX  tmp/pids/
chmod -R u+rwX  tmp/sockets/
sudo -u git -H mkdir public/uploads
chmod -R u+rwX  public/uploads
sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb
chmod -R u+rwX  public/uploads
sudo -u git -H mkdir public/uploads

#如果硬體記憶體規格超過2G,可將worker_processes改成3
#sudo -u git -H editor config/unicorn.rb

sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb
sudo -u git -H git config --global user.name "GitLab"
sudo -u git -H git config --global user.email "gitlab@localhost"
sudo -u git -H git config --global core.autocrlf input
  1. GitLab DB設計
sudo -u git cp config/database.yml.mysql config/database.yml

# 將production區塊的secure password值改成MySQL gitlab帳號設定的帳號、密碼
sudo -u git -H editor config/database.yml

sudo -u git -H chmod o-rwx config/database.yml
  1. 安裝Gems
cd /home/git/gitlab
sudo -u git -H bundle install --deployment --without development test postgres aws
  1. 初始化 Database
# 問啥就輸入yes以便建立Database
sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production
# 取得系統預設帳號、密碼 (所有新安裝都一樣,務必要更改)
Administrator account created:
    login.........admin@local.host
    password......5iveL!fe
  1. 設定開機自動啟動
cp lib/support/init.d/gitlab /etc/init.d/gitlab
chmod +x /etc/init.d/gitlab
update-rc.d gitlab defaults 21
  1. 設定Logtotate
cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
  1. 檢查GitLab應用程式設定狀態
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
  1. 啟動GitLab
service gitlab start

19.安裝、設定apache2

apt-get install nginx -y
cd /home/git/gitlab
cp lib/support/nginx/gitlab /etc/nginx/sites-available/gitlab
ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab

# 修改ServerName => 使用的Domain
vim /etc/nginx/sites-available/gitlab

# 如果沒有domain name,也一樣使用localhost,請記得刪除 /etc/nginx/sites-enabled/default
  1. 重新啟動 nginx
service nginx restart
  1. 進行初始化,避免發生可愛的502錯誤…..這邊會需要一點點的時間,請等待….
cd /home/git/gitlab
sudo -u git -H RAILS_ENV=production bundle exec rake assets:precompile
  1. 用網頁連線到http://使用的domain以上面取得的帳號密碼進行測試
    第一次讀取網頁可能會需要多一點時間,也有可能因為第20步驟所以這邊不會等太久
Posted in Git, Nginx, Ubuntu | Leave a comment

更換 apt-get 來源

Posted on 2014 年 10 月 23 日 by cowman.chiang 
root@ubuntu:~# vim /etc/apt/sources.list

:%s/us.archive.ubuntu.com/tw.archive.ubuntu.com/g

或是

root@ubuntu:~# sed -i 's/us.archive.ubuntu.com/tw.archive.ubuntu.com/g' /etc/sources.list

記得要在apt-get update一下..

基本上國網 free.nchc.org 應該也可以
但是不知道為什麼一直出錯
如果想要用國網的點,就把tw.archive.ubuntu.com改成free.nchc.org

Posted in Ubuntu | Leave a comment

Shell Script Dialog

Posted on 2014 年 10 月 22 日 by cowman.chiang

  1. Dialog 預設設定通常在個人Home目錄下的檔案”.dialogrc”
    可使用指令 “dialog –create-rc ~/.dialogrc” 產生

  2. 因為預設底色是青色,結束後會有色塊殘留,所以建議將screen_color調整為黑色
    也可在 dialog 指令執行前先指定使用哪一個設定檔案進行dialog
    “export DIALOGRC=${path}/dialog.installer”
    記得離開前把DIALOGRC清空就好

  3. 下面是將常用的dialogrc寫成function

dialog_msgbox() {
  #$1 => msgbox的類別{no clear, clear, clear & exit}, $2 => 前視窗的文字說明, $3 => 顯示的資訊文字
  case $1 in
    0) 
      dialog --backtitle "${backtitle}" --title "$2" --msgbox "n${3}" 9 50;;
    1)
      dialog --backtitle "${backtitle}" --title "$2" --clear --msgbox "n${3}" 9 50;;
    2)
      dialog --backtitle "${backtitle}" --title "$2" --clear --msgbox "n${3}" 9 50
      export DIALOGRC=
      exit 1;;
  esac
}

dialog_infobox() {
  #$1 => 前視窗的文字說明, $2 => 顯示的資訊文字
  dialog --backtitle "${backtitle}" --title "${1}" --infobox "${2}" 5 50
  sleep 1
}

dialog_inputbox() {
  #$1 => 前視窗的文字說明, $2 => 顯示的資訊文字, $3 => 預設值
  exec 3>&1
  inputtext=$(dialog --backtitle "${backtitle}" --title "${1}" --inputbox "${2}" 10 60 ${3} 2>&1 1>&3)
  exec 3>&-
}

dialog_yesno() {
  #$1 => 前視窗的文字說明, $2 => 顯示的資訊文字
  dialog --backtitle "${backtitle}" --title "${1}" --yesno "${2}" 7 60
  return $?
}

dialog_passwdbox() {
  #$1 => 前視窗的文字說明, $2 => 顯示的資訊文字
  exec 3>&1
  inputtext=$(dialog --backtitle "${backtitle}" --title "${1}" --insecure --clear --passwordbox "${2}" 10 60 2>&1 1>&3)
  exec 3>&-
}
Posted in Shell Script | Leave a comment

Eclipse 安裝 Python 模組

Posted on 2014 年 10 月 22 日 by cowman.chiang
  1. 下載 Python 進行安裝
    Python 下載連結

安裝過程中記得勾選加入環境變數

  1. 開啟 Eclipse => Help => Eclipse Marketplace

  2. 搜尋 Python => Go

  3. 安裝 PyDev – Python IDE for Eclipse

  4. 勾選 PyDev for Eclipse、Pydev Mylyn Integration => Next

  5. I accept the terms of the license agreements

  6. 勾選 Brainwy Software; PyDev; Brainwy => OK

  7. 重新啟動 Eclipse

  8. 開啟 Eclipse => Windows => preferences

  9. PyDev => Python Interpreters => Python Interpreter => New (右上角) => 尋找 Python 安裝的目錄,選擇 Python.exe

使用精靈創建 Python 專案,預設的註解會變成單引號,會造成錯誤 => 應該是雙引號

Posted in Eclipse, Python | Leave a comment

Eclipse 安裝 PHP 模組

Posted on 2014 年 10 月 22 日 by cowman.chiang

環境:Eclipse Version: Luna Service Release 1 (4.4.1)

  1. 開啟Eclipse => Help => Install New Software

  2. Work with 選擇 Luna – http://download.eclipse.org/releases/luna

  3. 展開 Web, XML, Java EE and OSGi Enterprise Development

  4. 勾選PHP Development Tools (PDT) => Next => 安裝

安裝完畢後重新啟動即可

Posted in Eclipse, PHP | Leave a comment

Eclipse 安裝

Posted on 2014 年 10 月 22 日 by cowman.chiang

  1. 安裝 jre or jdk
    Oracle 下載連結

  2. 下載Eclipse
    Eclipse 下載連結

  3. 解壓縮後執行

Posted in Eclipse | Leave a comment

Python 註解

Posted on 2014 年 10 月 22 日 by cowman.chiang 
# 這是註解~~~

"""
這也是註解
"""
Posted in Python | Leave a comment

Nginx SSL Enable

Posted on 2014 年 10 月 21 日 by cowman.chiang

環境: Ubuntu 14.04 x64

  1. 產生key
root@Wordpress:/tmp# openssl genrsa -des3 -out site.key 2048
Generating RSA private key, 2048 bit long modulus
..........................+++
....................................+++
e is 65537 (0x10001)
Enter pass phrase for site.key:
Verifying - Enter pass phrase for site.key:

2.產生 csr

root@Wordpress:/tmp# openssl req -new -key site.key -out site.csr
Enter pass phrase for site.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taiwan
Locality Name (eg, city) []:Taipei City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Cowman
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:cowman.ip
Email Address []:cowman.chiang@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
  1. cat csr,貼至申請處
root@Wordpress:/tmp# cat site.csr 
-----BEGIN CERTIFICATE REQUEST-----
MIIC1DCCAbwCAQAwgY4xCzAJBgNVBAYTAlRXMQ8wDQYDVQQIDAZUYWl3YW4xFDAS
BgNVBAcMC1RhaXBlaSBDaXR5MQ8wDQYDVQQKDAZDb3dtYW4xCzAJBgNVBAsMAklU
MRIwEAYDVQQDDAljb3dtYW4uaXAxJjAkBgkqhkiG9w0BCQEWF2Nvd21hbi5jaGlh
bmdAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oNl
FGzEzzpVSvFkwrYegC1VxoznmsPp2UrImb+w2M4ZLLuqdAqjhLs1atnPaQZsQlOF
wfbnbGvcdwULuIzU8o1o1v7KS7TmWfi7P3oYG5GBRq/j3QuOQEwQ1s0QFAnulso9
rAHCt4i1rFg8wNF6mEF1Ghd2DzzD8P7Ew+LCYq+C4G8yq44RD+WJ8DccA4OQfzou
mcstrRkXWmoYyrICepCE4eqxSdlNH3dyZbSmG4yKC1gQc60/Utm5o8lGynvS0pBh
PUx124eMsWz80wZ0xAkE6Ma24XgOHied3XuaiRfBi5/tql+wfEQBrIOZ0DJ1DAhN
J723zUMw9amQ8cF4zQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAGeLtDAWlgh6
ag+PP8YqXrxGSAkkyL8EKdrPEntgYEPIkKt9to+h0tKBCZ5kCvG4bL6V5zRhtx4f
ViqTzh9itOI3MDfvE5o8vxhed4jzevIifpKDONt0bAOC73STpv9+HCR+CMNX0Erf
tmhD+zuLwHcBl5qoZqaPQobPF1VR1U2jsGBZ2HTTamtjGcr0mkso3MO5QxcV8JkP
DwAc/PGn06zzKUyPeGPY2PE2xAppcof8B/WOYLvRx202YeoG6Cp1hLT94GoN+ef/
aDwd7WgaFpC1sXTnjoOlzpsxoovHmaJMTskncYkUZIsg4ZvhJnF9trqu9XlUKBh7
vDAfX3ZNzCs=
-----END CERTIFICATE REQUEST-----

  1. 這裡一樣以namecheap的comodo ssl為例,會收到下面四個檔案
    伺服器類型選nginx
    AddTrustExternalCARoot.crt
    COMODORSAAddTrustCA.crt
    COMODORSADomainValidationSecureServerCA.crt
    cowman_ip.crt

  2. 產生 ssl-bundle.crt

cat cowman_ip.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt >> ssl-bundle.crt
  1. 移除需要輸入 phase 的機制
root@Wordpress:/tmp# openssl rsa -in site.key -out site-nopass.key
Enter pass phrase for site.key:
writing RSA key
  1. 修改 nginx 設定檔,位置在 /etc/nginx/sites-enabled/default,這裡把設定檔整併在server中
root@Wordpress:/tmp# vim /etc/nginx/sites-enabled/default

server {
        #listen 80 default_server;
        #listen [::]:80 default_server ipv6only=on;
        listen 80;
        listen 443 default ssl;

        ssl_certificate /opt/local/nginx/conf/certs/ssl-bundle.crt;
        ssl_certificate_key /opt/local/nginx/conf/certs/site_ip.key;

        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
        ssl_prefer_server_ciphers on;
  1. 重新啟動 nginx
service nginx restart
Posted in Nginx, SSL, Ubuntu | Leave a comment

Apache SSL Enable

Posted on 2014 年 10 月 21 日 by cowman.chiang

環境 CentOS 5.x i386

  1. 產生 key
[root@Web test]# openssl genrsa -des3 -out site.key 2048
Generating RSA private key, 2048 bit long modulus
............+++
..................+++
e is 65537 (0x10001)
Enter pass phrase for site.key:
Verifying - Enter pass phrase for site.key:
  1. 產生 csr
[root@Web test]# openssl req -new -key site.key -out site.csr
Enter pass phrase for site.key: #輸入剛剛產生key時輸入的資訊
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:TW
State or Province Name (full name) [Berkshire]:Taiwan
Locality Name (eg, city) [Newbury]:Taipei City
Organization Name (eg, company) [My Company Ltd]:Cowman
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:Cowman.ip
Email Address []:cowman.chiang@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: #可以直接按enter忽略
An optional company name []: #可以直接按enter忽略
  1. cat csr,將資料丟到憑證申請的網站輸入
[root@Web test]# cat site.csr 
#將以下的資料複製,貼至申請的網站
-----BEGIN CERTIFICATE REQUEST-----
MIIC1DCCAbwCAQAwgY4xCzAJBgNVBAYTAlRXMQ8wDQYDVQQIEwZUYWl3YW4xFDAS
BgNVBAcTC1RhaXBlaSBDaXR5MQ8wDQYDVQQKEwZDb3dtYW4xCzAJBgNVBAsTAklU
MRIwEAYDVQQDEwlDb3dtYW4uaXAxJjAkBgkqhkiG9w0BCQEWF2Nvd21hbi5jaGlh
bmdAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUwx
YtxHedYFykUgJuhtKGF0UuzPZ195QW9imVbFy0hT3Qt9YLKrmVESTFXxcdcLI6ty
uSB3kZbnsOBr7XgGezso/lsY3dEprUplyYOXkKZsYXl7n4l7KU7nf7siGW0QY6xS
oq1+7IIWa7Z9sKfdYUU9BsmH4c3YduuTa4WKdhOtn1RfSmqr5Gt+i35WZXc2/NUo
efTHqsTmICh26eLjCmqrjgLfnSK9FpSa5q7nKbvK9s5q9Qae3vpECgJRf1klP1cS
kBUTBoa6f46Wx+nWG/+QFpsW95w84RxxAIuUsTW2VcG6Ay6Q8TDEncj7iQ0TpJnh
M3BCaepcnRVB7pNmYQIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBACmQWu30vr1v
UuFxszR6ZUC3e25EEwCNg5UNh8iG9abauiE2K7l9lVWPicYdoZ1GjWGT13zMslwC
4c8nxvBKZfh4QGw5ALJvb1SZhvO/OMjPGCfQjuWRza44nNaaKi+BtCVHtglqvxTP
EXpCODWd+E9x5NCzKyXLGXJpT3rDg4Ov1QaGNMtNByQLD+SgsoTR+yS+RcxwS11Y
Ul26LrxnrbUvkwMV0/OWvbNREKSv3RsfjMWVsAtVwmdkRKlUNAFXMIOvAwmSImd/
+0ya5gEv4M+JVWWYy6vEnUOV333eR9tR4eCw7YO862TFdic9+4OPhVFpKeWJLANz
wQ4uUOWkuPA=
-----END CERTIFICATE REQUEST-----

  1. 以namecheap的comodo憑證為例,選擇伺服器為 apache + mod_ssl,會回傳兩個檔案至mail中
    cowman_ip.ca-bundle
    cowman_ip.crt

  2. 安裝mod_ssl

yum install mod_ssl
  1. 取消需要輸入phase的機制
[root@Web test]# openssl rsa -in site.key -out site-nopass.key
Enter pass phrase for roamingcenter_tanet_edu_tw.key:
writing RSA key
  1. 編輯 apache 設定檔,範例是在 /etc/httpd/conf.d/ssl.conf
[root@Web test]# vim /etc/httpd/conf.d/ssl.conf


SSLEngine on
SSLCertificateFile /etc/httpd/certs/cowman_ip.crt
SSLCertificateKeyFile /etc/httpd/certs/site-nopass.key
SSLCertificateChainFile /etc/httpd/certs/cowman_ip.ca-bundle
  1. 將 http 轉至 https,修改 /etc/httpd/conf/httpd.conf
[root@Web test]# vim /etc/httpd/conf/httpd.conf

#加在最後面
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
  1. 重新啟動 apache
service httpd restart

!! 記得檢查iptables防火牆設定

Posted in Apache, CentOS, SSL | Leave a comment