# vi /etc/gitlab/gitlab.rb

nginx['enable'] = false

# gitlab-ctl reconfigure

# gitlab-ctl restart

# cat nginx.repo

[nginx-stable]

name=nginx stable repo

baseurl=http://nginx.org/packages/centos/$releasever/$basearch/

gpgcheck=1

enabled=1

gpgkey=https://nginx.org/keys/nginx_signing.key

module_hotfixes=true

[nginx-mainline]

name=nginx mainline repo

baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/

gpgcheck=1

enabled=1

gpgkey=https://nginx.org/keys/nginx_signing.key

module_hotfixes=true

# yum install -y epel-release yum-utils

# yum-config-manager --enable epel

# yum clean all && sudo yum update -y

# yum install -y ntp

# chkconfig ntpd on

# ntpdate time.neusoft.com

# yum install -y pygpgme curl

# curl --fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo

# yum install -y nginx passenger || yum-config-manager --enable cr && yum install -y nginx passenger

# yum install install passenger-devel.x86_64 pcre-devel nodejs -y

# yum install pcre-devel automake make zlib zlib-devel gcc-c++ libtool openssl openssl-devel -y

# 配置配置

# passenger-config --nginx-addon-dir

/usr/share/passenger/ngx_http_passenger_module

# ls /usr/share/passenger/ngx_http_passenger_module

config Configuration.c ContentHandler.c LocationConfig ngx_http_passenger_module.c README.md StaticContentHandler.h

ConfigGeneral Configuration.h ContentHandler.h MainConfig ngx_http_passenger_module.h StaticContentHandler.c

# wget https://nginx.org/download/nginx-1.25.2.tar.gz

# tar zxvf nginx-1.25.2.tar.gz

# cd nginx-1.25.2

# nginx -V

nginx version: nginx/1.25.2

built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)

built with OpenSSL 1.0.2k-fips  26 Jan 2017

TLS SNI support enabled

configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

#在上面的configure参数后面加上 --add-dynamic-module=$(passenger-config --nginx-addon-dir) 后进行编辑

# ./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' --add-dynamic-module=$(passenger-config --nginx-addon-dir)

# make modules

# ls objs/

addon         Makefile           ngx_auto_headers.h                   ngx_http_passenger_module_modules.o  ngx_modules.c

autoconf.err  ngx_auto_config.h  ngx_http_passenger_module_modules.c  ngx_http_passenger_module.so         src

# mkdir /usr/share/nginx/modules/

# cp objs/ngx_http_passenger_module.so /usr/share/nginx/modules/

# ls /usr/share/nginx/modules/

ngx_http_passenger_module.so

# 打开 passenger 开关

# vi /etc/nginx/conf.d/passenger.conf

# passenger_root 通过 passenger-config --root 命令获取

# passenger-config --root

/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini

passenger_root /usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini;

passenger_ruby /usr/bin/ruby;

passenger_instance_registry_dir /var/run/passenger-instreg;

# 在nginx.conf中配置load_module

# vi /etc/nginx/nginx.conf

#在pid /var/run/nginx.pid;下面加上 load_module

load_module "/usr/share/nginx/modules/ngx_http_passenger_module.so";

# vi /etc/nginx/conf.d/gitlab.conf

upstream gitlab-workhorse {

server unix://var/opt/gitlab/gitlab-workhorse/sockets/socket fail_timeout=0;

}

server {

listen *:80;

server_name gitlab.neusoft-css.com;

server_tokens off;

root /opt/gitlab/embedded/service/gitlab-rails/public;

client_max_body_size 250m;

access_log /var/log/gitlab/nginx/gitlab_access.log;

error_log /var/log/gitlab/nginx/gitlab_error.log;

# Ensure Passenger uses the bundled Ruby version

passenger_ruby /opt/gitlab/embedded/bin/ruby;

# Correct the $PATH variable to included packaged executables

passenger_env_var PATH "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/usr/local/bin:/usr/bin:/bin";

# Make sure Passenger runs as the correct user and group to

# prevent permission issues

passenger_user git;

passenger_group git;

# Enable Passenger & keep at least one instance running at all times

passenger_enabled on;

passenger_min_instances 1;

location ~ ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$ {

# 'Error' 418 is a hack to re-use the @gitlab-workhorse block

error_page 418 = @gitlab-workhorse;

return 418;

}

location ~ ^/[\w\.-]+/[\w\.-]+/repository/archive {

# 'Error' 418 is a hack to re-use the @gitlab-workhorse block

error_page 418 = @gitlab-workhorse;

return 418;

}

location ~ ^/api/v3/projects/.*/repository/archive {

# 'Error' 418 is a hack to re-use the @gitlab-workhorse block

error_page 418 = @gitlab-workhorse;

return 418;

}

# Build artifacts should be submitted to this location

location ~ ^/[\w\.-]+/[\w\.-]+/builds/download {

client_max_body_size 0;

# 'Error' 418 is a hack to re-use the @gitlab-workhorse block

error_page 418 = @gitlab-workhorse;

return 418;

}

# Build artifacts should be submitted to this location

location ~ /ci/api/v1/builds/[0-9]+/artifacts {

client_max_body_size 0;

# 'Error' 418 is a hack to re-use the @gitlab-workhorse block

error_page 418 = @gitlab-workhorse;

return 418;

}

# Build artifacts should be submitted to this location

location ~ /api/v4/jobs/[0-9]+/artifacts {

client_max_body_size 0;

# 'Error' 418 is a hack to re-use the @gitlab-workhorse block

error_page 418 = @gitlab-workhorse;

return 418;

}

# For protocol upgrades from HTTP/1.0 to HTTP/1.1 we need to provide Host header if its missing

if ($http_host = "") {

# use one of values defined in server_name

set $http_host_with_default "git.example.com";

}

if ($http_host != "") {

set $http_host_with_default $http_host;

}

location @gitlab-workhorse {

## https://github.com/gitlabhq/gitlabhq/issues/694

## Some requests take more than 30 seconds.

proxy_read_timeout 3600;

proxy_connect_timeout 300;

proxy_redirect off;

# Do not buffer Git HTTP responses

proxy_buffering off;

proxy_set_header Host $http_host_with_default;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://gitlab-workhorse;

## The following settings only work with NGINX 1.7.11 or newer

#

## Pass chunked request bodies to gitlab-workhorse as-is

# proxy_request_buffering off;

# proxy_http_version 1.1;

}

## Enable gzip compression as per rails guide:

## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression

## WARNING: If you are using relative urls remove the block below

## See config/application.rb under "Relative url support" for the list of

## other files that need to be changed for relative url support

location ~ ^/(assets)/ {

root /opt/gitlab/embedded/service/gitlab-rails/public;

gzip_static on; # to serve pre-gzipped version

expires max;

add_header Cache-Control public;

}

## To access Grafana

location /-/grafana/ {

proxy_pass http://localhost:3000/;

}

error_page 502 /502.html;

}

# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

# 删除默认配置

# mv /etc/nginx/conf.d/default.conf  /etc/nginx/conf.d/default.conf.bak

# 重启

# systemctl restart nginx

# systemctl enable nginx

Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.

# 查看passenger安装情况

# passenger-config validate-install

What would you like to validate?

Use <space> to select.

If the menu doesn't display correctly, press '!'

‣ ⬢ Passenger itself

⬡ Apache

-------------------------------------------------------------------------

* Checking whether this Passenger install is in PATH... ✓

* Checking whether there are no other Passenger installations... ✓

Everything looks good. :-)

查看启动状态

# passenger-memory-stats

Version: 6.0.18

Date : 2023-09-15 13:57:48 +0800

------------- Apache processes -------------

*** WARNING: The Apache executable cannot be found.

Please set the APXS2 environment variable to your 'apxs2' executable's filename, or set the HTTPD environment variable to your 'httpd' or 'apache2' executable's filename.

---------- Nginx processes ----------

PID PPID VMSize Private Name

-------------------------------------

31937 1 61.6 MB 0.5 MB nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf

31938 31937 61.8 MB 0.8 MB nginx: worker process

31939 31937 61.8 MB 0.8 MB nginx: worker process

31942 31937 61.8 MB 0.8 MB nginx: worker process

31950 31937 61.8 MB 0.8 MB nginx: worker process

### Processes: 5

### Total private dirty RSS: 3.64 MB

----- Passenger processes ------

PID VMSize Private Name

--------------------------------

31924 355.1 MB 2.1 MB Passenger watchdog

31927 1378.0 MB 4.7 MB Passenger core

### Processes: 2

### Total private dirty RSS: 6.89 MB