# Gitlab 安装及 SSO 接入指南 ## Gitlab 安装启动 - 可以参考：https://docs.gitlab.com/ee/install/docker/installation.html - GITLAB_HOME: /usr/local/gitlab ### Docker Compose 启动 #### 修改 docker compose 文件 - Docker Compose 文件 `$GITLAB_HOME/docker-compose.yml` ```yaml version: '3.6' services: gitlab: image: gitlab/gitlab-ce:17.7.0-ce.0 container_name: gitlab restart: always hostname: '192.168.113.131' environment: GITLAB_OMNIBUS_CONFIG: | external_url 'http://192.168.113.131:8929' gitlab_rails['gitlab_shell_ssh_port'] = 2424 ports: - '8929:8929' - '2443:443' - '2424:22' volumes: - '$GITLAB_HOME/config:/etc/gitlab' - '$GITLAB_HOME/logs:/var/log/gitlab' - '$GITLAB_HOME/data:/var/opt/gitlab' shm_size: '256m' ``` - 默认账号：`root` - 默认密码：在 `$GITLAB_HOME/config/initial_root_password` ### Yearning OIDC 配置 - 可以参考：https://docs.gitlab.com/ee/administration/auth/oidc.html#configure-keycloak - **注意：** Gitlab 整合 OIDC，Identity Provider 必须要用 `https` #### 修改配置文件（Keycloak示例） - 配置文件 `$GITLAB_HOME/config/gitlab.rb` ```shell gitlab_rails['omniauth_enabled'] = true gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect'] gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'openid_connect' gitlab_rails['omniauth_auto_link_user'] = ['openid_connect'] gitlab_rails['omniauth_providers'] = [ { name: "openid_connect", # do not change this parameter label: "Keycloak", # optional label for login button, defaults to "Openid Connect" args: { name: "openid_connect", scope: ["openid", "profile", "email"], response_type: "code", issuer: "https://keycloak.example.com/realms/myrealm", client_auth_method: "query", discovery: true, uid_field: "preferred_username", pkce: true, client_options: { identifier: "", secret: "", redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback" } } } ] ``` ## 参考 - [Gitlab OIDC](https://docs.gitlab.com/ee/administration/auth/oidc.html) - [Gitlab OIDC 整合 Keycloak](https://docs.gitlab.com/ee/administration/auth/oidc.html#configure-keycloak)