texousliu/keyfil
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
keyfil/教程/20250108-Gitlab安装及SSO接入指南.md
liuxiaohua 31aa3a7b70
All checks were successful
Publish to Confluence / confluence (push) Successful in 59s
Details
[2025-02-20] 更新进度表
2025-02-20 18:36:41 +08:00

3.0 KiB
Raw Blame History

Gitlab 安装及 SSO 接入指南

Gitlab 安装启动

Docker Compose 启动

修改 docker compose 文件

  • Docker Compose 文件 $GITLAB_HOME/docker-compose.yml
version: '3.6'
services:
  gitlab:
    image: gitlab/gitlab-ce:17.7.0-ce.0
    container_name: gitlab
    restart: always
    hostname: '192.168.113.131'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://192.168.113.131:8929'
        gitlab_rails['gitlab_shell_ssh_port'] = 2424
    ports:
      - '8929:8929'
      - '2443:443'
      - '2424:22'
    volumes:
      - '$GITLAB_HOME/config:/etc/gitlab'
      - '$GITLAB_HOME/logs:/var/log/gitlab'
      - '$GITLAB_HOME/data:/var/opt/gitlab'
    shm_size: '256m'
  • 默认账号:root
  • 默认密码:在 $GITLAB_HOME/config/initial_root_password

Gitlab Generic OAuth2 配置

修改配置文件Keycloak示例

  • 配置文件 $GITLAB_HOME/config/gitlab.rb
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['oauth2_generic']
gitlab_rails['omniauth_auto_link_user'] = ['oauth2_generic']
gitlab_rails['omniauth_providers'] = [
  {
    name: "oauth2_generic",
    label: "企业微信", # optional label for login button, defaults to "Oauth2 Generic"
    app_id: "gitlab",
    app_secret: "lGHpprHWcG3mgsQpPMtUsC4NeOqf8Izi",
    args: {
      client_options: {
        site: "http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/",
        user_info_url: "userinfo",
        authorize_url: "auth",
        token_url: "token"
      },
      user_response_structure: {
        root_path: [],
        id_path: ["preferred_username"],
        attributes: {
          email: "email",
          name: "name"
        }
      },
      authorize_params: {
        scope: "openid profile email"
      },
      strategy_class: "OmniAuth::Strategies::OAuth2Generic"
    }
  }
]

参考