squid 部署

yum install squid -y
yum install httpd-tools -y

cd squid*
./configure \
--prefix=/usr \
--exec-prefix=/usr \
--includedir=/usr/include \
--datadir=/usr/share \
--libdir=/usr/lib64 \
--libexecdir=/usr/lib64/squid \
--localstatedir=/var \
--sysconfdir=/etc/squid \
--sharedstatedir=/var/lib \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--with-default-user=squid \
--enable-silent-rules \
--enable-dependency-tracking \
--with-openssl \
--enable-icmp \
--enable-delay-pools \
--enable-useragent-log \
--enable-esi \
--enable-follow-x-forwarded-for \
--enable-auth

make && make install
#编译安装
chown squid:squid /var/log/squid/
# 设置日志目录所属

htpasswd -cd  /etc/squid/passwd squid1
#apache工具创建文件和用户密码
htpasswd -d  /etc/squid/passwd squid2
#创建第二个用户和密码

/usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd

squid1 123456
#输入密码提示"OK"

visible_hostname fuckgfw
#创建一个主机名字，随意即可
http_port 1024
#指定服务端 ip:port

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
#启用认证

access_log /var/log/squid/access.log
#设置log路径

request_header_access X-Forwarded-For deny all
request_header_access From deny all
request_header_access Via deny all
#高匿配置

squid -k parse   #检查配置文件
squid -s    #后台运行服务
squid -k shutdown #关闭服务

iptables -t nat -A PREROUTING  -p tcp --dport 80 -j REDIRECT --to-ports 3128
#经过本机访问web将重定向到3128端口

iptables -I POSTROUTING -t nat  -j MASQUERADE
#开启MASQUERADE地址伪装

echo 1 > /proc/sys/net/ipv4/ip_forward
grep  ip_forward  /etc/sysctl.conf &>/dev/null || echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
#开启NAT转发

#Generate Prviate Key
openssl genrsa -out attacker.club.private 2048
#Greate Certificate siqning request
openssl req -new -key attacker.club.private -out attacker.club.csr

git clone https://gitlab.com/xhang/gitlab.git
#下载补丁
cat gitlab/VERSION
#查看汉化版本

yum install curl policycoreutils openssh-server openssh-clients   && systemctl restart sshd

wget -c https://packages.gitlab.com/gitlab/gitlab-ce/el/7/x86_64/gitlab-ce-9.0.6-ce.0.el7.x86_64.rpm
rpm -ivh gitlab*.rpm
#下载和安装rpm包

external_url 'http://gitlab.example.com'

git clone https://github.com/larryli/gitlabhq.git
#下载汉化包

gitlab-ctl stop
#关闭gitlab

head -1 /opt/gitlab/version-manifest.txt
#查看安装的gitlab版本
cd gitlab/
#进入汉化包目录
git diff v10.6.4 v10.6.4-zh >../v10.6.4-zh.diff
cd ..
yum install patch
patch -d /opt/gitlab/embedded/service/gitlab-rails -p1 < v10.6.4-zh.diff

gitlab-ctl  start
#启动gitlab

gitlab-ctl status
#查看状态

gitlab-ctl reconfigure

gitlab_rails['ldap_enabled'] = true

###! **remember to close this block with 'EOS' below**
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: ' GitLab LDAP'
     host: '10.0.0.200'
     port: 389
     uid: 'uid'
     method: 'plain' # "start_tls" or "simple_tls" or "plain"
     bind_dn: 'CN=Manager,DC=huored,DC=com'
     password: 'XXX密码'
     base: 'DC=huored,DC=com'
EOS

gitlab-ctl  restart
#重启服务