Installing GitHub Enterprise Server on AWS

Prerequisites

您必须拥有 GitHub Enterprise 许可文件。 For more information, see "Setting up a trial of GitHub Enterprise Server" and "About licenses for GitHub Enterprise."
You must have an AWS account capable of launching EC2 instances and creating EBS volumes. For more information, see the Amazon Web Services website.
Most actions needed to launch your GitHub Enterprise Server instance may also be performed using the AWS management console. However, we recommend installing the AWS command line interface (CLI) for initial setup. Examples using the AWS CLI are included below. For more information, see Amazon's guides "Working with the AWS Management Console" and "What is the AWS Command Line Interface."

This guide assumes you are familiar with the following AWS concepts:

Launching EC2 Instances
Managing EBS Volumes
Using Security Groups (For managing network access to your instance)
Elastic IP Addresses (EIP) (Strongly recommended for production environments)
EC2 and Virtual Private Cloud (If you plan to launch into a Virtual Private Cloud)
AWS Pricing (For calculating and managing costs)

For an architectural overview, see the "AWS Architecture Diagram for Deploying GitHub Enterprise Server".

This guide recommends the principle of least privilege when setting up your GitHub Enterprise Server instance on AWS. For more information, refer to the AWS Identity and Access Management (IAM) documentation.

Minimum requirements

We recommend different hardware configurations depending on the number of user licenses for your GitHub Enterprise Server instance. If you provision more resources than the minimum requirements, your instance will perform and scale better.

用户许可	vCPU	内存	附� 的存储容量	� �存储容量
试用版、演示版或 10 个轻度用户	4	32 GB	150 GB	200 GB
10-3000	8	48 GB	300 GB	200 GB
3000-5000	12	64 GB	500 GB	200 GB
5000-8000	16	96 GB	750 GB	200 GB
8000-10000+	20	160 GB	1000 GB	200 GB

If you plan to enable GitHub Actions for the users of your instance, more resources are required.

vCPU	内存	最大作业吞吐量
4	32 GB	演示或轻量测试
8	64 GB	25 个作业
16	160 GB	35 个作业
32	256 GB	100 个作业

For more information about these requirements, see "Getting started with GitHub Actions for GitHub Enterprise Server."

有关为现有实例调整资源的更多信息，请参阅“增� 存储容量”和“增� CPU 或内存资源”。

Storage

We recommend a high-performance SSD with high input/output operations per second (IOPS) and low latency for GitHub Enterprise Server. Workloads are I/O intensive. If you use a bare metal hypervisor, we recommend directly attaching the disk or using a disk from a storage area network (SAN).

Your instance requires a persistent data disk separate from the root disk. For more information, see "System overview."

To configure GitHub Actions, you must provide external blob storage. For more information, see "Getting started with GitHub Actions for GitHub Enterprise Server."

The available space on the root filesystem will be 50% of the total disk size. You can resize your instance's root disk by building a new instance or using an existing instance. For more information, see "System overview" and "Increasing storage capacity."

CPU and memory

The CPU and memory resources that GitHub Enterprise Server requires depend on the levels of activity for users, automations, and integrations.

If you plan to enable GitHub Actions for the users of your GitHub Enterprise Server instance, you may need to provision additional CPU and memory resources for your instance. For more information, see "Getting started with GitHub Actions for GitHub Enterprise Server."

增� CPU 资源时，我们建议为实例预配的每个 vCPU（最多 16 个 vCPU）增� 至少 6.5 GB 的内存。如果您使用的 vCPU 超过 16 个，则� 需为每个 vCPU 添� 6.5 GB 内存，但应监控您的实例以确保其有足够的内存。

Warning: We recommend that users configure webhook events to notify external systems of activity on GitHub Enterprise Server. Automated checks for changes, or polling, will negatively impact the performance and scalability of your instance. For more information, see "About webhooks."

For more information about monitoring the capacity and performance of GitHub Enterprise Server, see "Monitoring your appliance."

You can increase your instance's CPU or memory resources. For more information, see "Increasing CPU or memory resources."

Determining the instance type

Before launching your GitHub Enterprise Server instance on AWS, you'll need to determine the machine type that best fits the needs of your organization. To review the minimum requirements for GitHub Enterprise Server, see "Minimum requirements."

注意：您可以随时通过调整实例大小来扩展 CPU 或内存。但由于调整 CPU 或内存的大小需要对用户停机，� 此我们建议超配资源来应对扩展。

GitHub 建议对 GitHub Enterprise Server 使用内存优化的实例。更多信息请参阅 Amazon EC2 网站上的 Amazon EC2 实例类型。

Selecting the GitHub Enterprise Server AMI

You can select an Amazon Machine Image (AMI) for GitHub Enterprise Server using the GitHub Enterprise Server portal or the AWS CLI.

AMIs for GitHub Enterprise Server are available in the AWS GovCloud (US-East and US-West) region. This allows US customers with specific regulatory requirements to run GitHub Enterprise Server in a federally compliant cloud environment. For more information on AWS's compliance with federal and other standards, see AWS's GovCloud (US) page and AWS's compliance page.

Using the GitHub Enterprise Server portal to select an AMI

导航到 GitHub Enterprise Server 下载页面。
Click Get the latest release of GitHub Enterprise Server.
In the Select your platform drop-down menu, click Amazon Web Services.
In the Select your AWS region drop-down menu, choose your desired region.
Take note of the AMI ID that is displayed.

Using the AWS CLI to select an AMI

Using the AWS CLI, get a list of GitHub Enterprise Server images published by GitHub's AWS owner IDs (025577942450 for GovCloud, and 895557238572 for other regions). For more information, see "describe-images" in the AWS documentation.
```
aws ec2 describe-images \
--owners OWNER ID \
--query 'sort_by(Images,&Name)[*].{Name:Name,ImageID:ImageId}' \
--output=text
```
Take note of the AMI ID for the latest GitHub Enterprise Server image.

Creating a security group

If you're setting up your AMI for the first time, you will need to create a security group and add a new security group rule for each port in the table below. For more information, see the AWS guide "Using Security Groups."

Using the AWS CLI, create a new security group. For more information, see "create-security-group" in the AWS documentation.
```
$ aws ec2 create-security-group --group-name SECURITY_GROUP_NAME --description "SECURITY GROUP DESCRIPTION"
```
Take note of the security group ID (sg-xxxxxxxx) of your newly created security group.

Create a security group rule for each of the ports in the table below. For more information, see "authorize-security-group-ingress" in the AWS documentation.

$ aws ec2 authorize-security-group-ingress --group-id SECURITY_GROUP_ID --protocol PROTOCOL --port PORT_NUMBER --cidr SOURCE IP RANGE

This table identifies what each port is used for.

端口	服务	描述
22	SSH	Git over SSH 访问。支持克隆、获取和推送操作到公共/私有仓库。
25	SMTP	支持� 密 (STARTTLS) 的 SMTP。
80	HTTP	Web 应用程序访问。当 SSL 启用时，所有请求都会重定向到 HTTPS 端口。
122	SSH	实例 shell 访问。默认 SSH 端口 (22) 专用于应用程序 git+ssh 网络流量。
161/UDP	SNMP	为网络监视协议操作所需。
443	HTTPS	Web 应用程序和 Git over HTTPS 访问。
1194/UDP	VPN	采用高可用性配置的安全复制网络隧道。
8080	HTTP	基于纯文本 Web 的管理控制台。除非手动禁用 SSL，否则不需要。
8443	HTTPS	基于安全 Web 的管理控制台。进行基本安装和配置时需要。
9418	Git	简单的 Git 协议端口。仅克隆和获取操作到公共仓库。未� 密的网络通信。如果在实例上启用了私有模式，则仅当您也启用了匿名 Git 读取访问时才需要打开此端口。更多信息请参阅“在企业中实施仓库管理策略”。

Creating the GitHub Enterprise Server instance

To create the instance, you'll need to launch an EC2 instance with your GitHub Enterprise Server AMI and attach an additional storage volume for your instance data. For more information, see "Hardware considerations."

Note: You can encrypt the data disk to gain an extra level of security and ensure that any data you write to your instance is protected. There is a slight performance impact when using encrypted disks. If you decide to encrypt your volume, we strongly recommend doing so before starting your instance for the first time. For more information, see the Amazon guide on EBS encryption.

Warning: If you decide to enable encryption after you've configured your instance, you will need to migrate your data to the encrypted volume, which will incur some downtime for your users.

Launching an EC2 instance

In the AWS CLI, launch an EC2 instance using your AMI and the security group you created. Attach a new block device to use as a storage volume for your instance data, and configure the size based on your user license count. For more information, see "run-instances" in the AWS documentation.

aws ec2 run-instances \
  --security-group-ids SECURITY_GROUP_ID \
  --instance-type INSTANCE_TYPE \
  --image-id AMI_ID \
  --block-device-mappings '[{"DeviceName":"/dev/xvdf","Ebs":{"VolumeSize":SIZE,"VolumeType":"TYPE"}}]' \
  --region REGION \
  --ebs-optimized

Allocating an Elastic IP and associating it with the instance

If this is a production instance, we strongly recommend allocating an Elastic IP (EIP) and associating it with the instance before proceeding to GitHub Enterprise Server configuration. Otherwise, the public IP address of the instance will not be retained after instance restarts. For more information, see "Allocating an Elastic IP Address" and "Associating an Elastic IP Address with a Running Instance" in the Amazon documentation.

Both primary and replica instances should be assigned separate EIPs in production High Availability configurations. For more information, see "Configuring GitHub Enterprise Server for High Availability."

Configuring the GitHub Enterprise Server instance

复制虚拟机的公共 DNS 名称，然后将其粘贴到 web 浏览器中。
在提示时上� 许可文件并设置管理控制台密� �。更多信息请参阅“管理 GitHub Enterprise 的许可”。
在管理控制台中，配置并保存您所需的设置。 For more information, see "Configuring the GitHub Enterprise Server appliance."
实例将自动重启。
单击 Visit your instance（访问您的实例）。