Installing GitHub Enterprise Server on AWS

To install GitHub Enterprise Server on Amazon Web Services (AWS), you must launch an Amazon Elastic Compute Cloud (EC2) instance and create and attach a separate Amazon Elastic Block Store (EBS) data volume.

Prerequisites

This guide assumes you are familiar with the following AWS concepts:

For an architectural overview, see the "AWS Architecture Diagram for Deploying GitHub Enterprise Server".

This guide recommends the principle of least privilege when setting up your GitHub Enterprise Server instance on AWS. For more information, refer to the AWS Identity and Access Management (IAM) documentation.

Hardware considerations

最低要求

建议根据 your GitHub Enterprise Server instance 的用户许可数选择不同的硬件配置。 如果预配的资源超过最低要求,您的实例将表现出更好的性能和扩展。

用户许可vCPU内存附加的存储容量根存储容量
试用版、演示版或 10 个轻度用户432 GB150 GB200 GB
10-3000848 GB300 GB200 GB
3000-50001264 GB500 GB200 GB
5000-80001696 GB750 GB200 GB
8000-10000+20160 GB1000 GB200 GB

如果您计划为实例用户启用 GitHub Actions,请在“GitHub Enterprise Server 的 GitHub Actions 使用入门”中查阅硬件、外部存储和运行器的要求。

有关为现有实例调整资源的更多信息,请参阅“增加存储容量”和“增加 CPU 或内存资源”。

存储器

我们建议为 GitHub Enterprise Server 配置具有高每秒输入/输出操作数 (IOPS) 和低延迟的高性能 SSD。 工作负载是 I/O 密集型的。 如果使用裸机管理程序,建议直接连接磁盘或使用存储区域网络 (SAN) 中的磁盘。

您的实例需要一个独立于根磁盘的持久数据磁盘。 更多信息请参阅“系统概述”。

To configure GitHub Actions, you must provide external blob storage. 更多信息请参阅“GitHub Enterprise Server 的 GitHub Actions 使用入门”。

The available space on the root filesystem will be 50% of the total disk size. 您可以通过构建一个新实例或使用现有实例来调整实例的根磁盘大小。 For more information, see "System overview" and "Increasing storage capacity."

CPU 和内存

GitHub Enterprise Server 需要的 CPU 和内存资源取决于用户的活动水平、自动化和集成。

If you plan to enable GitHub Actions for the users of your GitHub Enterprise Server instance, you may need to provision additional CPU and memory resources for your instance. 更多信息请参阅“GitHub Enterprise Server 的 GitHub Actions 使用入门”。

增加 CPU 资源时,我们建议为实例预配的每个 vCPU(最多 16 个 vCPU)增加至少 6.5 GB 的内存。 如果您使用的 vCPU 超过 16 个,则无需为每个 vCPU 添加 6.5 GB 内存,但应监控您的实例以确保其有足够的内存。

警告: 我们建议用户配置 web 挂钩事件来通知外部系统有关 GitHub Enterprise Server 上的活动。 自动检查更改或 轮询将对实例的性能和可扩展性产生不利影响。 更多信息请参阅“关于 web 挂钩”。

有关监控 GitHub Enterprise Server 容量和性能的更多信息,请参阅“监控您的设备”。

您可以增加实例的 CPU 或内存资源。 更多信息请参阅“增加 CPU 或内存资源”。

Determining the instance type

Before launching your GitHub Enterprise Server instance on AWS, you'll need to determine the machine type that best fits the needs of your organization. To review the minimum requirements for GitHub Enterprise Server, see "Minimum requirements."

注意:您可以随时通过调整实例大小来扩展 CPU 或内存。 但由于调整 CPU 或内存的大小需要对用户停机,因此我们建议超配资源来应对扩展。

GitHub 建议对 GitHub Enterprise Server 使用内存优化的实例。 更多信息请参阅 Amazon EC2 网站上的 Amazon EC2 实例类型

Selecting the GitHub Enterprise Server AMI

You can select an Amazon Machine Image (AMI) for GitHub Enterprise Server using the GitHub Enterprise Server portal or the AWS CLI.

AMIs for GitHub Enterprise Server are available in the AWS GovCloud (US-East and US-West) region. This allows US customers with specific regulatory requirements to run GitHub Enterprise Server in a federally compliant cloud environment. For more information on AWS's compliance with federal and other standards, see AWS's GovCloud (US) page and AWS's compliance page.

Using the GitHub Enterprise Server portal to select an AMI

  1. 导航到 GitHub Enterprise Server 下载页面
  2. 单击 Get the latest release of GitHub Enterprise Server(获取 GitHub Enterprise Server 的最新版本)
  3. In the Select your platform drop-down menu, click Amazon Web Services.
  4. In the Select your AWS region drop-down menu, choose your desired region.
  5. Take note of the AMI ID that is displayed.

Using the AWS CLI to select an AMI

  1. Using the AWS CLI, get a list of GitHub Enterprise Server images published by GitHub's AWS owner IDs (025577942450 for GovCloud, and 895557238572 for other regions). For more information, see "describe-images" in the AWS documentation.
    aws ec2 describe-images \
    --owners OWNER ID \
    --query 'sort_by(Images,&Name)[*].{Name:Name,ImageID:ImageId}' \
    --output=text
  2. Take note of the AMI ID for the latest GitHub Enterprise Server image.

Creating a security group

If you're setting up your AMI for the first time, you will need to create a security group and add a new security group rule for each port in the table below. For more information, see the AWS guide "Using Security Groups."

  1. Using the AWS CLI, create a new security group. For more information, see "create-security-group" in the AWS documentation.

    $ aws ec2 create-security-group --group-name SECURITY_GROUP_NAME --description "SECURITY GROUP DESCRIPTION"
  2. Take note of the security group ID (sg-xxxxxxxx) of your newly created security group.

  3. Create a security group rule for each of the ports in the table below. For more information, see "authorize-security-group-ingress" in the AWS documentation.

    $ aws ec2 authorize-security-group-ingress --group-id SECURITY_GROUP_ID --protocol PROTOCOL --port PORT_NUMBER --cidr SOURCE IP RANGE

    This table identifies what each port is used for.

    端口服务描述
    22SSHGit over SSH 访问。 支持克隆、获取和推送操作到公共/私有仓库。
    25SMTP支持加密 (STARTTLS) 的 SMTP。
    80HTTPWeb 应用程序访问。 当 SSL 启用时,所有请求都会重定向到 HTTPS 端口。
    122SSH实例 shell 访问。 默认 SSH 端口 (22) 专用于应用程序 git+ssh 网络流量。
    161/UDPSNMP为网络监视协议操作所需。
    443HTTPSWeb 应用程序和 Git over HTTPS 访问。
    1194/UDPVPN采用高可用性配置的安全复制网络隧道。
    8080HTTP基于纯文本 Web 的 管理控制台。 除非手动禁用 SSL,否则不需要。
    8443HTTPS基于安全 Web 的 管理控制台。 进行基本安装和配置时需要。
    9418Git简单的 Git 协议端口。 仅克隆和获取操作到公共仓库。 未加密的网络通信。 如果在实例上启用了私有模式,则仅当您也启用了匿名 Git 读取访问时才需要打开此端口。 更多信息请参阅“在企业中实施仓库管理策略”。

Creating the GitHub Enterprise Server instance

To create the instance, you'll need to launch an EC2 instance with your GitHub Enterprise Server AMI and attach an additional storage volume for your instance data. For more information, see "Hardware considerations."

Note: You can encrypt the data disk to gain an extra level of security and ensure that any data you write to your instance is protected. There is a slight performance impact when using encrypted disks. If you decide to encrypt your volume, we strongly recommend doing so before starting your instance for the first time. For more information, see the Amazon guide on EBS encryption.

Warning: If you decide to enable encryption after you've configured your instance, you will need to migrate your data to the encrypted volume, which will incur some downtime for your users.

Launching an EC2 instance

In the AWS CLI, launch an EC2 instance using your AMI and the security group you created. Attach a new block device to use as a storage volume for your instance data, and configure the size based on your user license count. For more information, see "run-instances" in the AWS documentation.

aws ec2 run-instances \
  --security-group-ids SECURITY_GROUP_ID \
  --instance-type INSTANCE_TYPE \
  --image-id AMI_ID \
  --block-device-mappings '[{"DeviceName":"/dev/xvdf","Ebs":{"VolumeSize":SIZE,"VolumeType":"TYPE"}}]' \
  --region REGION \
  --ebs-optimized

Allocating an Elastic IP and associating it with the instance

If this is a production instance, we strongly recommend allocating an Elastic IP (EIP) and associating it with the instance before proceeding to GitHub Enterprise Server configuration. Otherwise, the public IP address of the instance will not be retained after instance restarts. For more information, see "Allocating an Elastic IP Address" and "Associating an Elastic IP Address with a Running Instance" in the Amazon documentation.

Both primary and replica instances should be assigned separate EIPs in production High Availability configurations. For more information, see "Configuring GitHub Enterprise Server for High Availability."

Configuring the GitHub Enterprise Server instance

  1. 复制虚拟机的公共 DNS 名称,然后将其粘贴到 web 浏览器中。
  2. 在提示时上传许可文件并设置管理控制台密码。 更多信息请参阅“管理 GitHub Enterprise 的许可”。
  3. 管理控制台 中,配置并保存您所需的设置。 For more information, see "Configuring the GitHub Enterprise Server appliance."
  4. 实例将自动重启。
  5. 单击 Visit your instance(访问您的实例)

Further reading

此文档对您有帮助吗?

隐私政策

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或者, 了解如何参与。