Last active
October 11, 2024 17:44
-
-
Save Nielio/6845b6625211b5e25af0e12d08ecad60 to your computer and use it in GitHub Desktop.
Gitlab CE with build in Container Registry behind Traefik 2 with Letsencrypt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3.6" | |
| services: | |
| gitlab: | |
| image: gitlab/gitlab-ce | |
| volumes: | |
| - gitlab-data:/var/opt/gitlab | |
| - gitlab-logs:/var/log/gitlab | |
| - gitlab-config:/etc/gitlab | |
| networks: | |
| - traefik-public | |
| - default | |
| ports: | |
| - target: 22 | |
| published: 4224 | |
| mode: host | |
| environment: | |
| GITLAB_OMNIBUS_CONFIG: "from_file('/omnibus_config.rb')" | |
| configs: | |
| - source: gitlab | |
| target: /omnibus_config.rb | |
| secrets: | |
| - gitlab_root_password | |
| deploy: | |
| resources: | |
| limits: | |
| memory: 8G | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.http.routers.gitlab.rule=Host(`gitlab.your-domain.com`)" | |
| - "traefik.http.routers.gitlab.entrypoints=websecure" | |
| - "traefik.http.routers.gitlab.service=gitlab" | |
| - "traefik.http.routers.gitlab.tls.certresolver=letsencryptresolver" | |
| - "traefik.http.services.gitlab.loadbalancer.server.port=80" | |
| - "traefik.http.routers.registry.rule=Host(`registry.your-domain.com`)" | |
| - "traefik.http.routers.registry.entrypoints=websecure" | |
| - "traefik.http.routers.registry.service=registry" | |
| - "traefik.http.routers.registry.tls.certresolver=letsencryptresolver" | |
| - "traefik.http.services.registry.loadbalancer.server.port=5005" | |
| configs: | |
| gitlab: | |
| file: ./gitlab.rb | |
| secrets: | |
| gitlab_root_password: | |
| file: ./root_password.txt | |
| volumes: | |
| gitlab-data: | |
| gitlab-logs: | |
| gitlab-config: | |
| networks: | |
| traefik-public: | |
| external: true | |
| default: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| docker stack deploy -c compose.yml gitlab |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| external_url 'https://gitlab.your-domain.com/' | |
| gitlab_rails['initial_root_password'] = File.read('/run/secrets/gitlab_root_password') | |
| # Needed to let gitlab work behind traefik | |
| nginx['listen_https'] = false | |
| nginx['listen_port'] = 80 | |
| gitlab_rails['gitlab_ssh_host'] = 'gitlab.your-domain.com' | |
| gitlab_rails['gitlab_shell_ssh_port'] = 4224 | |
| # container registry | |
| registry_external_url 'http://registry.your-domain.com' | |
| registry['enable'] = true | |
| gitlab_rails['registry_enabled'] = true | |
| registry_nginx['enable'] = true | |
| registry_nginx['listen_port'] = 5005 | |
| registry_nginx['listen_https'] = false | |
| registry_nginx['proxy_set_headers'] = { | |
| "Host" => "$http_host", | |
| "X-Real-IP" => "$remote_addr", | |
| "X-Forwarded-For" => "$proxy_add_x_forwarded_for", | |
| "X-Forwarded-Proto" => "https", | |
| "X-Forwarded-Ssl" => "on" | |
| } | |
| gitlab_rails['rack_attack_git_basic_auth'] = { | |
| 'enabled' => true, | |
| 'ip_whitelist' => ["127.0.0.1"], | |
| 'maxretry' => 10, | |
| 'findtime' => 600, | |
| 'bantime' => 136000 | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, I believe the labels section in the provided compose.yml needs to be indented one block to the left.