Created
September 21, 2021 03:34
-
-
Save gythialy/e2145d911de47b5b93cb88fb695e9276 to your computer and use it in GitHub Desktop.
deploy gitlab behind proxy by docker-compose/docker-swarm
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3.5" | |
| services: | |
| gitlab: | |
| image: gythialy/gitlab:14.0.1-ee.0 | |
| container_name: gitlab | |
| configs: | |
| - source: gitlab | |
| target: /etc/gitlab/gitlab.rb | |
| secrets: | |
| - gitlab_root_password | |
| ports: | |
| - 9000:9000 | |
| - 5050:80 | |
| volumes: | |
| - gitlab_config:/etc/gitlab | |
| - gitlab_logs:/var/log/gitlab | |
| - gitlab_data:/var/opt/gitlab | |
| networks: | |
| - gitlab | |
| - traefik | |
| restart: unless-stopped | |
| deploy: | |
| update_config: | |
| parallelism: 1 | |
| failure_action: rollback | |
| restart_policy: | |
| condition: on-failure | |
| delay: 5s | |
| max_attempts: 3 | |
| window: 120s | |
| placement: | |
| constraints: | |
| - node.labels.gitlab == true | |
| labels: | |
| - traefik.enable=true | |
| - traefik.docker.network=traefik | |
| - traefik.http.routers.gitlab-https.rule=Host(`git.example.com`) | |
| - traefik.http.routers.gitlab-https.entrypoints=websecure | |
| - traefik.http.routers.gitlab-https.tls=true | |
| - traefik.http.routers.gitlab-https.tls.certresolver=alidns | |
| - traefik.http.routers.gitlab-https.service=gitlab | |
| - traefik.http.services.gitlab.loadbalancer.server.port=9000 | |
| # Can't filter TCP traffic on SNI, see link below | |
| # https://community.containo.us/t/routing-ssh-traffic-with-traefik-v2/717/6 | |
| - traefik.tcp.routers.gitlab-ssh.rule=HostSNI(`*`) | |
| - traefik.tcp.routers.gitlab-ssh.entrypoints=ssh | |
| - traefik.tcp.routers.gitlab-ssh.service=gitlab-ssh-svc | |
| - traefik.tcp.services.gitlab-ssh-svc.loadbalancer.server.port=22 | |
| # registry | |
| - traefik.http.routers.registry-https.rule=Host(`registry.example.com`) | |
| - traefik.http.routers.registry-https.entrypoints=websecure | |
| - traefik.http.routers.registry-https.tls=true | |
| - traefik.http.routers.registry-https.tls.certresolver=alidns | |
| - traefik.http.routers.registry-https.service=registry | |
| - traefik.http.services.registry.loadbalancer.server.port=80 | |
| logging: | |
| driver: "json-file" | |
| options: | |
| max-size: "10M" | |
| max-file: "10" | |
| volumes: | |
| gitlab_data: | |
| gitlab_config: | |
| gitlab_logs: | |
| # certs-data: | |
| # registry-data: | |
| configs: | |
| gitlab: | |
| file: ./gitlab/gitlab.local.rb | |
| secrets: | |
| gitlab_root_password: | |
| file: ./gitlab/root_password.txt | |
| networks: | |
| gitlab: | |
| name: gitlab | |
| traefik: | |
| external: true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## GitLab configuration settings | |
| ##! This file is generated during initial installation and **is not** modified | |
| ##! during upgrades. | |
| ##! Check out the latest version of this file to know about the different | |
| ##! settings that can be configured, when they were introduced and why: | |
| ##! https://gitlab.com/gitlab-org/omnibus-gitlab/blame/master/files/gitlab-config-template/gitlab.rb.template | |
| ## GitLab URL | |
| ##! URL on which GitLab will be reachable. | |
| ##! For more details on configuring external_url see: | |
| ##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab | |
| ##! | |
| ##! Note: During installation/upgrades, the value of the environment variable | |
| ##! EXTERNAL_URL will be used to populate/replace this value. | |
| ##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP | |
| ##! address from AWS. For more details, see: | |
| ##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html | |
| external_url 'https://git.example.com' | |
| ################################################################################ | |
| ################################################################################ | |
| ## Configuration Settings for GitLab CE and EE ## | |
| ################################################################################ | |
| ################################################################################ | |
| ### GitLab Shell settings for GitLab | |
| gitlab_rails['gitlab_shell_ssh_port'] = 22 | |
| ################################################################################ | |
| ## Container Registry settings | |
| ##! Docs: https://docs.gitlab.com/ee/administration/container_registry.html | |
| ################################################################################ | |
| registry_external_url 'https://registry.example.com' | |
| ### Settings used by GitLab application | |
| gitlab_rails['registry_enabled'] = true | |
| gitlab_rails['registry_host'] = "registry.example.com" | |
| ### Settings used by Registry application | |
| registry['enable'] = true | |
| ################################################################################ | |
| ## Registry NGINX | |
| ################################################################################ | |
| # When the registry is automatically enabled using the same domain as `external_url`, | |
| # it listens on this port | |
| registry_nginx['listen_port'] = 80 | |
| registry_nginx['listen_https'] = false |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment