Просто приведу конфиг, по сути в нем все понятно. Если будут дополнительные вопросы - задавайте.
Структура каталогов:.
├── docker-compose.yml
└── volumes
├── gitlab
│ ├── config
│ │ ├── ...
│ ├── data
│ │ ├── ...
│ └── logs
│ └── ...
└── nginx
├── conf.d
│ └── gitlab.domain.com.conf
├── dhparam.pem
├── logs
├── nginx.conf
└── www
docker-compose.yml:gitlab:
image: 'gitlab/gitlab-ce:latest'
restart: always
hostname: 'gitlab'
container_name: gitlab
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://{{ domain_name }}'
nginx['enable'] = false
web_server['external_users'] = ['www-data']
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "0.0.0.0:8181"
gitlab_rails['trusted_proxies'] = [ '172.17.0.1/16' ]
gitlab_rails['gitlab_shell_ssh_port'] = 22
gitlab_rails['time_zone'] = 'Asia/Tomsk'
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
label: 'LDAP'
host: '{{ ldap_server }}'
port: 389
uid: 'sAMAccountName'
bind_dn: 'CN={{ cn }},OU={{ ou }},DC={{ dc }},DC=com'
password: '{{ pass }}'
encryption: 'plain'
active_directory: true
allow_username_or_email_login: false
lowercase_usernames: false
block_auto_created_users: false
base: 'OU={{ ou }},DC={{ dc }},DC=com'
user_filter: '(&(objectCategory=Person)(sAMAccountName=*))'
EOS
gitlab_rails['backup_upload_connection'] = {
:provider => 'Local',
:local_root => '/mnt'
}
gitlab_rails['backup_upload_remote_directory'] = 'backup'
gitlab_rails['backup_keep_time'] = 864000
ports:
- '22:22'
volumes:
- ./volumes/gitlab/config:/etc/gitlab
- ./volumes/gitlab/logs:/var/log/gitlab
- ./volumes/gitlab/data:/var/opt/gitlab
- /mnt/backup:/mnt/backup
nginx:
container_name: nginx
image: nginx:1.15.0-alpine
restart: always
links:
- gitlab:gitlab
ports:
- 80:80
- 443:443
volumes:
- /etc/letsencrypt/:/etc/letsencrypt
- ./volumes/nginx/logs:/var/log/nginx
- ./volumes/nginx/conf.d:/etc/nginx/conf.d
- ./volumes/nginx/www:/var/www
- ./volumes/nginx/dhparam.pem:/etc/nginx/dhparam.pem
- ./volumes/nginx/nginx.conf:/etc/nginx/nginx.conf
{{ xx }} - это переменные, просто замените на свои значения.
Обратите внимание на
gitlab_workhorse['listen_addr'] - это адрес и порт, которые будет слушать гитлаб, можно оставить как есть. Порт 22 редиректится из системы в гитлаб контейнер, поэтому системный SSH демон я повесил на другой порт.
volumes/nginx/conf.d/gitlab.domain.com.conf:upstream gitlab-endpoint {
server gitlab:8181 fail_timeout=0;
}
server {
listen 80;
server_name gitlab.domain.com;
location /.well-known {
root /var/www/;
}
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
server_name gitlab.domain.com;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_certificate /etc/letsencrypt/live/gitlab.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gitlab.domain.com/privkey.pem;
location / {
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab-endpoint;
}
location /.well-known {
root /var/www/;
}
}
В конечном итоге выглядит так:
root@gitlab:/docker# docker-compose ps
Name Command State Ports
--------------------------------------------------------------------------------
gitlab /assets/wrapper Up 0.0.0.0:22->22/tcp, 443/tcp, 80/tcp
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
