init

Author: vasyakrg

.env.example

@@ -0,0 +1,86 @@
+# Service name
+#
+SERVICE_NAME=gitlab
+
+# Container names
+# Summary container name in docker-compose.yml will be "${SERVICE_NAME}_${CONTAINER_NAME-*}"
+#
+CONTAINER_NAME_GITLAB=server
+CONTAINER_NAME_PGSQL=pgsql
+CONTAINER_NAME_REDIS=redis
+CONTAINER_NAME_REGISTRY=registry
+CONTAINER_NAME_RUNNER=runner
+
+# Docker images
+#
+DOCKER_IMAGE_GITLAB=sameersbn/gitlab:latest
+DOCKER_IMAGE_PGSQL=sameersbn/postgresql:latest
+DOCKER_IMAGE_REDIS=sameersbn/redis:latest
+DOCKER_IMAGE_REGISTRY=registry:latest
+DOCKER_IMAGE_RUNNER=vasyakrg/gitlab-runner
+
+# SMTP settings
+SMTP_ENABLED=true
+SMTP_DOMAIN=<you_domain>
+
+SMTP_HOST=smtp.mailgun.org
+SMTP_PORT=587
+SMTP_USER=
+SMTP_PASS=
+SMTP_STARTTLS=true
+SMTP_AUTHENTICATION=login
+
+GITLAB_EMAIL=noreply@<you_domain>
+GITLAB_EMAIL_REPLY_TO=noreply@<you_domain>
+GITLAB_INCOMING_EMAIL_ADDRESS=noreply@<you_domain>
+
+# Gitlab domain name
+#
+GITLAB_HOST=gitlab.<you_domain>
+
+# Gitlab ssh public port
+#
+GITLAB_SSH_PORT=10022
+
+# Gitlab root user password
+# Use only when clear install
+#
+GITLAB_ROOT_EMAIL=<your_email>
+GITLAB_ROOT_PASSWORD=<any_pass>
+
+# Docker registry domain name
+#
+REGISTRY_HOST=docker.<you_domain>
+# DB credentials
+#
+DB_USER=gitlab
+DB_PASS=<any_pass>
+DB_NAME=gitlab_production
+
+# Container data path on the host
+# Summary container data path will be "${SERVICE_DATA}/${SERVICE_NAME}"
+#
+SERVICE_DATA=/srv/services/data
+
+# Email for letsencrypt
+#
+LETSENCRYPT_EMAIL=<you_email>
+
+# Gitlab runner token
+#
+RUNNER_TOKEN=
+
+GITLAB_TIMEZONE=Asia/Novosibirsk
+
+# Runner on the same host with gitlab
+#
+CI_SERVER_WITH_RUNNER=true
+
+# Network names
+#
+#SERVICE_NETWORK=gitlab
+WEBPROXY_NETWORK=webproxy
+
+GITLAB_SECRETS_DB_KEY_BASE=<any_pass>
+GITLAB_SECRETS_SECRET_KEY_BASE=<any_pass>
+GITLAB_SECRETS_OTP_KEY_BASE=<any_pass>

.gitignore

@@ -0,0 +1,5 @@
+.env
+*.pem
+*.crt
+*.key
+*.csr

README.md

@@ -0,0 +1,26 @@
+## Gitlab in docker
+
+Полноценная сборка сервера Gitlab, его базы на psql, 4х раннеров и своего docker-registry, разворачеваемая на докер-хосте
+
+1. переименовываем `.env.example` в `.env`
+2. заполняем по максимому внимательно все переменные (кроме `RUNNER_TOKEN=`)
+3. распаковываем в папке ssl-certs сертификаты и кладем там же (сертификаты noname и нужны лишь для внутреннего взаимодействия между gitlab и registry компонентами)
+4. запускаем сборку `docker-compose up -d`
+5. когда сервер запустится, вы войдете в систему под рутом, надо сходить в раздел раннеров (/admin/runners) и подсмотреть там токен, который и нужно будет заполнить в переменной `RUNNER_TOKEN=` и снова запустить `docker-compose up -d`, после чего раннеры перезапустятся и зарегистрируються в системе.
+
+Подразумевается, что у вас есть `домен` и вы уже создали два поддомена `docker` и `gitlab`
+Подразумевается, что и гитлаб и регистри будут работать через один порт 443
+Подразумевается, что у вас уже есть webproxy или traefik, которые возьмут на себя ингрессы контейнеров и выдачу (обновление) им сертификатов
+(сеть webpоxy как раз комментирована по этому - ее надо будет раскоментировать по свои условия)
+
+`labels` у контейнеров подготовлены, если у вас traefik, раскомментите эти поля
+
+`runner` - костомизирован только тем, что в нем встроена система авторегистрации на сервере.
+
+## Автор \ Author
+
+- **Vassiliy Yegorov** [vasyakrg](https://github.com/vasyakrg)
+- [youtube](https://youtube.com/realmanual)
+- [site](https://vk.com/realmanual)
+- [telegram](https://t.me/realmanual)
+- [any qiestions for me](https://t.me/realmanual_group)

docker-compose.yml

@@ -0,0 +1,234 @@
+version: '3.7'
+
+services:
+ gitlab:
+ image: ${DOCKER_IMAGE_GITLAB}
+ container_name: ${SERVICE_NAME}_${CONTAINER_NAME_GITLAB}
+ restart: always
+ depends_on:
+ - postgresql
+ - redis
+ ports:
+ - "${GITLAB_SSH_PORT}:22"
+ expose:
+ - 80
+ # labels:
+ # - "traefik.enable=true"
+ # - "traefik.http.routers.gitlab-server.entrypoints=https"
+ # - "traefik.http.routers.gitlab-server.rule=Host(`${GITLAB_HOST}`)"
+ # - "traefik.http.routers.gitlab-server.tls=true"
+ # - "traefik.http.routers.gitlab-server.tls.certresolver=letsEncrypt"
+ # - "traefik.http.services.gitlab-server-service.loadbalancer.server.port=80"
+ # - "traefik.docker.network=webproxy"
+ volumes:
+ - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab:/home/git/data:Z
+ - ${SERVICE_DATA}/${SERVICE_NAME}/certs:/certs
+ environment:
+ - DEBUG=false
+
+ - DB_ADAPTER=postgresql
+ - DB_HOST=${SERVICE_NAME}_${CONTAINER_NAME_PGSQL}
+ - DB_PORT=5432
+ - DB_USER=${DB_USER}
+ - DB_PASS=${DB_PASS}
+ - DB_NAME=${DB_NAME}
+
+ - REDIS_HOST=${SERVICE_NAME}_${CONTAINER_NAME_REDIS}
+ - REDIS_PORT=6379
+
+ - TZ=UTC
+ - GITLAB_TIMEZONE=${GITLAB_TIMEZONE}
+
+ - GITLAB_HTTPS=false
+ - SSL_SELF_SIGNED=false
+
+ - GITLAB_HOST=${GITLAB_HOST}
+ - GITLAB_PORT=80
+ - GITLAB_SSH_PORT=${GITLAB_SSH_PORT}
+ - GITLAB_SECRETS_DB_KEY_BASE=${GITLAB_SECRETS_DB_KEY_BASE}
+ - GITLAB_SECRETS_SECRET_KEY_BASE=${GITLAB_SECRETS_SECRET_KEY_BASE}
+ - GITLAB_SECRETS_OTP_KEY_BASE=${GITLAB_SECRETS_OTP_KEY_BASE}
+
+ - GITLAB_ROOT_PASSWORD=${GITLAB_ROOT_PASSWORD}
+ - GITLAB_ROOT_EMAIL=${GITLAB_ROOT_EMAIL}
+
+ - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
+ - GITLAB_NOTIFY_PUSHER=false
+
+ - GITLAB_EMAIL=${GITLAB_EMAIL}
+ - GITLAB_EMAIL_REPLY_TO=${GITLAB_EMAIL_REPLY_TO}
+ - GITLAB_INCOMING_EMAIL_ADDRESS=${GITLAB_INCOMING_EMAIL_ADDRESS}
+
+ - GITLAB_PAGES_ENABLED=false
+
+ - SMTP_ENABLED=true
+ - SMTP_DOMAIN=${SMTP_DOMAIN}
+ - SMTP_HOST=${SMTP_HOST}
+ - SMTP_PORT=${SMTP_PORT}
+ - SMTP_USER=${SMTP_USER}
+ - SMTP_PASS=${SMTP_PASS}
+ - SMTP_STARTTLS=${SMTP_STARTTLS}
+ - SMTP_AUTHENTICATION=${SMTP_AUTHENTICATION}
+
+ - IMAP_ENABLED=false
+ - LDAP_ENABLED=false
+
+ - GITLAB_REGISTRY_ENABLED=true
+ - GITLAB_REGISTRY_HOST=${REGISTRY_HOST}
+ - GITLAB_REGISTRY_API_URL=http://registry:5000/
+ - GITLAB_REGISTRY_KEY_PATH=/certs/registry.key
+ healthcheck:
+ test: ["CMD", "/usr/local/sbin/healthcheck"]
+ interval: 1m
+ timeout: 5s
+ retries: 5
+ start_period: 2m
+ networks:
+ # - webproxy
+ - service
+
+ registry:
+ image: ${DOCKER_IMAGE_REGISTRY}
+ container_name: ${SERVICE_NAME}_${CONTAINER_NAME_REGISTRY}
+ restart: always
+ expose:
+ - 5000
+ # labels:
+ # - "traefik.enable=true"
+ # - "traefik.http.routers.gitlab-registry.entrypoints=https"
+ # - "traefik.http.routers.gitlab-registry.rule=Host(`${REGISTRY_HOST}`)"
+ # - "traefik.http.routers.gitlab-registry.tls=true"
+ # - "traefik.http.routers.gitlab-registry.tls.certresolver=letsEncrypt"
+ # - "traefik.http.services.gitlab-registry-service.loadbalancer.server.port=5000"
+ # - "traefik.docker.network=webproxy"
+ volumes:
+ - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab/shared/registry:/registry
+ - ${SERVICE_DATA}/${SERVICE_NAME}/certs:/certs
+ environment:
+ - REGISTRY_AUTH_TOKEN_AUTOREDIRECT=false
+ - REGISTRY_LOG_LEVEL=debug
+ - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
+ - REGISTRY_AUTH_TOKEN_REALM=https://${GITLAB_HOST}/jwt/auth
+ - REGISTRY_AUTH_TOKEN_SERVICE=container_registry
+ - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
+ - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry.crt
+ - REGISTRY_STORAGE_DELETE_ENABLED=true
+ networks:
+ # - webproxy
+ - service
+
+ postgresql:
+ image: ${DOCKER_IMAGE_PGSQL}
+ container_name: ${SERVICE_NAME}_${CONTAINER_NAME_PGSQL}
+ restart: always
+ environment:
+ - DB_USER=${DB_USER}
+ - DB_PASS=${DB_PASS}
+ - DB_NAME=${DB_NAME}
+ - DB_EXTENSION=pg_trgm
+ volumes:
+ - ${SERVICE_DATA}/${SERVICE_NAME}/postgresql:/var/lib/postgresql:Z
+ networks:
+ - service
+
+ redis:
+ restart: always
+ image: ${DOCKER_IMAGE_REDIS}
+ container_name: ${SERVICE_NAME}_${CONTAINER_NAME_REDIS}
+ command:
+ - --loglevel warning
+ volumes:
+ - ${SERVICE_DATA}/${SERVICE_NAME}/redis:/var/lib/redis:Z
+ networks:
+ - service
+
+ runner_1:
+ image: ${DOCKER_IMAGE_RUNNER}
+ container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_1
+ restart: always
+ depends_on:
+ - gitlab
+ volumes:
+ - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_1:/etc/gitlab-runner
+ - /var/run/docker.sock:/var/run/docker.sock
+ command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner
+ environment:
+ - CI_SERVER_URL=https://${GITLAB_HOST}
+ - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP}
+ - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER}
+ - RUNNER_TOKEN=${RUNNER_TOKEN}
+ - RUNNER_DESCRIPTION=gitab-runner_1
+ - RUNNER_EXECUTOR=docker
+ - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest
+ networks:
+ - service
+
+ runner_2:
+ image: ${DOCKER_IMAGE_RUNNER}
+ container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_2
+ restart: always
+ depends_on:
+ - gitlab
+ volumes:
+ - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_2:/etc/gitlab-runner
+ - /var/run/docker.sock:/var/run/docker.sock
+ command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner
+ environment:
+ - CI_SERVER_URL=https://${GITLAB_HOST}
+ - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER}
+ - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP}
+ - RUNNER_TOKEN=${RUNNER_TOKEN}
+ - RUNNER_DESCRIPTION=gitab-runner_2
+ - RUNNER_EXECUTOR=docker
+ - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest
+ networks:
+ - service
+
+ runner_3:
+ image: ${DOCKER_IMAGE_RUNNER}
+ container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_3
+ restart: always
+ depends_on:
+ - gitlab
+ volumes:
+ - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_3:/etc/gitlab-runner
+ - /var/run/docker.sock:/var/run/docker.sock
+ command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner
+ environment:
+ - CI_SERVER_URL=https://${GITLAB_HOST}
+ - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER}
+ - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP}
+ - RUNNER_TOKEN=${RUNNER_TOKEN}
+ - RUNNER_DESCRIPTION=gitab-runner_3
+ - RUNNER_EXECUTOR=docker
+ - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest
+ networks:
+ - service
+
+ runner_4:
+ image: ${DOCKER_IMAGE_RUNNER}
+ container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_4
+ restart: always
+ depends_on:
+ - gitlab
+ volumes:
+ - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_4:/etc/gitlab-runner
+ - /var/run/docker.sock:/var/run/docker.sock
+ command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner
+ environment:
+ - CI_SERVER_URL=https://${GITLAB_HOST}
+ - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER}
+ - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP}
+ - RUNNER_TOKEN=${RUNNER_TOKEN}
+ - RUNNER_DESCRIPTION=gitab-runner_4
+ - RUNNER_EXECUTOR=docker
+ - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest
+ networks:
+ - service
+
+networks:
+ service:
+ name: ${SERVICE_NAME}
+ # webproxy:
+ # external:
+ # name: ${WEBPROXY_NETWORK}

fix-unicorn.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+echo "fix gitlab_server unicorn error"
+docker exec -it gitlab_server rm /home/git/gitlab/tmp/pids/unicorn.pid && docker restart gitlab_server