Little help with LDAP

[CAVACO-PT]

First of all , great tool git lab is .. awesome realy , i know maybe u guys dont support the versions in synology , but maybe someone can give me a little help with this

Im trying to activate LDAP , with synology and docker , but inside the terminal in the docker , the gitlab.yml in the config , when i enter the LDAP setttings , after i reboot gitlab ,the files reverts back to its orignal file , and no ldap activated , iv been seaching a lot in google , cant seem to find where the base fines that i need to change so docker asumes the LDAP configurations ,

Can anyone help me with this ??

much apreciated

[gjrtimmer]

This is because of Synology OS it has nothing to do with the container or the docker settings.

What you need to do is change the default templates for your synology. At every reboot the system replaces the config files with their default. The philosophy of Synology behind this is that if a user makes changes which bricks the NAS then a reboot is sufficient to fix it.

Now here is to to bypass it; most of the changes can be done from the /etc.defaults folder this is where the majority of the default files are copied from.

Could you tell which internal files you are trying to change ?

Ps: I'm running a full gitlab setup on my synology. Including a docker registry and runners. I've also build a Synology compatible runner image which is compatible with the docker engine shipped with synology.

Currently I'm trying for months to have synology update the current docker engine to a higher version. Could you do me a favor. And fo to your synology support tool and submit a question to synology for the docker package and simply asking when they will release an update for the latest docker engine. The more people ask the sooner they will update it.

Hope this helps. I'm a very experienced Synology user have even been helping synology to fix several things in their system for the past few years.

Let me know how I can help you.

Op wo 19 apr. 2017 13:45 schreef MACE-Zer0 notifications@github.com:

First of all , great tool git lab is .. awesome realy , i know maybe u guys dont support the versions in synology , but maybe someone can give me a little help with this

Im trying to activate LDAP , with synology and docket , but inside the terminal in the docker , the gitlab.yml in the config , when i enter the LDAP setttings , after i reboot gitlab ,the files reverts back to its orignal file , and no ldap activated , iv been seaching in a lot in google , cant seem to find where the base fines that i need to change so docker asumes the LDAP configurations ,

Can anyone help me with this ??

much apreciated

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/sameersbn/docker-gitlab/issues/1180, or mute the thread https://github.com/notifications/unsubscribe-auth/AFynv7yACzZDGuV2A29WfkV54h6sD3rSks5rxe4hgaJpZM4NBis3 .

[CAVACO-PT]

Thanks for you reply , i have gitlab running , just need to activate ldap so users in my company can login with their AD users in gitlab , but when i changed the gitlab.yml in the docker it would change back , do you know what files do i need to change to put ldap working ???

i need files that configure ldap :

A human-friendly name for your LDAP server. It is OK to change the label later,

for instance if you find out it is too large to fit on the web page.

#

Example: 'Paris' or 'Acme, Ltd.'

label: 'LDAP'

Example: 'ldap.mydomain.com'

host: '_your_ldap_server'

This port is an example, it is sometimes different but it is always an integer and not a string

port: 389 uid: 'sAMAccountName' method: 'plain' # "tls" or "ssl" or "plain"

dont know where they are in the synology side , have checked all of gitlab files , and the only place i found them was inside the docker , that doesnt allow change ,

can u tell me where the files are to configure ldap for gitlab ??

i willl ask synology for the update of docker no problem!!

[gjrtimmer]

What is the path of your gitlab.yml ?

Op wo 19 apr. 2017 18:32 schreef MACE-Zer0 notifications@github.com:

Thanks for you reply , i have gitlab running , just need to activate ldap so users in my company can login with their AD users in gitlab , but when i changed the gitlab.yml in the docker it would change back , do you know what files do i need to change to put ldap working ???

i need files that configure ldap : A human-friendly name for your LDAP server. It is OK to change the label later, for instance if you find out it is too large to fit on the web page. Example: 'Paris' or 'Acme, Ltd.'

label: 'LDAP' Example: 'ldap.mydomain.com'

host: '_your_ldap_server' This port is an example, it is sometimes different but it is always an integer and not a string

port: 389 uid: 'sAMAccountName' method: 'plain' # "tls" or "ssl" or "plain"

dont know where they are in the synology side , have checked all of gitlab files , and the only place i found them was inside the docker , that doesnt allow change ,

can u tell me where the files are to configure ldap for gitlab ??

i willl ask synology for the update of docker no problem!!

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-295334479, or mute the thread https://github.com/notifications/unsubscribe-auth/AFynvwzfnU3cB2zCVl1ahQHfnb-GG7RPks5rxjcggaJpZM4NBis3 .

[CAVACO-PT]

i could only find that file inside the docker synology_gitlab ,

could not find gitlab.yml outside docker ,

[CAVACO-PT]

when i change the gitlab.yml inside the terminal on that docker it changes back when i reboot the docket

[avluis]

@MACE-Zer0 Why are you not making use of environment variables? I have a Synology as well -- was running GitLab on it with LDAP with no issues until I moved it to another box (consolidating things). Can you export your config file for your GitLab container -- sanitize the data (remove passwords, etc) and post it here? Just need to know what your setup is like so that I can help you out much better.

Also, you could move over to the release here instead of Synology -- there's plenty of info on how to import things.

[gjrtimmer]

@MACE-Zer0

Are you by any change running the gitlab from the Synology package center ? because that thing is not up-to-date. And I don't recommend it. I think that will explain your problems.

If you are running the gitlab from the package center, my question to you is do you want to know how to run the image from this repository, including backups etc.. (basically a correct setup of gitlab on Synology, sorry to be blunt)

Let me know, My money is on the fact that you have installed the gitlab image which is shown in the screenshot below. (BTW; this is a very old version of gitlab)

[avluis]

@GJRTimmer Yep -- get him off that image -- it's way too old and unsupported (in GitLab time anyways). It's also way too easy to run GitLab from this repo rather than what Synology offers in the first place~

[CAVACO-PT]

Thanks for all the replys , iv been running git server on synology , then i heard of gitlab , and i installed the one from synology , to try it out , im on a company , that wants to start using gitlab , so if the one from synology is old , can u please point me to the right direction , have anyone documented the install of the right gitlab repo in synology without using the one they sypply ???

if you please give a link or a few directions on how to install ??

Thanks you all

[CAVACO-PT]

iv found this repo , is this the right one ??

https://github.com/jboxberger/synology-gitlab

[gjrtimmer]

@MACE-Zer0 Don't worry, I will guide you trough every setup

[gjrtimmer]

No

[gjrtimmer]

The repo you are currently on, is the correct one. Give me a few minutes to prepare all the data for you to set up a complete gitlab environment on Synology.

I do need the following from you: 1) Do you now how to use SSH and login into the console of a Synology ? 2) Do you want a complete Gitlab environment, with its own docker registry ? 3) Do you want a gitlab environment which can also run automatic builds of a project ?

[CAVACO-PT]

ok thanks ..

1 - yes i know how to use ssh , iv been using ssh in synologys for years now no problem there

2- yes i would be very useful

3 - we are running in our company teamcity builds , we would like to integrate gitlab enviroment with teamcity later on , but yes we would like auto builds of projects

thanks for the help

[gjrtimmer]

4) I assume you will be running GitLab on a docker container.

My own Gitlab is available from https://gitlab.timmertech.nl you will not be able to get beyond the login, but it just to show you how to set it up correctly including HTTPS certificates even as a sub domain.

5) Do you want it also running on a subdomain like I do ?

[gjrtimmer]

Auto building can be setup using the internal of gitlab runners, which only require you to add a .gitlab-ci.yml to a project

When I know if you also want to run it on a subdomain I can get started.

[CAVACO-PT]

4 - yes i already have docker container install , i could run on it

5 - no need to acess from outside , we regulary use vpn to our company so we can use it only internaly

[CAVACO-PT]

i already have a dns entry to the ip of the synology to use the adress internaly only

[gjrtimmer]

Manual Part 1:

This manual will be taking you to prepare your environment. Because we first need to setup several things before we can run it.

P.S. Later on I will provide my own docker-compose.yml files which in turn will auto setup a complete environment, so you don't have to reinvent the wheel again. Of course you have to edit my files, I will make it clear where you have to edit them.

Step 1 Storage

We need to setup the environment in such a way that all of your data is saved correctly, so that you will never loose them and that it is every easy to upgrade to the latest version.

***NOTE: I have a nice bash script for auto upgrading my environment, which I also will provide, this script takes care of every thing, and when there is an update for gitlab, it will take you Synology only about 15-20min downtime of your gitlab environment on upgrade.

Because we want to preform upgrades and always run the latest secured and stable version in a safe way we need to start with a correct setup.

This manual will assume that you still have the "Synology Shared Folder" Docker present. It should be located at /volume1/Docker its default created when you install docker.

If this folder is not present create it through the Configuration panel not through SSH, we want it as a normal Synology Shared folder, because in the future you might want to use the "Snapshot Replication" application from Synology to make incremental snapshots.

***NOTE: I will also assume that we are doing a complete fresh install, importing projects you can do later yourself. Second assumption will be that you have uninstalled the docker image and previous version of gitlab.

Created the following directory structure. (P.S. You will notice is based upon the the linux default FS layout) (Use SSH after /volume1/Docker exists or created by the Configuration Panel)

/volume1/Docker/gitlab

/volume1/Docker/gitlab/etc
/volume1/Docker/gitlab/etc/certs

/volume1/Docker/gitlab/var
/volume1/Docker/gitlab/var/lib
/volume1/Docker/gitlab/var/lib/gitlab
/volume1/Docker/gitlab/var/lib/postgresql
/volume1/Docker/gitlab/var/lib/redis
/volume1/Docker/gitlab/var/lib/runner-docker
/volume1/Docker/gitlab/var/lib/runner-scripts
/volume1/Docker/gitlab/var/lib/runner-shell

/volume1/Docker/gitlab/var/log
/volume1/Docker/gitlab/var/log/gitlab
/volume1/Docker/gitlab/var/log/postgresql
/volume1/Docker/gitlab/var/log/redis

Explanation

/volume1/Docker/gitlab => Root Directory containing everything for your gitlab environment

/volume1/Docker/gitlab/etc => This will contain all of your docker configuration /volume1/Docker/gitlab/etc/certs =>Will contain SSL/TLS certificates

/volume1/Docker/gitlab/var => Will contain all DATA/LOG /volume1/Docker/gitlab/var/lib => Will contain all DATA /volume1/Docker/gitlab/var/lib/gitlab => Will contain the data of GitLab /volume1/Docker/gitlab/var/lib/postgresql=> Will contain all the postgres data /volume1/Docker/gitlab/var/lib/redis => Will contain all the Redis Data /volume1/Docker/gitlab/var/lib/runner-docker => Will contain the configuration for docker runner /volume1/Docker/gitlab/var/lib/runner-scripts => Will contain the shared scripts between runner /volume1/Docker/gitlab/var/lib/runner-shell => Will contain the configuration for the shell runner

/volume1/Docker/gitlab/var/log => Will contain all log files /volume1/Docker/gitlab/var/log/gitlab => Will contain all the log files from GitLab /volume1/Docker/gitlab/var/log/postgresql => Will contain all the log files from postgresql /volume1/Docker/gitlab/var/log/redis => Will contain all the logfiles from Redis

[CAVACO-PT]

First of all thank you very much for you help and time , realy thanks

iv read all and done all , im doing a fresh install

i already have a docker folder since its the defaul one when installing docker and created all that structure like you said

[CAVACO-PT]

ups did a mistaque ... var and lib folders outside , will move them

[CAVACO-PT]

all corrected

[gjrtimmer]

Step 2 Create Secrets (Mandatory)

In order to use GitLab correctly you need to generate several secret keys, this is a one time action.

You need to generate three of them.

• Database Key
• Secret Key
• OPT Key

You only generate them once, and them you can forget about them, they will be stored within the gitlab docker configuration. Keep in mind that you don't want to lose those configuration files, but that should be obvious.

Generate Keys

Run the following command 3 times

$ date +%s | sha256sum | base64 | head -c 64 ; echo

Copy them to a text editor like notepad++ and assign each one to the following key(s):

• GITLAB_SECRETS_DB_KEY_BASE
• GITLAB_SECRETS_SECRET_KEY_BASE
• GITLAB_SECRETS_OTP_KEY_BASE

End result: KEY=VALUE

GITLAB_SECRETS_DB_KEY_BASE=ZWRhOWJjMjEyNjAxNTk3ODgyNWYyNGFkOTUyY2E1YjY2YTllNWY4MWEwNTU3ZmY4
GITLAB_SECRETS_SECRET_KEY_BASE=N2U5MTJlNzU1NjBjZGY4ZjQxMTE1NjI4MTlkMmFjNDIyM2I3OWY2MTRhYTFmM2Q0
GITLAB_SECRETS_OTP_KEY_BASE=YjI0Y2YyMGVlOTdlMjZkODEyM2VjZTY0NjVlODUyYjE5YWNlMDI2ZWIxMzIwZjYx

save the contents above to /volume1/Docker/gitlab/etc/secrets.env

You can use either VI or whatever you like

[CAVACO-PT]

do i need to put in the file the :

End result: KEY=VALUE

or just these lines

GITLAB_SECRETS_DB_KEY_BASE=ZWRhOWJjMjEyNjAxNTk3ODgyNWYyNGFkOTUyY2E1YjY2YTllNWY4MWEwNTU3ZmY4

[gjrtimmer]

All three lines.

[gjrtimmer]

NOT: KEY=VALUE, this was just to illustrate that you needed to add an equal sign between the key and value.

Below the only contents of the the file:

GITLAB_SECRETS_DB_KEY_BASE=ZWRhOWJjMjEyNjAxNTk3ODgyNWYyNGFkOTUyY2E1YjY2YTllNWY4MWEwNTU3ZmY4
GITLAB_SECRETS_SECRET_KEY_BASE=N2U5MTJlNzU1NjBjZGY4ZjQxMTE1NjI4MTlkMmFjNDIyM2I3OWY2MTRhYTFmM2Q0
GITLAB_SECRETS_OTP_KEY_BASE=YjI0Y2YyMGVlOTdlMjZkODEyM2VjZTY0NjVlODUyYjE5YWNlMDI2ZWIxMzIwZjYx

[gjrtimmer]

Step 3 Database

This is a very easy and short step; We need to pick a password for the database, creating of user and things like that is no concern because this will be done automatically.

$ date +%s | sha256sum | base64 | head -c 16 ; echo

The command above will generate a 16 character strong password, we also never have to type this in again.

Create the following file: /volume1/Docker/gitlab/etc/database.env

Contents:

# Database Configuration
DB_USER=gitlab
DB_PASS=<INSERT PASSWORD HERE>
DB_NAME=gitlab

[CAVACO-PT]

ok all done , thanks

[CAVACO-PT]

[CAVACO-PT]

done as well

[gjrtimmer]

Step 4 Email

This step will setup email. You have IMAP and SMTP, I have only SMTP enabled, but I do have the IMAP configuration on my system and also loaded, I simple have the flag if IMAP should be enabled on false.

This will allow you to customize the your email setup later on to your own wishes.

Create the following file: /volume1/Docker/gitlab/etc/imap.env

Contents:

# IMAP Configuration
IMAP_ENABLED=false
IMAP_HOST=imap.gmail.com
IMAP_PORT=993
IMAP_USER=mailer@example.com
IMAP_PASS=password
IMAP_SSL=true
IMAP_STARTTLS=false

Create the following file: /volume1/Docker/gitlab/etc/smtp.env

Contents:

# SMTP Configuration
SMTP_ENABLED=true
SMTP_DOMAIN=<SMTP HOST>
SMTP_HOST=<SMTP HOST>
SMTP_PORT=587
SMTP_USER=<INSERT USERNAME>
SMTP_PASS=<INSERT PASSWORD>
SMTP_STARTTLS=true
SMTP_AUTHENTICATION=login

It will depend on your own smtp server if you need to activate STARTTLS, of course port number is either 25 or 587 if using TLS.

If you are unsure about your settings you can for now simple set the SMTP_ENABLED to false. If you edit this in the future it only requires a restart of your environment. That's it

[CAVACO-PT]

havent asked you this ... the previous install of gitlab the one that synology uses , it installed mariadb , can we use maria db for the databases with this build ??

[CAVACO-PT]

can i just use smtp env , ???

[gjrtimmer]

We can in theory but WE WILL NOT do that, It's very bad to use MySQL with GitLab. Don't worry. You will get a nice setup :-) We will run a database docker container with it. Trust me it is truly the best way.

[gjrtimmer]

What do you mean with smtp env ?

[gjrtimmer]

I'm using the MailPlus Server on my Synology, I even have my MailServer completly configured with full DKIM, DMARC SSL etc.

[CAVACO-PT]

i only need the smtp to send emails , my question if i realy need to create the imap file

[gjrtimmer]

You do not, its optional, but if you don't then make a mental note of it because, within a few steps we will be including these files into a docker-compose files which will manage everything. So if you do not create the imp.env files don't forget to REMOVE it from the docker-compose file.

[CAVACO-PT]

all done the smtp and imap files

[gjrtimmer]

You still work faster then I can write a manual, we almost done by the way

[CAVACO-PT]

sorry about all the trouble

[gjrtimmer]

Question: do you want OATH? Like importing from GitHub, like on import and GitLab wil show projects etc. of OATH and allow users to login with Google account things like that ?

[gjrtimmer]

Not any trouble, the only price you pay is that you submit a request to Synology and ask for an update for the Docker :-)

[CAVACO-PT]

will do that , and have friends with synology as well , will ask them to do that as well !!!

[gjrtimmer]

Step 5 OATH

Create the following File: /volume1/Docker/etc/oath.env

Don't worry everything is disabled, but it will allow easier configuration in the future. Also this file is not entirely up to date.

Within the README of this GitHub you will notice that there are more keys about OATH which have been added since I created this file.

Contents:

# OAuth Configuration
OAUTH_ENABLED=false
OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
OAUTH_ALLOW_SSO=
OAUTH_BLOCK_AUTO_CREATED_USERS=true
OAUTH_AUTO_LINK_LDAP_USER=false
OAUTH_AUTO_LINK_SAML_USER=false
OAUTH_EXTERNAL_PROVIDERS=

OAUTH_CAS3_LABEL=cas3
OAUTH_CAS3_SERVER=
OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
OAUTH_CAS3_LOGIN_URL=/cas/login
OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
OAUTH_CAS3_LOGOUT_URL=/cas/logout

OAUTH_GOOGLE_API_KEY=
OAUTH_GOOGLE_APP_SECRET=
OAUTH_GOOGLE_RESTRICT_DOMAIN=

OAUTH_FACEBOOK_API_KEY=
OAUTH_FACEBOOK_APP_SECRET=

OAUTH_TWITTER_API_KEY=
OAUTH_TWITTER_APP_SECRET=

OAUTH_GITHUB_API_KEY=
OAUTH_GITHUB_APP_SECRET=
OAUTH_GITHUB_URL=
OAUTH_GITHUB_VERIFY_SSL=

OAUTH_GITLAB_API_KEY=
OAUTH_GITLAB_APP_SECRET=

OAUTH_BITBUCKET_API_KEY=
OAUTH_BITBUCKET_APP_SECRET=

OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
OAUTH_SAML_IDP_CERT_FINGERPRINT=
OAUTH_SAML_IDP_SSO_TARGET_URL=
OAUTH_SAML_ISSUER=
OAUTH_SAML_LABEL="Our SAML Provider"
OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
OAUTH_SAML_GROUPS_ATTRIBUTE=
OAUTH_SAML_EXTERNAL_GROUPS=
OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=

OAUTH_CROWD_SERVER_URL=
OAUTH_CROWD_APP_NAME=
OAUTH_CROWD_APP_PASSWORD=

OAUTH_AUTH0_CLIENT_ID=
OAUTH_AUTH0_CLIENT_SECRET=
OAUTH_AUTH0_DOMAIN=

OAUTH_AZURE_API_KEY=
OAUTH_AZURE_API_SECRET=
OAUTH_AZURE_TENANT_ID=

[CAVACO-PT]

ok , iv created the file , i see where i can later enter the ids of the apps i want to use with gitlab

[gjrtimmer]

Step 6 USER UID/GID Mapping

Maybe you have noticed that when you map a folder of a host to a container, that the files when you view them on SSH Synology access don't show a username and group but a number.

Let fix this before we start.

What we want for example is that every file created INSIDE a docker container is mapped to for example the ADMIN user of Synology.

We can do this as following:

Create the following file: /volume1/Docker/gitlab/etc/usermap.env

Contents:

# Host UID / GID Mapping
USERMAP_UID=1026
USERMAP_GID=100

If you want to know how to get the correct numers you can do that with the following command for example:

$ id admin
uid=1024(admin) gid=100(users) groups=100(users),101(administrators)
$

[gjrtimmer]

1026 is the UID of my own admin account 'gert-jant' on my NAS

[gjrtimmer]

If everything goos according to plan you have a running environment within the next 10 minutes

[gjrtimmer]

Step 7 Check

You should have the following files within /volume1/Docker/gitlab/etc

database.env
imap.env
oauth.env
secrets.env
smtp.env
usermap.env