search

sameersbn / docker-gitlab

Dockerized GitLab
http://www.damagehead.com/docker-gitlab/
MIT License
7.91k stars 2.14k forks source link

Can someone please share docker-compose.yml example for following scenario #891

Open ghost opened 8 years ago

ghost commented 8 years ago

I am deploying GitLab in Rancher I want to use certificates from Let's encrypts I want to use a Rancher Load balancer (it is basically an NGINX proxy) I have installed the Rancher Let's Encrypt from the Rancher Catalog I want SSL enabled for GitLab and Registry. I have a Let's encrypt Certificate that covers both domain names: gitlab.nxt.domain.com and registry.nxt.domain.com

ghost commented 8 years ago

This is what I have in my docker-compose.yml, but I am unable to access the web interface or upload to the registry. I am sure it is a mess because I have looked at so many articles that I am now completely lost.

GitLabLB:
  ports:
  - 443:443
  labels:
    io.rancher.loadbalancer.ssl.ports: '443'
    io.rancher.loadbalancer.target.gitlab: gitlab.nxt.domain.com:443=443
    io.rancher.loadbalancer.target.gitlab: registry.nxt.domain.com:5500=5500
  tty: true
  image: rancher/load-balancer-service
  links:
  - gitlab:gitlab
  stdin_open: true
gl-redis:
  labels:
    io.rancher.container.pull_image: always
    io.rancher.scheduler.affinity:host_label: name=rancherpool-pvt
  command:
  - --loglevel
  - warning
  image: sameersbn/redis:latest
  volumes:
  - /efs/data/gitlab811/redis:/var/lib/redis:Z
gitlab:
  ports:
  - 22:22/tcp
  - 8880:80/tcp
  - 5500:5500/tcp
  environment:
    DB_ADAPTER: postgresql
    DB_HOST: rds.instance.us-west-2.rds.amazonaws.com
    DB_NAME: gitlab
    DB_PASS: password$$
    DB_PORT: '5432'
    DB_USER: user

    DEBUG: 'false'
    GITLAB_BACKUP_SCHEDULE: daily
    GITLAB_BACKUP_TIME: 01:00
    GITLAB_BACKUP_EXPIRY: 604800
    AWS_BACKUPS: 'true'
    AWS_BACKUP_REGION: 'us-west-2'
    AWS_BACKUP_ACCESS_KEY_ID: AWSKEYID
    AWS_BACKUP_SECRET_ACCESS_KEY: AWSKEY
    AWS_BACKUP_BUCKET: bucket-gitlab-backups-or

    VIRTUAL_HOST: gitlab.nxt.domain.com
    NGINX_X_FORWARDED_PROTO: https
    GITLAB_PORT: '443'
    GITLAB_HTTPS: 'true'
    GITLAB_SSH_PORT: '22'
    GITLAB_EMAIL: git@domain.com
    GITLAB_EMAIL_REPLY_TO: noreply@domain.com
    GITLAB_HOST: gitlab.nxt.domain.com
    GITLAB_INCOMING_EMAIL_ADDRESS: git-reply@domain.com
    GITLAB_NOTIFY_ON_BROKEN_BUILDS: 'true'
    GITLAB_NOTIFY_PUSHER: 'false'

    GITLAB_ROOT_PASSWORD: Password$$
    GITLAB_SECRETS_DB_KEY_BASE: DBKEY
    GITLAB_SECRETS_OTP_KEY_BASE: OPT Key
    GITLAB_SECRETS_SECRET_KEY_BASE: SecretKey
    GITLAB_TIMEZONE: America/Los_Angeles

    GITLAB_REGISTRY_ENABLED: 'true'
    GITLAB_REGISTRY_HOST: registry.nxt.domain.com
    GITLAB_REGISTRY_PORT: '5500'
    GITLAB_REGISTRY_API_URL: http://registry.nxt.domain.com
    GITLAB_REGISTRY_ISSUER: gitlab-issuer
    GITLAB_REGISTRY_KEY_PATH: /auth-certs/registry-auth.key

    SSL_REGISTRY_KEY_PATH: /certs/privkey.pem
    SSL_REGISTRY_CERT_PATH: /certs/fullchain.pem
 #  SSL_CERTIFICATE_PATH: /certs/domain.pem
 #  SSL_KEY_PATH: /certs/myserver.key

    REDIS_HOST: redisio
    REDIS_PORT: '6379'
    SMTP_AUTHENTICATION: login
    SMTP_DOMAIN: domain.com
    SMTP_ENABLED: 'true'
    SMTP_HOST: email-smtp.us-west-2.amazonaws.com
    SMTP_PASS: SES Password+XTaW
    SMTP_PORT: '587'
    SMTP_STARTTLS: 'true'
    SMTP_USER: SES User
    TZ: America/Los_Angeles
  labels:
    io.rancher.container.pull_image: always
    io.rancher.scheduler.affinity:host_label: name=rancherpool-pvt
  image:  sameersbn/gitlab:8.11.5
  links:
  - gl-redis:redisio
  volumes:
  - /efs/data/gitlab811/gitlab:/home/git/data:Z
  - /efs/data/gitlab811/logs:/var/log/gitlab
  - /efs/data/gitlab811/le-certs/nxt.panosoft.com:/certs
  - /efs/data/gitlab811/auth-certs:/auth-certs
registry:
  restart: always
  image: registry:2.4.1
# ports: 
#  - 443:443/tcp
#  - 80:80
#  - 5000:5000
  volumes:
  - /efs/data/gitlab811/gitlab/shared/registry:/registry:Z
  - /efs/data/gitlab811/le-certs/nxt.panosoft.com:/certs
  - /efs/data/gitlab811/auth-certs:/auth-certs 
  environment:
    VIRTUAL_HOST: registry.nxt.domain.com
    REGISTRY_LOG_LEVEL: info
    REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /registry
    REGISTRY_AUTH_TOKEN_REALM: https://gitlab.nxt.domain.com/jwt/auth
    REGISTRY_AUTH_TOKEN_SERVICE: container_registry
    REGISTRY_AUTH_TOKEN_ISSUER: gitlab-issuer
    REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /auth-certs/registry-auth.crt
    REGISTRY_STORAGE_DELETE_ENABLED: 'true'
    REGISTRY_HTTP_ADDR: ':80'
    REGISTRY_HTTP_HOST: https://registry.nxt.domain.com
    REGISTRY_HTTP_TLS_CERTFICATE: /certs/fullchain.pem
    REGISTRY_HTTP_TLS_KEY: /certs/privkey.pem

  labels:
    io.rancher.container.pull_image: always
    io.rancher.scheduler.affinity:host_label: name=rancherpool-pvt
    io.rancher.scheduler.affinity:container_label: io.rancher.stack_service.name=gitlab/gitlab
solidnerd commented 8 years ago

Hey, a simple solution would to let the rancher load balancer terminate the ssl connection for you. Behind the load balancer you speak http only.

ghost commented 8 years ago

That is what I am trying to accomplish. You can see the Rancher Load Balancer at the top of my docker-compose.xml. But doesn't the registry have to have a certificate of its own anyway? Should I try to run it will all the certificate related lines removed?

paolomainardi commented 7 years ago

@gitlab-pano have you solved the problem then ?

marcellodesales commented 7 years ago

@gitlab-pano Looking for the same!!! Using RexRay Volume driver for EFS... Will try this docker-compose...

Or did you get any updates on this? Could you please share any updates?

ghost commented 7 years ago

I eventually decided to setup gitlab omnibus edition on a linux instance. And I have an orchestration script to mount my EFS volume during build.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had any activity for the last 60 days. It will be closed if no further activity occurs during the next 7 days. Thank you for your contributions.