ahbanavi/docker-compose.yaml

## docker-compose.yaml
version: "3"

services:
    gitlab:
      container_name: gitlab
      image: 'gitlab/gitlab-ce:latest'
      restart: always
      hostname: 'example.com'
      environment:
        GITLAB_OMNIBUS_CONFIG: |
            external_url 'https://gitlab.example.com'
            letsencrypt['enable'] = true
            nginx['redirect_http_to_https'] = true
            registry_nginx['redirect_http_to_https'] = true
            mattermost_nginx['redirect_http_to_https'] = true
            gitlab_rails['gitlab_shell_ssh_port'] = 2224
            gitlab_rails['backup_keep_time'] = 604800
            gitlab_rails['time_zone'] = 'UTC'
      ports:
        - '9080:80'
        - '9443:443'
        - '2224:22'
      volumes:
        - '/srv/gitlab/config:/etc/gitlab'
        - '/srv/gitlab/logs:/var/log/gitlab'
        - '/srv/gitlab/data:/var/opt/gitlab'

    gitlab-runner:
      container_name: gitlab-runner
      image: gitlab/gitlab-runner:latest
      restart: always
      hostname: gitlab-runner
      environment:
        TZ: 'UTC'
      volumes:
        - '/srv/gitlab-runner/config:/etc/gitlab-runner'
        - '/var/run/docker.sock:/var/run/docker.sock'

## gitlab.example.com.conf
# nginx conf (/etc/nginx/conf.d/gitlab.example.com.conf)

server {
    listen 443 ssl default_server;
    listen [::]:443 ipv6only=on ssl;

    server_name gitlab.example.com;

    location / {
        client_max_body_size 0;
        gzip off;

        proxy_read_timeout      300;
        proxy_connect_timeout   300;
        proxy_redirect          off;

        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-Ssl     on;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto   $scheme;

        proxy_pass          https://localhost:9443;
    }

    ssl_certificate /etc/letsencrypt/live/gitlab.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/gitlab.example.com/privkey.pem; # managed by Certbot
}
server {
    if ($host = gitlab.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name gitlab.example.com;
    return 404; # managed by Certbot
}
server {
    listen 443 ssl;
    listen 80;
    server_name www.gitlab.example.com;

    return 301 https://gitlab.example.com$request_uri;
}

## gitlab_backup.sh
#!/bin/bash
docker exec -t gitlab gitlab-backup create CRON=1 | tee "/root/gitlab_logs/$(date '+%s_%Y_%m_%d')_gitlab_backup.log" > /dev/null
megacopy --local /root/gitlab_logs --remote /Root/Gitlab/Logs
megacopy --local /srv/gitlab/data/backups --remote /Root/Gitlab/Backups
tar -czf "/root/gitlab_configs/$(date '+%s_%Y_%m_%d')_gitlab_backup_config.tar.gz" /srv/gitlab/config
megacopy --local /root/gitlab_configs --remote /Root/Gitlab/Config
rm /root/gitlab_configs/*

# for cron job:
# 0 2 * * * /path/to/backup_gitlab.sh > /dev/null 2>&1
	version: "3"

	services:
	gitlab:
	container_name: gitlab
	image: 'gitlab/gitlab-ce:latest'
	restart: always
	hostname: 'example.com'
	environment:
	GITLAB_OMNIBUS_CONFIG: \|
	external_url 'https://gitlab.example.com'
	letsencrypt['enable'] = true
	nginx['redirect_http_to_https'] = true
	registry_nginx['redirect_http_to_https'] = true
	mattermost_nginx['redirect_http_to_https'] = true
	gitlab_rails['gitlab_shell_ssh_port'] = 2224
	gitlab_rails['backup_keep_time'] = 604800
	gitlab_rails['time_zone'] = 'UTC'
	ports:
	- '9080:80'
	- '9443:443'
	- '2224:22'
	volumes:
	- '/srv/gitlab/config:/etc/gitlab'
	- '/srv/gitlab/logs:/var/log/gitlab'
	- '/srv/gitlab/data:/var/opt/gitlab'

	gitlab-runner:
	container_name: gitlab-runner
	image: gitlab/gitlab-runner:latest
	restart: always
	hostname: gitlab-runner
	environment:
	TZ: 'UTC'
	volumes:
	- '/srv/gitlab-runner/config:/etc/gitlab-runner'
	- '/var/run/docker.sock:/var/run/docker.sock'
	# nginx conf (/etc/nginx/conf.d/gitlab.example.com.conf)

	server {
	listen 443 ssl default_server;
	listen [::]:443 ipv6only=on ssl;

	server_name gitlab.example.com;

	location / {
	client_max_body_size 0;
	gzip off;

	proxy_read_timeout 300;
	proxy_connect_timeout 300;
	proxy_redirect off;

	proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-Ssl on;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;

	proxy_pass https://localhost:9443;
	}

	ssl_certificate /etc/letsencrypt/live/gitlab.example.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/gitlab.example.com/privkey.pem; # managed by Certbot
	}
	server {
	if ($host = gitlab.example.com) {
	return 301 https://$host$request_uri;
	} # managed by Certbot


	listen 80;
	server_name gitlab.example.com;
	return 404; # managed by Certbot
	}
	server {
	listen 443 ssl;
	listen 80;
	server_name www.gitlab.example.com;

	return 301 https://gitlab.example.com$request_uri;
	}
	#!/bin/bash
	docker exec -t gitlab gitlab-backup create CRON=1 \| tee "/root/gitlab_logs/$(date '+%s_%Y_%m_%d')_gitlab_backup.log" > /dev/null
	megacopy --local /root/gitlab_logs --remote /Root/Gitlab/Logs
	megacopy --local /srv/gitlab/data/backups --remote /Root/Gitlab/Backups
	tar -czf "/root/gitlab_configs/$(date '+%s_%Y_%m_%d')_gitlab_backup_config.tar.gz" /srv/gitlab/config
	megacopy --local /root/gitlab_configs --remote /Root/Gitlab/Config
	rm /root/gitlab_configs/*

	# for cron job:
	# 0 2 * * * /path/to/backup_gitlab.sh > /dev/null 2>&1