Skip to content

Instantly share code, notes, and snippets.

@alexpts
Last active October 31, 2021 10:11
Show Gist options
  • Save alexpts/b950be54242ff7d65a91530f0b3375ba to your computer and use it in GitHub Desktop.
Save alexpts/b950be54242ff7d65a91530f0b3375ba to your computer and use it in GitHub Desktop.
gitlab + registry configs
#### Gitlab config - gitlab.rb
# default configs from omnibus + custom options
# Nginx Proxy + SSL
external_url = 'https://gitlab.ex.ru'
# Registry
registry_nginx['enable'] = false # disable gitlab nginx registry proxy
registry_external_url 'https://registry.ex.ru'
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = 'registry.ex.ru'
gitlab_rails['registry_port'] = 443
gitlab_rails['registry_api_url'] = 'http://registry:5000' # docker service name internal (skip nginx proxy)
gitlab_rails['registry_issuer'] = 'gitlab-issuer'
#registry['registry_key_path'] = '/etc/letsencrypt/live/registry.ex.ru/privkey.pem' #private
gitlab_rails['registry_key_path'] = '/etc/letsencrypt/live/registry.ex.ru/privkey.pem' #private
gitlab_rails['gitlab_default_projects_features_container_registry'] = true
---------------------------
#### Registry config - config.yml
version: 0.1
log:
level: info
formatter: text
storage:
filesystem:
rootdirectory: /data
cache:
blobdescriptor: inmemory
delete:
enabled: true
http:
addr: 0.0.0.0:5000
host: https://registry.ex.ru # nginx balancer address
secret: xxx
# tls:
# certificate: /etc/letsencrypt/live/registry.ex.ru/fullchain.pem
# key: /etc/letsencrypt/live/registry.ex.ru/privkey.pem
# minimumtls: tls1.3
headers:
X-Content-Type-Options: [ nosniff ]
health:
storagedriver:
enabled: true
interval: 60s
threshold: 3
auth:
token:
realm: https://gitlab.ex.ru/jwt/auth
service: container_registry
issuer: gitlab-issuer
rootcertbundle: /etc/letsencrypt/live/registry.ex.ru/fullchain.pem # public
autoredirect: false
-----------------------
### docker-compose.yml
version: "2.4"
services:
gitlab:
image: gitlab/gitlab-ce:14.4.1-ce.0
restart: always
cpu_count: 2
mem_limit: 3496m
memswap_limit: 3496m
volumes:
- ./gitlab/data:/var/opt/gitlab
- ./gitlab/logs:/var/logs/gitlab
- ./gitlab/etc:/etc/gitlab
- ./certbot/letsencrypt:/etc/letsencrypt:ro
ports:
- "0.0.0.0:22:22"
depends_on: ['nginx', 'registry']
# proxy to ci/registry + ssl
nginx:
image: nginx:alpine
restart: always
cpu_count: 1
mem_limit: 128m
memswap_limit: 128m
ports:
- 0.0.0.0:80:80
- 0.0.0.0:443:443
volumes:
- ./nginx/conf/main.nginx:/etc/nginx/nginx.conf:ro
- ./nginx/conf/sites/:/etc/nginx/sites/:ro
- ./certbot/letsencrypt/:/etc/letsencrypt/
registry:
image: registry:2.7
restart: always
#ports:
# - "127.0.0.1:5000:5000" # 5000 without tls only local
volumes:
- ./registry/config.yml:/etc/docker/registry/config.yml:ro # config above
- ./certbot/letsencrypt:/etc/letsencrypt:ro
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment