alexpts/configs.yml

## configs.yml
#### Gitlab config - gitlab.rb

# default configs from omnibus + custom options

# Nginx Proxy + SSL
external_url = 'https://gitlab.ex.ru'

# Registry
registry_nginx['enable'] = false  # disable gitlab nginx registry proxy

registry_external_url 'https://registry.ex.ru'
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = 'registry.ex.ru'
gitlab_rails['registry_port'] = 443
gitlab_rails['registry_api_url'] = 'http://registry:5000' # docker service name internal (skip nginx proxy)
gitlab_rails['registry_issuer'] = 'gitlab-issuer'
#registry['registry_key_path'] = '/etc/letsencrypt/live/registry.ex.ru/privkey.pem' #private
gitlab_rails['registry_key_path'] = '/etc/letsencrypt/live/registry.ex.ru/privkey.pem' #private
gitlab_rails['gitlab_default_projects_features_container_registry'] = true


---------------------------

#### Registry config - config.yml

version: 0.1
log:
  level: info
  formatter: text

storage:
  filesystem:
    rootdirectory: /data
  cache:
    blobdescriptor: inmemory
  delete:
    enabled: true

http:
  addr: 0.0.0.0:5000
  host: https://registry.ex.ru # nginx balancer address
  secret: xxx
#  tls:
#    certificate: /etc/letsencrypt/live/registry.ex.ru/fullchain.pem
#    key: /etc/letsencrypt/live/registry.ex.ru/privkey.pem
#    minimumtls: tls1.3
  headers:
    X-Content-Type-Options: [ nosniff ]

health:
  storagedriver:
    enabled: true
    interval: 60s
    threshold: 3

auth:
  token:
    realm: https://gitlab.ex.ru/jwt/auth
    service: container_registry
    issuer: gitlab-issuer
    rootcertbundle: /etc/letsencrypt/live/registry.ex.ru/fullchain.pem # public
    autoredirect: false


-----------------------


### docker-compose.yml


version: "2.4"

services:
  gitlab:
    image: gitlab/gitlab-ce:14.4.1-ce.0
    restart: always
    cpu_count: 2
    mem_limit: 3496m
    memswap_limit: 3496m
    volumes:
      - ./gitlab/data:/var/opt/gitlab
      - ./gitlab/logs:/var/logs/gitlab
      - ./gitlab/etc:/etc/gitlab
      - ./certbot/letsencrypt:/etc/letsencrypt:ro
    ports:
      - "0.0.0.0:22:22"
    depends_on: ['nginx', 'registry']


  # proxy to ci/registry + ssl
  nginx:
    image: nginx:alpine
    restart: always
    cpu_count: 1
    mem_limit: 128m
    memswap_limit: 128m
    ports:
      - 0.0.0.0:80:80
      - 0.0.0.0:443:443
    volumes:
      - ./nginx/conf/main.nginx:/etc/nginx/nginx.conf:ro
      - ./nginx/conf/sites/:/etc/nginx/sites/:ro
      - ./certbot/letsencrypt/:/etc/letsencrypt/

registry:
    image: registry:2.7
    restart: always
    #ports:
    #  - "127.0.0.1:5000:5000" # 5000 without tls only local
    volumes:
      - ./registry/config.yml:/etc/docker/registry/config.yml:ro # config above
      - ./certbot/letsencrypt:/etc/letsencrypt:ro
	#### Gitlab config - gitlab.rb

	# default configs from omnibus + custom options

	# Nginx Proxy + SSL
	external_url = 'https://gitlab.ex.ru'

	# Registry
	registry_nginx['enable'] = false # disable gitlab nginx registry proxy

	registry_external_url 'https://registry.ex.ru'
	gitlab_rails['registry_enabled'] = true
	gitlab_rails['registry_host'] = 'registry.ex.ru'
	gitlab_rails['registry_port'] = 443
	gitlab_rails['registry_api_url'] = 'http://registry:5000' # docker service name internal (skip nginx proxy)
	gitlab_rails['registry_issuer'] = 'gitlab-issuer'
	#registry['registry_key_path'] = '/etc/letsencrypt/live/registry.ex.ru/privkey.pem' #private
	gitlab_rails['registry_key_path'] = '/etc/letsencrypt/live/registry.ex.ru/privkey.pem' #private
	gitlab_rails['gitlab_default_projects_features_container_registry'] = true


	---------------------------

	#### Registry config - config.yml

	version: 0.1
	log:
	level: info
	formatter: text

	storage:
	filesystem:
	rootdirectory: /data
	cache:
	blobdescriptor: inmemory
	delete:
	enabled: true

	http:
	addr: 0.0.0.0:5000
	host: https://registry.ex.ru # nginx balancer address
	secret: xxx
	# tls:
	# certificate: /etc/letsencrypt/live/registry.ex.ru/fullchain.pem
	# key: /etc/letsencrypt/live/registry.ex.ru/privkey.pem
	# minimumtls: tls1.3
	headers:
	X-Content-Type-Options: [ nosniff ]

	health:
	storagedriver:
	enabled: true
	interval: 60s
	threshold: 3

	auth:
	token:
	realm: https://gitlab.ex.ru/jwt/auth
	service: container_registry
	issuer: gitlab-issuer
	rootcertbundle: /etc/letsencrypt/live/registry.ex.ru/fullchain.pem # public
	autoredirect: false


	-----------------------


	### docker-compose.yml


	version: "2.4"

	services:
	gitlab:
	image: gitlab/gitlab-ce:14.4.1-ce.0
	restart: always
	cpu_count: 2
	mem_limit: 3496m
	memswap_limit: 3496m
	volumes:
	- ./gitlab/data:/var/opt/gitlab
	- ./gitlab/logs:/var/logs/gitlab
	- ./gitlab/etc:/etc/gitlab
	- ./certbot/letsencrypt:/etc/letsencrypt:ro
	ports:
	- "0.0.0.0:22:22"
	depends_on: ['nginx', 'registry']


	# proxy to ci/registry + ssl
	nginx:
	image: nginx:alpine
	restart: always
	cpu_count: 1
	mem_limit: 128m
	memswap_limit: 128m
	ports:
	- 0.0.0.0:80:80
	- 0.0.0.0:443:443
	volumes:
	- ./nginx/conf/main.nginx:/etc/nginx/nginx.conf:ro
	- ./nginx/conf/sites/:/etc/nginx/sites/:ro
	- ./certbot/letsencrypt/:/etc/letsencrypt/

	registry:
	image: registry:2.7
	restart: always
	#ports:
	# - "127.0.0.1:5000:5000" # 5000 without tls only local
	volumes:
	- ./registry/config.yml:/etc/docker/registry/config.yml:ro # config above
	- ./certbot/letsencrypt:/etc/letsencrypt:ro