jegade/docker-compose.yml

## docker-compose.yml
version: '2'

services:
  smtp:
    image: mwader/postfix-relay
    container_name: smtp
    restart: always
    environment:
      - POSTFIX_myhostname=relay.example.com

  caddy:
    container_name: frontend-gitlab
    image: abiosoft/caddy:latest
    restart: always
    command: "-conf /etc/Caddyfile -log stdout -http2=false "
    volumes:
       - ./Caddyfile:/etc/Caddyfile
       - ./certs:/etc/caddycerts
    environment:
        CADDYPATH: /etc/caddycerts
    ports:
       - "10.0.0.1:80:80"
       - "10.0.0.1:443:443"
       - "10.0.0.2:443:5005"
  redis:
    restart: always
    image: sameersbn/redis:latest
    command:
    - --loglevel warning
    volumes:
    - /volumes/gitlab/redis:/var/lib/redis:Z

  postgresql:
    restart: always
    image: sameersbn/postgresql:9.5-3
    volumes:
    - /volumes/gitlab/postgresql:/var/lib/postgresql:Z
    environment:
    - DB_USER=gitlab
    - DB_PASS=password
    - DB_NAME=gitlabhq_production
    - DB_EXTENSION=pg_trgm

  gitlab:
    container_name: gitlab
    restart: always
    image: sameersbn/gitlab:8.14.5
    depends_on:
     - redis
     - postgresql
    ports:
     - "22:22"
    volumes:
     - /volumes/gitlab/gitlab:/home/git/data:Z
     - ./certs:/certs
    environment:
    - DEBUG=false

    - DB_ADAPTER=postgresql
    - DB_HOST=postgresql
    - DB_PORT=5432
    - DB_USER=gitlab
    - DB_PASS=password
    - DB_NAME=gitlabhq_production

    - REDIS_HOST=redis
    - REDIS_PORT=6379

    - TZ=Europe/Berlin
    - GITLAB_TIMEZONE=Berlin

    - GITLAB_HTTPS=true
    - SSL_SELF_SIGNED=false

    - GITLAB_HOST=git.example.com
    - GITLAB_PORT=443
    - GITLAB_SSH_PORT=22
    - GITLAB_RELATIVE_URL_ROOT=
    - GITLAB_SECRETS_DB_KEY_BASE=xxxxxxxxxxxx
    - GITLAB_SECRETS_SECRET_KEY_BASE=xxxxxxxxxxxxxxxxx
    - GITLAB_SECRETS_OTP_KEY_BASE=xxxxxxxxxxxxxxxxx


    - GITLAB_REGISTRY_ENABLED=true
    - GITLAB_REGISTRY_HOST=hub.example.com
    - GITLAB_REGISTRY_PORT=443
    - GITLAB_REGISTRY_API_URL=http://registry:5000
    - GITLAB_REGISTRY_KEY_PATH=/certs/acme/acme-v01.api.letsencrypt.org/sites/hub.example.com/hub.example.com.key
    - GITLAB_REGISTRY_ISSUER=gitlab-issuer

    - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
    - GITLAB_NOTIFY_PUSHER=false

    - GITLAB_EMAIL=notifications@example.com
    - GITLAB_EMAIL_REPLY_TO=noreply@example.com
    - GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com

    - GITLAB_BACKUP_SCHEDULE=daily
    - GITLAB_BACKUP_TIME=04:00
    - GITLAB_BACKUP_EXPIRY=3600

    - SMTP_ENABLED=true
    - SMTP_HOST=smtp
    - SMTP_PORT=25
    - SMTP_AUTHENTICATION=false
    - SMTP_STARTTLS=false

    - IMAP_ENABLED=false
    - IMAP_HOST=imap.gmail.com
    - IMAP_PORT=993
    - IMAP_USER=mailer@example.com
    - IMAP_PASS=password
    - IMAP_SSL=true
    - IMAP_STARTTLS=false

    - OAUTH_ENABLED=false
    - OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
    - OAUTH_ALLOW_SSO=
    - OAUTH_BLOCK_AUTO_CREATED_USERS=true
    - OAUTH_AUTO_LINK_LDAP_USER=false
    - OAUTH_AUTO_LINK_SAML_USER=false
    - OAUTH_EXTERNAL_PROVIDERS=

    - OAUTH_CAS3_LABEL=cas3
    - OAUTH_CAS3_SERVER=
    - OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
    - OAUTH_CAS3_LOGIN_URL=/cas/login
    - OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
    - OAUTH_CAS3_LOGOUT_URL=/cas/logout

    - OAUTH_GOOGLE_API_KEY=
    - OAUTH_GOOGLE_APP_SECRET=
    - OAUTH_GOOGLE_RESTRICT_DOMAIN=

    - OAUTH_FACEBOOK_API_KEY=
    - OAUTH_FACEBOOK_APP_SECRET=

    - OAUTH_TWITTER_API_KEY=
    - OAUTH_TWITTER_APP_SECRET=

    - OAUTH_GITHUB_API_KEY=
    - OAUTH_GITHUB_APP_SECRET=
    - OAUTH_GITHUB_URL=
    - OAUTH_GITHUB_VERIFY_SSL=

    - OAUTH_GITLAB_API_KEY=
    - OAUTH_GITLAB_APP_SECRET=

    - OAUTH_BITBUCKET_API_KEY=
    - OAUTH_BITBUCKET_APP_SECRET=

    - OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
    - OAUTH_SAML_IDP_CERT_FINGERPRINT=
    - OAUTH_SAML_IDP_SSO_TARGET_URL=
    - OAUTH_SAML_ISSUER=
    - OAUTH_SAML_LABEL="Our SAML Provider"
    - OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
    - OAUTH_SAML_GROUPS_ATTRIBUTE=
    - OAUTH_SAML_EXTERNAL_GROUPS=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=

    - OAUTH_CROWD_SERVER_URL=
    - OAUTH_CROWD_APP_NAME=
    - OAUTH_CROWD_APP_PASSWORD=

    - OAUTH_AUTH0_CLIENT_ID=
    - OAUTH_AUTH0_CLIENT_SECRET=
    - OAUTH_AUTH0_DOMAIN=

    - OAUTH_AZURE_API_KEY=
    - OAUTH_AZURE_API_SECRET=
    - OAUTH_AZURE_TENANT_ID=

  registry:
    container_name: registry
    restart: always
    image: registry
    volumes:
     - /volumes/gitlab/gitlab/shared/registry:/registry
     - ./certs:/certs
    environment:
     - REGISTRY_LOG_LEVEL=info
     - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
     - REGISTRY_AUTH_TOKEN_REALM=https://hub.example.comt/jwt/auth
     - REGISTRY_AUTH_TOKEN_SERVICE=container_registry
     - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
     - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/acme/acme-v01.api.letsencrypt.org/sites/hub.example.com/hub.example.com.crt
     - REGISTRY_STORAGE_DELETE_ENABLED=true
	version: '2'

	services:
	smtp:
	image: mwader/postfix-relay
	container_name: smtp
	restart: always
	environment:
	- POSTFIX_myhostname=relay.example.com

	caddy:
	container_name: frontend-gitlab
	image: abiosoft/caddy:latest
	restart: always
	command: "-conf /etc/Caddyfile -log stdout -http2=false "
	volumes:
	- ./Caddyfile:/etc/Caddyfile
	- ./certs:/etc/caddycerts
	environment:
	CADDYPATH: /etc/caddycerts
	ports:
	- "10.0.0.1:80:80"
	- "10.0.0.1:443:443"
	- "10.0.0.2:443:5005"
	redis:
	restart: always
	image: sameersbn/redis:latest
	command:
	- --loglevel warning
	volumes:
	- /volumes/gitlab/redis:/var/lib/redis:Z

	postgresql:
	restart: always
	image: sameersbn/postgresql:9.5-3
	volumes:
	- /volumes/gitlab/postgresql:/var/lib/postgresql:Z
	environment:
	- DB_USER=gitlab
	- DB_PASS=password
	- DB_NAME=gitlabhq_production
	- DB_EXTENSION=pg_trgm

	gitlab:
	container_name: gitlab
	restart: always
	image: sameersbn/gitlab:8.14.5
	depends_on:
	- redis
	- postgresql
	ports:
	- "22:22"
	volumes:
	- /volumes/gitlab/gitlab:/home/git/data:Z
	- ./certs:/certs
	environment:
	- DEBUG=false

	- DB_ADAPTER=postgresql
	- DB_HOST=postgresql
	- DB_PORT=5432
	- DB_USER=gitlab
	- DB_PASS=password
	- DB_NAME=gitlabhq_production

	- REDIS_HOST=redis
	- REDIS_PORT=6379

	- TZ=Europe/Berlin
	- GITLAB_TIMEZONE=Berlin

	- GITLAB_HTTPS=true
	- SSL_SELF_SIGNED=false

	- GITLAB_HOST=git.example.com
	- GITLAB_PORT=443
	- GITLAB_SSH_PORT=22
	- GITLAB_RELATIVE_URL_ROOT=
	- GITLAB_SECRETS_DB_KEY_BASE=xxxxxxxxxxxx
	- GITLAB_SECRETS_SECRET_KEY_BASE=xxxxxxxxxxxxxxxxx
	- GITLAB_SECRETS_OTP_KEY_BASE=xxxxxxxxxxxxxxxxx


	- GITLAB_REGISTRY_ENABLED=true
	- GITLAB_REGISTRY_HOST=hub.example.com
	- GITLAB_REGISTRY_PORT=443
	- GITLAB_REGISTRY_API_URL=http://registry:5000
	- GITLAB_REGISTRY_KEY_PATH=/certs/acme/acme-v01.api.letsencrypt.org/sites/hub.example.com/hub.example.com.key
	- GITLAB_REGISTRY_ISSUER=gitlab-issuer

	- GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
	- GITLAB_NOTIFY_PUSHER=false

	- GITLAB_EMAIL=notifications@example.com
	- GITLAB_EMAIL_REPLY_TO=noreply@example.com
	- GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com

	- GITLAB_BACKUP_SCHEDULE=daily
	- GITLAB_BACKUP_TIME=04:00
	- GITLAB_BACKUP_EXPIRY=3600

	- SMTP_ENABLED=true
	- SMTP_HOST=smtp
	- SMTP_PORT=25
	- SMTP_AUTHENTICATION=false
	- SMTP_STARTTLS=false

	- IMAP_ENABLED=false
	- IMAP_HOST=imap.gmail.com
	- IMAP_PORT=993
	- IMAP_USER=mailer@example.com
	- IMAP_PASS=password
	- IMAP_SSL=true
	- IMAP_STARTTLS=false

	- OAUTH_ENABLED=false
	- OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
	- OAUTH_ALLOW_SSO=
	- OAUTH_BLOCK_AUTO_CREATED_USERS=true
	- OAUTH_AUTO_LINK_LDAP_USER=false
	- OAUTH_AUTO_LINK_SAML_USER=false
	- OAUTH_EXTERNAL_PROVIDERS=

	- OAUTH_CAS3_LABEL=cas3
	- OAUTH_CAS3_SERVER=
	- OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
	- OAUTH_CAS3_LOGIN_URL=/cas/login
	- OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
	- OAUTH_CAS3_LOGOUT_URL=/cas/logout

	- OAUTH_GOOGLE_API_KEY=
	- OAUTH_GOOGLE_APP_SECRET=
	- OAUTH_GOOGLE_RESTRICT_DOMAIN=

	- OAUTH_FACEBOOK_API_KEY=
	- OAUTH_FACEBOOK_APP_SECRET=

	- OAUTH_TWITTER_API_KEY=
	- OAUTH_TWITTER_APP_SECRET=

	- OAUTH_GITHUB_API_KEY=
	- OAUTH_GITHUB_APP_SECRET=
	- OAUTH_GITHUB_URL=
	- OAUTH_GITHUB_VERIFY_SSL=

	- OAUTH_GITLAB_API_KEY=
	- OAUTH_GITLAB_APP_SECRET=

	- OAUTH_BITBUCKET_API_KEY=
	- OAUTH_BITBUCKET_APP_SECRET=

	- OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
	- OAUTH_SAML_IDP_CERT_FINGERPRINT=
	- OAUTH_SAML_IDP_SSO_TARGET_URL=
	- OAUTH_SAML_ISSUER=
	- OAUTH_SAML_LABEL="Our SAML Provider"
	- OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
	- OAUTH_SAML_GROUPS_ATTRIBUTE=
	- OAUTH_SAML_EXTERNAL_GROUPS=
	- OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
	- OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
	- OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
	- OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=

	- OAUTH_CROWD_SERVER_URL=
	- OAUTH_CROWD_APP_NAME=
	- OAUTH_CROWD_APP_PASSWORD=

	- OAUTH_AUTH0_CLIENT_ID=
	- OAUTH_AUTH0_CLIENT_SECRET=
	- OAUTH_AUTH0_DOMAIN=

	- OAUTH_AZURE_API_KEY=
	- OAUTH_AZURE_API_SECRET=
	- OAUTH_AZURE_TENANT_ID=

	registry:
	container_name: registry
	restart: always
	image: registry
	volumes:
	- /volumes/gitlab/gitlab/shared/registry:/registry
	- ./certs:/certs
	environment:
	- REGISTRY_LOG_LEVEL=info
	- REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
	- REGISTRY_AUTH_TOKEN_REALM=https://hub.example.comt/jwt/auth
	- REGISTRY_AUTH_TOKEN_SERVICE=container_registry
	- REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
	- REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/acme/acme-v01.api.letsencrypt.org/sites/hub.example.com/hub.example.com.crt
	- REGISTRY_STORAGE_DELETE_ENABLED=true