Created
June 14, 2021 11:13
-
-
Save pagdot/cedbb411e74176efb6a21a59bc3853a8 to your computer and use it in GitHub Desktop.
Exposing Gitlab (with builtin container registry) on nginx (linuxserver.io swag image)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3.4' | |
services: | |
gitlab: | |
image: gitlab/gitlab-ee:latest | |
restart: always | |
container_name: gitlab | |
environment: | |
TZ: Europa/Berlin | |
GITLAB_OMNIBUS_CONFIG: | | |
external_url 'https://git.example.com' | |
gitlab_rails['gitlab_shell_ssh_port'] = 2022 | |
# Docker registry | |
registry_external_url 'https://registry.example.com' | |
registry_nginx['ssl_certificate'] = "/etc/letsencrypt/live/example.com/fullchain.pem" | |
registry_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/example.com/privkey.pem" | |
registry_nginx['listen_port'] = 5050 | |
registry_nginx['listen_https'] = true | |
# Add any other gitlab.rb configuration here, each on its own line | |
expose: | |
- 5050 # container registry | |
ports: | |
- '2022:22' # SSH git access | |
volumes: | |
- ./config:/etc/gitlab | |
- ./logs:/var/log/gitlab | |
- ./data:/var/opt/gitlab | |
- ./letsencrypt:/etc/letsencrypt:ro # symlink to SWAG letsencrypt folder | |
networks: | |
- reverse-proxy | |
networks: | |
reverse-proxy: # To connect with reverse proxy | |
external: true | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# make sure that your dns has a cname set for gitlab and that your gitlab container is not using a base url | |
server { | |
listen 443 ssl; | |
listen [::]:443 ssl; | |
server_name git.*; | |
include /config/nginx/ssl.conf; | |
client_max_body_size 0; | |
# enable for ldap auth, fill in ldap details in ldap.conf | |
#include /config/nginx/ldap.conf; | |
# enable for Authelia | |
# include /config/nginx/authelia-server.conf; | |
location / { | |
# enable the next two lines for http auth | |
#auth_basic "Restricted"; | |
#auth_basic_user_file /config/nginx/.htpasswd; | |
# enable the next two lines for ldap auth | |
#auth_request /auth; | |
#error_page 401 =200 /ldaplogin; | |
# enable for Authelia | |
# include /config/nginx/authelia-location.conf; | |
include /config/nginx/proxy.conf; | |
resolver 127.0.0.11 valid=30s; | |
set $upstream_app gitlab; | |
set $upstream_port 443; | |
set $upstream_proto https; | |
proxy_pass $upstream_proto://$upstream_app:$upstream_port; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# make sure that your dns has a cname set for gitlab and that your gitlab container is not using a base url | |
server { | |
listen 443 ssl; | |
listen [::]:443 ssl; | |
server_name registry.*; | |
include /config/nginx/ssl.conf; | |
client_max_body_size 0; | |
# enable for ldap auth, fill in ldap details in ldap.conf | |
#include /config/nginx/ldap.conf; | |
# enable for Authelia | |
# include /config/nginx/authelia-server.conf; | |
location / { | |
# enable the next two lines for http auth | |
#auth_basic "Restricted"; | |
#auth_basic_user_file /config/nginx/.htpasswd; | |
# enable the next two lines for ldap auth | |
#auth_request /auth; | |
#error_page 401 =200 /ldaplogin; | |
# enable for Authelia | |
# include /config/nginx/authelia-location.conf; | |
include /config/nginx/proxy.conf; | |
resolver 127.0.0.11 valid=30s; | |
set $upstream_app gitlab; | |
set $upstream_port 5050; | |
set $upstream_proto https; | |
proxy_pass $upstream_proto://$upstream_app:$upstream_port; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment