Skip to content

Instantly share code, notes, and snippets.

@putvr

putvr/.env

Created June 14, 2024 06:40
Show Gist options
  • Save putvr/3c8574e521ce4b7c68fd55123dd4b4e0 to your computer and use it in GitHub Desktop.
Save putvr/3c8574e521ce4b7c68fd55123dd4b4e0 to your computer and use it in GitHub Desktop.
Download ZIP
Gitlab + gitlab-runner + gitlab-registry + docker + traefik 3
Raw
.env
# Sample .env
# configure DNS correctly!
TRAEFIK_DOMAIN=gl.local
ACME_EMAIL=admin@gl.local
GITLAB_URL=gl.local
GITLAB_EXTERNAL_URL=http://gl.local
REGISTRY_URL=registry.gl.local
REGISTRY_EXTERNAL_URL=http://registry.gl.local
Raw
docker-compose.yml
services:
reverse-proxy:
container_name: reverse-proxy
image: traefik:v3.0
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./letsencrypt:/letsencrypt
networks:
- traefik-proxy
command:
- --api.dashboard=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entryPoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.asDefault=true
# - --entrypoints.ssh.address=:2222
- --entrypoints.websecure.http.tls.certresolver=le
- --certificatesresolvers.le.acme.email=${ACME_EMAIL}
- --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
# - --certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --providers.docker
- --providers.docker.network=traefik-proxy
- --providers.docker.exposedByDefault=false
gitlab:
image: gitlab/gitlab-ce:latest
hostname: ${GITLAB_URL}
container_name: gitlab
restart: always
privileged: true
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url '${GITLAB_EXTERNAL_URL}'
nginx['listen_https'] = false
nginx['listen_port'] = 80
registry_external_url '${REGISTRY_EXTERNAL_URL}'
registry_nginx['listen_port'] = 5100
registry_nginx['listen_https'] = false
registry_nginx['proxy_set_headers'] = {
"Host" => "$$http_host",
"X-Real-IP" => "$$remote_addr",
"X-Forwarded-For" => "$$proxy_add_x_forwarded_for",
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
labels:
- traefik.enable=true
- traefik.http.routers.gitlab.rule=Host(`${GITLAB_URL}`)
- traefik.http.routers.gitlab.entrypoints=websecure
- traefik.http.routers.gitlab.service=gitlab-main
- traefik.http.services.gitlab-main.loadbalancer.server.port=80
# - traefik.tcp.routers.gitlab-ssh.rule=HostSNI(${GITLAB_URL})
# - traefik.tcp.routers.gitlab-ssh.entrypoints=ssh
# - traefik.tcp.routers.gitlab-ssh.service=gitlab-ssh-svc
# - traefik.tcp.services.gitlab-ssh-svc.loadbalancer.server.port=2222
- traefik.http.routers.registry.rule=Host(`${REGISTRY_URL}`)
- traefik.http.routers.registry.entrypoints=websecure
- traefik.http.routers.registry.service=gitlab-registry
- traefik.http.services.gitlab-registry.loadbalancer.server.port=5100
volumes:
- ./volumes/config:/etc/gitlab
- ./volumes/logs:/var/log/gitlab
- ./volumes/data:/var/opt/gitlab
shm_size: "256m"
networks:
- traefik-proxy
- private
- gitlab-network
gitlab-runner:
image: gitlab/gitlab-runner:latest
container_name: gitlab-runner
labels:
- traefik.enable=false
depends_on:
- gitlab.lab
restart: always
volumes:
- ./runner-data:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
networks:
- gitlab-network
networks:
traefik-proxy:
name: traefik-proxy
external: false
private:
name: private
external: false
gitlab-network:
name: gitlab-network
external: false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment