yen3/Caddyfile

## README.md

      
    Raw
  

              README.md
            
          
    See the blog post to get more details: https://yen3.github.io/posts/2018/gitlab_https/

  
## Caddyfile
https://gitlab.example.com {
    proxy / https://localhost:10443 {
        insecure_skip_verify
        transparent
    }
    tls {
        dns gandiv5
    }
}

## docker-compose.yml
version: '2'

services:
  redis:
    restart: always
    image: sameersbn/redis:4.0.9-1
    command:
    - --loglevel warning
    volumes:
    - ./data/gitlab/redis:/var/lib/redis:Z

  postgresql:
    restart: always
    image: sameersbn/postgresql:10
    volumes:
    - ./data/gitlab/postgresql:/var/lib/postgresql:Z
    environment:
    - DB_USER=gitlab
    - DB_PASS=password
    - DB_NAME=gitlabhq_production
    - DB_EXTENSION=pg_trgm

  gitlab:
    restart: always
    image: sameersbn/gitlab:11.5.3
    depends_on:
    - redis
    - postgresql
    ports:
    - "10080:80"
    - "10443:443"
    - "10022:22"
    volumes:
    - ./data/gitlab/gitlab:/home/git/data:Z
    environment:
    - DEBUG=false

    - DB_ADAPTER=postgresql
    - DB_HOST=postgresql
    - DB_PORT=5432
    - DB_USER=gitlab
    - DB_PASS=password
    - DB_NAME=gitlabhq_production

    - REDIS_HOST=redis
    - REDIS_PORT=6379

    - TZ=Asia/Taipei
    - GITLAB_TIMEZONE=Taipei

    - GITLAB_HTTPS=true
    - SSL_SELF_SIGNED=true

    - GITLAB_HOST=gitlab.example.com
    - GITLAB_PORT=443
    - GITLAB_SSH_PORT=10022
    - GITLAB_RELATIVE_URL_ROOT=
    - GITLAB_SECRETS_DB_KEY_BASE=3rMqNRMzFTcXFFmx4d3wtsqcghvFkmNsndnsnHdhMg9Hd47RkrhqxLzxKTXx7hsm
    - GITLAB_SECRETS_SECRET_KEY_BASE=3rMqNRMzFTcXFFmx4d3wtsqcghvFkmNsndnsnHdhMg9Hd47RkrhqxLzxKTXx7hsm
    - GITLAB_SECRETS_OTP_KEY_BASE=3rMqNRMzFTcXFFmx4d3wtsqcghvFkmNsndnsnHdhMg9Hd47RkrhqxLzxKTXx7hsm

    - GITLAB_ROOT_PASSWORD=<your-password>
    - GITLAB_ROOT_EMAIL=<your-email>

    - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
    - GITLAB_NOTIFY_PUSHER=false

    - GITLAB_EMAIL=notifications@example.com
    - GITLAB_EMAIL_REPLY_TO=noreply@example.com
    - GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com

    - GITLAB_BACKUP_SCHEDULE=daily
    - GITLAB_BACKUP_TIME=01:00

    - SMTP_ENABLED=false
    - SMTP_DOMAIN=www.example.com
    - SMTP_HOST=smtp.gmail.com
    - SMTP_PORT=587
    - SMTP_USER=mailer@example.com
    - SMTP_PASS=password
    - SMTP_STARTTLS=true
    - SMTP_AUTHENTICATION=login

    - IMAP_ENABLED=false
    - IMAP_HOST=imap.gmail.com
    - IMAP_PORT=993
    - IMAP_USER=mailer@example.com
    - IMAP_PASS=password
    - IMAP_SSL=true
    - IMAP_STARTTLS=false

    - OAUTH_ENABLED=false
    - OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
    - OAUTH_ALLOW_SSO=
    - OAUTH_BLOCK_AUTO_CREATED_USERS=true
    - OAUTH_AUTO_LINK_LDAP_USER=false
    - OAUTH_AUTO_LINK_SAML_USER=false
    - OAUTH_EXTERNAL_PROVIDERS=

    - OAUTH_CAS3_LABEL=cas3
    - OAUTH_CAS3_SERVER=
    - OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
    - OAUTH_CAS3_LOGIN_URL=/cas/login
    - OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
    - OAUTH_CAS3_LOGOUT_URL=/cas/logout

    - OAUTH_GOOGLE_API_KEY=
    - OAUTH_GOOGLE_APP_SECRET=
    - OAUTH_GOOGLE_RESTRICT_DOMAIN=

    - OAUTH_FACEBOOK_API_KEY=
    - OAUTH_FACEBOOK_APP_SECRET=

    - OAUTH_TWITTER_API_KEY=
    - OAUTH_TWITTER_APP_SECRET=

    - OAUTH_GITHUB_API_KEY=
    - OAUTH_GITHUB_APP_SECRET=
    - OAUTH_GITHUB_URL=
    - OAUTH_GITHUB_VERIFY_SSL=

    - OAUTH_GITLAB_API_KEY=
    - OAUTH_GITLAB_APP_SECRET=

    - OAUTH_BITBUCKET_API_KEY=
    - OAUTH_BITBUCKET_APP_SECRET=

    - OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
    - OAUTH_SAML_IDP_CERT_FINGERPRINT=
    - OAUTH_SAML_IDP_SSO_TARGET_URL=
    - OAUTH_SAML_ISSUER=
    - OAUTH_SAML_LABEL="Our SAML Provider"
    - OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
    - OAUTH_SAML_GROUPS_ATTRIBUTE=
    - OAUTH_SAML_EXTERNAL_GROUPS=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=

    - OAUTH_CROWD_SERVER_URL=
    - OAUTH_CROWD_APP_NAME=
    - OAUTH_CROWD_APP_PASSWORD=

    - OAUTH_AUTH0_CLIENT_ID=
    - OAUTH_AUTH0_CLIENT_SECRET=
    - OAUTH_AUTH0_DOMAIN=

    - OAUTH_AZURE_API_KEY=
    - OAUTH_AZURE_API_SECRET=
    - OAUTH_AZURE_TENANT_ID=
	https://gitlab.example.com {
	proxy / https://localhost:10443 {
	insecure_skip_verify
	transparent
	}
	tls {
	dns gandiv5
	}
	}
	version: '2'

	services:
	redis:
	restart: always
	image: sameersbn/redis:4.0.9-1
	command:
	- --loglevel warning
	volumes:
	- ./data/gitlab/redis:/var/lib/redis:Z

	postgresql:
	restart: always
	image: sameersbn/postgresql:10
	volumes:
	- ./data/gitlab/postgresql:/var/lib/postgresql:Z
	environment:
	- DB_USER=gitlab
	- DB_PASS=password
	- DB_NAME=gitlabhq_production
	- DB_EXTENSION=pg_trgm

	gitlab:
	restart: always
	image: sameersbn/gitlab:11.5.3
	depends_on:
	- redis
	- postgresql
	ports:
	- "10080:80"
	- "10443:443"
	- "10022:22"
	volumes:
	- ./data/gitlab/gitlab:/home/git/data:Z
	environment:
	- DEBUG=false

	- DB_ADAPTER=postgresql
	- DB_HOST=postgresql
	- DB_PORT=5432
	- DB_USER=gitlab
	- DB_PASS=password
	- DB_NAME=gitlabhq_production

	- REDIS_HOST=redis
	- REDIS_PORT=6379

	- TZ=Asia/Taipei
	- GITLAB_TIMEZONE=Taipei

	- GITLAB_HTTPS=true
	- SSL_SELF_SIGNED=true

	- GITLAB_HOST=gitlab.example.com
	- GITLAB_PORT=443
	- GITLAB_SSH_PORT=10022
	- GITLAB_RELATIVE_URL_ROOT=
	- GITLAB_SECRETS_DB_KEY_BASE=3rMqNRMzFTcXFFmx4d3wtsqcghvFkmNsndnsnHdhMg9Hd47RkrhqxLzxKTXx7hsm
	- GITLAB_SECRETS_SECRET_KEY_BASE=3rMqNRMzFTcXFFmx4d3wtsqcghvFkmNsndnsnHdhMg9Hd47RkrhqxLzxKTXx7hsm
	- GITLAB_SECRETS_OTP_KEY_BASE=3rMqNRMzFTcXFFmx4d3wtsqcghvFkmNsndnsnHdhMg9Hd47RkrhqxLzxKTXx7hsm

	- GITLAB_ROOT_PASSWORD=<your-password>
	- GITLAB_ROOT_EMAIL=<your-email>

	- GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
	- GITLAB_NOTIFY_PUSHER=false

	- GITLAB_EMAIL=notifications@example.com
	- GITLAB_EMAIL_REPLY_TO=noreply@example.com
	- GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com

	- GITLAB_BACKUP_SCHEDULE=daily
	- GITLAB_BACKUP_TIME=01:00

	- SMTP_ENABLED=false
	- SMTP_DOMAIN=www.example.com
	- SMTP_HOST=smtp.gmail.com
	- SMTP_PORT=587
	- SMTP_USER=mailer@example.com
	- SMTP_PASS=password
	- SMTP_STARTTLS=true
	- SMTP_AUTHENTICATION=login

	- IMAP_ENABLED=false
	- IMAP_HOST=imap.gmail.com
	- IMAP_PORT=993
	- IMAP_USER=mailer@example.com
	- IMAP_PASS=password
	- IMAP_SSL=true
	- IMAP_STARTTLS=false

	- OAUTH_ENABLED=false
	- OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
	- OAUTH_ALLOW_SSO=
	- OAUTH_BLOCK_AUTO_CREATED_USERS=true
	- OAUTH_AUTO_LINK_LDAP_USER=false
	- OAUTH_AUTO_LINK_SAML_USER=false
	- OAUTH_EXTERNAL_PROVIDERS=

	- OAUTH_CAS3_LABEL=cas3
	- OAUTH_CAS3_SERVER=
	- OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
	- OAUTH_CAS3_LOGIN_URL=/cas/login
	- OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
	- OAUTH_CAS3_LOGOUT_URL=/cas/logout

	- OAUTH_GOOGLE_API_KEY=
	- OAUTH_GOOGLE_APP_SECRET=
	- OAUTH_GOOGLE_RESTRICT_DOMAIN=

	- OAUTH_FACEBOOK_API_KEY=
	- OAUTH_FACEBOOK_APP_SECRET=

	- OAUTH_TWITTER_API_KEY=
	- OAUTH_TWITTER_APP_SECRET=

	- OAUTH_GITHUB_API_KEY=
	- OAUTH_GITHUB_APP_SECRET=
	- OAUTH_GITHUB_URL=
	- OAUTH_GITHUB_VERIFY_SSL=

	- OAUTH_GITLAB_API_KEY=
	- OAUTH_GITLAB_APP_SECRET=

	- OAUTH_BITBUCKET_API_KEY=
	- OAUTH_BITBUCKET_APP_SECRET=

	- OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
	- OAUTH_SAML_IDP_CERT_FINGERPRINT=
	- OAUTH_SAML_IDP_SSO_TARGET_URL=
	- OAUTH_SAML_ISSUER=
	- OAUTH_SAML_LABEL="Our SAML Provider"
	- OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
	- OAUTH_SAML_GROUPS_ATTRIBUTE=
	- OAUTH_SAML_EXTERNAL_GROUPS=
	- OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
	- OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
	- OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
	- OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=

	- OAUTH_CROWD_SERVER_URL=
	- OAUTH_CROWD_APP_NAME=
	- OAUTH_CROWD_APP_PASSWORD=

	- OAUTH_AUTH0_CLIENT_ID=
	- OAUTH_AUTH0_CLIENT_SECRET=
	- OAUTH_AUTH0_DOMAIN=

	- OAUTH_AZURE_API_KEY=
	- OAUTH_AZURE_API_SECRET=
	- OAUTH_AZURE_TENANT_ID=