Skip to content

Instantly share code, notes, and snippets.

@pagdot

pagdot/docker-compose.yml

Created June 14, 2021 11:13
Show Gist options
  • Save pagdot/cedbb411e74176efb6a21a59bc3853a8 to your computer and use it in GitHub Desktop.
Save pagdot/cedbb411e74176efb6a21a59bc3853a8 to your computer and use it in GitHub Desktop.
Download ZIP
Exposing Gitlab (with builtin container registry) on nginx (linuxserver.io swag image)
Raw
docker-compose.yml
version: '3.4'
services:
gitlab:
image: gitlab/gitlab-ee:latest
restart: always
container_name: gitlab
environment:
TZ: Europa/Berlin
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://git.example.com'
gitlab_rails['gitlab_shell_ssh_port'] = 2022
# Docker registry
registry_external_url 'https://registry.example.com'
registry_nginx['ssl_certificate'] = "/etc/letsencrypt/live/example.com/fullchain.pem"
registry_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/example.com/privkey.pem"
registry_nginx['listen_port'] = 5050
registry_nginx['listen_https'] = true
# Add any other gitlab.rb configuration here, each on its own line
expose:
- 5050 # container registry
ports:
- '2022:22' # SSH git access
volumes:
- ./config:/etc/gitlab
- ./logs:/var/log/gitlab
- ./data:/var/opt/gitlab
- ./letsencrypt:/etc/letsencrypt:ro # symlink to SWAG letsencrypt folder
networks:
- reverse-proxy
networks:
reverse-proxy: # To connect with reverse proxy
external: true
Raw
gitlab.subdomain.conf
# make sure that your dns has a cname set for gitlab and that your gitlab container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name git.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
# include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
# include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app gitlab;
set $upstream_port 443;
set $upstream_proto https;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
Raw
gitlab_registry.subdomain.conf
# make sure that your dns has a cname set for gitlab and that your gitlab container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name registry.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
# include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
# include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app gitlab;
set $upstream_port 5050;
set $upstream_proto https;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@nikita-fuchs
Copy link

Thanks a lot. what are all those included config files like

include /config/nginx/proxy.conf;

where can I find them? are they needed?

@pagdot
Copy link
Author

pagdot commented Nov 6, 2024

This config was created to be used paired with the linuxserver swag image: https://github.com/linuxserver/docker-swag but should work in other setups to. E.g. here is the proxy.conf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment