====== GitLab 安裝相關紀錄 ======
* 安裝環境 : Alpine 3.20 + docker compose
===== docker compose (非正式 SSL 憑證) =====
* docker-compose.yml
services:
gitlab:
image: gitlab/gitlab-ce
container_name: gitlab
restart: always
hostname: 'git-demo.ichiayi.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
# Add any other gitlab.rb configuration here, each on its own line
external_url 'https://git-demo.ichiayi.com'
ports:
- '80:80'
- '443:443'
- '22:22'
volumes:
- './config:/etc/gitlab'
- './logs:/var/log/gitlab'
- './data:/var/opt/gitlab'
shm_size: '256m'
* 啟動服務
docker compose up -d
docker compose logs -f
* 查看自動產生的 root 密碼
cat config/initial_root_password
===== docker compose (含 ACME 自動更新 SSL 憑證) =====
* 目錄配置
.
├── .env
├── cloudflare.ini
├── docker-compose.yml
├── [config]
├── [data]
├── [logs]
├── [ssl]
* 建立 ssl 目錄與權限
rm -rf ssl/*
mkdir -p ssl
chmod 777 ssl
* 編輯 docker-compose.yml
services:
gitlab:
image: gitlab/gitlab-ce
container_name: gitlab
restart: always
hostname: '${DOMAIN_NAME}'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://${DOMAIN_NAME}'
letsencrypt['enable'] = false
nginx['ssl_certificate'] = "/etc/gitlab/ssl/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/privkey.pem"
nginx['enable'] = true
nginx['redirect_http_to_https'] = true
ports:
- '80:80'
- '443:443'
- '9022:22'
volumes:
- './config:/etc/gitlab'
- './logs:/var/log/gitlab'
- './data:/var/opt/gitlab'
- './ssl:/etc/gitlab/ssl'
shm_size: '256m'
networks:
- gitlab-network
certbot:
image: certbot/dns-cloudflare:latest
container_name: certbot
volumes:
- ./ssl:/etc/letsencrypt
- ./cloudflare.ini:/etc/secrets/cloudflare.ini:ro
entrypoint: "/bin/sh"
command:
- -c
- |
trap exit TERM;
while :; do
certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/secrets/cloudflare.ini \
-d ${DOMAIN_NAME} --non-interactive --agree-tos \
-m ${CF_EMAIL} || true;
if [ -f /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem ]; then
cp /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem /etc/letsencrypt/fullchain.pem;
cp /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem /etc/letsencrypt/privkey.pem;
chmod 644 /etc/letsencrypt/fullchain.pem /etc/letsencrypt/privkey.pem;
apk add --no-cache curl
echo "Waiting for GitLab to be ready..."
until curl -s http://gitlab:80/-/health > /dev/null; do
sleep 5
done
echo "Reloading GitLab configuration..."
curl -s --show-error --fail -X POST http://gitlab:80/-/api/v4/admin/application/settings/reload_without_downtime
fi
sleep 24h;
done
networks:
- gitlab-network
networks:
gitlab-network:
driver: bridge
* 編輯 .env 檔案 Exp.
DOMAIN_NAME=gitlab.ichiayi.com #Gitlab 網址
CF_EMAIL=adminn@mail.com #Cloudflare 帳號
* 編輯 cloudflare.ini 檔案 Exp.
dns_cloudflare_api_token = kvm8***********************************o
具有編輯 DNS 權限的 API Token , **不是Global API Key**
* 設定 .env 與 cloudflare.ini 權限
chmod 600 .env
chmod 600 cloudflare.ini
* 啟動服務
docker compose up -d
===== 參考網址 =====
* https://docs.gitlab.com/ee/install/docker/index.html
* https://docs.gitlab.com/ee/ci/enable_or_disable_ci.html#site-wide-admin-setting
* https://gitlab.com/gitlab-org/gitlab/-/issues/25876
* https://docs.gitlab.com/ee/api/settings.html
{{tag>gitlab tips}}