GitLab 安裝相關紀錄

安裝環境 : Alpine 3.20 + docker compose

docker compose (非正式 SSL 憑證)

docker-compose.yml

services:
  gitlab:
    image: gitlab/gitlab-ce
    container_name: gitlab
    restart: always
    hostname: 'git-demo.ichiayi.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        # Add any other gitlab.rb configuration here, each on its own line
        external_url 'https://git-demo.ichiayi.com'
    ports:
      - '80:80'
      - '443:443'
      - '22:22'
    volumes:
      - './config:/etc/gitlab'
      - './logs:/var/log/gitlab'
      - './data:/var/opt/gitlab'
    shm_size: '256m'

啟動服務

docker compose up -d
docker compose logs -f

查看自動產生的 root 密碼
```
cat config/initial_root_password
```

docker compose (含 ACME 自動更新 SSL 憑證)

目錄配置

.
├── .env
├── cloudflare.ini
├── docker-compose.yml
├── [config]
├── [data]
├── [logs]
├── [ssl]

建立 ssl 目錄與權限
```
rm -rf ssl/*
mkdir -p ssl
chmod 777 ssl
```

編輯 docker-compose.yml

services:
  gitlab:
    image: gitlab/gitlab-ce
    container_name: gitlab
    restart: always
    hostname: '${DOMAIN_NAME}'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://${DOMAIN_NAME}'
        letsencrypt['enable'] = false
        nginx['ssl_certificate'] = "/etc/gitlab/ssl/fullchain.pem"
        nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/privkey.pem"
        nginx['enable'] = true
        nginx['redirect_http_to_https'] = true
    ports:
      - '80:80'
      - '443:443'
      - '9022:22'
    volumes:
      - './config:/etc/gitlab'
      - './logs:/var/log/gitlab'
      - './data:/var/opt/gitlab'
      - './ssl:/etc/gitlab/ssl'
    shm_size: '256m'
    networks:
      - gitlab-network

  certbot:
    image: certbot/dns-cloudflare:latest
    container_name: certbot
    volumes:
      - ./ssl:/etc/letsencrypt
      - ./cloudflare.ini:/etc/secrets/cloudflare.ini:ro
    entrypoint: "/bin/sh"
    command:
      - -c
      - |
        trap exit TERM;
        while :; do
          certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/secrets/cloudflare.ini \
            -d ${DOMAIN_NAME} --non-interactive --agree-tos \
            -m ${CF_EMAIL} || true;

          if [ -f /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem ]; then
            cp /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem /etc/letsencrypt/fullchain.pem;
            cp /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem /etc/letsencrypt/privkey.pem;
            chmod 644 /etc/letsencrypt/fullchain.pem /etc/letsencrypt/privkey.pem;

            apk add --no-cache curl
            echo "Waiting for GitLab to be ready..."
            until curl -s http://gitlab:80/-/health > /dev/null; do
              sleep 5
            done

            echo "Reloading GitLab configuration..."
            curl -s --show-error --fail -X POST http://gitlab:80/-/api/v4/admin/application/settings/reload_without_downtime
          fi
          sleep 24h;
        done
    networks:
      - gitlab-network

networks:
  gitlab-network:
    driver: bridge

編輯 .env 檔案 Exp.

DOMAIN_NAME=gitlab.ichiayi.com #Gitlab 網址
[email protected] #Cloudflare 帳號

編輯 cloudflare.ini 檔案 Exp.
```
dns_cloudflare_api_token = kvm8***********************************o
```
具有編輯 DNS 權限的 API Token , 不是Global API Key
設定 .env 與 cloudflare.ini 權限
```
chmod 600 .env
chmod 600 cloudflare.ini
```
啟動服務
```
docker compose up -d
```

參考網址

gitlab, tips