差異處

這裏顯示兩個版本的差異處。

--- tech:gitlabtips [2021/01/26 20:03] – jonathan
+++ tech:gitlabtips [2024/11/16 22:17] (目前版本) – 非正式 SSL 憑證 jonathan
@@ 行 1: / 行 1: @@
 ====== GitLab 安裝相關紀錄 ======
+  * 安裝環境 : Alpine 3.20 + docker compose
-採用 docker image 的安裝, 希望可以安裝後就決定一些預期設定, 發現有 Omnibus 可以在啟動 docker 時就將設定傳入
+===== docker compose (非正式 SSL 憑證) =====
+  * docker-compose.yml <cli>
+services:
+  gitlab:
+    image: gitlab/gitlab-ce
+    container_name: gitlab
+    restart: always
+    hostname: 'git-demo.ichiayi.com'
+    environment:
+      GITLAB_OMNIBUS_CONFIG: |
+        # Add any other gitlab.rb configuration here, each on its own line
+        external_url 'https://git-demo.ichiayi.com'
+    ports:
+      - '80:80'
+      - '443:443'
+      - '22:22'
+    volumes:
+      - './config:/etc/gitlab'
+      - './logs:/var/log/gitlab'
+      - './data:/var/opt/gitlab'
+    shm_size: '256m'
+</cli>
+  * 啟動服務 <cli>
+docker compose up -d
+docker compose logs -f
+</cli>
+  * 查看自動產生的 root 密碼 <cli>
+cat config/initial_root_password
+</cli>
-===== Gitlab docker 啟動參數設定 =====
+===== docker compose (含 ACME 自動更新 SSL 憑證) =====
-  * 採用 Gitlab 官方 docker image 版本 : 12.10.6
+  * 目錄配置<cli>
-    * gitlab/gitlab-ce:12.10.6-ce.0
+.
-  * GITLAB_OMNIBUS_CONFIG 可設定
+├── .env
-    * gitlab 網址 : external_url 'http://http://git-demo.ichiayi.com'
+├── cloudflare.ini
-    * Prometheus 監控 : prometheus_monitoring['enable'] = false
+├── docker-compose.yml
-    * Container Registry : gitlab_rails['gitlab_default_projects_features_container_registry'] = false;
+├── [config]
-    * 預設的 root 密碼 : gitlab_rails['initial_root_password'] = '<<Passwd_Is_Here>>'
+├── [data]
-    * CI/CD Pipeline : gitlab_rails['gitlab_default_projects_features_builds'] = 'false'
+├── [logs]
-  * Docker
+├── [ssl]
-    * port : 80 / 443
+</cli>
-    * name : gitlab
+  * 建立 ssl 目錄與權限<cli>
-    * restart : 每次開機都自動啟動
+rm -rf ssl/*
-    * Volume 掛載 :
+mkdir -p ssl
-      * /etc/gitlab -> /NAS_dir/gitlab/config
+chmod 777 ssl
-      * /var/log/gitlab -> /NAS_dir/gitlab/logs
+</cli>
-      * /var/opt/gitlab -> /NAS_dir/gitlab/data
+  * 編輯 docker-compose.yml <file>
-  * 實際執行的語法:<cli>
+services:
-sudo docker run --env GITLAB_OMNIBUS_CONFIG="external_url 'http://git-demo.ichiayi.com'; \
+  gitlab:
-    prometheus_monitoring['enable'] = false; \
+    image: gitlab/gitlab-ce
-    gitlab_rails['gitlab_default_projects_features_container_registry'] = false; \
+    container_name: gitlab
-    gitlab_rails['initial_root_password'] = '<<Passwd_Is_Here>>'; \
+    restart: always
-    gitlab_rails['gitlab_default_projects_features_builds'] = 'false'" \
+    hostname: '${DOMAIN_NAME}'
-  --detach --publish 443:443 --publish 80:80 --name gitlab --restart always \
+    environment:
-  --volume /NAS_dir/gitlab/config:/etc/gitlab \
+      GITLAB_OMNIBUS_CONFIG: |
-  --volume /NAS_dir/gitlab/logs:/var/log/gitlab \
+        external_url 'https://${DOMAIN_NAME}'
-  --volume /NAS_dir/gitlab/data:/var/opt/gitlab \
+        letsencrypt['enable'] = false
-  gitlab/gitlab-ce:12.10.6-ce.0
+        nginx['ssl_certificate'] = "/etc/gitlab/ssl/fullchain.pem"
+        nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/privkey.pem"
+        nginx['enable'] = true
+        nginx['redirect_http_to_https'] = true
+    ports:
+      - '80:80'
+      - '443:443'
+      - '9022:22'
+    volumes:
+      - './config:/etc/gitlab'
+      - './logs:/var/log/gitlab'
+      - './data:/var/opt/gitlab'
+      - './ssl:/etc/gitlab/ssl'
+    shm_size: '256m'
+    networks:
+      - gitlab-network
+  certbot:
+    image: certbot/dns-cloudflare:latest
+    container_name: certbot
+    volumes:
+      - ./ssl:/etc/letsencrypt
+      - ./cloudflare.ini:/etc/secrets/cloudflare.ini:ro
+    entrypoint: "/bin/sh"
+    command:
+      - -c
+      - |
+        trap exit TERM;
+        while :; do
+          certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/secrets/cloudflare.ini \
+            -d ${DOMAIN_NAME} --non-interactive --agree-tos \
+            -m ${CF_EMAIL} || true;
+          if [ -f /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem ]; then
+            cp /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem /etc/letsencrypt/fullchain.pem;
+            cp /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem /etc/letsencrypt/privkey.pem;
+            chmod 644 /etc/letsencrypt/fullchain.pem /etc/letsencrypt/privkey.pem;
+            apk add --no-cache curl
+            echo "Waiting for GitLab to be ready..."
+            until curl -s http://gitlab:80/-/health > /dev/null; do
+              sleep 5
+            done
+            echo "Reloading GitLab configuration..."
+            curl -s --show-error --fail -X POST http://gitlab:80/-/api/v4/admin/application/settings/reload_without_downtime
+          fi
+          sleep 24h;
+        done
+    networks:
+      - gitlab-network
+networks:
+  gitlab-network:
+    driver: bridge
+</file>
+  * 編輯 .env 檔案 Exp. <file>
+DOMAIN_NAME=gitlab.ichiayi.com #Gitlab 網址
+[email protected] #Cloudflare 帳號
+</file>
+  * 編輯 cloudflare.ini 檔案 Exp. <file>
+dns_cloudflare_api_token = kvm8***********************************o
+</file> 具有編輯 DNS 權限的 API Token , **不是Global API Key**
+  * 設定 .env 與 cloudflare.ini 權限 <cli>
+chmod 600 .env
+chmod 600 cloudflare.ini
+</cli>
+  * 啟動服務 <cli>
+docker compose up -d
 </cli>
 ===== 參考網址 =====
+  * https://docs.gitlab.com/ee/install/docker/index.html
   * https://docs.gitlab.com/ee/ci/enable_or_disable_ci.html#site-wide-admin-setting
   * https://gitlab.com/gitlab-org/gitlab/-/issues/25876
+  * https://docs.gitlab.com/ee/api/settings.html
 {{tag>gitlab tips}}