├── gitlab ├── .gitignore ├── .example.env ├── runner-install.sh └── docker-compose.yml ├── traefik ├── .gitignore ├── .example.env └── docker-compose.yml └── README.md /gitlab/.gitignore: -------------------------------------------------------------------------------- 1 | volumes 2 | -------------------------------------------------------------------------------- /traefik/.gitignore: -------------------------------------------------------------------------------- 1 | letsencrypt 2 | -------------------------------------------------------------------------------- /traefik/.example.env: -------------------------------------------------------------------------------- 1 | TRAEFIK_DOMAIN=traefik.example.com 2 | ACME_EMAIL=admin@example.com 3 | -------------------------------------------------------------------------------- /gitlab/.example.env: -------------------------------------------------------------------------------- 1 | GITLAB_EXTERNAL_URL=https://gitlab.example.com 2 | GITLAB_SMTP_ADDR=mail.example.com 3 | GITLAB_SMTP_PORT=587 4 | GITLAB_SMTP_USER=admin@example.com 5 | GITLAB_SMTP_PASSWORD=123456789 6 | GITLAB_SMTP_DOMAIN=mail.example.com 7 | GITLAB_DOMAIN=gitlab.example.com 8 | -------------------------------------------------------------------------------- /gitlab/runner-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | registration_token=Ft_8f-vUv-TzXsmycCqR 3 | 4 | docker exec -it gitlab-runner \ 5 | gitlab-runner register \ 6 | --non-interactive \ 7 | --registration-token ${registration_token} \ 8 | --locked=false \ 9 | --description docker-stable \ 10 | --url https://gitlab.syftem.com/ \ 11 | --executor docker \ 12 | --docker-image docker:stable \ 13 | --docker-volumes "/var/run/docker.sock:/var/run/docker.sock" \ 14 | --docker-network-mode gitlab-network 15 | 16 | 17 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Gitlab Trafik v2 Docker Lets Encrypt 2 | This is a repository that allows you to setup gitlab with lets encrypt using Traefik v2 and Docker. 3 | 4 | ## Installation 5 | 1. Firstly you need to configure the environmental variables found within each sub folders. 6 | These can be found in `./traefik` and `./gitlab` as .example.env. Please move them to .env 7 | 2. Once you have configured the files you can use: 8 | ``` 9 | docker-compose up -d 10 | ``` 11 | in each of the sub folders, traefik and gitlab. 12 | 3. Use `docker ps` and `docker logs traefik` / `docker logs gitlab` to see if they are functioning correctly. 13 | 14 | 4. Once gitlab has started running, you'll need to edit the runner key in the script file. If you wish to not use a runner, please remove the runner from the compose file or comment the code out. 15 | 16 | Gitlab usually takes a few minutes to start up but the best way to get started is o focus on getting Traefik up and running. 17 | 18 | Please note that these compose files are not fully fledged products aimed for production, please use them to your liking and customise each of them to make sure you're happy with their operations. 19 | -------------------------------------------------------------------------------- /traefik/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.5" 2 | 3 | services: 4 | reverse-proxy: 5 | container_name: reverse-proxy 6 | image: traefik:v2.1 7 | restart: always 8 | command: 9 | - --entrypoints.web.address=:80 10 | - --entrypoints.websecure.address=:443 11 | - --entrypoints.ssh.address=:2222 12 | - --certificatesresolvers.le.acme.email=${ACME_EMAIL} 13 | - --certificatesresolvers.le.acme.storage=/acme.json 14 | - --certificatesresolvers.le.acme.tlschallenge=true 15 | # - --certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory 16 | - --providers.docker 17 | - --api 18 | - --providers.docker.exposedByDefault=false 19 | ports: 20 | - 80:80 21 | - 443:443 22 | networks: 23 | traefik-proxy: 24 | volumes: 25 | - /var/run/docker.sock:/var/run/docker.sock:ro 26 | - ./letsencrypt/acme.json:/acme.json 27 | labels: 28 | - traefik.enable=true 29 | # Secure dashboard 30 | - traefik.http.routers.traefik.rule=Host(${TRAEFIK_DOMAIN}) 31 | - traefik.http.routers.traefik.service=api@internal 32 | # ENABLE THIS FOR BASIC AUTH 33 | #- traefik.http.routers.traefik.middlewares=admin 34 | - traefik.http.routers.traefik.tls.certresolver=le 35 | - traefik.http.routers.traefik.entrypoints=websecure 36 | #- traefik.http.middlewares.admin.basicauth.users= 37 | # - traefik.http.services.traefik.loadbalancer.server.port=8080 38 | - traefik.docker.network=traefik-proxy 39 | # HTTPS Redirect 40 | - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https 41 | 42 | # Global redirect. 43 | - traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`) 44 | - traefik.http.routers.http-catchall.entrypoints=web 45 | - traefik.http.routers.http-catchall.middlewares=https-redirect 46 | networks: 47 | private: 48 | name: private 49 | external: false 50 | traefik-proxy: 51 | name: traefik-proxy 52 | external: false 53 | -------------------------------------------------------------------------------- /gitlab/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.5" 2 | 3 | services: 4 | gitlab: 5 | container_name: gitlab 6 | image: gitlab/gitlab-ce:latest 7 | restart: always 8 | ports: 9 | - "2222:22" 10 | environment: 11 | GITLAB_OMNIBUS_CONFIG: | 12 | external_url ${GITLAB_EXTERNAL_URL} 13 | nginx['listen_https'] = false 14 | nginx['listen_port'] = 80 15 | gitlab_rails['smtp_enable'] = true 16 | gitlab_rails['smtp_address'] = ${GITLAB_SMTP_ADDR} 17 | gitlab_rails['smtp_port'] = ${GITLAB_SMTP_PORT} 18 | gitlab_rails['smtp_user_name'] = ${GITLAB_SMTP_USER} 19 | gitlab_rails['smtp_password'] = ${GITLAB_SMTP_PASSWORD} 20 | gitlab_rails['smtp_domain'] = ${GITLAB_SMTP_DOMAIN} 21 | gitlab_rails['smtp_authentication'] = "login" 22 | gitlab_rails['smtp_enable_starttls_auto'] = true 23 | gitlab_rails['smtp_tls'] = false 24 | gitlab_rails['smtp_openssl_verify_mode'] = 'peer' 25 | gitlab_rails['gitlab_shell_ssh_port'] = 2222 26 | labels: 27 | - traefik.http.routers.gitlab.rule=Host(${GITLAB_DOMAIN}) 28 | - traefik.http.routers.gitlab.entrypoints=websecure 29 | - traefik.http.routers.gitlab.tls.certresolver=le 30 | - traefik.http.services.gitlab.loadbalancer.server.port=80 31 | - traefik.docker.network=traefik-proxy 32 | - traefik.tcp.routers.gitlab-ssh.rule=HostSNI(${GITLAB_DOMAIN}) 33 | - traefik.tcp.routers.gitlab-ssh.entrypoints=ssh 34 | - traefik.tcp.routers.gitlab-ssh.service=gitlab-ssh-svc 35 | - traefik.tcp.services.gitlab-ssh-svc.loadbalancer.server.port=2222 36 | volumes: 37 | - ./volumes/config:/etc/gitlab 38 | - ./volumes/logs:/var/log/gitlab 39 | - ./volumes/data:/var/opt/gitlab 40 | networks: 41 | traefik-proxy: 42 | private: 43 | gitlab-network: 44 | gitlab-runner: 45 | image: gitlab/gitlab-runner:latest 46 | container_name: gitlab-runner 47 | volumes: 48 | - ./volumes/runner/config/:/etc/gitlab-runner:Z 49 | - /var/run/docker.sock:/var/run/docker.sock 50 | networks: 51 | gitlab-network: 52 | labels: 53 | - traefik.enable=false 54 | networks: 55 | traefik-proxy: 56 | name: traefik-proxy 57 | external: false 58 | private: 59 | name: private 60 | external: false 61 | gitlab-network: 62 | name: gitlab-network 63 | external: false 64 | --------------------------------------------------------------------------------