├── .gitlab-ci.yml ├── Dockerfile ├── README.md ├── config.toml ├── docker-compose.yml ├── gitlab_backup.sh ├── gitlab_restore.sh └── gitlab_service.sh /.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | image: docker:latest 2 | variables: 3 | GIT_SSL_NO_VERIFY: "1" 4 | stages: 5 | - test 6 | - build 7 | before_script: 8 | - export PACKAGE_VERSION=$(grep '"version":' package.json | cut -d\" -f4) 9 | - export NODE_ENV=production 10 | test: 11 | image: thegreenhouse/nodejs-dev:0.4.0 12 | stage: test 13 | tags: 14 | - docker 15 | script: 16 | - npm i npm@latest -g 17 | - npm i 18 | - npm i --only=dev 19 | - npm test 20 | build: 21 | stage: build 22 | tags: 23 | - docker 24 | script: 25 | - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY 26 | - docker build -t $CI_REGISTRY_IMAGE:$PACKAGE_VERSION . 27 | - docker tag $CI_REGISTRY_IMAGE:$PACKAGE_VERSION $CI_REGISTRY_IMAGE 28 | - docker push $CI_REGISTRY_IMAGE:$PACKAGE_VERSION 29 | - docker push $CI_REGISTRY_IMAGE 30 | - docker image rm $CI_REGISTRY_IMAGE 31 | - docker image rm $CI_REGISTRY_IMAGE:$PACKAGE_VERSION 32 | only: 33 | - master -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # if you're doing anything beyond your local machine, please pin this to a specific version at https://hub.docker.com/_/node/ 2 | # FROM node:8-alpine also works here for a smaller image 3 | FROM thegreenhouse/nodejs-dev:0.4.0 4 | 5 | # set our node environment, either development or production 6 | # defaults to production, compose overrides this to development on build and run 7 | ARG NODE_ENV=production 8 | ENV NODE_ENV $NODE_ENV 9 | 10 | # default to port 8000 for node, and 9229 and 9230 (tests) for debug 11 | ARG PORT=8000 12 | ENV PORT $PORT 13 | EXPOSE $PORT 9229 9230 14 | 15 | RUN npm i npm@latest -g 16 | 17 | WORKDIR /opt 18 | COPY package.json package-lock.json* ./ 19 | RUN npm install && \ 20 | npm install --only=dev && \ 21 | npm cache clean --force 22 | ENV PATH /opt/node_modules/.bin:$PATH 23 | 24 | WORKDIR /opt/app 25 | COPY . /opt/app 26 | RUN echo "node_modules" > .eslintignore 27 | 28 | RUN npm run build 29 | CMD [ "ws" ] -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Gitlab CE Docker Compose Local Install 2 | 3 | Install, configure, and run Gitlab CE and Gitlab-Runner in local docker containers via docker-compose. 4 | 5 | ### Prerequisites 6 | 7 | - [Docker](https://docs.docker.com/install/) 8 | - [Docker Compose](https://docs.docker.com/compose/install/#install-compose) 9 | 10 | For the purpose of this demonstration, we will be assuming the persistent docker volumes will be at the path `/srv/gitlab` and `/srv/gitlab-runner` as well as a hostname of `my.gitlab`. For the example project we'll be testing and building an [evergreen app](https://github.com/ProjectEvergreen/create-evergreen-app) with Gitlab's CI/CD. 11 | 12 | 13 | ## Guide 14 | 15 | 1. [Optionally modify omnibus and docker-compose.yml with a custom hostname](#gitlab-omnibus-config) 16 | 2. [Create a Self-Signed Certificate](#create-self-signed-certificate) 17 | 3. [Set hostname on local machine](@set-hostname) 18 | 4. [Start with Docker Compose](#docker-compose-control) 19 | 5. [Begin Using Gitlab](#begin-using-gitlab) 20 | 6. [Add Account SSH key](#add-account-ssh-key) 21 | 7. [Create New Project](#create-new-project) 22 | 8. [Create New Runner](#register-new-runner) 23 | 9. [Setup Runner with Docker Socket](#setup-runner-docker-socket-binding) 24 | 10. [Setup Gitlab DevOps](#setup-devops) 25 | 11. [Run Test Job](#run-test-job) 26 | 12. [Troubleshooting](#troubleshooting) 27 | 13. [Backup](#backups) 28 | 14. [Restore](#restore) 29 | 15. [Service](#gitlab-service) 30 | 31 | ## Gitlab Omnibus Config 32 | 33 | Our gitlab omnibus config environment variable in our `docker-compose.yml` file by default is using the hostname `my.gitlab` for this example. You can use whichever you'd like, but if you change it you'll need to change the hostname everywhere else, [including the host machine](#set-hostname). 34 | 35 | ``` 36 | GITLAB_OMNIBUS_CONFIG: | 37 | external_url 'https://my.gitlab:3143' 38 | gitlab_rails['gitlab_shell_ssh_port'] = 3122 39 | registry_external_url 'https://my.gitlab:4567' 40 | ``` 41 | You will also want to make the network alias for the GitLab container your hostname 42 | 43 | ``` 44 | networks: 45 | dev-net: 46 | aliases: 47 | - my.gitlab 48 | ``` 49 | 50 | ### Ports 51 | You may choose to edit the preferred ports for this example above but if you choose to do that you'll need to change the ports part of the `docker-compose.yml` as well as the `external_url` and `registry_external_url`. By default, 443 and 22 are in use by my system so it makes sense to map a different port. 52 | 53 | ``` 54 | ports: 55 | - '4567:4567' 56 | - '3143:443' 57 | - '3122:22' 58 | ``` 59 | 60 | **Note**: the external_url port cannot be the same as registry_external_port 61 | 62 | ### Enable and Configure Registry 63 | 64 | In our omnibus config environment variable within `docker-compose.yml` we already have the registry configured: 65 | 66 | ``` 67 | registry_external_url 'https://my.gitlab:4567' 68 | registry_nginx['enable'] = true 69 | registry_nginx['ssl_certificate'] = "/etc/ssl/certs/gitlab/server-cert.pem" 70 | registry_nginx['ssl_certificate_key'] = "/etc/ssl/certs/gitlab/server-key.pem" 71 | ``` 72 | 73 | It's important that you [choose(and expose) a port](#ports) that's different than the other external_url as we've done here using port `4567`. You will also need access to the GitLab self-signed certificate to authenticate the connection. 74 | 75 | 76 | ## Create Self-Signed Certificate 77 | 78 | [Follow Steps 1-5 for generating a self-signed certificate](https://github.com/GetchaDEAGLE/gitlab-https-docker#generating-a-self-signed-certificate) 79 | 80 | Then copy the certificate to your persistent docker volumes 81 | ``` 82 | sudo mkdir -p /srv/gitlab/ssl 83 | sudo mkdir /srv/gitlab-runner/certs -p 84 | sudo cp server-*.pem /srv/gitlab/ssl/ 85 | sudo cp server-*.pem /srv/gitlab-runner/certs/ 86 | sudo cp server-cert.pem /srv/gitlab-runner/certs/my.gitlab.crt 87 | ``` 88 | 89 | These 2 folders (`/srv/gitlab/ssl` and `/srv/gitlab-runner/certs`) will be mounted from the host to our gitlab containers. 90 | 91 | **Note** Gitlab Runner [by default reads a predefined cert named your.hostname.crt](https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates). Gitlab's Nginx and Nginx Registry will use server-cert.pem and server-key.pem 92 | 93 | ## Configure git to accept self-signed certificate 94 | 95 | In order to clone from gitlab on your host machine or elsewhere on your network, we need to tell git to accept our self-signed certificate. 96 | ``` 97 | git config --global http."https://my.gitlab/".sslCAInfo /srv/gitlab/ssl/server-cert.pem 98 | ``` 99 | 100 | ## Set Hostname 101 | 102 | To set the hostname you want to forward to on your local machine 103 | 104 | ``` 105 | sudo nano /etc/hosts 106 | ``` 107 | 108 | add the following line at the bottom: 109 | 110 | ``` 111 | 127.0.0.1 my.gitlab 112 | ``` 113 | 114 | ## Docker Compose Control 115 | 116 | ### Start 117 | 118 | Launch gitlab ce and gitlab runner via docker-compose with: 119 | ``` 120 | docker-compose up -d 121 | ``` 122 | The `-d` is daemon mode. Remove it to see output logs. 123 | 124 | It will take a minute or two to initialize. Visit https://my.gitlab:3143 to see your new installation 125 | 126 | ### Stop 127 | 128 | ``` 129 | docker-compose down 130 | ``` 131 | 132 | ## Begin Using Gitlab 133 | 134 | 1. Browse: https://my.gitlab:3143 to see your new installation. 135 | 2. Add an exception in your browser for the page because of the self-signed certificate. If Chrome hit "advanced" then "Proceed to my.gitlab (unsafe)". If firefox, click "add exception". 136 | 3. Create a new gitlab admin password 137 | 4. Register a new user account 138 | 139 | ## Add Account SSH Key 140 | 141 | [Add](https://docs.gitlab.com/ce/ssh/README.html#generating-a-new-ssh-key-pair) / [generate](https://docs.gitlab.com/ce/ssh/README.html#generating-a-new-ssh-key-pair) a ssh key 142 | ``` 143 | tail ~/.ssh/id_rsa.pub 144 | ``` 145 | Copy entire output and paste to https://my.gitlab:3143/profile/keys 146 | 147 | ## Create New project 148 | 149 | 1. Click Create a project. Name it example 150 | 2. Test clone new project on host machine (make sure you've [configured git global config on your local machine to accept self-signed cert](#configure-git-to-accept-self-signed-certificate)). 151 | 152 | ``` 153 | git clone ssh://git@my.gitlab:3122/yourusername/example.git 154 | ``` 155 | It will ask you yes/no whether to add the fingerprint. type: `yes` 156 | 157 | 3. Add example repository remote to a new application called `my-app` (replacing yourusername with your gitlab username). We're copying over the provided `Dockerfile` and `.gitlab-ci.yml` configs to setup the application for Gitlab's CI/CD with containers. Also we're adding some ignore files to prevent eslint from checking out node_modules folder when it builds a new container. 158 | 159 | ``` 160 | npx create-evergreen-app my-app 161 | cd my-app 162 | git init 163 | git remote add origin ssh://git@my.gitlab:3122/yourusername/example.git 164 | echo "node_modules" > .gitignore 165 | echo "node_modules" > .eslintignore 166 | cp ../Dockerfile . 167 | cp ../.gitlab-ci.yml . 168 | git add . 169 | git commit -m "Initial commit" 170 | git push -u origin master 171 | ``` 172 | 173 | ## Register New Runner 174 | 175 | * [Gitlab Runner commands](https://docs.gitlab.com/runner/commands/) 176 | 177 | 1. Browse your projects **Settings -> CI/CD** and expand the *Runners* section. 178 | 179 | 2. You need to scroll down to the "Set up a specific Runner manually" section and copy the registration token, you will need it below 180 | 181 | 3. Run: 182 | ``` 183 | docker exec -it gitlab-runner gitlab-runner register 184 | ``` 185 | 186 | Enter your hostname, for this example: my.gitlab 187 | 188 | ``` 189 | Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):` 190 | https://my.gitlab 191 | ``` 192 | 193 | Enter the token you copied in the previous step 194 | 195 | ``` 196 | Please enter the gitlab-ci token for this runner: 197 | SDfksafsDAF_fsadfas42 198 | ``` 199 | 200 | ``` 201 | Please enter the gitlab-ci description for this runner: 202 | [1297529a8a58]: Docker Runner 203 | Please enter the gitlab-ci tags for this runner (comma separated): 204 | docker 205 | Registering runner... succeeded runner=RQ-XuZwP 206 | Please enter the executor: docker-ssh, virtualbox, docker+machine, docker-ssh+machine, docker, parallels, shell, ssh, kubernetes: 207 | docker 208 | Please enter the default Docker image (e.g. ruby:2.1): 209 | docker:stable 210 | Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! 211 | ``` 212 | 213 | 4. You can now edit this new configuration from either: 214 | 215 | your persistent volume 216 | 217 | ``` 218 | sudo gedit /srv/gitlab-runner/config.toml 219 | ``` 220 | 221 | or from within the gitlab-runner container 222 | ``` 223 | docker exec -it gitlab-runner nano /etc/gitlab-runner/config.toml 224 | ``` 225 | 226 | restart after you've edited the config with: 227 | 228 | ``` 229 | docker exec -it gitlab-runner gitlab-runner restart 230 | ``` 231 | ## Setup Runner Docker socket binding 232 | 233 | [Official Gitlab Docs on docker socket binding](https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-socket-binding) 234 | 235 | 1. Edit the `config.toml` runner configuration(using the steps above) so that the following is amended: 236 | 237 | ``` 238 | [[runners]] 239 | name = "Docker Runner" 240 | url = "https://my.gitlab" 241 | token = "YOUR_TOKEN" 242 | executor = "docker" 243 | clone_url = "https://my.gitlab" 244 | [runners.docker] 245 | tls_verify = false 246 | image = "docker:stable" 247 | privileged = false 248 | disable_entrypoint_overwrite = false 249 | oom_kill_disable = false 250 | disable_cache = false 251 | volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"] 252 | network_mode = "development" 253 | shm_size = 0 254 | [runners.cache] 255 | [runners.cache.s3] 256 | [runners.cache.gcs] 257 | ``` 258 | 259 | You can also copy and paste the provided `config.toml` into your `/srv/gitlab-runner` directory and simply edit the `token` with the generated gitlab token from [Register New Runner step 2](#register-new-runner). 260 | 261 | The `network_mode` and `clone_url` are necessary so that your runner can clone your gitlab repository at your hostname `my.gitlab`. To bind our host docker socket to the runner we need to add the `volumes` parameter. 262 | 263 | 2. Save it and restart the gitlab-runner service 264 | 265 | ``` 266 | docker exec -it gitlab-runner gitlab-runner restart 267 | ``` 268 | 269 | **Note** There is a security concern here that you should be aware of. 270 | 271 | According to the [official Gitlab documentation](https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-socket-binding): 272 | ``` 273 | By sharing the docker daemon, you are effectively disabling all the security mechanisms of containers and exposing your host to privilege escalation which can lead to container breakout. For example, if a project ran docker rm -f $(docker ps -a -q) it would remove the GitLab Runner containers 274 | ``` 275 | 276 | There are [other methods](https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#runner-configuration) of configuring the runner for docker builds, this is an example for a small personal local build using docker-compose. If you're running this for a small/medium sized company, you will may want to configure this differently. From my tests, self-signed certs without a real domain didn't work well with any other method. 277 | 278 | ## Setup DevOps 279 | 280 | To push new containers to our gitlab registry we need to use our login credential to login through docker in the gitlab runner. One way of doing that is to enter variables into your **Settings -> CI/CD -> Variables(expanded)**. 281 | 282 | Add each of the following 283 | ``` 284 | CI_REGISTRY my.gitlab:4567 285 | CI_REGISTRY_USER your_username 286 | CI_REGISTRY_PASSWORD your_password 287 | ``` 288 | 289 | Save variables. 290 | 291 | You can see these variables in the provided `.gitlab-ci.yml` devops configuration file. 292 | 293 | Here we're setting git to not verify ssl due to the self-signed certificate. We're also using the package.json version number as the tag for the container image. 294 | 295 | We push the specific package version along with a general latest version to our container registry. We're then removing those images from our host because it's redundant, we don't need to take up image space on Host machine in addition to the Gitlab CE registry. 296 | 297 | ## Run Test Job 298 | 299 | If you followed all the above steps, the CI/CD pipeline will run on every commit. Your project's master branch will run tests, build a container, push that container to the registry. Any other branch will just run tests. To try this out, go to **your project -> CI/CD -> Pipelines -> Run pipeline -> Create pipeline**. Or just commit then push something new to the project repository. 300 | 301 | Test the image on your host machine: 302 | 303 | ``` 304 | docker login my.gitlab:4567 305 | docker run --init my.gitlab:4567/yourusername/example 306 | 307 | # Serving at http://6545d2bfb882:8000, http://127.0.0.1:8000, http://172.17.0.2:8000 308 | ``` 309 | Now visit your container's IP at port 8000 to see your application. e.g. http://172.17.0.2:8000 in this example. 310 | 311 | **Note** `--init` is important to send the right exit signals. Otherwise you must stop the container via `docker stop whatever_container_name_id` 312 | 313 | You can also run tests: 314 | ``` 315 | docker run --init my.gitlab:4567/yourusername/example npm run test 316 | ``` 317 | 318 | ## Troubleshooting 319 | 320 | 1. If you see an error about 'unknown certificate authority' or anything related to 'docker daemon' in your gitlab-runner, make sure you included the correct `volumes` docker socket bind within your [gitlab-runner config.toml](#setup-runner-docker-socket-binding) 321 | 322 | 2. If you see an error 'could not resolve host' when gitlab-runner initially clones your repository, make sure you have the correct `clone_url`, and `network_mode`, within your [gitlab-runner config.toml](#setup-runner-docker-socket-binding), that matches your hostname and docker network within your `docker-compose.yml`. 323 | 324 | 3. If you see an error 'connection refused' when gitlab-runner initially clones your repository, make sure you have the correct `clone_url` within your [gitlab-runner config.toml](#setup-runner-docker-socket-binding) that matches your hostname within your `docker-compose.yml` e.g. `https://my.gitlab` without a port. 325 | 326 | 4. If you see an error in gitlab-runner after docker login `unauthorized: HTTP Basic: Access denied`, make sure you entered the correct `CI_REGISTRY`, `CI_REGISTRY_USER`, `CI_REGISTRY_PASS` in the variables section of **your project -> Settings -> CI/CD**. See [Setup DevOps](#setup-devops). 327 | 328 | ## Backups 329 | 330 | * [Official Docs](https://docs.gitlab.com/ee/raketasks/backup_restore.html) 331 | 332 | ### Gitlab Application Data 333 | 334 | Run a backup of the application data: 335 | ``` 336 | docker exec -it GitLab gitlab-rake gitlab:backup:create 337 | ``` 338 | You will find the backup in `/srv/gitlab/data/backups` with a naming format: EPOCH_YYYY_MM_DD_GitLab_version_gitlab_backup.tar 339 | 340 | *Note* This does not backup your certs (stored in `/srv/gitlab/ssl`) nor does it back up your configuration files or the ssh keys 341 | 342 | ### Gitlab Configuration 343 | 344 | Choose a directory to store the backup configurations and ssl certs on your host machine e.g. `/secret/gitlab/bacups 345 | ``` 346 | sudo sh -c 'umask 0077; tar cfz /secret/gitlab/backups/$(date "+%s-gitlab-config.tgz") -C /srv/gitlab config ssl' 347 | ``` 348 | 349 | Gitlab [recommends storing the configuration backups seperate from your application backups](https://docs.gitlab.com/omnibus/settings/backups.html) to reduce the chance that your encrypted application will be lost or deleted 350 | 351 | ### Gitlab Runner Configuration 352 | 353 | Backup the runner config.toml and ssl cert 354 | ``` 355 | sudo sh -c 'umask 0077; tar cfz /secret/gitlab/backups/$(date "+%s-gitlab-runner-ssl.tgz") -C /srv/gitlab-runner .' 356 | ``` 357 | 358 | ### Daily Backups via Cron 359 | 360 | ``` 361 | sudo crontab -e 362 | ``` 363 | 364 | Copy the provided `gitlab_backup.sh` which simply runs all the above and removes older backups. 365 | 366 | Replace `/some/external/drive` with your backup location: 367 | 368 | Add the following cron entry to run the script(which does all the above) to backup all your data everyday at 2 AM: 369 | ``` 370 | 0 2 * * * sh /your/directory/gitlab_backup.sh 371 | ``` 372 | 373 | You may also want to backup to remote cloud storage. That [functionality is also available](https://docs.gitlab.com/ce/raketasks/backup_restore.html#uploading-backups-to-a-remote-cloud-storage) for amazon, digital ocean spaces, google, etc. 374 | 375 | **Note** you can adjust the backup lifetime in the `docker-compose.yml` omnibus environment variable for `backup_keep_time` (we have it set to 172800 seconds or 48 hours). If you want to change that, you'll also want to adjust the cron script's `REMOVE_DAYS` to your preference. 376 | 377 | ## Restore 378 | 379 | * [Official Docs](https://docs.gitlab.com/ce/raketasks/backup_restore.html#restore) 380 | 381 | First make sure you have a fresh gitlab install running that matches the version you backed up. Then you can copy over the backup application data, gitlab config, and runner. Included is `gitlab_restore.sh` script that does everything below. You only need to modify it with the `BACKUP_DIR` path with the directory you backed up to(assuming you also used the [gitlab_backup.sh script above](#backups)). 382 | 383 | 1. Restore application data: 384 | 385 | You'll need to set permissions to the `git` user within the GitLab container. After you can restore all your groups, repositories, and containers in your registry. 386 | 387 | ``` 388 | sudo cp /some/external/drive/backups/1547278101_2019_01_12_11.6.3_gitlab_backup.tar /srv/gitlab/data/backups/ 389 | docker exec -it Gitlab sh -c 'chown git.git /var/opt/gitlab/backups/*.tar' 390 | docker exec -it GitLab gitlab-rake gitlab:backup:restore 391 | ``` 392 | 393 | 2. Restore configuration 394 | 395 | Reconfigure with your restored configurations: 396 | ``` 397 | sudo tar -xvf /some/external/drive/backups/YOURBACKUP-gitlab-config.tar -C /srv/gitlab 398 | docker exec -it GitKab gitlab-ctl reconfigure 399 | ``` 400 | 401 | 3. Restore Runner configuration and certs 402 | 403 | ``` 404 | sudo tar -xvf /some/external/drive/backups/YOURBACKUP-gitlab-runner.tar -C /srv/gitlab-runner 405 | docker exec -it gitlab-runner gitlab-runner restart 406 | ``` 407 | 408 | 4. Fix Registry permissions 409 | 410 | ``` 411 | docker exec -it $CONTAINER sh -c 'chown -R registry:registry /var/opt/gitlab/gitlab-rails/shared/registry' 412 | ``` 413 | 5. Restart Containers 414 | 415 | Reinitialize any files that weren't otherwise initialized when the services were restarted/reconfigured. 416 | 417 | ``` 418 | docker-compose restart 419 | ``` 420 | 421 | **Note** a bug I'm aware of but have yet to find a fix is the ssh keys aren't reinitializing and have to be removed then readded manually for each user. They show up but strangely won't authorize despite reconfiguring/reinitializing. 422 | 423 | ## Gitlab Service 424 | 425 | A script is provided to automate the setup of a gitlab systemd service. 426 | 427 | You can use the following with by replacing `LINUXUSER` with the user you wish to use and `PATH_REPO_FOLDER` with the absolute path to the *folder* containing your `docker-compose.yml` 428 | ``` 429 | sudo sh gitlab_service.sh LINUXUSER PATH_REPO_FOLDER 430 | ``` 431 | 432 | Or you can manually copy below and replace `LINUXUSER` with the user you wish to use and `PATH_REPO_FOLDER` with your absolute path to the *folder* containing your `docker-compose.yml`: 433 | 434 | ``` 435 | [Unit] 436 | Description=Gitlab Service 437 | Requires=docker.service 438 | After=docker.service 439 | 440 | [Service] 441 | Type=oneshot 442 | RemainAfterExit=yes 443 | User=LINUXUSER 444 | WorkingDirectory=PATH_REPO_FOLDER 445 | ExecStart=/usr/local/bin/docker-compose up -d 446 | ExecStop=/usr/local/bin/docker-compose down 447 | TimeoutStartSec=0 448 | 449 | [Install] 450 | WantedBy=multi-user.target 451 | ``` 452 | 453 | Then start and enable the service to start automatically: 454 | 455 | ``` 456 | sudo systemctl start gitlab 457 | sudo systemctl enable gitlab 458 | ``` -------------------------------------------------------------------------------- /config.toml: -------------------------------------------------------------------------------- 1 | [[runners]] 2 | name = "Docker Runner" 3 | url = "https://my.gitlab" 4 | token = "YOUR_TOKEN" 5 | executor = "docker" 6 | clone_url = "https://my.gitlab" 7 | [runners.docker] 8 | tls_verify = false 9 | image = "docker:stable" 10 | privileged = false 11 | disable_entrypoint_overwrite = false 12 | oom_kill_disable = false 13 | disable_cache = false 14 | volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"] 15 | network_mode = "development" 16 | shm_size = 0 17 | [runners.cache] 18 | [runners.cache.s3] 19 | [runners.cache.gcs] 20 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | gitlab: 4 | image: 'gitlab/gitlab-ce:latest' 5 | container_name: GitLab 6 | restart: always 7 | environment: 8 | GITLAB_OMNIBUS_CONFIG: | 9 | external_url 'https://my.gitlab:3143' 10 | gitlab_rails['gitlab_shell_ssh_port'] = 3122 11 | nginx['listen_port'] = 443 12 | nginx['redirect_http_to_https'] = true 13 | nginx['ssl_certificate'] = "/etc/ssl/certs/gitlab/server-cert.pem" 14 | nginx['ssl_certificate_key'] = "/etc/ssl/certs/gitlab/server-key.pem" 15 | registry_external_url 'https://my.gitlab:4567' 16 | registry_nginx['enable'] = true 17 | registry_nginx['ssl_certificate'] = "/etc/ssl/certs/gitlab/server-cert.pem" 18 | registry_nginx['ssl_certificate_key'] = "/etc/ssl/certs/gitlab/server-key.pem" 19 | gitlab_rails['backup_keep_time'] = 172800 20 | ports: 21 | - '4567:4567' 22 | - '3143:443' 23 | - '3122:22' 24 | volumes: 25 | - '/srv/gitlab/config:/etc/gitlab' 26 | - '/srv/gitlab/logs:/var/log/gitlab' 27 | - '/srv/gitlab/ssl:/etc/ssl/certs/gitlab' 28 | - '/srv/gitlab/data:/var/opt/gitlab' 29 | networks: 30 | dev-net: 31 | aliases: 32 | - my.gitlab 33 | runner: 34 | image: 'gitlab/gitlab-runner:latest' 35 | container_name: gitlab-runner 36 | restart: always 37 | volumes: 38 | - '/srv/gitlab-runner:/etc/gitlab-runner' 39 | - '/var/run/docker.sock:/var/run/docker.sock' 40 | networks: 41 | - dev-net 42 | networks: 43 | dev-net: 44 | external: 45 | name: development -------------------------------------------------------------------------------- /gitlab_backup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | CONTAINER="GitLab" 4 | TARGET_DIR="/some/external/drive/backups" 5 | GITLAB_DIR="/srv/gitlab" 6 | RUNNER_DIR="/srv/gitlab-runner" 7 | REMOVE_DAYS=1 8 | 9 | # Backup Application DATA 10 | echo "Backing up GitLab application data" 11 | docker exec -t $CONTAINER gitlab-rake gitlab:backup:create 12 | cp -u $GITLAB_DIR/data/backups/. $TARGET_DIR/ -a 13 | 14 | # Backup configurations, SSH keys, and SSL certs 15 | echo "Backing up GitLab configurations, ssh keys, and ssl certs" 16 | sh -c "umask 0077; tar cf $TARGET_DIR/$(date "+%s-gitlab-config.tar") -C $GITLAB_DIR config ssl" 17 | sh -c "umask 0077; tar cf $TARGET_DIR/$(date "+%s-gitlab-runner.tar") -C $RUNNER_DIR ." 18 | 19 | # Remove files older than x days 20 | echo "Removing files older than $REMOVE_DAYS days" 21 | find $TARGET_DIR/*.tar -mtime $REMOVE_DAYS -exec rm {} \; 22 | -------------------------------------------------------------------------------- /gitlab_restore.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | CONTAINER="GitLab" 4 | TARGET_DIR="/srv/gitlab" 5 | RUNNER="gitlab-runner" 6 | RUNNER_DIR="/srv/gitlab-runner" 7 | BACKUP_DIR="/some/external/drive/gitlab/backups" 8 | 9 | # Restore application data 10 | cp $BACKUP_DIR/*_gitlab_backup.tar $TARGET_DIR/data/backups/ 11 | docker exec -it $CONTAINER sh -c 'chown git.git /var/opt/gitlab/backups/*.tar' 12 | docker exec -it $CONTAINER gitlab-rake gitlab:backup:restore 13 | 14 | # Restore configurations, ssh keys, SSL 15 | tar -xvf $BACKUP_DIR/*-gitlab-config.tar -C $TARGET_DIR 16 | docker exec -it $CONTAINER gitlab-ctl reconfigure 17 | 18 | # Fix permissions with container registry 19 | docker exec -it $CONTAINER sh -c 'chown -R registry:registry /var/opt/gitlab/gitlab-rails/shared/registry' 20 | 21 | # Restore Gitlab Runner 22 | tar -xvf $BACKUP_DIR/*-gitlab-runner.tar -C $RUNNER_DIR 23 | docker exec -it $RUNNER gitlab-runner restart 24 | 25 | # Restart all containers 26 | docker-compose restart -------------------------------------------------------------------------------- /gitlab_service.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Create gitlab systemd service 4 | # First parameter is the linux account username you want the service run under 5 | # Second parameter is the location of your gitlab docker-compose.yml 6 | # Example: $ sudo sh gitlab_service.sh LINUXUSER /home/youruser/gitlab-docker-local 7 | 8 | echo " 9 | [Unit] 10 | Description=Gitlab Service 11 | Requires=docker.service 12 | After=docker.service 13 | 14 | [Service] 15 | Type=oneshot 16 | RemainAfterExit=yes 17 | User=$1 18 | WorkingDirectory=$2 19 | ExecStart=/usr/local/bin/docker-compose up -d 20 | ExecStop=/usr/local/bin/docker-compose down 21 | TimeoutStartSec=0 22 | 23 | [Install] 24 | WantedBy=multi-user.target" > /etc/systemd/system/gitlab.service 25 | 26 | systemctl start gitlab 27 | systemctl enable gitlab --------------------------------------------------------------------------------