├── docker-compose.yml ├── .env.example ├── .gitignore └── README.md /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | gitlab-letsencrypt: 5 | image: 'gitlab/gitlab-ce:latest' 6 | container_name: ${CONTAINER_NAME} 7 | restart: always 8 | hostname: ${MAIN_DOMAIN} 9 | volumes: 10 | - '${GITLAB_DATA_PATH}config:/etc/gitlab' 11 | - '${GITLAB_DATA_PATH}logs:/var/log/gitlab' 12 | - '${GITLAB_DATA_PATH}data:/var/opt/gitlab' 13 | restart: unless-stopped 14 | env_file: 15 | - ./.env 16 | networks: 17 | - default 18 | 19 | networks: 20 | default: 21 | external: 22 | name: ${NETWORK} -------------------------------------------------------------------------------- /.env.example: -------------------------------------------------------------------------------- 1 | # 2 | # Container name for your Portainer 3 | # 4 | CONTAINER_NAME=my-gitlab-container 5 | 6 | # 7 | # Path where your Gitlab files will be located 8 | # 9 | GITLAB_DATA_PATH=/data/gitlab/ 10 | 11 | # 12 | # Your domain (or domains) 13 | # 14 | VIRTUAL_HOST=gitlab.domain.com,www.gitlab.domain.com 15 | 16 | 17 | # 18 | # Your domain (or domains) for SSL certificate 19 | # 20 | LETSENCRYPT_HOST=gitlab.domain.com,www.gitlab.domain.com 21 | 22 | # 23 | # Your email for Let's Encrypt register 24 | # 25 | LETSENCRYPT_EMAIL=your_email@domain.com 26 | 27 | # 28 | # Main domain for SSL certificate and gitlab 29 | # 30 | MAIN_DOMAIN=gitlab.domain.com 31 | 32 | # 33 | # Network name 34 | # 35 | # Your container app must use a network connected to your webproxy 36 | # https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion 37 | # 38 | NETWORK=webproxy 39 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ### Code ### 2 | .vscode/* 3 | !.vscode/settings.json 4 | !.vscode/tasks.json 5 | !.vscode/launch.json 6 | !.vscode/extensions.json 7 | 8 | ### Node ### 9 | # Logs 10 | logs 11 | *.log 12 | npm-debug.log* 13 | yarn-debug.log* 14 | yarn-error.log* 15 | lerna-debug.log* 16 | 17 | # Diagnostic reports (https://nodejs.org/api/report.html) 18 | report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json 19 | 20 | # Runtime data 21 | pids 22 | *.pid 23 | *.seed 24 | *.pid.lock 25 | 26 | # Directory for instrumented libs generated by jscoverage/JSCover 27 | lib-cov 28 | 29 | # Coverage directory used by tools like istanbul 30 | coverage 31 | *.lcov 32 | 33 | # nyc test coverage 34 | .nyc_output 35 | 36 | # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) 37 | .grunt 38 | 39 | # Bower dependency directory (https://bower.io/) 40 | bower_components 41 | 42 | # node-waf configuration 43 | .lock-wscript 44 | 45 | # Compiled binary addons (https://nodejs.org/api/addons.html) 46 | build/Release 47 | 48 | # Dependency directories 49 | node_modules/ 50 | jspm_packages/ 51 | 52 | # TypeScript v1 declaration files 53 | typings/ 54 | 55 | # TypeScript cache 56 | *.tsbuildinfo 57 | 58 | # Optional npm cache directory 59 | .npm 60 | 61 | # Optional eslint cache 62 | .eslintcache 63 | 64 | # Optional REPL history 65 | .node_repl_history 66 | 67 | # Output of 'npm pack' 68 | *.tgz 69 | 70 | # Yarn Integrity file 71 | .yarn-integrity 72 | 73 | # dotenv environment variables file 74 | .env 75 | .env.test 76 | 77 | # parcel-bundler cache (https://parceljs.org/) 78 | .cache 79 | 80 | # next.js build output 81 | .next 82 | 83 | # nuxt.js build output 84 | .nuxt 85 | 86 | # react / gatsby 87 | public/ 88 | 89 | # vuepress build output 90 | .vuepress/dist 91 | 92 | # Serverless directories 93 | .serverless/ 94 | 95 | # FuseBox cache 96 | .fusebox/ 97 | 98 | # DynamoDB Local files 99 | .dynamodb/ 100 | 101 | data 102 | 103 | .vscode -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Gitlab CE + Docker Compose running with auto generate/renew Let's Encrypt Certificate 2 | 3 | With this repo you will be able to set up self hosted Gitlab CE as a container over SSL auto generated and auto renewed by a web proxy. 4 | 5 | ## PREREQUISITES 6 | 7 | In order to use this compose file (docker-compose.yml) you must have: 8 | 9 | - docker https://docs.docker.com/engine/installation/ 10 | - docker-compose https://docs.docker.com/compose/install/ 11 | - docker-compose-letsencrypt-nginx-proxy-companion https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion 12 | 13 | ## HOW TO USE 14 | 15 | 1. Close this repository 16 | 17 | ```bash 18 | $ git clone https://github.com/steevepay/gitlab-docker-letsencrypt.git 19 | ``` 20 | 21 | 2. Make a copy of the `.env.example` and rename it to `.env`: 22 | 23 | Update this file with your preferences. 24 | 25 | ```dotenv 26 | # 27 | # Container name for your Portainer 28 | # 29 | CONTAINER_NAME=my-gitlab-container 30 | 31 | # 32 | # Path where your Gitlab files will be located 33 | # 34 | GITLAB_DATA_PATH=/data/gitlab/ 35 | 36 | # 37 | # Your domain (or domains) 38 | # 39 | VIRTUAL_HOST=gitlab.domain.com,www.gitlab.domain.com 40 | 41 | 42 | # 43 | # Your domain (or domains) for SSL certificate 44 | # 45 | LETSENCRYPT_HOST=gitlab.domain.com,www.gitlab.domain.com 46 | 47 | # 48 | # Your email for Let's Encrypt register 49 | # 50 | LETSENCRYPT_EMAIL=your_email@domain.com 51 | 52 | # 53 | # Main domain for SSL certificate and gitlab 54 | # 55 | MAIN_DOMAIN=gitlab.domain.com 56 | 57 | # 58 | # Network name 59 | # 60 | # Your container app must use a network conencted to your webproxy 61 | # https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion 62 | # 63 | NETWORK=webproxy 64 | ``` 65 | 3. Validate and view the docker-compose configuration before starting. 66 | 67 | ```bash 68 | $ docker-compose config 69 | ``` 70 | 71 | 4. Start the container. 72 | 73 | During the build time, the environment variables are injected into the image. 74 | 75 | ```bash 76 | $ docker-compose up -d 77 | ``` 78 | 79 | **Please keep in mind that when starting for the first time it may take a few moments (even a couple minutes) to get your Let's Encrypt certificates generated** 80 | 81 | ## Pre-configure Gitlab CE 82 | 83 | You can pre-configure the GitLab Docker image by adding the environment variable `GITLAB_OMNIBUS_CONFIG` to the docker-compose file. This variable can contain any gitlab.rb setting and will be evaluated before loading the container’s gitlab.rb file. That way you can easily configure GitLab’s external URL, make any database configuration or any other option from the Omnibus GitLab template. 84 | 85 | Here is an example of pre-configuring OVH STMP server for the gitlab: 86 | 87 | ```yaml 88 | version: "3.7" 89 | 90 | services: 91 | gitlab-letsencrypt: 92 | image: 'gitlab/gitlab-ce:latest' 93 | container_name: ${CONTAINER_NAME} 94 | restart: always 95 | hostname: ${MAIN_DOMAIN} 96 | volumes: 97 | - '${GITLAB_DATA_PATH}config:/etc/gitlab' 98 | - '${GITLAB_DATA_PATH}logs:/var/log/gitlab' 99 | - '${GITLAB_DATA_PATH}data:/var/opt/gitlab' 100 | restart: unless-stopped 101 | env_file: 102 | - ./.env 103 | environment: 104 | GITLAB_OMNIBUS_CONFIG: | 105 | gitlab_rails['smtp_enable'] = true 106 | gitlab_rails['smtp_address'] = 'ssl0.ovh.net' 107 | gitlab_rails['smtp_port'] = 465 108 | gitlab_rails['smtp_user_name'] = 'hello@mail.com' 109 | gitlab_rails['smtp_password'] = '' 110 | gitlab_rails['smtp_domain'] = 'ssl0.ovh.net' 111 | gitlab_rails['smtp_authentication'] = 'login' 112 | gitlab_rails['smtp_enable_starttls_auto'] = true 113 | gitlab_rails['smtp_tls'] = true 114 | gitlab_rails['smtp_openssl_verify_mode'] = 'none' 115 | networks: 116 | - default 117 | 118 | networks: 119 | default: 120 | external: 121 | name: ${NETWORK} 122 | ``` 123 | 124 | For more options about configuring GitLab please check the [Omnibus GitLab documentation](https://docs.gitlab.com/omnibus/settings/configuration.html). 125 | --------------------------------------------------------------------------------