├── .env.example ├── .gitignore ├── README.md ├── docker-compose.yml ├── fix-unicorn.sh └── ssl-certs └── ssl-certs.zip /.env.example: -------------------------------------------------------------------------------- 1 | # Service name 2 | # 3 | SERVICE_NAME=gitlab 4 | 5 | # Container names 6 | # Summary container name in docker-compose.yml will be "${SERVICE_NAME}_${CONTAINER_NAME-*}" 7 | # 8 | CONTAINER_NAME_GITLAB=server 9 | CONTAINER_NAME_PGSQL=pgsql 10 | CONTAINER_NAME_REDIS=redis 11 | CONTAINER_NAME_REGISTRY=registry 12 | CONTAINER_NAME_RUNNER=runner 13 | CONTAINER_NAME_BACKUP=backup 14 | 15 | # Docker images 16 | # 17 | DOCKER_IMAGE_GITLAB=sameersbn/gitlab:17.2.2 18 | DOCKER_IMAGE_PGSQL=bitnami/postgresql:16.4.0 19 | DOCKER_IMAGE_REDIS=redis:latest 20 | DOCKER_IMAGE_REGISTRY=registry:2.8.3 21 | DOCKER_IMAGE_RUNNER=vasyakrg/gitlab-runner 22 | DOCKER_IMAGE_BACKUP=vasyakrg/gitlab-backup 23 | 24 | # LDAP settings 25 | LDAP_ENABLED=false 26 | LDAP_LABEL=LDAP 27 | 28 | # "start_tls" if 389, or "simple_tls" if 636 29 | LDAP_METHOD=simple_tls 30 | LDAP_ACTIVE_DIRECTORY=false 31 | LDAP_HOST= 32 | LDAP_PORT=636 33 | LDAP_UID=uid 34 | LDAP_PASS= 35 | LDAP_VERIFY_SSL=true 36 | LDAP_BASE="cn=users,cn=accounts,dc=domain,dc=com" 37 | LDAP_USER_FILTER="(&(objectClass=posixaccount)(memberOf=cn=gitlab,cn=groups,cn=accounts,dc=domain,dc=com))" 38 | LDAP_BIND_DN="uid=uidgitlab,cn=sysaccounts,cn=etc,dc=domain,dc=com" 39 | 40 | # SMTP settings 41 | SMTP_ENABLED=false 42 | SMTP_DOMAIN= 43 | 44 | SMTP_HOST=smtp.mailgun.org 45 | SMTP_PORT=587 46 | SMTP_USER= 47 | SMTP_PASS= 48 | SMTP_STARTTLS=true 49 | SMTP_AUTHENTICATION=login 50 | 51 | GITLAB_EMAIL=noreply@ 52 | GITLAB_EMAIL_REPLY_TO=noreply@ 53 | GITLAB_INCOMING_EMAIL_ADDRESS=noreply@ 54 | 55 | # Gitlab domain name 56 | # 57 | GITLAB_HOST=gitlab. 58 | 59 | # Gitlab ssh public port 60 | # 61 | GITLAB_SSH_PORT=10022 62 | 63 | # Gitlab root user password 64 | # Use only when clear install 65 | # 66 | GITLAB_ROOT_EMAIL= 67 | GITLAB_ROOT_PASSWORD= 68 | 69 | # Docker registry domain name 70 | # 71 | REGISTRY_HOST=docker. 72 | 73 | REGISTRY_STORAGE_S3_ACCESSKEY= 74 | REGISTRY_STORAGE_S3_SECRETKEY= 75 | REGISTRY_STORAGE_S3_REGIONENDPOINT=fra1.digitaloceanspaces.com 76 | REGISTRY_STORAGE_S3_REGION=fra1 77 | REGISTRY_STORAGE_S3_BUCKET= 78 | 79 | # DB credentials 80 | # 81 | DB_USER=gitlab 82 | DB_PASS= 83 | DB_NAME=gitlab_production 84 | 85 | # Container data path on the host 86 | # Summary container data path will be "${SERVICE_DATA}/${SERVICE_NAME}" 87 | # 88 | SERVICE_DATA=/srv/services/data 89 | 90 | # Gitlab runner token 91 | # 92 | RUNNER_TOKEN= 93 | 94 | GITLAB_TIMEZONE=Asia/Novosibirsk 95 | 96 | # Runner on the same host with gitlab 97 | # 98 | CI_SERVER_WITH_RUNNER=true 99 | 100 | # Backup settings 101 | # 102 | BACKUP_DIR=/srv/backup 103 | DOCKER_COMPOSE_DIR=/srv/services/cfg/gitlab 104 | BACKUP_SCHEDULE=@weekly 105 | 106 | S3_HOST_BASE=s3.domain.com 107 | S3_ACCOUNT_ID= 108 | S3_APPLICATION_KEY= 109 | 110 | # Network names 111 | # 112 | SERVICE_NETWORK=service 113 | WEBPROXY_NETWORK=webproxy 114 | 115 | GITLAB_SECRETS_DB_KEY_BASE= 116 | GITLAB_SECRETS_SECRET_KEY_BASE= 117 | GITLAB_SECRETS_OTP_KEY_BASE= 118 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .env 2 | *.pem 3 | *.crt 4 | *.key 5 | *.csr 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Gitlab in docker 2 | 3 | Полноценная сборка сервера Gitlab, его базы на psql, 4х раннеров и своего docker-registry, разворачеваемая на докер-хосте 4 | 5 | ## Преподготовка 6 | 7 | - нужен docker 8 | 9 | ``` 10 | curl https://get.docker.com -o install.sh && sh install.sh 11 | ``` 12 | 13 | - нужен docker-compose 14 | 15 | ``` 16 | curl -L "https://github.com/docker/compose/releases/download/v2.3.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose 17 | ``` 18 | 19 | Подразумевается, что у вас есть `домен` и вы уже создали два поддомена `docker` и `gitlab` 20 | Подразумевается, что и гитлаб и регистри будут работать через один порт 443 21 | Подразумевается, что у вас уже есть webproxy или traefik, которые возьмут на себя ингрессы контейнеров и выдачу (обновление) им сертификатов 22 | (сеть webpоxy как раз комментирована по этому - ее надо будет раскоментировать под свои условия) 23 | 24 | traefik можно поставить по этой [репке](https://github.com/vasyakrg/traefik) 25 | 26 | `labels` у контейнеров подготовлены, если у вас traefik, раскомментите эти поля 27 | `runner` - костомизирован только тем, что в нем встроена система авторегистрации на сервере. 28 | 29 | я размещаю папки так: 30 | /src/services/cfg 31 | - gitlab 32 | 33 | /srv/services/data 34 | - gitlab 35 | - gitlab/certs 36 | 37 | ## Запуск 38 | 39 | 1. переименовываем `.env.example` в `.env` 40 | 2. заполняем по максимому внимательно все переменные (кроме `RUNNER_TOKEN=`) 41 | 3. распаковываем в папке ssl-certs сертификаты и кладем в поинт, где хранятся данные (у меня это /srv/services/data/gitlab/certs) (сертификаты noname и нужны лишь для внутреннего взаимодействия между gitlab и registry компонентами). 42 | 3.1 Убедитесь что на всех ключах выставлены права в 0644 43 | 4. запускаем сборку `docker-compose up -d` 44 | 5. когда сервер запустится, вы войдете в систему под рутом, надо сходить в раздел раннеров (/admin/runners) и подсмотреть там токен, который и нужно будет заполнить в переменной `RUNNER_TOKEN=` и снова запустить `docker-compose up -d`, после чего раннеры перезапустятся и зарегистрируються в системе. 45 | 46 | ### Возможные проблемы 47 | 48 | Если некоторые из 4х раннеров ушли в ошибку `is not healthy and will be disabled!`, то нужно (на примере второго раннера): 49 | - `docker-compose stop runner_2` 50 | - `docker-compose rm runner_2` 51 | - `rm /srv/services/data/gitlab/gitlab-runner_2/config.toml` 52 | - `docker-compose up -d` 53 | 54 | То есть, останавливаем и удаляем контейнер. Удаляем конфиг и перезапускаем весь компоуз. 55 | Он поднимет удаленный ранее контейнер и снова его перенастроит и подключит. 56 | После чего раннер должен будет зарегистрироваться в гитлабе. 57 | 58 | ## Первый вход 59 | 60 | - root \ пароль указанный в переменной `GITLAB_ROOT_PASSWORD` 61 | 62 | ## Автор \ Author 63 | 64 | - **Vassiliy Yegorov** [vasyakrg](https://github.com/vasyakrg) 65 | - [youtube](https://youtube.com/realmanual) 66 | - [site](https://vk.com/realmanual) 67 | - [telegram](https://t.me/realmanual) 68 | - [any qiestions for me](https://t.me/realmanual_group) 69 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.7' 2 | 3 | services: 4 | gitlab: 5 | image: ${DOCKER_IMAGE_GITLAB} 6 | container_name: ${SERVICE_NAME}_${CONTAINER_NAME_GITLAB} 7 | restart: always 8 | depends_on: 9 | - postgresql 10 | - redis 11 | ports: 12 | - "${GITLAB_SSH_PORT}:22" 13 | # - 80:80 14 | # - 443:443 15 | expose: 16 | - 80 17 | labels: 18 | - "traefik.enable=true" 19 | - "traefik.http.routers.gitlab-rm-server.entrypoints=https" 20 | - "traefik.http.routers.gitlab-rm-server.rule=Host(`${GITLAB_HOST}`)" 21 | - "traefik.http.routers.gitlab-rm-server.tls=true" 22 | - "traefik.http.routers.gitlab-rm-server.tls.certresolver=letsEncrypt" 23 | - "traefik.http.services.gitlab-rm-server-service.loadbalancer.server.port=80" 24 | - "traefik.docker.network=webproxy" 25 | volumes: 26 | - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab:/home/git/data:Z 27 | - ./ssl-certs:/certs 28 | environment: 29 | - DEBUG=false 30 | 31 | - DB_ADAPTER=postgresql 32 | - DB_HOST=${SERVICE_NAME}_${CONTAINER_NAME_PGSQL} 33 | - DB_PORT=5432 34 | - DB_USER=${DB_USER} 35 | - DB_PASS=${DB_PASS} 36 | - DB_NAME=${DB_NAME} 37 | 38 | - REDIS_HOST=${SERVICE_NAME}_${CONTAINER_NAME_REDIS} 39 | - REDIS_PORT=6379 40 | 41 | - TZ=UTC 42 | - GITLAB_TIMEZONE=${GITLAB_TIMEZONE} 43 | 44 | - GITLAB_HTTPS=true 45 | - SSL_SELF_SIGNED=false 46 | 47 | - GITLAB_HOST=${GITLAB_HOST} 48 | - GITLAB_PORT=443 49 | - GITLAB_SSH_PORT=${GITLAB_SSH_PORT} 50 | - GITLAB_SECRETS_DB_KEY_BASE=${GITLAB_SECRETS_DB_KEY_BASE} 51 | - GITLAB_SECRETS_SECRET_KEY_BASE=${GITLAB_SECRETS_SECRET_KEY_BASE} 52 | - GITLAB_SECRETS_OTP_KEY_BASE=${GITLAB_SECRETS_OTP_KEY_BASE} 53 | 54 | - GITLAB_ROOT_PASSWORD=${GITLAB_ROOT_PASSWORD} 55 | - GITLAB_ROOT_EMAIL=${GITLAB_ROOT_EMAIL} 56 | 57 | - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true 58 | - GITLAB_NOTIFY_PUSHER=false 59 | 60 | - GITLAB_EMAIL=${GITLAB_EMAIL} 61 | - GITLAB_EMAIL_REPLY_TO=${GITLAB_EMAIL_REPLY_TO} 62 | - GITLAB_INCOMING_EMAIL_ADDRESS=${GITLAB_INCOMING_EMAIL_ADDRESS} 63 | 64 | - GITLAB_PAGES_ENABLED=false 65 | 66 | - SMTP_ENABLED=${SMTP_ENABLED} 67 | # - SMTP_DOMAIN=${SMTP_DOMAIN} 68 | # - SMTP_HOST=${SMTP_HOST} 69 | # - SMTP_PORT=${SMTP_PORT} 70 | # - SMTP_USER=${SMTP_USER} 71 | # - SMTP_PASS=${SMTP_PASS} 72 | # - SMTP_STARTTLS=${SMTP_STARTTLS} 73 | # - SMTP_AUTHENTICATION=${SMTP_AUTHENTICATION} 74 | 75 | - IMAP_ENABLED=false 76 | 77 | - LDAP_ENABLED=${LDAP_ENABLED} 78 | - LDAP_LABEL=${LDAP_LABEL} 79 | - LDAP_HOST=${LDAP_HOST} 80 | - LDAP_PORT=${LDAP_PORT} 81 | - LDAP_UID=${LDAP_UID} 82 | - LDAP_METHOD=${LDAP_METHOD} 83 | - LDAP_VERIFY_SSL=${LDAP_VERIFY_SSL} 84 | - LDAP_ACTIVE_DIRECTORY=${LDAP_ACTIVE_DIRECTORY} 85 | - LDAP_BASE=${LDAP_BASE} 86 | - LDAP_USER_FILTER=${LDAP_USER_FILTER} 87 | - LDAP_BIND_DN=${LDAP_BIND_DN} 88 | - LDAP_PASS=${LDAP_PASS} 89 | 90 | - GITLAB_REGISTRY_ENABLED=true 91 | - GITLAB_REGISTRY_HOST=${REGISTRY_HOST} 92 | - GITLAB_REGISTRY_API_URL=http://registry:5000/ 93 | - GITLAB_REGISTRY_KEY_PATH=/certs/registry.key 94 | healthcheck: 95 | test: ["CMD", "/usr/local/sbin/healthcheck"] 96 | interval: 1m 97 | timeout: 5s 98 | retries: 5 99 | start_period: 2m 100 | networks: 101 | - ${WEBPROXY_NETWORK} 102 | - ${SERVICE_NETWORK} 103 | 104 | registry: 105 | image: ${DOCKER_IMAGE_REGISTRY} 106 | container_name: ${SERVICE_NAME}_${CONTAINER_NAME_REGISTRY} 107 | restart: always 108 | expose: 109 | - 5000 110 | labels: 111 | - "traefik.enable=true" 112 | - "traefik.http.routers.gitlab-rm-registry.entrypoints=https" 113 | - "traefik.http.routers.gitlab-rm-registry.rule=Host(`${REGISTRY_HOST}`)" 114 | - "traefik.http.routers.gitlab-rm-registry.tls=true" 115 | - "traefik.http.routers.gitlab-rm-registry.tls.certresolver=letsEncrypt" 116 | - "traefik.http.services.gitlab-rm-registry-service.loadbalancer.server.port=5000" 117 | - "traefik.docker.network=webproxy" 118 | volumes: 119 | - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab/shared/registry:/registry 120 | - ./ssl-certs:/certs 121 | environment: 122 | - REGISTRY_AUTH_TOKEN_AUTOREDIRECT=false 123 | - REGISTRY_LOG_LEVEL=debug 124 | - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry 125 | - REGISTRY_AUTH_TOKEN_REALM=https://${GITLAB_HOST}/jwt/auth 126 | - REGISTRY_AUTH_TOKEN_SERVICE=container_registry 127 | - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer 128 | - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry.crt 129 | - REGISTRY_STORAGE_DELETE_ENABLED=true 130 | # - REGISTRY_STORAGE=s3 131 | # - REGISTRY_STORAGE_S3_ACCESSKEY=${REGISTRY_STORAGE_S3_ACCESSKEY} 132 | # - REGISTRY_STORAGE_S3_SECRETKEY=${REGISTRY_STORAGE_S3_SECRETKEY} 133 | # - REGISTRY_STORAGE_S3_REGIONENDPOINT=${REGISTRY_STORAGE_S3_REGIONENDPOINT} 134 | # - REGISTRY_STORAGE_S3_REGION=${REGISTRY_STORAGE_S3_REGION} 135 | # - REGISTRY_STORAGE_S3_BUCKET=${REGISTRY_STORAGE_S3_BUCKET} 136 | # - REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR=inmemory 137 | networks: 138 | - ${WEBPROXY_NETWORK} 139 | - ${SERVICE_NETWORK} 140 | 141 | postgresql: 142 | image: ${DOCKER_IMAGE_PGSQL} 143 | container_name: ${SERVICE_NAME}_${CONTAINER_NAME_PGSQL} 144 | restart: always 145 | environment: 146 | - POSTGRES_USER=${DB_USER} 147 | - POSTGRES_PASSWORD=${DB_PASS} 148 | - POSTGRES_DB=${DB_NAME} 149 | - POSTGRESQL_SHARED_PRELOAD_LIBRARIES=pg_trgm,btree_gist 150 | volumes: 151 | - ${SERVICE_DATA}/${SERVICE_NAME}/postgresql:/var/lib/postgresql:Z 152 | networks: 153 | - ${SERVICE_NETWORK} 154 | 155 | redis: 156 | restart: always 157 | image: ${DOCKER_IMAGE_REDIS} 158 | container_name: ${SERVICE_NAME}_${CONTAINER_NAME_REDIS} 159 | command: 160 | - --loglevel warning 161 | volumes: 162 | - ${SERVICE_DATA}/${SERVICE_NAME}/redis:/var/lib/redis:Z 163 | networks: 164 | - ${SERVICE_NETWORK} 165 | 166 | runner_1: 167 | image: ${DOCKER_IMAGE_RUNNER} 168 | container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_1 169 | restart: always 170 | depends_on: 171 | - gitlab 172 | volumes: 173 | - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_1:/etc/gitlab-runner 174 | - /var/run/docker.sock:/var/run/docker.sock 175 | command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner 176 | environment: 177 | - CI_SERVER_URL=https://${GITLAB_HOST} 178 | - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP} 179 | - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER} 180 | - RUNNER_TOKEN=${RUNNER_TOKEN} 181 | - RUNNER_DESCRIPTION=gitab-runner_1 182 | - RUNNER_EXECUTOR=docker 183 | - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest 184 | networks: 185 | - ${SERVICE_NETWORK} 186 | 187 | runner_2: 188 | image: ${DOCKER_IMAGE_RUNNER} 189 | container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_2 190 | restart: always 191 | depends_on: 192 | - gitlab 193 | volumes: 194 | - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_2:/etc/gitlab-runner 195 | - /var/run/docker.sock:/var/run/docker.sock 196 | command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner 197 | environment: 198 | - CI_SERVER_URL=https://${GITLAB_HOST} 199 | - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER} 200 | - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP} 201 | - RUNNER_TOKEN=${RUNNER_TOKEN} 202 | - RUNNER_DESCRIPTION=gitab-runner_2 203 | - RUNNER_EXECUTOR=docker 204 | - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest 205 | networks: 206 | - ${SERVICE_NETWORK} 207 | 208 | runner_3: 209 | image: ${DOCKER_IMAGE_RUNNER} 210 | container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_3 211 | restart: always 212 | depends_on: 213 | - gitlab 214 | volumes: 215 | - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_3:/etc/gitlab-runner 216 | - /var/run/docker.sock:/var/run/docker.sock 217 | command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner 218 | environment: 219 | - CI_SERVER_URL=https://${GITLAB_HOST} 220 | - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER} 221 | - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP} 222 | - RUNNER_TOKEN=${RUNNER_TOKEN} 223 | - RUNNER_DESCRIPTION=gitab-runner_3 224 | - RUNNER_EXECUTOR=docker 225 | - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest 226 | networks: 227 | - ${SERVICE_NETWORK} 228 | 229 | runner_4: 230 | image: ${DOCKER_IMAGE_RUNNER} 231 | container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_4 232 | restart: always 233 | depends_on: 234 | - gitlab 235 | volumes: 236 | - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_4:/etc/gitlab-runner 237 | - /var/run/docker.sock:/var/run/docker.sock 238 | command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner 239 | environment: 240 | - CI_SERVER_URL=https://${GITLAB_HOST} 241 | - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER} 242 | - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP} 243 | - RUNNER_TOKEN=${RUNNER_TOKEN} 244 | - RUNNER_DESCRIPTION=gitab-runner_4 245 | - RUNNER_EXECUTOR=docker 246 | - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest 247 | networks: 248 | - ${SERVICE_NETWORK} 249 | 250 | # backup: 251 | # image: ${DOCKER_IMAGE_BACKUP} 252 | # restart: always 253 | # container_name: ${SERVICE_NAME}_${CONTAINER_NAME_BACKUP} 254 | # command: gitlab backup --storage S3:///gitlab --online 255 | # volumes: 256 | # - /var/run/docker.sock:/var/run/docker.sock 257 | # - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab/backups:${BACKUP_DIR}:Z 258 | # - ${DOCKER_COMPOSE_DIR}:${DOCKER_COMPOSE_DIR} 259 | # environment: 260 | # - BACKUP_SCHEDULE=${BACKUP_SCHEDULE} 261 | # - BACKUP_DIR=${BACKUP_DIR} 262 | # - DOCKER_COMPOSE_DIR=${DOCKER_COMPOSE_DIR} 263 | # - ${SERVICE_NETWORK} 264 | # - CONTAINER_NAME_GITLAB=${CONTAINER_NAME_GITLAB} 265 | # - S3_HOST_BASE=${S3_HOST_BASE} 266 | # - S3_ACCOUNT_ID=${S3_ACCOUNT_ID} 267 | # - S3_APPLICATION_KEY=${S3_APPLICATION_KEY} 268 | # networks: 269 | # - ${SERVICE_NETWORK} 270 | 271 | networks: 272 | service: 273 | name: ${SERVICE_NETWORK} 274 | webproxy: 275 | external: true 276 | -------------------------------------------------------------------------------- /fix-unicorn.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "fix gitlab_server unicorn error" 4 | docker exec -it gitlab_server rm /home/git/gitlab/tmp/pids/unicorn.pid && docker restart gitlab_server 5 | -------------------------------------------------------------------------------- /ssl-certs/ssl-certs.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vasyakrg/gitlab-in-docker/d0bb505bbd33adc09b75a02b5f803d2c58d1d33a/ssl-certs/ssl-certs.zip --------------------------------------------------------------------------------