Install docker & docker-compose
Docker https://docs.docker.com/engine/install/ubuntu/ Docker Compose https://docs.docker.com/compose/install/
create self-signed certificate
$ sudo openssl genpkey -algorithm rsa -out /etc/ssl/certs/my_cert.key
$ sudo openssl req -x509 -key /etc/ssl/certs/my_cert.key -out /etc/ssl/certs/my_cert.crt -days 360 -addext "subjectAltName = DNS:<your-domain>,DNS:*.<your-domain>,IP:<your-ip>"
Create Nginx config files
$ sudo mkdir -p /etc/nginx/conf.d/sites-available
$ sudo mkdir -p /etc/nginx/conf.d/sites-enabled
$ sudo touch /etc/nginx/nginx.conf /etc/nginx/conf.d/sites-available/default.conf /etc/nginx/conf.d/sites-available/gitlab.conf
$ sudo ln -s /etc/nginx/conf.d/sites-available/default.conf /etc/nginx/conf.d/sites-enabled/
$ sudo ln -s /etc/nginx/conf.d/sites-available/gitlab.conf /etc/nginx/conf.d/sites-enabled/
Write the following content
/etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/sites-enabled/*.conf;
}
/etc/nginx/conf.d/sites-available/default.conf
server {
listen 80;
server_name <your-domain>;
return 301 https://<your-domain>$request_uri;
}
server {
listen 443 ssl;
server_name <your-domain>;
ssl_certificate /certs/my_cert.crt;
ssl_certificate_key /certs/my_cert.key;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
/etc/nginx/conf.d/sites-available/gitlab.conf
upstream gitlab {
server gitlab.<your-domain>:443;
}
server {
listen 80;
server_name gitlab.<your-domain>;
return 301 https://gitlab.<your-domain>$request_uri;
}
server {
listen 443;
server_name gitlab.<your-domain>;
ssl_certificate /certs/my_cert.crt;
ssl_certificate_key /certs/my_cert.key;
location / {
proxy_pass https://gitlab;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
}
Create docker-compose file
version: '2'
services:
gitlab:
image: gitlab/gitlab-ce:12.10.3-ce.0
container_name: gitlab
restart: unless-stopped
hostname: gitlab.<your-domain>
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.<your-domain>'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/my_cert.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/my_cert.key"
nginx['http2_enabled'] = false
volumes:
- gitlab_config:/etc/gitlab
- gitlab_logs:/var/log/gitlab
- gitlab_data:/var/opt/gitlab
- /etc/ssl/certs:/etc/gitlab/ssl
nginx:
image: nginx:1.17.10
container_name: nginx
restart: unless-stopped
volumes:
- /etc/nginx/conf.d:/etc/nginx/conf.d:ro
- /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- /etc/ssl/certs:/certs:ro
ports:
- 80:80
- 443:443
volumes:
gitlab_config:
gitlab_logs:
gitlab_data: