Skip to content

Instantly share code, notes, and snippets.

@nu12

nu12/docker.md

Last active May 14, 2020 18:07
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save nu12/746903d2cc69172e20bd246965c52ce0 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save nu12/746903d2cc69172e20bd246965c52ce0 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. nu12 revised this gist May 14, 2020. 1 changed file with 7 additions and 0 deletions.
    7 changes: 7 additions & 0 deletions docker.md
    View file
    Original file line number Diff line number Diff line change
    @@ -143,6 +143,13 @@ services:
    container_name: gitlab
    restart: unless-stopped
    hostname: gitlab.<your-domain>
    environment:
    GITLAB_OMNIBUS_CONFIG: |
    external_url 'https://gitlab.<your-domain>'
    nginx['redirect_http_to_https'] = true
    nginx['ssl_certificate'] = "/etc/gitlab/ssl/my_cert.crt"
    nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/my_cert.key"
    nginx['http2_enabled'] = false
    volumes:
    - gitlab_config:/etc/gitlab
    - gitlab_logs:/var/log/gitlab
  2. nu12 revised this gist May 14, 2020. 2 changed files with 168 additions and 1 deletion.
    1 change: 0 additions & 1 deletion New gist
    View file
    Original file line number Diff line number Diff line change
    @@ -1 +0,0 @@
    # Gist
    168 changes: 168 additions & 0 deletions docker.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,168 @@
    # Gitlab + Nginx + SSL with Docker

    Install docker & docker-compose


    Docker https://docs.docker.com/engine/install/ubuntu/
    Docker Compose https://docs.docker.com/compose/install/

    create self-signed certificate

    ```
    $ sudo openssl genpkey -algorithm rsa -out /etc/ssl/certs/my_cert.key
    $ sudo openssl req -x509 -key /etc/ssl/certs/my_cert.key -out /etc/ssl/certs/my_cert.crt -days 360 -addext "subjectAltName = DNS:<your-domain>,DNS:*.<your-domain>,IP:<your-ip>"
    ```

    Create Nginx config files

    ```
    $ sudo mkdir -p /etc/nginx/conf.d/sites-available
    $ sudo mkdir -p /etc/nginx/conf.d/sites-enabled
    $ sudo touch /etc/nginx/nginx.conf /etc/nginx/conf.d/sites-available/default.conf /etc/nginx/conf.d/sites-available/gitlab.conf
    $ sudo ln -s /etc/nginx/conf.d/sites-available/default.conf /etc/nginx/conf.d/sites-enabled/
    $ sudo ln -s /etc/nginx/conf.d/sites-available/gitlab.conf /etc/nginx/conf.d/sites-enabled/
    ```

    Write the following content

    /etc/nginx/nginx.conf
    ```
    user nginx;
    worker_processes 1;
    error_log /var/log/nginx/error.log warn;
    pid /var/run/nginx.pid;
    events {
    worker_connections 1024;
    }
    http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
    access_log /var/log/nginx/access.log main;
    sendfile on;
    #tcp_nopush on;
    keepalive_timeout 65;
    #gzip on;
    include /etc/nginx/conf.d/sites-enabled/*.conf;
    }
    ```

    /etc/nginx/conf.d/sites-available/default.conf

    ```
    server {
    listen 80;
    server_name <your-domain>;
    return 301 https://<your-domain>$request_uri;
    }
    server {
    listen 443 ssl;
    server_name <your-domain>;
    ssl_certificate /certs/my_cert.crt;
    ssl_certificate_key /certs/my_cert.key;
    location / {
    root /usr/share/nginx/html;
    index index.html index.htm;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port $server_port;
    }
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    root /usr/share/nginx/html;
    }
    }
    ```

    /etc/nginx/conf.d/sites-available/gitlab.conf

    ```
    upstream gitlab {
    server gitlab.<your-domain>:443;
    }
    server {
    listen 80;
    server_name gitlab.<your-domain>;
    return 301 https://gitlab.<your-domain>$request_uri;
    }
    server {
    listen 443;
    server_name gitlab.<your-domain>;
    ssl_certificate /certs/my_cert.crt;
    ssl_certificate_key /certs/my_cert.key;
    location / {
    proxy_pass https://gitlab;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port $server_port;
    }
    }
    ```




    Create docker-compose file
    ```
    version: '2'
    services:
    gitlab:
    image: gitlab/gitlab-ce:12.10.3-ce.0
    container_name: gitlab
    restart: unless-stopped
    hostname: gitlab.<your-domain>
    volumes:
    - gitlab_config:/etc/gitlab
    - gitlab_logs:/var/log/gitlab
    - gitlab_data:/var/opt/gitlab
    - /etc/ssl/certs:/etc/gitlab/ssl
    nginx:
    image: nginx:1.17.10
    container_name: nginx
    restart: unless-stopped
    volumes:
    - /etc/nginx/conf.d:/etc/nginx/conf.d:ro
    - /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
    - /etc/ssl/certs:/certs:ro
    ports:
    - 80:80
    - 443:443
    volumes:
    gitlab_config:
    gitlab_logs:
    gitlab_data:
    ```
  3. nu12 created this gist May 14, 2020.
    1 change: 1 addition & 0 deletions New gist
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1 @@
    # Gist