先给出docker-compose.yml,慢慢追加细节
version: '3'
services:
gitlab:
image: 'fjcanyue/gitlab-ce-zh:latest'
container_name: 'gitlab-server'
restart: always
hostname: 'gitserver' #填写计算机名即可
environment:
TZ: 'Asia/Shanghai'
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://域名' #访问地址
# HTTPS配置
nginx['enable'] = true
nginx['redirect_http_to_https']= true
nginx['ssl_certificate']= "/home/certs/xxx.pem"
nginx['ssl_certificate_key']= "/home/certs/xxx.key"
# 端口配置
# gitlab_rails['gitlab_shell_ssh_port'] = 7022
# unicorn['port'] = 8880
# Email配置
# gitlab_rails['smtp_enable'] = true
# gitlab_rails['smtp_address'] = "smtp.exmail.qq.com"
# gitlab_rails['smtp_port'] = 465
# gitlab_rails['smtp_user_name'] = "system@gitlab.com"
# gitlab_rails['smtp_password'] = "XXXXXXXXXX"
# gitlab_rails['smtp_authentication'] = "login"
# gitlab_rails['smtp_enable_starttls_auto'] = true
# gitlab_rails['smtp_tls'] = true
# gitlab_rails['gitlab_email_from'] = 'system@gitlab.com'
# gitlab pages配置
#pages_nginx['enable'] = true #开启pages服务
#pages_external_url 'https://appink.cn' #Gitlab pages 域名
#pages_nginx['redirect_http_to_https'] = true #http转https
#gitlab_pages['inplace_chroot'] = true #Gitlab-ce pages
#pages_nginx['ssl_certificate'] = "/home/certs/appink.cn/appink.cn.pem" #证书路径
#pages_nginx['ssl_certificate_key'] = "/home/certs/appink.cn/appink.cn.key" #证书路径
ports:
- '80:80' #http端口
- '443:443' #https端口
# - '7022:7022' #配置7022端口转发到容器的22端口上
volumes:
- ./gitlab/etc:/etc/gitlab #Gitlab配置文件目录
- gitlab:/var/opt/gitlab #Gitlab数据目录
- /var/log/gitlab/logs:/var/log/gitlab #Gitlab日志目录
- ./certs:/home/certs #域名SSL证书目录
- /etc/localtime:/etc/localtime:ro #同步宿主机日期时间到容器
runner:
image: 'gitlab/gitlab-runner:latest'
container_name: gitlab-runner
restart: always
networks:
- gitlab_default
volumes:
- ./config:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
networks:
gitlab_default:
external: true
volumes:
gitlab:
追加:
使用nginx代理
将nginx和gitlab放在同一个docker网络下,必须开启gitlab自己的nginx,并配置gitlab自己的https,docker-compose.yml中关闭端口,然后使用nginx透传
server {
listen 80;
listen [::]:80;
server_name xxx;
location / {
return 301 https://$host$request_uri;
}
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443 ssl http2;
server_name xxx;
ssl_certificate certs/xxx.pem;
ssl_certificate_key certs/xxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #使用此加密套件。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; #使用该协议进行配置。
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://xxx:443; ###特别注意,此处切记要写端口号,切记切记
aio threads;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
proxy_buffers 8 512k;
proxy_buffer_size 512k;
client_max_body_size 2048M;
client_body_buffer_size 256K;
}
}
