Gitlab on Docker

Gitlab is a DevOps web application built using ruby, similar in functionality to github, helping teams of developers collaborate on private projects. Gitlab provides private and public git repositories, issue trackers for better project planning, has its own container registry for packaging docker images, supports continuous integration and displaying performance metrics. Gitlab also supports LDAP and is security compliant. In this example i will be installing Gitlab Community edition in docker using docker-compose, so first create the directory and move into it :


mkdir -p /srv/dev/gitlab && cd /srv/dev/gitlab

Then we need to create a docker-compose config:


nano docker-compose.yml

version: '2'

services:
  web:
    image: 'gitlab/gitlab-ce:latest'
    restart: always
    hostname: gitlab
    domainname: example.com
    container_name: gitlab
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.example.com'
        gitlab_rails['gitlab_shell_ssh_port'] = 2222
        gitlab_rails['smtp_enable'] = true
        gitlab_rails['smtp_port'] = 587
        gitlab_rails['smtp_user_name'] = "[email protected]"
        gitlab_rails['smtp_password'] = "email password"
        gitlab_rails['smtp_domain'] = "mail.example.com"
        gitlab_rails['smtp_authentication'] = "login"
        gitlab_rails['smtp_enable_starttls_auto'] = true
        gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
        gitlab_rails['gitlab_email_from'] = '[email protected]'
        gitlab_rails['gitlab_email_reply_to'] = '[email protected]'
    ports:
      - '8082:80'
      - '4432:443'
      - '2222:22'
    volumes:
      - /srv/dev/gitlab/config:/etc/gitlab:z
      - /srv/dev/gitlab/logs:/var/log/gitlab:z
      - /srv/dev/gitlab/data:/var/opt/gitlab:z

Then its just a case of running docker-compose which will pull the image and build the container


docker-compose up

You will notice that because we have exposed ssl port 443 there is an error about gitlab not being able to find the cert and key for gitlab.example.com, to fix this we need to create an ssl directory in config and move some signed certificates into the directory, in this example i will be using Lets-Encrypt wildcard certificate which i have generated for my entire domain, unfortunately i have generated the wildcard ssl elsewhere on another device running HAProxy so i will not be providing an example for this here, i will assume you have generated them yourself, you can use Ctrl + C to exit docker…


mkdir /srv/dev/gitlab/config/ssl

then navigate to the directory your ssl is located and copy the files into the gitlab ssl directory


cp {example.com.crt,example.com.key} /srv/dev/gitlab/config/ssl

Either rename the files to the gitlab subdomain like in this example, or alternatively add the gitlab omnibus config fields for ssl to docker-compose.yml, in order for gitlab to detect and use the ssl, you will not be able to access gitlab on ssl until this is done.



  mv /srv/dev/gitlab/config/ssl/example.com.crt /srv/dev/gitlab/config/ssl/gitlab.example.com.crt \
  && mv /srv/dev/gitlab/config/ssl/example.com.key /srv/dev/gitlab/config/ssl/gitlab.example.com.key

Next we want to setup LDAP so we can use the active directory domain users in gitlab, so stop the container :


docker-compose stop

What we are going to do next is create an LDAP config file and then feed that into gitlab using docker-compose


nano /srv/dev/gitlab/config/ldap.yml

main:
  label: 'Example AD'
  host: 'ipa.example.com'
  port: 636
  uid: 'uid'
  bind_dn: 'uid=admin,cn=users,cn=accounts,cn=example,cn=com'
  password: 'LDAP_Password'
  encryption: 'simple_tls'
  verify_certificates: true
  active_directory: false
  allow_username_or_email_login: true
  block_auto_created_users: false
  base: 'cn=accounts,dc=example,dc=com'
  ca_file: '/etc/gitlab/ssl/ca.crt'
  timeout: 10
  user_filter: '(objectclass=*)'


Enable ldap and link to the yaml in docker-compose:


nano /srv/dev/gitlab/docker-compose.yml

    ...
      environment:
      GITLAB_OMNIBUS_CONFIG: |
        ...
        gitlab_rails['ldap_enabled'] = true
        gitlab_rails['ldap_servers'] = YAML.load_file('/etc/gitlab/ldap.yml')
    ...


Move the ca.crt from your LDAP ipa server into the ssl like we did with the domain ssl before


cp /srv/ldap/data/etc/ipa/ca.crt /srv/dev/gitlab/config/ssl

Add a Comment

Your email address will not be published. Required fields are marked *

account_circle