Brassai Kao’s Tech Weave

Docker-Gitlab

Docker compose config with Traefik and Let’s Encrypt certificate

/srv/gitlab/docker-compose.yml

services:
  gitlab:
    image: gitlab/gitlab-ce:latest
    container_name: gitlab
    restart: always
    hostname: 'gitlab.example.com'
    shm_size: '256m'
    ports:
      - '22:22'

    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.example.com'
        nginx['listen_https'] = false
        nginx['listen_port'] = 80

        registry_external_url 'https://registry.gitlab.example.com'
        registry['enable'] = true
        gitlab_rails['registry_enabled'] = true
        registry_nginx['enable'] = true
        registry_nginx['listen_port'] = 5050
        registry_nginx['listen_https'] = false

        gitlab_rails['gitlab_email_from'] = 'do-not-reply@example.com'
        gitlab_rails['gitlab_email_display_name'] = 'Nutek GitLab'
        gitlab_rails['gitlab_email_reply_to'] = 'do-not-reply@ntuek.com.tw'

        gitlab_rails['smtp_enable'] = true
        gitlab_rails['smtp_address'] = "192.168.123.123"
        gitlab_rails['smtp_port'] = 25
        gitlab_rails['smtp_domain'] = "example.com"
        gitlab_rails['smtp_user_name'] = "do-not-reply@example.com"
        gitlab_rails['smtp_password'] = "Pa$$w0rd"
        gitlab_rails['smtp_authentication'] = "login"
        gitlab_rails['smtp_enable_starttls_auto'] = false
        gitlab_rails['smtp_tls'] = false

    volumes:
      - ./config:/etc/gitlab
      - ./logs:/var/log/gitlab
      - ./data:/var/opt/gitlab

    networks:
      - web

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitlab.rule=Host(`gitlab.example.com`)"
      - "traefik.http.routers.gitlab.entrypoints=websecure"
      - "traefik.http.routers.gitlab.tls=true"
      - "traefik.http.routers.gitlab.tls.certresolver=letsencrypt"
      - "traefik.http.routers.gitlab.service=gitlab"
      - "traefik.http.services.gitlab.loadbalancer.server.port=80"

      # Container Registry
      - "traefik.http.routers.registry.rule=Host(`registry.gitlab.example.com`)"
      - "traefik.http.routers.registry.entrypoints=websecure"
      - "traefik.http.routers.registry.tls=true"
      - "traefik.http.routers.registry.tls.certresolver=letsencrypt"
      - "traefik.http.routers.registry.service=registry"
      - "traefik.http.services.registry.loadbalancer.server.port=5050"

networks:
  web:
    external: true