gitlab starts #10
gitlab starts #10
Conversation
EnigmaCurry
force-pushed
the
master
branch
24 times, most recently
from
191eefe
to
d1f0644
Compare
jessopb
force-pushed
the
service-gitlab
branch
3 times, most recently
from
97fd63e
to
0904991
Compare
jessopb
force-pushed
the
service-gitlab
branch
from
0904991
to
e3ff9c1
Compare
jessopb
force-pushed
the
service-gitlab
branch
from
6bdbdcd
to
e3ff9c1
Compare
| POSTGRES_PASS=password | ||
| POSTGRES_DB_NAME=gitlab_production | ||
| GITLAB_ROOT_PASSWORD=changeme |
There was a problem hiding this comment.
passwords should be blank in .env-dist, otherwise the Makefile won't randomize it.
|
|
||
| ## Initial setup | ||
|
|
||
| Bring up the service with `docker-compose up -d` |
There was a problem hiding this comment.
Lets use the make style to describe how to bringing up the service.
make config
make install
make open
| test: | ||
| [ | ||
| "CMD-SHELL", | ||
| "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB_NAME" |
| - "traefik.http.routers.gitlab-web.rule=Host(`${GITLAB_TRAEFIK_HOST}`)" | ||
| - "traefik.http.routers.gitlab-web.entrypoints=websecure" | ||
| - "traefik.http.routers.gitlab-web.service=gitlab-web" | ||
| - "traefik.http.routers.gitlab-web.tls.certresolver=${ACME_CERT_RESOLVER}" |
There was a problem hiding this comment.
certresolvers aren't needed anymore that we are using manual cert creation with make certs
| - "traefik.http.services.gitlab-web.loadbalancer.server.port=80" | ||
| ## SSH | ||
| - "traefik.tcp.routers.gitlab-ssh.rule=HostSNI(`*`)" | ||
| - "traefik.tcp.routers.gitlab-ssh.entrypoints=ssh" |
There was a problem hiding this comment.
ssh is the same entrypoint that gitea uses, its on port 2222. Did you mean to use a different entrypoint on port 2224 (this requires modifying the traefik config)? I don't know why you would need to run both gitea and gitlab on the same machine, so maybe sharing the same entrypoint is the right thing to do.
There was a problem hiding this comment.
d.rymcg.tech/traefik/config/traefik.yml
Lines 115 to 118 in 9728d87
| POSTGRES_PORT=5432 | ||
| POSTGRES_PASS=password | ||
| POSTGRES_DB_NAME=gitlab_production | ||
| GITLAB_ROOT_PASSWORD=changeme |
| @@ -5,5 +5,5 @@ include ../_scripts/Makefile.projects | |||
| config: | |||
| @${BIN}/reconfigure_ask ${ENV_FILE} GITLAB_TRAEFIK_HOST "Enter your gitlab domain name" "gl.${ROOT_DOMAIN}" | |||
| @${BIN}/reconfigure_ask ${ENV_FILE} APP_NAME "Enter the service description" "git thing" | |||
| @${BIN}/reconfigure ${ENV_FILE} POSTGRES_PASS=$(shell openssl rand -hex 45) | |||
| @${BIN}/reconfigure ${ENV_FILE} GITLAB_ROOT_PASSWORD=$(shell openssl rand -hex 45) | |||
| @[[ -z "$$(dotenv -f ${ENV_FILE} get POSTGRES_PASS)" ]] && ${BIN}/reconfigure ${ENV_FILE} POSTGRES_PASS=$(shell openssl rand -hex 45) || true | |||
There was a problem hiding this comment.
dotenv should be ${BIN}/dotenv
There was a problem hiding this comment.
You can now use the reconfigure_password script instead of this.
@${BIN}/reconfigure_password ${ENV_FILE} POSTGRES_PASS
| GITLAB_TRAEFIK_HOST=git.example.com | ||
| GITLAB_SSH_PORT=2224 | ||
| # Choose Let's Encrypt 'staging' or 'production' environment: | ||
| ACME_CERT_RESOLVER=production |
There was a problem hiding this comment.
ACME_CERT_RESOLVER is no longer used
| # Choose Let's Encrypt 'staging' or 'production' environment: | ||
| ACME_CERT_RESOLVER=production | ||
|
|
||
| POSTGRES_USER=gitlab |
There was a problem hiding this comment.
These should all be namespaced like GITLAB_POSTGRES_USER
(In theory, you should be able to concatenate all of the d.rymcg.tech project .env files together into one and not have any overlaps)
| - "traefik.http.routers.gitlab-web.entrypoints=websecure" | ||
| - "traefik.http.routers.gitlab-web.service=gitlab-web" | ||
| - "traefik.http.routers.gitlab-web.tls.certresolver=${ACME_CERT_RESOLVER}" | ||
| - "traefik.http.services.gitlab-web.loadbalancer.server.port=80" |
There was a problem hiding this comment.
server.port is not required as long as the image properly specified an EXPOSE in its Dockerfile, traefik will autodetect the port.
| ## Web | ||
| - "traefik.http.routers.gitlab-web.rule=Host(`${GITLAB_TRAEFIK_HOST}`)" | ||
| - "traefik.http.routers.gitlab-web.entrypoints=websecure" | ||
| - "traefik.http.routers.gitlab-web.service=gitlab-web" |
There was a problem hiding this comment.
specifying the service is not necessary, traefik will autodetect this.
| ] | ||
| gitlab: | ||
| image: gitlab/gitlab-ce:latest | ||
| container_name: gitlab |
There was a problem hiding this comment.
remove the container name to support multiple instances.
| GITLAB_OMNIBUS_CONFIG: | | ||
| gitlab_rails['gitlab_shell_ssh_port'] = ${GITLAB_SSH_PORT} | ||
| networks: | ||
| - traefik-proxy |
There was a problem hiding this comment.
we're not using the traefik-proxy network anymore, no networks need to be configured.
No description provided.