GitLab Community Edition (CE)

This project serves as a template to run gitlab-ce in a docker container using docker compose.
ℹ️ For GitLab on a cloud k8s environment, see GitLab's Cloud Native Hybrid reference architectures.

The docker image is a monolithic image of GitLab running all the necessary services in a single container.

Features:

• GitLab CE with Mattermost Team Edition (TE) and Container Registry enabled.
  • Disabled: LDAP, Reply by email and Gitlab Pages
  • Includes gitlab-runner to register shared runners.
• Pre-configured to run at subdomains of your own domain:
  • GitLab: gitlab.mydomain.com
  • Mattermost: mattermost.mydomain.com
  • Container Registry: glcr.mydomain.com
• Exposes GitLab shell on port 10022 by default.
• Sends emails through an exim-relay container by default.
• Use of an .env file for variable substitution in the Compose file.

About GitLab:

• Homepage: https://about.gitlab.com
• Documentation: https://docs.gitlab.com/omnibus/docker/

Table of Contents

• Prerequisites
• Install
• Usage
• Further reading
• Contributing
• Support
• License

Prerequisites

The following is required:

• DNS records for all subdomains pointing to this host.
• Allowing connections on port 10022 to access GitLab shell (Git over SSH).

Hardware requirements:

• Storage: As a rule of thumb you should have at least as much free space as all your repositories combined take up
• CPU: 4 cores is the recommended minimum number of cores and supports up to 500 users
• Memory: 4 GB RAM is the required minimum memory size and supports up to 500 users

Install

This project depends on the following Docker Deployment:

• Træfik: TLS termination, reverse proxy

Usage

1. Create an external docker network named "vcs":

   docker network create vcs
   

2. Make a copy of all sample. files:

   for file in sample.*; do cp "$file" "${file#sample.}"; done;
   

3. Update at least environment variables GL_DOMAIN and GL_CERTRESOLVER_NAME in '.env':

   • Replace mydomain.com with your own domain that serves the subdomains.
   • Replace mydomain-com with a valid certificate resolvers name of Træfik.

4. Optional: Set these environment variables in '.env':

   • GL_TZ: A valid tz database time zone (default: Etc/UTC)

   • GITLAB_SHELL_SSH_PORT: GitLab Shell SSH port (default: 10022)

   • GL_INITIAL_ROOT_PASSWORD: Initial default admin password (default: password)

   • GL_INITIAL_SHARED_RUNNERS_REGISTRATION_TOKEN: Initial shared runners registration token (default: set by GitLab)
     Generate random registration token:

     LC_ALL=C tr -cd 'A-Za-z0-9' < /dev/urandom | fold -w 20 | head -n 1
     

   • GL_SMTP_PASSWORD: SMTP server password (disabled)

   • GL_SMTP_ADDRESS: SMTP server address (default: gitlab-smtp)

   • GL_SMTP_PORT: SMTP server port (default: 8025)

   • MM_PUBLIC_LINK_SALT: Mattermost Public Link Salt (default: set by GitLab)
     Generate random salt:

     LC_ALL=C tr -cd 'a-z0-9' < /dev/urandom | fold -w 32 | head -n 1
     

5. Optional: Set these environment variables in 'docker-compose.yml':

   • Uncomment line 65 if you have set GL_INITIAL_SHARED_RUNNERS_REGISTRATION_TOKEN in step 4.
   • Uncomment line 119 if you have set MM_FILESETTINGS_PUBLICLINKSALT in step 4.

6. Start the container in detached mode:

   docker compose up -d
   

GitLab

Open https://gitlab.mydomain.com, log in as user root and check the following settings:

• Admin Area > Settings > General > Visibility and access controls:
  • Default project visibility
  • Default snippet visibility
  • Default group visibility
  • Restricted visibility levels
• Admin Area > Settings > General > Sign-up restrictions:
  • Sign-up enabled
• Admin Area > Settings > General > Sign-in restrictions > Email notification for unknown sign-ins:
  • Notify users by email when sign-in location is not recognized
• Admin Area > Settings > Preferences > Localization:
  • Default first day of the week

Change the following settings:

• Admin Area > Settings > General > Third party offers:
  • Tick "Do not display offers from third parties within GitLab"
• Admin Area > Settings > Metrics and profiling > Usage statistics:
  • Untick "Enable usage ping"
• Admin Area > Settings > Network > Outbound requests:
  • Tick "Allow requests to the local network from web hooks and services"
• Admin Area > Settings > Preferences > Email:
  • Untick "Enable in-product marketing emails"

Add Mattermost to Applications:

• Admin Area > Applications: Click "New application"

  • Name: GitLab Mattermost

  • Redirect URL:

    https://mattermost.mydomain.com/signup/gitlab/complete
    https://mattermost.mydomain.com/login/gitlab/complete
    

    → Replace mydomain.com with your own domain that serves the subdomains.

    • Tick "Trusted"
    • Scopes:
      • Tick "api"
• Click "Submit" and copy "Application ID" and "Secret"

Mattermost

1. Set the following environment variables in '.env':

   • MM_GITLAB_APPLICATION_ID: "Application ID" from GitLab
   • MM_GITLAB_SECRET: "Secret" from GitLab

2. Reconfigure GitLab:

   docker compose up -d
   

3. Wait until GitLab container is ready again.

4. Log into https://mattermost.mydomain.com using "GitLab Single Sign-On".

Register shared runners

docker exec -ti vcs-gitlab-runner-1 bash -c "gitlab-runner register"

1. Enter your GitLab instance URL:

   Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com )
   https://gitlab.mydomain.com
   

2. Enter the token you obtained to register the Runner:

   Please enter the gitlab-ci token for this runner
   <registration token>
   

3. Enter a description for the Runner, you can change this later in GitLab’s UI:

   Please enter the gitlab-ci description for this runner
   Shared Runner
   

4. Enter the tags associated with the Runner, you can change this later in GitLab’s UI:

   Please enter the gitlab-ci tags for this runner (comma separated):
   <Enter>
   

5. Enter the Runner executor:

   Please enter the executor: ssh, docker+machine, docker-ssh+machine, kubernetes, docker, parallels, virtualbox, docker-ssh, shell:
   docker
   

6. If you chose Docker as your executor, you’ll be asked for the default image to be used for projects that do not define one in .gitlab-ci.yml:

   Please enter the Docker image (eg. ruby:2.1):
   alpine:latest
   

See also Configuring GitLab Runner.

Further reading

GitLab:

• Omnibus GitLab Docs
  • Setting up LDAP sign-in
  • SMTP settings
    → As long as you are using the exim-relay, emails will likely end up in your spam folder!
  • Reply by email
  • GitLab Pages administration
• GitLab Runner Docs
  • Advanced configuration

Mattermost:

• Mattermost Overview
  • Administration Guide
  • User Guide

Contributing

PRs accepted. Please submit to the GitLab repository.

This project follows the Contributor Covenant Code of Conduct.

Support

Community support: Open a new discussion here.

Commercial support: Contact b-data by email.

License

Copyright © 2019 b-data GmbH

Distributed under the terms of the MIT License.