Skip to main content

Install Gitlab with Docker-Compose (Debian Bullseye)

Shenzhen, China

Setup

Create the docker-compose file:

mkdir -p /opt/gitlab/{config/ssl,logs,data} && cd /opt/gitlab
nano .env

Define the environment variable "GITLAB_HOME": export GITLAB_HOME=/opt/gitlab.

Docker-Compose

nano docker-compose.yml
version: '3.6'
services:
web:
image: 'gitlab/gitlab-ce:latest'
container_name: gitlab-ce
restart: unless-stopped
hostname: 'gitlab.example.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
# Add any other gitlab.rb configuration here, each on its own line
external_url 'https://gitlab.example.com:8443'
gitlab_rails['gitlab_shell_ssh_port'] = 2222
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/privkey.pem"
nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparams.pem"
ports:
- '8080:80'
- '8443:443'
- '2222:22'
volumes:
- '${GITLAB_HOME}/config:/etc/gitlab'
- '${GITLAB_HOME}/logs:/var/log/gitlab'
- '${GITLAB_HOME}/data:/var/opt/gitlab'
- '${GITLAB_HOME}/config/ssl:/etc/gitlab/ssl'
shm_size: '256m'

Generate SSL and DHAPARAM Certificates

apt install certbot
certbot certonly --rsa-key-size 2048 \
--standalone \
--agree-tos \
--no-eff-email \
--email user@example.email \
-d gitlab.example.com

The Now copy the certificates fullchain.pem and privkey.pem will be generated in /etc/letsencrypt/live/gitlab.example.com and needs to be linked into the /opt/gitlab/config/ssl directory:

cp /etc/letsencrypt/live/gitlab.example.com/fullchain.pem /opt/gitlab/config/ssl/fullchain.pem
cp /etc/letsencrypt/live/gitlab.example.com/privkey.pem /opt/gitlab/config/ssl/privkey.pem

Next, generate the DHPARAM certificate:

openssl dhparam -out /opt/gitlab/config/ssl/dhparams.pem 2048
tree /opt/gitlab

/opt/gitlab
├── config
│ └── ssl
│ ├── dhparams.pem
│ ├── fullchain.pem
│ └── privkey.pem
├── data
├── docker-compose.yml
├── logs

Run the Container

Make sure that the HTTP/S and SSH Port is open:

ufw allow 8080,8443,2222/tcp

Start the Gitlab-CE and Gitlab-Runner Container with:

docker-compose up -d

docker-compose ps
Name Command State Ports
----------------------------------------------------------------------------------------------------------
gitlab-ce /assets/wrapper Up (unhealthy) 0.0.0.0:2222->22/tcp,:::2222->22/tcp, 0.0.0.0:8443->443/tcp,:::8443->443/tcp, 0.0.0.0:80->80/tcp,:::80->80/tcp

Visit https://gitlab.example.com:8443 and you will get the GitLab reset password page. Type your new password for the default user root and click the Change your password button.

Run Gitlab CLI commands inside the container:

docker exec -it gitlab-ce gitlab-ctl status

Edit the gitlab.rb configuration:

nano /opt/gitlab/config/gitlab.rb

And restart the container to enable the changes:

docker restart gitlab-ce