Install Gitlab with Docker-Compose (Debian Bullseye)
Setup
Create the docker-compose file:
mkdir -p /opt/gitlab/{config/ssl,logs,data} && cd /opt/gitlab
nano .env
Define the environment variable "GITLAB_HOME": export GITLAB_HOME=/opt/gitlab.
Docker-Compose
nano docker-compose.yml
version: '3.6'
services:
web:
image: 'gitlab/gitlab-ce:latest'
container_name: gitlab-ce
restart: unless-stopped
hostname: 'gitlab.example.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
# Add any other gitlab.rb configuration here, each on its own line
external_url 'https://gitlab.example.com:8443'
gitlab_rails['gitlab_shell_ssh_port'] = 2222
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/privkey.pem"
nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparams.pem"
ports:
- '8080:80'
- '8443:443'
- '2222:22'
volumes:
- '${GITLAB_HOME}/config:/etc/gitlab'
- '${GITLAB_HOME}/logs:/var/log/gitlab'
- '${GITLAB_HOME}/data:/var/opt/gitlab'
- '${GITLAB_HOME}/config/ssl:/etc/gitlab/ssl'
shm_size: '256m'
Generate SSL and DHAPARAM Certificates
apt install certbot
certbot certonly --rsa-key-size 2048 \
--standalone \
--agree-tos \
--no-eff-email \
--email user@example.email \
-d gitlab.example.com
The Now copy the certificates fullchain.pem and privkey.pem will be generated in /etc/letsencrypt/live/gitlab.example.com and needs to be linked into the /opt/gitlab/config/ssl directory:
cp /etc/letsencrypt/live/gitlab.example.com/fullchain.pem /opt/gitlab/config/ssl/fullchain.pem
cp /etc/letsencrypt/live/gitlab.example.com/privkey.pem /opt/gitlab/config/ssl/privkey.pem
Next, generate the DHPARAM certificate:
openssl dhparam -out /opt/gitlab/config/ssl/dhparams.pem 2048
tree /opt/gitlab
/opt/gitlab
├── config
│ └── ssl
│ ├── dhparams.pem
│ ├── fullchain.pem
│ └── privkey.pem
├── data
├── docker-compose.yml
├── logs
Run the Container
Make sure that the HTTP/S and SSH Port is open:
ufw allow 8080,8443,2222/tcp
Start the Gitlab-CE and Gitlab-Runner Container with:
docker-compose up -d
docker-compose ps
Name Command State Ports
----------------------------------------------------------------------------------------------------------
gitlab-ce /assets/wrapper Up (unhealthy) 0.0.0.0:2222->22/tcp,:::2222->22/tcp, 0.0.0.0:8443->443/tcp,:::8443->443/tcp, 0.0.0.0:80->80/tcp,:::80->80/tcp
Visit https://gitlab.example.com:8443 and you will get the GitLab reset password page. Type your new password for the default user root and click the Change your password button.
Run Gitlab CLI commands inside the container:
docker exec -it gitlab-ce gitlab-ctl status
Edit the gitlab.rb configuration:
nano /opt/gitlab/config/gitlab.rb
And restart the container to enable the changes:
docker restart gitlab-ce