gitlab-ce 有两个不同的容器化镜像,sameersbn/gitlab 和 gitlab/gitlab-ce,
前者是第三方维护的,用户广泛,年代久远,通过注入环境变量来自动修改配置文件,就是版本一般会落后官方。
后者是官方的镜像,更新及时。
sameersbn/gitlab 的 docker-compose.yml
version: '2'
services:
redis:
restart: always
image: sameersbn/redis:4.0.9-1
command:
- --loglevel warning
volumes:
- /srv/gitlab/redis:/var/lib/redis:Z
mem_limit: 1g
mem_swappiness: 0
postgresql:
restart: always
image: sameersbn/postgresql:10-2
ports:
- "5222:5432"
volumes:
- /srv/gitlab/postgresql:/var/lib/postgresql:Z
environment:
- DB_USER=gitlab
- DB_PASS=password
- DB_NAME=gitlabhq_production
- DB_EXTENSION=pg_trgm
runner:
restart: always
image: gitlab/gitlab-runner:latest
volumes:
- /srv/gitlab/runner:/home/gitlab_ci_multi_runner/data
environment:
- CI_SERVER_URL=https://gitlab.domain.com/gitlab/ci
- RUNNER_TOKEN=XXXXXXXXXXXXXXX
- RUNNER_DESCRIPTION=runner-shell
- RUNNER_EXECUTOR=shell
depends_on:
- gitlab
extra_hosts:
- "gitlab.domain.com:1.2.3.4"
registry:
image: registry:2
ports:
- "5000:5000"
volumes:
- /srv/gitlab/registry:/registry
- /srv/gitlab/registry_certs:/certs
environment:
- REGISTRY_LOG_LEVEL=error
- REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
- REGISTRY_AUTH_TOKEN_REALM=https://gitlab.domain.com/gitlab/jwt/auth
- REGISTRY_AUTH_TOKEN_SERVICE=container_registry
- REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
- REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry-auth.crt
# - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry-auth.crt
# - REGISTRY_HTTP_TLS_KEY=/certs/registry-auth.key
- REGISTRY_STORAGE_DELETE_ENABLED=true
- REGISTRY_HTTP_SECRET=long-and-random-alphanumeric-string
extra_hosts:
- "gitlab.domain.com:1.2.3.4"
gitlab:
restart: always
image: dockerhub.azk8s.cn/taomaree/gitlab:12.4.2
depends_on:
- redis
- postgresql
ports:
- "2280:80"
- "2222:22"
volumes:
- /srv/gitlab/gitlab:/home/git/data:Z
- /srv/gitlab/gitlab/logs:/var/log/gitlab:Z
- /srv/gitlab/custom_hooks:/home/git/data/custom_hooks:Z
- /srv/gitlab/registry_certs:/certs
dns:
- 1.1.2.2
- 1.1.2.3
mem_limit: 4g
mem_swappiness: 0
memswap_limit: 4g
extra_hosts:
- "gitlab.domain.com:1.2.3.4"
- "jenkins.domain.com:1.2.3.4"
environment:
- DEBUG=false
- DB_ADAPTER=postgresql
- DB_HOST=postgresql
- DB_PORT=5432
- DB_USER=gitlab
- DB_PASS=password
- DB_NAME=gitlabhq_production
- REDIS_HOST=redis
- REDIS_PORT=6379
- REDIS_NUMBER=0
- UNICORN_TIMEOUT=600
- TZ=Asia/Chongqing
- GITLAB_TIMEZONE=Chongqing
- GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alphanumeric-string
- GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alphanumeric-string
- GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alphanumeric-string
- GITLAB_HOST=gitlab.domain.com
#- GITLAB_RELATIVE_URL_ROOT=/gitlab/
- GITLAB_PORT=443
- GITLAB_HTTPS=true
- SSL_SELF_SIGNED=true
- GITLAB_SSH_PORT=2222
- GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
- GITLAB_NOTIFY_PUSHER=false
- GITLAB_EMAIL=notifications@example.com
- GITLAB_EMAIL_REPLY_TO=noreply@example.com
- GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com
- GITLAB_BACKUP_SCHEDULE=daily
- GITLAB_BACKUPS=daily
- GITLAB_BACKUP_TIME=01:00
- LDAP_ENABLED=true
- LDAP_LABEL=LDAP
- LDAP_HOST=1.2.3.4
- LDAP_PORT=389
- LDAP_UID=uid
- LDAP_METHOD=plain
- LDAP_BIND_DN=cn=ldapadmin,dc=com
- LDAP_PASS=XXXXXXXXX
- LDAP_BASE=dc=com
- LDAP_ACTIVE_DIRECTORY=false
- GITLAB_REGISTRY_ENABLED=false
- GITLAB_REGISTRY_HOST=gitlab.domain.com
- GITLAB_REGISTRY_PORT=443
- GITLAB_REGISTRY_API_URL=http://registry:5000
- GITLAB_REGISTRY_KEY_PATH=/certs/registry-auth.key
- GITLAB_REGISTRY_CERT_PATH=/certs/registry-auth.crt
- GITLAB_REGISTRY_ISSUER=gitlab-issuer
- GITLAB_ROOT_PASSWORD=
- GITLAB_ROOT_EMAIL=
- GITLAB_SHELL_CUSTOM_HOOKS_DIR=/home/git/data/custom_hooks
- SMTP_ENABLED=true
- SMTP_DOMAIN=domain.com
- SMTP_HOST=smtp.exmail.qq.com
- SMTP_PORT=465
- SMTP_USER=XXXXXXXX
- SMTP_PASS=XXXXXXXX
- SMTP_STARTTLS=true
- SMTP_AUTHENTICATION=login
- IMAP_ENABLED=false
- IMAP_HOST=imap.gmail.com
- IMAP_PORT=993
- IMAP_USER=mailer@example.com
- IMAP_PASS=password
- IMAP_SSL=true
- IMAP_STARTTLS=false
- OAUTH_ENABLED=false
- OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
- OAUTH_ALLOW_SSO=
- OAUTH_BLOCK_AUTO_CREATED_USERS=true
- OAUTH_AUTO_LINK_LDAP_USER=false
- OAUTH_AUTO_LINK_SAML_USER=false
- OAUTH_EXTERNAL_PROVIDERS=
- OAUTH_CAS3_LABEL=cas3
- OAUTH_CAS3_SERVER=
- OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
- OAUTH_CAS3_LOGIN_URL=/cas/login
- OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
- OAUTH_CAS3_LOGOUT_URL=/cas/logout
- OAUTH_GOOGLE_API_KEY=
- OAUTH_GOOGLE_APP_SECRET=
- OAUTH_GOOGLE_RESTRICT_DOMAIN=
- OAUTH_FACEBOOK_API_KEY=
- OAUTH_FACEBOOK_APP_SECRET=
- OAUTH_TWITTER_API_KEY=
- OAUTH_TWITTER_APP_SECRET=
- OAUTH_GITHUB_API_KEY=
- OAUTH_GITHUB_APP_SECRET=
- OAUTH_GITHUB_URL=
- OAUTH_GITHUB_VERIFY_SSL=
- OAUTH_GITLAB_API_KEY=
- OAUTH_GITLAB_APP_SECRET=
- OAUTH_BITBUCKET_API_KEY=
- OAUTH_BITBUCKET_APP_SECRET=
- OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
- OAUTH_SAML_IDP_CERT_FINGERPRINT=
- OAUTH_SAML_IDP_SSO_TARGET_URL=
- OAUTH_SAML_ISSUER=
- OAUTH_SAML_LABEL="Our SAML Provider"
- OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
- OAUTH_SAML_GROUPS_ATTRIBUTE=
- OAUTH_SAML_EXTERNAL_GROUPS=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=
- OAUTH_CROWD_SERVER_URL=
- OAUTH_CROWD_APP_NAME=
- OAUTH_CROWD_APP_PASSWORD=
- OAUTH_AUTH0_CLIENT_ID=
- OAUTH_AUTH0_CLIENT_SECRET=
- OAUTH_AUTH0_DOMAIN=
- OAUTH_AZURE_API_KEY=
- OAUTH_AZURE_API_SECRET=
- OAUTH_AZURE_TENANT_ID=
gitlab/gitlab-ce 的 docker-compose.yml
docker pull dockerhub.azk8s.cn/gitlab/gitlab-ce:12.9.0-ce.0
web:
image: 'dockerhub.azk8s.cn/gitlab/gitlab-ce:latest'
restart: always
hostname: 'gitlab.example.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://gitlab.example.com:8929'
gitlab_rails['gitlab_shell_ssh_port'] = 2224
ports:
- '8929:8929'
- '2224:22'
volumes:
- '/srv/gitlab/config:/etc/gitlab'
- '/srv/gitlab/logs:/var/log/gitlab'
- '/srv/gitlab/data:/var/opt/gitlab'
参考: https://docs.gitlab.com/omnibus/docker/
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
网友评论