Setting up a GitLab container

Introduction

• There’s a possible URL scheme issues, the ruby app needs to know its real address that is used in front of the world. So you will have to setup your reverse-proxy alright.
• you should free port 22 on the server for the default ssh://git@ service to be available

This guide is mainly based on Installer Gitlab en 5 minutes avec Docker

Launch the container

Create the docker volumes,

sudo mkdir -p /data/gitlab/{config,data,logs}/

Make sure 2222 or preferably 22, 80XX & 84XX ports are available,

netstat -antupe --inet --inet6 | grep LISTEN

Fetch/Update the community image and launch the container,

docker pull gitlab/gitlab-ce
app=gitlabprod
docker ps -a | grep $app
docker run -d --name $app --hostname  $app --restart always \
    -p 22XX:22 -p 80XX:80 -p 84XX:443 \
    -v /data/gitlab/config:/etc/gitlab \
    -v /data/gitlab/logs:/var/log/gitlab \
    -v /data/gitlab/data:/var/opt/gitlab \
    gitlab/gitlab-ce:latest
    #gitlabprod.<datetag>.ready
docker ps -a | grep $app
docker logs $app
docker exec -ti $app bash

• Note. change 22XX, 80XX, 84XX accordingly.

• Note. if you wann force the resolution (it’s ok if DNS are right and resolve to the Docker host so I don’t use that),

    --add-host="gitlab.example.com:127.0.0.1" --add-host="gitlab:127.0.0.1" \
    --add-host="git.example.com:127.0.0.1" --add-host="git:127.0.0.1" \
  

• Note. gitlab.example.com and gitlab should point to the docker host (assuming the DNS work) but just in case, you can also force the resolution inside the container. Also, in case you did not enable that and need to fix it afterwards into the container (may not be permanent and it may even be removed while the container is up and running, this is just a quick workaround),

  vi /etc/hosts

  127.0.0.1 gitlab.example.com gitlab 127.0.0.1 git.example.com git

Tweak the environment

This part is also discussed in the custom/ubuntu image guide.

Make the unix env nicer,

cat >> /etc/bash.bashrc <<-EOF
export DEBIAN_FRONTEND=noninteractive
export TERM=xterm
alias cp='cp -i'
alias mv='mv -i'
alias rm='rm -i'
alias ll='ls -alhF'
alias runq='postfix flush'
alias netstata='netstat -antpe --inet --inet6'
EOF
tail -20 /etc/bash.bashrc
source /etc/bash.bashrc

Install missing packages for easy admin,

apt -y update
apt -y full-upgrade

    apt -y install \
    lsb-release \
    nmap \
    unzip \
    curl \
    iputils-ping \
    net-tools \
    netcat \
    sudo \
    telnet \
    vim \
    wget \
    software-properties-common \
    apt-transport-https \
    less \
    mlocate \
    pwgen

OPTIONAL (sshd refuses password auth anyway) – Change the root password into the container, just in case,

pwgen
passwd

MANDATORY – Setup git’s password,

pwgen
passwd git

Handy symlink,

cd ~/
ln -s /etc/gitlab

Email Setup

Proceed with a standard postfix outgoing email setup for your container. Therefore, you don’t even have to tell GitLab to use an SMTP, it’s using the system MTA by default! See additional notes below if you really want to go for the hard way. Now that the MTA is setup, launch it so it also listens on port 25 locally,

rsyslogd
postfix start

Specific mail aliases for Gitlab,

cd /etc/
cp -pi aliases alises.dist
cat >> aliases <<-EOF
root: user@example.com
gitlab-www: root
gitlab-redis: root
gitlab-psql: root
git: root
EOF
newaliases

Gitlab Sys Setup

Then also make sure the URL is right when providing links in the messages,

#don't change as it gets overridden by gitlab.rb
cd /var/opt/gitlab/gitlab-rails/etc/
cp -pi gitlab.yml gitlab.yml.dist

#don't change as it gets overridden by gitlab.rb
cd /var/opt/gitlab/gitlab-shell/
cp -pi config.yml config.yml.dist

cd /etc/gitlab/
cp -pi gitlab.rb gitlab.rb.dist
vi gitlab.rb

external_url 'https://gitlab.example.com/'
#gitlab_rails['time_zone'] = 'Europe/Paris'
gitlab_rails['gitlab_email_from'] = 'support@example.com'
gitlab_rails['gitlab_email_display_name'] = 'Example Support'

gitlab-ctl reconfigure

netstat -antpe --inet --inet6 | grep LISTEN

cd /var/opt/gitlab/gitlab-rails/etc/
diff -bu gitlab.yml.dist gitlab.yml

cd /var/opt/gitlab/gitlab-shell/
diff -bu config.yml.dist config.yml

• Note. Tune external_url accordingly, this is critical and may bring some URL scheme issues. The application needs to know the REAL url that is shown to the world. That value is not only for the links, it also define if you are using tls and on what port you are running gitlab.

Reverse-proxy

Setting up an Apache powered Reverse proxy

Ready to go – GitLab Customization

Point your browser to that URL,

https://gitlab.example.com/

If the thing resolves it may be time to re-commit your container to an image,

docker commit -p gitlabprod gitlabprod.`date +%s`.ready

Define the password for the gitlab root user. You can now login with,

root / <the password you just defined on the interface>

Further configure the app,

Admin area > Users > Edit Administrator account
    name
    email

Deploy your SSH keys,

(logo on the top right) > Profile Settings > (appears on the top menu) SSH Keys

Try to connect to the git unix user tru SSH, you should get a PTY error,

ssh git@gitlab.example.com
ssh -p 2222 git@gitlab.example.com

If needed, watch the logs,

gitlab-ctl tail

Additional Notes

Alternate outgoing-email method,

#cd /etc/gitlab/
#cp -pi gitlab.rb gitlab.rb.dist
#
#vi gitlab.rb
#gitlab_rails['smtp_enable'] = true
#gitlab_rails['smtp_address'] = "SMTP_SMARTHOST"
#gitlab_rails['smtp_port'] = 25
#gitlab_rails['smtp_domain'] = "dockerhost.example.com or example.com, I don't know, maybe simply keep that one commented out"
#gitlab_rails['smtp_authentication'] = plain
#gitlab_rails['smtp_enable_starttls_auto'] = false
#
#gitlab-ctl reconfigure

References

• This guide is mainly based on Installer Gitlab en 5 minutes avec Docker
• Configuration options - https://docs.gitlab.com/omnibus/settings/configuration.html

---

Nethence | Pub | Lab | Pbraun | SNE Russia