Setting up a GitLab container

gitlab | runner | ci/cd laravel | ci/cd react | sast

WARNING THIS GUIDE IS CURRENTLY DEPRECATED AS WE PREFER TO USE A DEDICATED SYSTEM FOR IT

Introduction

there’s a possible URL scheme issues, the ruby app needs to know its real address that is used in front of the world. So you will have to setup your reverse-proxy alright.

you should free port 22 on the server for the default ssh://git@ service to be available

Launch the container

create the docker volumes

sudo mkdir -p /data/gitlab/{config,data,logs}/

make sure 2222 or preferably 22, 80XX & 84XX ports are available

netstat -lntup

fetch/update the community image and launch the container

docker pull gitlab/gitlab-ce
app=gitlabprod
docker ps -a | grep $app
docker run -d --name $app --hostname  $app --restart always \
    -p 22XX:22 -p 80XX:80 -p 84XX:443 \
    -v /data/gitlab/config:/etc/gitlab \
    -v /data/gitlab/logs:/var/log/gitlab \
    -v /data/gitlab/data:/var/opt/gitlab \
    gitlab/gitlab-ce:latest
    #gitlabprod.<datetag>.ready
docker ps -a | grep $app
docker logs $app
docker exec -ti $app bash

change 22XX, 80XX, 84XX accordingly.

if you wann force the resolution (it’s ok if DNS are right and resolve to the Docker host so I don’t use that)

    --add-host="gitlab.example.com:127.0.0.1" --add-host="gitlab:127.0.0.1" \
    --add-host="git.example.com:127.0.0.1" --add-host="git:127.0.0.1" \

The gitlab.example.com and gitlab names should point to the docker host (assuming the DNS work) but just in case, you can also force the resolution inside the container. also, in case you did not enable that and need to fix it afterwards into the container (may not be permanent and it may even be removed while the container is up and running, this is just a quick workaround)

vi /etc/hosts

127.0.0.1   gitlab.example.com gitlab
127.0.0.1   git.example.com git

Tweak the environment

this part is also discussed in the custom/ubuntu image guide

make the unix env nicer

cat >> /etc/bash.bashrc <<-EOF
export DEBIAN_FRONTEND=noninteractive
export TERM=xterm
alias cp='cp -i'
alias mv='mv -i'
alias rm='rm -i'
alias ll='ls -alhF'
alias runq='postfix flush'
alias netstata='netstat -antpe --inet --inet6'
EOF
tail -20 /etc/bash.bashrc
source /etc/bash.bashrc

install missing packages for easy admin

apt -y update
apt -y full-upgrade

    apt -y install \
    lsb-release \
    nmap \
    unzip \
    curl \
    iputils-ping \
    net-tools \
    netcat \
    sudo \
    telnet \
    vim \
    wget \
    software-properties-common \
    apt-transport-https \
    less \
    mlocate \
    pwgen

OPTIONAL (sshd refuses password auth anyway) — change the root password into the container, just in case

pwgen
passwd

MANDATORY — setup a password for the git user

pwgen
passwd git

Email setup

proceed with a standard outbound email email setup for your container. you don’t even have to tell GitLab to use an SMTP, it’s using the system MTA by default! see additional notes below if you really want to do it the hard way.

specific mail aliases for Gitlab

cd /etc/
cp -pi aliases aliases.dist
vi aliases

root:       REAL-EMAIL
gitlab-www: root
gitlab-redis:   root
gitlab-psql:    root
gitlab:     root
git:        root

not needed for DMA

#newaliases

Gitlab setup

then also make sure the URL is right when providing links in the messages

#don't change as it gets overridden by gitlab.rb
cd /var/opt/gitlab/gitlab-rails/etc/
cp -pi gitlab.yml gitlab.yml.dist

#don't change as it gets overridden by gitlab.rb
cd /var/opt/gitlab/gitlab-shell/
cp -pi config.yml config.yml.dist

cd /etc/gitlab/
cp -pi gitlab.rb gitlab.rb.dist
vi gitlab.rb

external_url 'https://gitlab.example.com/'
#gitlab_rails['time_zone'] = 'Europe/Paris'
gitlab_rails['gitlab_email_from'] = 'support@example.com'
gitlab_rails['gitlab_email_display_name'] = 'Example Support'

gitlab-ctl reconfigure
netstat -lntup

cd /var/opt/gitlab/gitlab-rails/etc/
diff -bu gitlab.yml.dist gitlab.yml

cd /var/opt/gitlab/gitlab-shell/
diff -bu config.yml.dist config.yml

tune external_url accordingly, this is critical and may bring some URL scheme issues. the application needs to know the REAL url that is shown to the world. that value is not only for the links, it also define if you are using tls and on what port you are running gitlab.

Reverse-proxy

see nginx

Ready to go & Gitlab tuning

point your browser to that URL

https://gitlab.example.com/

if the thing resolves it may be time to re-commit your container to an image

docker commit -p gitlabprod gitlabprod.`date +%s`.ready

define the password for the gitlab root user. you can now login with

root / <the password you just defined on the interface>

further configure the app

Admin area > Users > Edit Administrator account
    name
    email

deploy your SSH keys

(logo on the top right) > Profile Settings > (appears on the top menu) SSH Keys

try to connect to the git unix user tru SSH, you should get a PTY error

ssh git@gitlab.example.com
ssh -p 2222 git@gitlab.example.com

watch the logs

gitlab-ctl tail

Additional notes

alternate outgoing-email method

#cd /etc/gitlab/
#cp -pi gitlab.rb gitlab.rb.dist
#
#vi gitlab.rb
#gitlab_rails['smtp_enable'] = true
#gitlab_rails['smtp_address'] = "SMTP_SMARTHOST"
#gitlab_rails['smtp_port'] = 25
#gitlab_rails['smtp_domain'] = "dockerhost.example.com or example.com, I don't know, maybe simply keep that one commented out"
#gitlab_rails['smtp_authentication'] = plain
#gitlab_rails['smtp_enable_starttls_auto'] = false
#
#gitlab-ctl reconfigure

Resources

Installer Gitlab en 5 minutes avec Docker https://www.sheevaboite.fr/articles/installer-gitlab-5-minutes-docker

Configuration options https://docs.gitlab.com/omnibus/settings/configuration.html


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5
Copyright © 2022 Pierre-Philipp Braun