GitLab 安裝相關紀錄
- 安裝環境 : Alpine 3.20 + docker compose
docker compose (非正式 SSL 憑證)
- docker-compose.yml
services: gitlab: image: gitlab/gitlab-ce container_name: gitlab restart: always hostname: 'git-demo.ichiayi.com' environment: GITLAB_OMNIBUS_CONFIG: | # Add any other gitlab.rb configuration here, each on its own line external_url 'https://git-demo.ichiayi.com' ports: - '80:80' - '443:443' - '22:22' volumes: - './config:/etc/gitlab' - './logs:/var/log/gitlab' - './data:/var/opt/gitlab' shm_size: '256m'
- 啟動服務
docker compose up -d docker compose logs -f
- 查看自動產生的 root 密碼
cat config/initial_root_password
docker compose (含 ACME 自動更新 SSL 憑證)
- 目錄配置
. ├── .env ├── cloudflare.ini ├── docker-compose.yml ├── [config] ├── [data] ├── [logs] ├── [ssl]
- 建立 ssl 目錄與權限
rm -rf ssl/* mkdir -p ssl chmod 777 ssl
- 編輯 docker-compose.yml
services: gitlab: image: gitlab/gitlab-ce container_name: gitlab restart: always hostname: '${DOMAIN_NAME}' environment: GITLAB_OMNIBUS_CONFIG: | external_url 'https://${DOMAIN_NAME}' letsencrypt['enable'] = false nginx['ssl_certificate'] = "/etc/gitlab/ssl/fullchain.pem" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/privkey.pem" nginx['enable'] = true nginx['redirect_http_to_https'] = true ports: - '80:80' - '443:443' - '9022:22' volumes: - './config:/etc/gitlab' - './logs:/var/log/gitlab' - './data:/var/opt/gitlab' - './ssl:/etc/gitlab/ssl' shm_size: '256m' networks: - gitlab-network certbot: image: certbot/dns-cloudflare:latest container_name: certbot volumes: - ./ssl:/etc/letsencrypt - ./cloudflare.ini:/etc/secrets/cloudflare.ini:ro entrypoint: "/bin/sh" command: - -c - | trap exit TERM; while :; do certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/secrets/cloudflare.ini \ -d ${DOMAIN_NAME} --non-interactive --agree-tos \ -m ${CF_EMAIL} || true; if [ -f /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem ]; then cp /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem /etc/letsencrypt/fullchain.pem; cp /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem /etc/letsencrypt/privkey.pem; chmod 644 /etc/letsencrypt/fullchain.pem /etc/letsencrypt/privkey.pem; apk add --no-cache curl echo "Waiting for GitLab to be ready..." until curl -s http://gitlab:80/-/health > /dev/null; do sleep 5 done echo "Reloading GitLab configuration..." curl -s --show-error --fail -X POST http://gitlab:80/-/api/v4/admin/application/settings/reload_without_downtime fi sleep 24h; done networks: - gitlab-network networks: gitlab-network: driver: bridge
- 編輯 .env 檔案 Exp.
DOMAIN_NAME=gitlab.ichiayi.com #Gitlab 網址 [email protected] #Cloudflare 帳號
- 編輯 cloudflare.ini 檔案 Exp.
dns_cloudflare_api_token = kvm8***********************************o
具有編輯 DNS 權限的 API Token , 不是Global API Key
- 設定 .env 與 cloudflare.ini 權限
chmod 600 .env chmod 600 cloudflare.ini
- 啟動服務
docker compose up -d