差異處

這裏顯示兩個版本的差異處。

--- tech:gitlabtips [2024/11/16 14:15] – docker compose (含 ACME 自動更新 SSL 憑證) jonathan
+++ tech:gitlabtips [2025/05/05 03:03] (目前版本) – [docker compose (含 ACME 自動更新 SSL 憑證)] jonathan
@@ 行 2: / 行 2: @@
   * 安裝環境 : Alpine 3.20 + docker compose
-===== docker compose (無 SSL 憑證) =====
+===== docker compose (非正式 SSL 憑證) =====
   * docker-compose.yml <cli>
 services:
@@ 行 48: / 行 48: @@
 chmod 777 ssl
 </cli>
-  * 編輯 docker-compose.yml <file>
+  * 編輯 docker-compose.yml {{repo>https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/gitlab/docker-compose.yml}}
-services:
+  * 編輯 .env 檔案 Exp. {{repo>https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/gitlab/.env.example}}
-  gitlab:
+  * 編輯 cloudflare.ini 檔案 Exp. {{repo>https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/gitlab/cloudflare.ini.example}}
-    image: gitlab/gitlab-ce
-    container_name: gitlab
-    restart: always
-    hostname: '${DOMAIN_NAME}'
-    environment:
-      GITLAB_OMNIBUS_CONFIG: |
-        external_url 'https://${DOMAIN_NAME}'
-        letsencrypt['enable'] = false
-        nginx['ssl_certificate'] = "/etc/gitlab/ssl/fullchain.pem"
-        nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/privkey.pem"
-        nginx['enable'] = true
-        nginx['redirect_http_to_https'] = true
-    ports:
-      - '80:80'
-      - '443:443'
-      - '9022:22'
-    volumes:
-      - './config:/etc/gitlab'
-      - './logs:/var/log/gitlab'
-      - './data:/var/opt/gitlab'
-      - './ssl:/etc/gitlab/ssl'
-    shm_size: '256m'
-    networks:
-      - gitlab-network
-  certbot:
-    image: certbot/dns-cloudflare:latest
-    container_name: certbot
-    volumes:
-      - ./ssl:/etc/letsencrypt
-      - ./cloudflare.ini:/etc/secrets/cloudflare.ini:ro
-    entrypoint: "/bin/sh"
-    command:
-      - -c
-      - |
-        trap exit TERM;
-        while :; do
-          certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/secrets/cloudflare.ini \
-            -d ${DOMAIN_NAME} --non-interactive --agree-tos \
-            -m ${CF_EMAIL} || true;
-          if [ -f /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem ]; then
-            cp /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem /etc/letsencrypt/fullchain.pem;
-            cp /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem /etc/letsencrypt/privkey.pem;
-            chmod 644 /etc/letsencrypt/fullchain.pem /etc/letsencrypt/privkey.pem;
-            apk add --no-cache curl
-            echo "Waiting for GitLab to be ready..."
-            until curl -s http://gitlab:80/-/health > /dev/null; do
-              sleep 5
-            done
-            echo "Reloading GitLab configuration..."
-            curl -s --show-error --fail -X POST http://gitlab:80/-/api/v4/admin/application/settings/reload_without_downtime
-          fi
-          sleep 24h;
-        done
-    networks:
-      - gitlab-network
-networks:
-  gitlab-network:
-    driver: bridge
-</file>
-  * 編輯 .env 檔案 Exp. <file>
-DOMAIN_NAME=gitlab.ichiayi.com #Gitlab 網址
-[email protected] #Cloudflare 帳號
-</file>
-  * 編輯 cloudflare.ini 檔案 Exp. <file>
-dns_cloudflare_api_token = kvm8***********************************o
-</file> 具有編輯 DNS 權限的 API Token , **不是Global API Key**
   * 設定 .env 與 cloudflare.ini 權限 <cli>
 chmod 600 .env