Bootstrap a GitLab pipeline in no time

Requirements

A VPS or Linux machine with more than 4GB RAM;
Docker and docker-compose installed;
Linux OS;

GitLab team officially stated the requirement for RAM is 2GB, but I am sure you really need more than that to run your whole pipeline.

GitLab is good and easy to setup

I have been managing 2 GitLab instances for over 4 years, and I am confident to say it’s the best open source private git server you can find for now. It’s not just a git repository server, you can easily setup a whole pipeline for your team with it’s CI/CD functions.

Your pipeline will be a combination of GitLab and GitLab Runner, with which you can enjoy a programming experience of pushing code to test/deploy. With such a platform you can enjoy an automatic experience of pushing code to verify, build, test and deploy, so that you can concentrate on coding which I think is pretty cool.

Setting up a GitLab on Google cloud platform is quite simple, you can do it within a few clicks. But the expense is high and you might miss all the fun.

The GitLab team has built the application into a docker image, it can deployed with just a few lines of docker configuration.

Run GitLab official image with docker-compose

The best way I can come up with to run a single node docker container is to use docker-compose, with which you can put all you docker and app configuration into one yaml.

There is a famous third party repository named sameersbn/docker-gitlab that helps bootstrapping gitlab in one single yaml file.

I used it for a year while no offcial version provided. Then I turned to the official docker image after it came out, for:

The official image’s configuration is more simple and is loyal to the official documentation;
It’s a all in one image, database and redis are built within, use less space in your disk;
It is maintained by the official team, always get latest updates;

However GitLab team didn’t provide a docker-compose file, so I studied the documentation and made one of my own as below.

web:
  image: 'gitlab/gitlab-ce:latest'
  restart: always
  hostname: 'YOUR_HOSTNAME'
  container_name: gitlab
  environment:
    GITLAB_OMNIBUS_CONFIG: |
      # url config
      external_url 'YOUR_EXTERNAL_URL'
      gitlab_rails['time_zone'] = 'Beijing'
      gitlab_rails['backup_keep_time'] = 604800
      # stmp/email config
      gitlab_rails['smtp_enable'] = true
      gitlab_rails['smtp_address'] = 'YOUR_SMTP_ADDRESS'
      gitlab_rails['smtp_port'] = YOUR_SMTP_PORT
      gitlab_rails['smtp_user_name'] = 'YOUR_SMTP_USER_NAME'
      gitlab_rails['smtp_password'] = 'YOUR_SMTP_PASSWORD'
      gitlab_rails['smtp_authentication'] = 'login'
      gitlab_rails['smtp_enable_starttls_auto'] = true
      gitlab_rails['smtp_tls'] = true
      gitlab_rails['gitlab_email_from'] = 'YOUR_GITLAB_EMAIL_FROM_ADDRESS'
      # I prefer disable the https function of internal nginx, and setup SSL outside the container on host machine.
      nginx['listen_port'] = 80
      nginx['listen_https'] = false
      nginx['proxy_set_headers'] = {
        "X-Forwarded-Proto" => "https",
        "X-Forwarded-Ssl" => "on"
      }

  ports:
    - '10080:80'
    - '10443:443'
    - '10022:22'
  volumes:
    - '/opt/docker/gitlab/config:/etc/gitlab'
    - '/opt/docker/gitlab/logs:/var/log/gitlab'
    - '/opt/docker/gitlab/data:/var/opt/gitlab'

Config SSL

Since the https function built within is disabled, now I can use external SSL tool to setup a secured tranport like certbot, of course, I used it with Nginx.

And this is one of the reasons why I use the official image over sameersbn/docker-gitlab, I never succeed in configuring SSL with later one.

Schedule the backup

The sameersbn/docker-gitlab image has a built in backup scheduled task, but offical image is just the applicaiton.

So I managed the auto backup task with cron in host machine as below

1	30 23 * * * docker exec gitlab /opt/gitlab/bin/gitlab-rake gitlab:backup:create

This is a docker exec command, please run it without the -it parameter, for you are running it in crontab, which is not interactive.