Requirements
- A VPS or Linux machine with more than 4GB RAM;
- Docker and docker-compose installed;
- Linux OS;
GitLab team officially stated the requirement for RAM is 2GB, but I am sure you really need more than that to run your whole pipeline.
GitLab is good and easy to setup
I have been managing 2 GitLab instances for over 4 years, and I am confident to say it’s the best open source private git server you can find for now. It’s not just a git repository server, you can easily setup a whole pipeline for your team with it’s CI/CD functions.
Your pipeline will be a combination of GitLab and GitLab Runner, with which you can enjoy a programming experience of pushing code to test/deploy. With such a platform you can enjoy an automatic experience of pushing code to verify, build, test and deploy, so that you can concentrate on coding which I think is pretty cool.
Setting up a GitLab on Google cloud platform is quite simple, you can do it within a few clicks. But the expense is high and you might miss all the fun.
The GitLab team has built the application into a docker image, it can deployed with just a few lines of docker configuration.
Run GitLab official image with docker-compose
The best way I can come up with to run a single node docker container is to use docker-compose, with which you can put all you docker and app configuration into one yaml.
There is a famous third party repository named sameersbn/docker-gitlab that helps bootstrapping gitlab in one single yaml file.
I used it for a year while no offcial version provided. Then I turned to the official docker image after it came out, for:
- The official image’s configuration is more simple and is loyal to the official documentation;
- It’s a all in one image, database and redis are built within, use less space in your disk;
- It is maintained by the official team, always get latest updates;
However GitLab team didn’t provide a docker-compose file, so I studied the documentation and made one of my own as below.
1 | web: |
2 | image: 'gitlab/gitlab-ce:latest' |
3 | restart: always |
4 | hostname: 'YOUR_HOSTNAME' |
5 | container_name: gitlab |
6 | environment: |
7 | GITLAB_OMNIBUS_CONFIG: | |
8 | # url config |
9 | external_url 'YOUR_EXTERNAL_URL' |
10 | gitlab_rails['time_zone'] = 'Beijing' |
11 | gitlab_rails['backup_keep_time'] = 604800 |
12 | # stmp/email config |
13 | gitlab_rails['smtp_enable'] = true |
14 | gitlab_rails['smtp_address'] = 'YOUR_SMTP_ADDRESS' |
15 | gitlab_rails['smtp_port'] = YOUR_SMTP_PORT |
16 | gitlab_rails['smtp_user_name'] = 'YOUR_SMTP_USER_NAME' |
17 | gitlab_rails['smtp_password'] = 'YOUR_SMTP_PASSWORD' |
18 | gitlab_rails['smtp_authentication'] = 'login' |
19 | gitlab_rails['smtp_enable_starttls_auto'] = true |
20 | gitlab_rails['smtp_tls'] = true |
21 | gitlab_rails['gitlab_email_from'] = 'YOUR_GITLAB_EMAIL_FROM_ADDRESS' |
22 | # I prefer disable the https function of internal nginx, and setup SSL outside the container on host machine. |
23 | nginx['listen_port'] = 80 |
24 | nginx['listen_https'] = false |
25 | nginx['proxy_set_headers'] = { |
26 | "X-Forwarded-Proto" => "https", |
27 | "X-Forwarded-Ssl" => "on" |
28 | } |
29 | |
30 | ports: |
31 | - '10080:80' |
32 | - '10443:443' |
33 | - '10022:22' |
34 | volumes: |
35 | - '/opt/docker/gitlab/config:/etc/gitlab' |
36 | - '/opt/docker/gitlab/logs:/var/log/gitlab' |
37 | - '/opt/docker/gitlab/data:/var/opt/gitlab' |
Config SSL
Since the https function built within is disabled, now I can use external SSL tool to setup a secured tranport like certbot, of course, I used it with Nginx.
And this is one of the reasons why I use the official image over sameersbn/docker-gitlab, I never succeed in configuring SSL with later one.
Schedule the backup
The sameersbn/docker-gitlab image has a built in backup scheduled task, but offical image is just the applicaiton.
So I managed the auto backup task with cron in host machine as below
1 | 30 23 * * * docker exec gitlab /opt/gitlab/bin/gitlab-rake gitlab:backup:create |
This is a docker exec command, please run it without the -it parameter, for you are running it in crontab, which is not interactive.