I had been running GitLab in a Docker container for a while now. And it was time to review the installation. Firstly, it was four version late at least. Secondly, I wanted to switch it to HTTPS. Thirdly, I wanted to provide SSH access to git. As I run several other dockerized web applications on my server, I use jwilder's nginx reverse proxy. After some tests (thanks to Docker!), I found one working configuration. And here are the steps I followed to upgrade:
docker run -d -p 80:80 -p 443:443 --name="<containerName>" \
-v <previousContainerDirectory>:/etc/nginx/vhost.d:ro \
-v <containerCerts>:/etc/nginx/certs \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
jwilder/nginx-proxy:0.5.0
docker run --detach \
--hostname <FQDNForTheContainer> \
--env VIRTUAL_HOST=<FQDNForTheContainer> \
--publish <availablePortOnHost>:80 --publish <anotherAvailablePortOnHost>:22 \
--name <gitLabContainerName> \
--restart always \
--volume <previousContainerConfigDirectory>:/etc/gitlab \
--volume <previousContainerLogsDirectory>:/var/log/gitlab \
--volume <previousContainerLogDirectory>:/var/opt/gitlab \
gitlab/gitlab-ce:8.15.1-ce.0
# Note the protocol: https.
external_url 'https://gitlab.systev.com'
# These values should already be configured from previous container.
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = '<emailFrom>'
gitlab_rails['gitlab_email_display_name'] = '<displayName>'
gitlab_rails['gitlab_email_reply_to'] = '<emailReplyTo>'
# Same for these ones.
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "<SMTPServer>"
gitlab_rails['smtp_port'] = <SMTPPort>
gitlab_rails['smtp_user_name'] = "<SMTPUsername>"
gitlab_rails['smtp_password'] = "<SMTPPassword>"
gitlab_rails['smtp_domain'] = "<SMTPDomain>"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
# gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
# For HTTPS handling in association with the reverse proxy. Users connect to
# the reverse proxy using HTTPS. The reverse proxy connects to GitLab using HTTP.
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
docker exec -it <gitLabContainerName> /bin/bash
gitlab-ctl reconfigure
exit
openssl genrsa -out <FQDNForTheContainer>.key 2048
openssl req -new -key <FQDNForTheContainer>.key -out <FQDNForTheContainer>.csr
openssl x509 -req -days 730 -in <FQDNForTheContainer>.csr -signkey <FQDNForTheContainer>.key -out <FQDNForTheContainer>.crt
GitLab container is now reachable at https://<FQDNForTheContainer>. As the certificate is self-signed, the browser displays a warning, of course.
git can be accessed using SSH and a key pair (check GitLab documentation) using following syntax:
git clone ssh://git@<FQDNForTheContainer>:<anotherAvailablePortOnHost>/<project.git>
That's it.