benyoo/gitlab Docker 镜像 - 轩辕镜像

• docker-gitlab

  基于sameersbn/gitlab:12.3.5和GitLab 中文社区版12.3.5-zh而成

  ---

  ![Docker Repository on Quay.io]([] ![Docker Pulls]([][Deploy to Tutum]([***]

benyoo/gitlab:12.3.5_zh 中文版

• 编译方法

  bash
  docker build \
  --build-arg BUILD_LANGUAGE_CN=true \
  --build-arg GITLAB_VERSION=v12.3.5-zh \
  -t benyoo/gitlab:12.3.5-zh \
  -t benyoo/gitlab:latest \
  [***]
  

• 使用方法

bash
version: '2'

services:
  redis:
    restart: always
    image: sameersbn/redis:4.0.9-2
    command:
    - --loglevel warning
    volumes:
    - /data/redis-data:/var/lib/redis:Z

  postgresql:
    restart: always
    image: sameersbn/postgresql:10-2
    volumes:
    - /data/postgresql-data:/var/lib/postgresql:Z
    environment:
    - DB_USER=gitlab
    - DB_PASS=password
    - DB_NAME=gitlabhq_production
    - DB_EXTENSION=pg_trgm

  gitlab:
    restart: always
#    image: sameersbn/gitlab:12.3.5
    image: benyoo/gitlab:12.3.5-zh
    depends_on:
    - redis
    - postgresql
    ports:
    - "***:80"
    - "***:22"
    volumes:
    - /data/gitlab-data:/home/git/data:Z
    environment:
    - DEBUG=false

    - DB_ADAPTER=postgresql
    - DB_HOST=postgresql
    - DB_PORT=5432
    - DB_USER=gitlab
    - DB_PASS=password
    - DB_NAME=gitlabhq_production

    - REDIS_HOST=redis
    - REDIS_PORT=6379

    - TZ=Asia/Kolkata
    - GITLAB_TIMEZONE=Kolkata

    - GITLAB_HTTPS=false
    - SSL_SELF_SIGNED=false

    - GITLAB_HOST=localhost
    - GITLAB_PORT=***
    - GITLAB_SSH_PORT=***
    - GITLAB_RELATIVE_URL_ROOT=
    - GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alphanumeric-string
    - GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alphanumeric-string
    - GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alphanumeric-string

    - GITLAB_ROOT_PASSWORD=
    - GITLAB_ROOT_EMAIL=

    - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
    - GITLAB_NOTIFY_PUSHER=false

    - GITLAB_EMAIL=***
    - GITLAB_EMAIL_REPLY_TO=***
    - GITLAB_INCOMING_EMAIL_ADDRESS=***

    - GITLAB_BACKUP_SCHEDULE=daily
    - GITLAB_BACKUP_TIME=01:00

    - SMTP_ENABLED=false
    - SMTP_DOMAIN=[***]
    - SMTP_HOST=smtp.gmail.com
    - SMTP_PORT=587
    - SMTP_USER=***
    - SMTP_PASS=password
    - SMTP_STARTTLS=true
    - SMTP_AUTHENTICATION=login

    - IMAP_ENABLED=false
    - IMAP_HOST=imap.gmail.com
    - IMAP_PORT=993
    - IMAP_USER=***
    - IMAP_PASS=password
    - IMAP_SSL=true
    - IMAP_STARTTLS=false

    - OAUTH_ENABLED=false
    - OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
    - OAUTH_ALLOW_SSO=
    - OAUTH_BLOCK_AUTO_CREATED_USERS=true
    - OAUTH_AUTO_LINK_LDAP_USER=false
    - OAUTH_AUTO_LINK_SAML_USER=false
    - OAUTH_EXTERNAL_PROVIDERS=

    - OAUTH_CAS3_LABEL=cas3
    - OAUTH_CAS3_SERVER=
    - OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
    - OAUTH_CAS3_LOGIN_URL=/cas/login
    - OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
    - OAUTH_CAS3_LOGOUT_URL=/cas/logout

    - OAUTH_GOOGLE_API_KEY=
    - OAUTH_GOOGLE_APP_SECRET=
    - OAUTH_GOOGLE_RESTRICT_DOMAIN=

    - OAUTH_***_API_KEY=
    - OAUTH_***_APP_SECRET=

    - OAUTH_***_API_KEY=
    - OAUTH_***_APP_SECRET=

    - OAUTH_GITHUB_API_KEY=
    - OAUTH_GITHUB_APP_SECRET=
    - OAUTH_GITHUB_URL=
    - OAUTH_GITHUB_VERIFY_SSL=

    - OAUTH_GITLAB_API_KEY=
    - OAUTH_GITLAB_APP_SECRET=

    - OAUTH_BITBUCKET_API_KEY=
    - OAUTH_BITBUCKET_APP_SECRET=

    - OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
    - OAUTH_SAML_IDP_CERT_FINGERPRINT=
    - OAUTH_SAML_IDP_SSO_TARGET_URL=
    - OAUTH_SAML_ISSUER=
    - OAUTH_SAML_LABEL="Our SAML Provider"
    - OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
    - OAUTH_SAML_GROUPS_ATTRIBUTE=
    - OAUTH_SAML_EXTERNAL_GROUPS=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=

    - OAUTH_CROWD_SERVER_URL=
    - OAUTH_CROWD_APP_NAME=
    - OAUTH_CROWD_APP_PASSWORD=

    - OAUTH_AUTH0_CLIENT_ID=
    - OAUTH_AUTH0_CLIENT_SECRET=
    - OAUTH_AUTH0_DOMAIN=
    - OAUTH_AUTH0_SCOPE=

    - OAUTH_AZURE_API_KEY=
    - OAUTH_AZURE_API_SECRET=
    - OAUTH_AZURE_TENANT_ID=

#volumes:
#  redis-data:
#  postgresql-data:
#  gitlab-data:

• Introduction
  • Changelog
• Contributing
• Team
• Issues
• Announcements
• Prerequisites
• Installation
• Quick Start
• Configuration
  • Data Store
  • Database
    • PostgreSQL (Recommended)
      • External PostgreSQL Server
      • Linking to PostgreSQL Container
  • Redis
    • Internal Redis Server
    • External Redis Server
    • Linking to Redis Container
  • Mail
    • Reply by email
  • SSL
    • Generation of a Self Signed Certificate
    • Strengthening the server security
    • Installation of the SSL Certificates
    • Enabling HTTPS support
    • Configuring HSTS
    • Using HTTPS with a load ***
    • Establishing trust with your server
    • Installing Trusted SSL Server Certificates
  • Deploy to a subdirectory (relative url root)
  • OmniAuth Integration
    • CAS3
    • Authentiq
    • Google

    • ---

    • GitHub
    • GitLab
    • BitBucket
    • SAML
    • Crowd
    • Microsoft Azure
  • Gitlab Pages
  • External Issue Trackers
  • Host UID / GID Mapping
  • Piwik
  • Exposing ssh port in dockerized gitlab-ce
  • Available Configuration Parameters
• Maintenance
  • Creating Backups
  • Restoring Backups
  • Automated Backups
  • Amazon Web Services (AWS) Remote Backups
  • Google Cloud Storage (GCS) Remote Backups
  • Rake Tasks
  • Import Repositories
  • Upgrading
  • Shell Access
• Features
• Container Registry
• References

Introduction

Dockerfile to build a GitLab image for the Docker opensource container platform.

GitLab CE is set up in the Docker image using the install from source method as documented in the the official GitLab documentation.

For other methods to install GitLab please refer to the Official GitLab Installation Guide which includes a GitLab image for Docker.

Contributing

If you find this image useful here's how you can help:

• Send a Pull Request with your awesome new features and bug fixes
• Be a part of the community and help resolve Issues
• Support the development of this image with a ***

Team

• Niclas Mietz (solidnerd)
• Sameer Naik (sameersbn)

See Contributors for the complete list developers that have contributed to this project.

Issues

Docker is a relatively new project and is active being developed and tested by a thriving community of developers and testers and every release of docker features many enhancements and bugfixes.

Given the nature of the development and release cycle it is very important that you have the latest version of docker installed because any issue that you encounter might have already been fixed with a newer docker release.

Install the most recent version of the Docker Engine for your platform using the official Docker releases, which can also be installed using:

bash
wget -qO- [***] | sh

Fedora and RHEL/CentOS users should try disabling selinux with setenforce 0 and check if resolves the issue. If it does than there is not much that I can help you with. You can either stick with selinux disabled (not recommended by redhat) or switch to using ubuntu.

You may also set DEBUG=true to enable debugging of the entrypoint script, which could help you pin point any configuration issues.

If using the latest docker version and/or disabling selinux does not fix the issue then please file a issue request on the issues page.

In your issue report please make sure you provide the following information:

• The host distribution and release version.
• Output of the docker version command
• Output of the docker info command
• The docker run command you used to run the image (mask out the sensitive bits).

Prerequisites

Your docker host needs to have 1GB or more of available RAM to run GitLab. Please refer to the GitLab hardware requirements documentation for additional information.

Installation

Automated builds of the image are available on Dockerhub and is the recommended method of installation.

Note: Builds are also available on Quay.io

bash
docker pull sameersbn/gitlab:12.3.5

You can also pull the latest tag which is built from the repository HEAD

bash
docker pull sameersbn/gitlab:latest

Alternatively you can build the image locally.

bash
docker build -t sameersbn/gitlab github.com/sameersbn/docker-gitlab

Quick Start

The quickest way to get started is using docker-compose.

bash
wget [***]

Generate random strings that are at least 64 characters long for each of GITLAB_SECRETS_OTP_KEY_BASE, GITLAB_SECRETS_DB_KEY_BASE, and GITLAB_SECRETS_SECRET_KEY_BASE. These values are used for the following:

• GITLAB_SECRETS_OTP_KEY_BASE is used to encrypt 2FA secrets in the database. If you lose or rotate this secret, none of your users will be able to log in using 2FA.
• GITLAB_SECRETS_DB_KEY_BASE is used to encrypt CI secret variables, as well as import credentials, in the database. If you lose or rotate this secret, you will not be able to use existing CI secrets.
• GITLAB_SECRETS_SECRET_KEY_BASE is used for password reset links, and other 'standard' auth features. If you lose or rotate this secret, password reset tokens in emails will reset.

Tip: You can generate a random string using pwgen -Bsv1 64 and assign it as the value of GITLAB_SECRETS_DB_KEY_BASE.

Start GitLab using:

bash
docker-compose up

Alternatively, you can manually launch the gitlab container and the supporting postgresql and redis containers by following this three step guide.

Step 1. Launch a postgresql container

bash
docker run --name gitlab-postgresql -d \
    --env 'DB_NAME=gitlabhq_production' \
    --env 'DB_USER=gitlab' --env 'DB_PASS=password' \
    --env 'DB_EXTENSION=pg_trgm' \
    --volume /srv/docker/gitlab/postgresql:/var/lib/postgresql \
    sameersbn/postgresql:10-2

Step 2. Launch a redis container

bash
docker run --name gitlab-redis -d \
    --volume /srv/docker/gitlab/redis:/var/lib/redis \
    sameersbn/redis:4.0.9-2

Step 3. Launch the gitlab container

bash
docker run --name gitlab -d \
    --link gitlab-postgresql:postgresql --link gitlab-redis:redisio \
    --publish ***:22 --publish ***:80 \
    --env 'GITLAB_PORT=***' --env 'GITLAB_SSH_PORT=***' \
    --env 'GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alpha-numeric-string' \
    --env 'GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alpha-numeric-string' \
    --env 'GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alpha-numeric-string' \
    --volume /srv/docker/gitlab/gitlab:/home/git/data \
    sameersbn/gitlab:12.3.5

Please refer to Available Configuration Parameters to understand GITLAB_PORT and other configuration options

NOTE: Please allow a couple of minutes for the GitLab application to start.

Point your browser to http://localhost:*** and set a password for the root user account.

You should now have the GitLab application up and ready for testing. If you want to use this image in production then please read on.

The rest of the document will use the docker command line. You can quite simply adapt your configuration into a docker-compose.yml file if you wish to do so.

Configuration

Data Store

GitLab is a code hosting software and as such you don't want to lose your code when the docker container is stopped/deleted. To avoid losing any data, you should mount a volume at,

• /home/git/data

Note that if you are using the docker-compose approach, this has already been done for you.

SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.

bash
mkdir -p /srv/docker/gitlab/gitlab
sudo chcon -Rt svirt_sandbox_file_t /srv/docker/gitlab/gitlab

Volumes can be mounted in docker by specifying the -v option in the docker run command.

bash
docker run --name gitlab -d \
    --volume /srv/docker/gitlab/gitlab:/home/git/data \
    sameersbn/gitlab:12.3.5

Database

GitLab uses a database backend to store its data. You can configure this image to use PostgreSQL.

Note: GitLab requieres PostgreSQL now. So use an older image < 12.1 or migrate to PostgresSQL

PostgreSQL

External PostgreSQL Server

The image also supports using an external PostgreSQL Server. This is also controlled via environment variables.

sql
CREATE ROLE gitlab with LOGIN CREATEDB PASSWORD 'password';
CREATE DATABASE gitlabhq_production;
GRANT ALL PRIVILEGES ON DATABASE gitlabhq_production to gitlab;

Additionally since GitLab 8.6.0 the pg_trgm extension should also be loaded for the gitlabhq_production database.

We are now ready to start the GitLab application.

Assuming that the PostgreSQL server host is 192.168.1.100

bash
docker run --name gitlab -d \
    --env 'DB_HOST=192.168.1.100' \
    --env 'DB_NAME=gitlabhq_production' \
    --env 'DB_USER=gitlab' --env 'DB_PASS=password' \
    --volume /srv/docker/gitlab/gitlab:/home/git/data \
    sameersbn/gitlab:12.3.5

Linking to PostgreSQL Container

You can link this image with a postgresql container for the database requirements. The alias of the postgresql server container should be set to postgresql while linking with the gitlab image.

If a postgresql container is linked, only the DB_HOST and DB_PORT settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the DB_NAME, DB_USER, DB_PASS and so on.

To illustrate linking with a postgresql container, we will use the sameersbn/postgresql image. When using postgresql image in production you should mount a volume for the postgresql data store. Please refer the README of docker-postgresql for details.

First, lets pull the postgresql image from the docker index.

bash
docker pull sameersbn/postgresql:10-2

For data persistence lets create a store for the postgresql and start the container.

SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.

bash
mkdir -p /srv/docker/gitlab/postgresql
sudo chcon -Rt svirt_sandbox_file_t /srv/docker/gitlab/postgresql

The run command looks like this.

bash
docker run --name gitlab-postgresql -d \
    --env 'DB_NAME=gitlabhq_production' \
    --env 'DB_USER=gitlab' --env 'DB_PASS=password' \
    --env 'DB_EXTENSION=pg_trgm' \
    --volume /srv/docker/gitlab/postgresql:/var/lib/postgresql \
    sameersbn/postgresql:10-2

The above command will create a database named gitlabhq_production and also create a user named gitlab with the password password with access to the gitlabhq_production database.

We are now ready to start the GitLab application.

bash
docker run --name gitlab -d --link gitlab-postgresql:postgresql \
    --volume /srv/docker/gitlab/gitlab:/home/git/data \
    sameersbn/gitlab:12.3.5

Here the image will also automatically fetch the DB_NAME, DB_USER and DB_PASS variables from the postgresql container as they are specified in the docker run command for the postgresql container. This is made possible using the magic of docker links and works with the following images:

• postgres
• sameersbn/postgresql
• orchardup/postgresql
• paintedfox/postgresql

Redis

GitLab uses the redis server for its key-value data store. The redis server connection details can be specified using environment variables.

Internal Redis Server

The internal redis server has been removed from the image. Please use a linked redis container or specify a external redis connection.

External Redis Server

The image can be configured to use an external redis server. The configuration should be specified using environment variables while starting the GitLab image.

Assuming that the redis server host is 192.168.1.100

bash
docker run --name gitlab -it --rm \
    --env 'REDIS_HOST=192.168.1.100' --env 'REDIS_PORT=6379' \
    sameersbn/gitlab:12.3.5

Linking to Redis Container

You can link this image with a redis container to satisfy gitlab's redis requirement. The alias of the redis server container should be set to redisio while linking with the gitlab image.

To illustrate linking with a redis container, we will use the sameersbn/redis image. Please refer the README of docker-redis for details.

First, lets pull the redis image from the docker index.

bash
docker pull sameersbn/redis:4.0.9-2

Lets start the redis container

bash
docker run --name gitlab-redis -d \
    --volume /srv/docker/gitlab/redis:/var/lib/redis \
    sameersbn/redis:4.0.9-2

We are now ready to start the GitLab application.

bash
docker run --name gitlab -d --link gitlab-redis:redisio \
    sameersbn/gitlab:12.3.5

Mail

The mail configuration should be specified using environment variables while starting the GitLab image. The configuration defaults to using gmail to send emails and requires the specification of a valid username and password to login to the gmail servers.

If you are using Gmail then all you need to do is:

bash
docker run --name gitlab -d \
    --env 'SMTP_USER=***' --env 'SMTP_PASS=PASSWORD' \
    --volume /srv/docker/gitlab/gitlab:/home/git/data \
    sameersbn/gitlab:12.3.5

Please refer the Available Configuration Parameters section for the list of SMTP parameters that can be specified.

Reply by email

Since version 8.0.0 GitLab adds support for commenting on issues by replying to emails.

To enable this feature you need to provide IMAP configuration parameters that will allow GitLab to connect to your mail server and read mails. Additionally, you may need to specify GITLAB_INCOMING_EMAIL_ADDRESS if your incoming email address is not the same as the IMAP_USER.

If your email provider supports email sub-addressing then you should add the +%{key} placeholder after the user part of the email address, eg. GITLAB_INCOMING_EMAIL_ADDRESS=reply+%{key}@example.com. Please read the documentation on reply by email to understand the requirements for this feature.

If you are using Gmail then all you need to do is:

bash
docker run --name gitlab -d \
    --env 'IMAP_USER=***' --env 'IMAP_PASS=PASSWORD' \
    --env 'GITLAB_INCOMING_EMAIL_ADDRESS=USER+%{key}@gmail.com' \
    --volume /srv/docker/gitlab/gitlab:/home/git/data \
    sameersbn/gitlab:12.3.5

Please refer the Available Configuration Parameters section for the list of IMAP parameters that can be specified.

SSL

Access to the gitlab application can be secured using SSL so as to prevent unauthorized access to the data in your repositories. While a CA certified SSL certificate allows for verification of trust via the CA, a self signed certificate can also provide an equal level of trust verification as long as each client takes some additional steps to verify the identity of your website. I will provide instructions on achieving this towards the end of this section.

Jump to the Using HTTPS with a load *** section if you are using a load *** such as hipache, haproxy or nginx.

To secure your application via SSL you basically need two things:

• Private key (.key)
• SSL certificate (.crt)

When using CA certified certificates, these files are provided to you by the CA. When using self-signed certificates you need to generate these files yourself. Skip to Strengthening the server security section if you are armed with CA certified SSL certificates.

Generation of a Self Signed Certificate

Generation of a self-signed SSL certificate involves a simple 3-step procedure:

STEP 1: Create the server private key

bash
openssl genrsa -out gitlab.key 2048

STEP 2: Create the certificate signing request (CSR)

bash
openssl req -new -key gitlab.key -out gitlab.csr

STEP 3: Sign the certificate using the private key and CSR

bash
openssl x509 -req -days 3650 -in gitlab.csr -signkey gitlab.key -out gitlab.crt

Congratulations! You now have a self-signed SSL certificate valid for 10 years.

Strengthening the server security

This section provides you with instructions to strengthen your server security. To achieve this we need to generate stronger DHE parameters.

bash
openssl dhparam -out dhparam.pem 2048

Installation of the SSL Certificates

Out of the four files generated above, we need to install the gitlab.key, gitlab.crt and dhparam.pem files at the gitlab server. The CSR file is not needed, but do make sure you safely backup the file (in case you ever need it again).

The default path that the gitlab application is configured to look for the SSL certificates is at /home/git/data/certs, this c