gitlab

1.创建自定义网络

docker network create --subnet=172.72.0.0/24 docker-net

• 移除网桥

 docker network rm  docker-net   

• 显示所有容器IP地址

docker inspect --format='{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -aq)  

2.启动nginx容器

# 创建nginx数据卷
mkdir /srv/nginx
chmod -R 777  /srv/nginx
# 创建临时容器拷贝容器的初始数据
docker run -d   --name=dynginx    nginx
docker cp  dynginx:/etc/nginx// /srv/nginx/etc
docker cp  dynginx:/usr/share/nginx/html// /srv/nginx/html
docker stop dynginx
docker rm dynginx
# 启动容器
docker run -d \
 --net docker-net --ip 172.72.0.2  \
 -p 80:80  -p 443:443 -p 22:22 \
 -v /srv/nginx/etc:/etc/nginx \
 -v /srv/nginx/logs:/var/log/nginx \
 -v /srv/nginx/html:/usr/share/nginx/html \
 --restart=always \
 --name=dynginx \
 nginx

3.启动gitlab容器

# 创建gitlab数据卷
mkdir /srv/gitlab
chmod -R 777  /srv/gitlab
#启动gitlab容器
docker run -d \
 --net docker-net --ip 172.72.0.3  \
 -v /srv/gitlab/etc:/etc/gitlab \
 -v /srv/gitlab/log:/var/log/gitlab \
 -v /srv/gitlab/data:/var/opt/gitlab \
 --restart=always \
 --name dygitlab \
 beginor/gitlab-ce

4.配置nginx反向代理

vim /srv/nginx/etc/nginx.conf

#添加 stream模块
stream {
        upstream ssh {
                server 172.72.0.3:22;
        }
        server {  
                listen 22;
                proxy_pass ssh;
                proxy_connect_timeout 1h;
                proxy_timeout 1h;
        }
}

vim /srv/nginx/etc/conf.d/gitlab.conf

## 将HTTP请求全部重定向至HTTPS
server {
    listen       80;
    server_name  gitlab.weidyg.cn;
    charset utf-8;
    rewrite ^ https://gitlab.weidyg.cn;
}
## 请求转发到GitLab容器
server {
    listen       443 ssl;
    server_name  gitlab.weidyg.cn;
    charset utf-8;
    ssl_certificate         /etc/nginx/ssl/weidyg.cn.crt; 
    ssl_certificate_key     /etc/nginx/ssl/weidyg.cn.key;
    ssl_session_timeout     10m;
    ssl_session_cache       shared:SSL:10m; 
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
          proxy_pass  https://172.72.0.3:443;
     }
}

在/srv/nginx/etc下新建ssl目录并将https证书文件 weidyg.cn.crt 和 weidyg.cn.key 放到该目录下。

5.编辑gitlab配置

vim /srv/gitlab/etc/gitlab.rb

 external_url 'https://gitlab.weidyg.cn'  #gitlab访问路径配置  
 gitlab_rails['gitlab_shell_ssh_port'] = 822
 #邮箱配置
 gitlab_rails['gitlab_email_from'] = '[email protected]' 
 gitlab_rails['gitlab_email_reply_to'] = '[email protected]'

 gitlab_rails['smtp_enable'] = true
 gitlab_rails['smtp_address'] = "smtp.163.com"
 gitlab_rails['smtp_port'] = 25
 gitlab_rails['smtp_user_name'] = "[email protected]"  #邮箱账号
 gitlab_rails['smtp_password'] = "xxxxxx"   #邮箱密码
 gitlab_rails['smtp_domain'] = "163.com"
 gitlab_rails['smtp_authentication'] = "login"
 gitlab_rails['smtp_enable_starttls_auto'] = true
 gitlab_rails['smtp_tls'] = false
 
 user['git_user_name'] = "GitLab "
 user['git_user_email'] = "[email protected]"

 nginx['redirect_http_to_https'] = true  #启用https

 nginx['ssl_certificate'] = "/etc/gitlab/ssl/weidyg.cn.crt"
 nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/weidyg.cn.key"

在/srv/gitlab/etc下新建ssl目录并将https证书文件 weidyg.cn.crt 和 weidyg.cn.key 放到该目录下。

6.重启容器

 docker restart dynginx
 docker restart dygitlab