docker-gitlab(转)
Issues
Docker is a relatively new project and is active being developed and tested by a thriving community of developers and testers and every release of docker features many enhancements and bugfixes.
Given the nature of the development and release cycle it is very important that you have the latest version of docker installed because any issue that you encounter might have already been fixed with a newer docker release.
Install the most recent version of the Docker Engine for your platform using the official Docker releases, which can also be installed using:
wget -qO- https://get.docker.com/ | sh
Fedora and RHEL/CentOS users should try disabling selinux with setenforce 0
and check if resolves the issue. If it does than there is not much that I can help you with. You can either stick with selinux disabled (not recommended by redhat) or switch to using ubuntu.
You may also set DEBUG=true
to enable debugging of the entrypoint script, which could help you pin point any configuration issues.
If using the latest docker version and/or disabling selinux does not fix the issue then please file a issue request on the issuespage.
In your issue report please make sure you provide the following information:
- The host distribution and release version.
- Output of the
docker version
command - Output of the
docker info
command - The
docker run
command you used to run the image (mask out the sensitive bits).
Prerequisites
Your docker host needs to have 1GB or more of available RAM to run GitLab. Please refer to the GitLab hardware requirementsdocumentation for additional information.
Installation
Automated builds of the image are available on Dockerhub and is the recommended method of installation.
Note: Builds are also available on Quay.io
docker pull sameersbn/gitlab:8.5.1
You can also pull the latest
tag which is built from the repository HEAD
docker pull sameersbn/gitlab:latest
Alternatively you can build the image locally.
docker build -t sameersbn/gitlab github.com/sameersbn/docker-gitlab
Quick Start
The quickest way to get started is using docker-compose.
wget https://raw.githubusercontent.com/sameersbn/docker-gitlab/master/docker-compose.yml
Generate a random string and assign to GITLAB_SECRETS_DB_KEY_BASE
environment variable. Once set you should not change this value and ensure you backup this value.
Tip: You can generate a random string using
pwgen -Bsv1 64
and assign it as the value ofGITLAB_SECRETS_DB_KEY_BASE
.
Start GitLab using:
docker-compose up
Alternatively, you can manually launch the gitlab
container and the supporting postgresql
and redis
containers by following this three step guide.
Step 1. Launch a postgresql container
docker run --name gitlab-postgresql -d \
--env 'DB_NAME=gitlabhq_production' \
--env 'DB_USER=gitlab' --env 'DB_PASS=password' \
--volume /srv/docker/gitlab/postgresql:/var/lib/postgresql \
sameersbn/postgresql:9.4-13
Step 2. Launch a redis container
docker run --name gitlab-redis -d \
--volume /srv/docker/gitlab/redis:/var/lib/redis \
sameersbn/redis:latest
Step 3. Launch the gitlab container
docker run --name gitlab -d \
--link gitlab-postgresql:postgresql --link gitlab-redis:redisio \
--publish 10022:22 --publish 10080:80 \
--env 'GITLAB_PORT=10080' --env 'GITLAB_SSH_PORT=10022' \
--env 'GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alpha-numeric-string' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:8.5.1
Please refer to Available Configuration Parameters to understand GITLAB_PORT
and other configuration options
NOTE: Please allow a couple of minutes for the GitLab application to start.
Point your browser to http://localhost:10080
and login using the default username and password:
- username: root
- password: 5iveL!fe
You should now have the GitLab application up and ready for testing. If you want to use this image in production the please read on.
The rest of the document will use the docker command line. You can quite simply adapt your configuration into a docker-compose.yml
file if you wish to do so.
Configuration
Data Store
GitLab is a code hosting software and as such you don't want to lose your code when the docker container is stopped/deleted. To avoid losing any data, you should mount a volume at,
/home/git/data
SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.
mkdir -p /srv/docker/gitlab/gitlab
sudo chcon -Rt svirt_sandbox_file_t /srv/docker/gitlab/gitlab
Volumes can be mounted in docker by specifying the -v
option in the docker run command.
docker run --name gitlab -d \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:8.5.1
Database
GitLab uses a database backend to store its data. You can configure this image to use either MySQL or PostgreSQL.
Note: GitLab HQ recommends using PostgreSQL over MySQL
PostgreSQL
External PostgreSQL Server
The image also supports using an external PostgreSQL Server. This is also controlled via environment variables.
CREATE ROLE gitlab with LOGIN CREATEDB PASSWORD 'password';
CREATE DATABASE gitlabhq_production;
GRANT ALL PRIVILEGES ON DATABASE gitlabhq_production to gitlab;
We are now ready to start the GitLab application.
Assuming that the PostgreSQL server host is 192.168.1.100
docker run --name gitlab -d \
--env 'DB_ADAPTER=postgresql' --env 'DB_HOST=192.168.1.100' \
--env 'DB_NAME=gitlabhq_production' \
--env 'DB_USER=gitlab' --env 'DB_PASS=password' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:8.5.1
Linking to PostgreSQL Container
You can link this image with a postgresql container for the database requirements. The alias of the postgresql server container should be set to postgresql while linking with the gitlab image.
If a postgresql container is linked, only the DB_ADAPTER
, DB_HOST
and DB_PORT
settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the DB_NAME
, DB_USER
, DB_PASS
and so on.
To illustrate linking with a postgresql container, we will use the sameersbn/postgresql image. When using postgresql image in production you should mount a volume for the postgresql data store. Please refer the README of docker-postgresql for details.
First, lets pull the postgresql image from the docker index.
docker pull sameersbn/postgresql:9.4-13
For data persistence lets create a store for the postgresql and start the container.
SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.
mkdir -p /srv/docker/gitlab/postgresql
sudo chcon -Rt svirt_sandbox_file_t /srv/docker/gitlab/postgresql
The run command looks like this.
docker run --name gitlab-postgresql -d \
--env 'DB_NAME=gitlabhq_production' \
--env 'DB_USER=gitlab' --env 'DB_PASS=password' \
--volume /srv/docker/gitlab/postgresql:/var/lib/postgresql \
sameersbn/postgresql:9.4-13
The above command will create a database named gitlabhq_production
and also create a user named gitlab
with the password password
with access to the gitlabhq_production
database.
We are now ready to start the GitLab application.
docker run --name gitlab -d --link gitlab-postgresql:postgresql \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:8.5.1
Here the image will also automatically fetch the DB_NAME
, DB_USER
and DB_PASS
variables from the postgresql container as they are specified in the docker run
command for the postgresql container. This is made possible using the magic of docker links and works with the following images:
MySQL
Internal MySQL Server
The internal mysql server has been removed from the image. Please use a linked mysql container or specify a connection to aexternal mysql server.
If you have been using the internal mysql server follow these instructions to migrate to a linked mysql container:
Assuming that your mysql data is available at /srv/docker/gitlab/mysql
docker run --name gitlab-mysql -d \
--volume /srv/docker/gitlab/mysql:/var/lib/mysql \
sameersbn/mysql:latest
This will start a mysql container with your existing mysql data. Now login to the mysql container and create a user for the existinggitlabhq_production
database.
All you need to do now is link this mysql container to the gitlab ci container using the --link gitlab-mysql:mysql
option and provide the DB_NAME
, DB_USER
and DB_PASS
parameters.
Refer to Linking to MySQL Container for more information.
External MySQL Server
The image can be configured to use an external MySQL database. The database configuration should be specified using environment variables while starting the GitLab image.
Before you start the GitLab image create user and database for gitlab.
CREATE USER 'gitlab'@'%.%.%.%' IDENTIFIED BY 'password';
CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
GRANT ALL PRIVILEGES ON `gitlabhq_production`.* TO 'gitlab'@'%.%.%.%';
We are now ready to start the GitLab application.
Assuming that the mysql server host is 192.168.1.100
docker run --name gitlab -d \
--env 'DB_ADAPTER=mysql2' --env 'DB_HOST=192.168.1.100' \
--env 'DB_NAME=gitlabhq_production' \
--env 'DB_USER=gitlab' --env 'DB_PASS=password' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:8.5.1
Linking to MySQL Container
You can link this image with a mysql container for the database requirements. The alias of the mysql server container should be set to mysql while linking with the gitlab image.
If a mysql container is linked, only the DB_ADAPTER
, DB_HOST
and DB_PORT
settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the DB_NAME
, DB_USER
, DB_PASS
and so on.
To illustrate linking with a mysql container, we will use the sameersbn/mysql image. When using docker-mysql in production you should mount a volume for the mysql data store. Please refer the README of docker-mysql for details.
First, lets pull the mysql image from the docker index.
docker pull sameersbn/mysql:latest
For data persistence lets create a store for the mysql and start the container.
SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.
mkdir -p /srv/docker/gitlab/mysql
sudo chcon -Rt svirt_sandbox_file_t /srv/docker/gitlab/mysql
The run command looks like this.
docker run --name gitlab-mysql -d \
--env 'DB_NAME=gitlabhq_production' \
--env 'DB_USER=gitlab' --env 'DB_PASS=password' \
--volume /srv/docker/gitlab/mysql:/var/lib/mysql \
sameersbn/mysql:latest
The above command will create a database named gitlabhq_production
and also create a user named gitlab
with the password password
with full/remote access to the gitlabhq_production
database.
We are now ready to start the GitLab application.
docker run --name gitlab -d --link gitlab-mysql:mysql \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:8.5.1
Here the image will also automatically fetch the DB_NAME
, DB_USER
and DB_PASS
variables from the mysql container as they are specified in the docker run
command for the mysql container. This is made possible using the magic of docker links and works with the following images:
Redis
GitLab uses the redis server for its key-value data store. The redis server connection details can be specified using environment variables.
Internal Redis Server
The internal redis server has been removed from the image. Please use a linked redis container or specify a external redisconnection.
External Redis Server
The image can be configured to use an external redis server. The configuration should be specified using environment variables while starting the GitLab image.
Assuming that the redis server host is 192.168.1.100
docker run --name gitlab -it --rm \
--env 'REDIS_HOST=192.168.1.100' --env 'REDIS_PORT=6379' \
sameersbn/gitlab:8.5.1
Linking to Redis Container
You can link this image with a redis container to satisfy gitlab's redis requirement. The alias of the redis server container should be set to redisio while linking with the gitlab image.
To illustrate linking with a redis container, we will use the sameersbn/redis image. Please refer the README of docker-redis for details.
First, lets pull the redis image from the docker index.
docker pull sameersbn/redis:latest
Lets start the redis container
docker run --name gitlab-redis -d \
--volume /srv/docker/gitlab/redis:/var/lib/redis \
sameersbn/redis:latest
We are now ready to start the GitLab application.
docker run --name gitlab -d --link gitlab-redis:redisio \
sameersbn/gitlab:8.5.1
The mail configuration should be specified using environment variables while starting the GitLab image. The configuration defaults to using gmail to send emails and requires the specification of a valid username and password to login to the gmail servers.
If you are using Gmail then all you need to do is:
docker run --name gitlab -d \
--env 'SMTP_USER=USER@gmail.com' --env 'SMTP_PASS=PASSWORD' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:8.0.0
Please refer the Available Configuration Parameters section for the list of SMTP parameters that can be specified.
Reply by email
Since version 8.0.0
GitLab adds support for commenting on issues by replying to emails. Please read the documentation on reply by email to understand the requirements of this feature.
To enable this feature you need to provide IMAP configuration parameters that will allow GitLab to connect to your mail server and read mails. Additionally, you may need to specify GITLAB_INCOMING_EMAIL_ADDRESS
if your incoming email address is not the same as the IMAP_USER
.
If you are using Gmail then all you need to do is:
docker run --name gitlab -d \
--env 'IMAP_USER=USER@gmail.com' --env 'IMAP_PASS=PASSWORD' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:8.5.1
Please refer the Available Configuration Parameters section for the list of IMAP parameters that can be specified.
SSL
Access to the gitlab application can be secured using SSL so as to prevent unauthorized access to the data in your repositories. While a CA certified SSL certificate allows for verification of trust via the CA, a self signed certificates can also provide an equal level of trust verification as long as each client takes some additional steps to verify the identity of your website. I will provide instructions on achieving this towards the end of this section.
Jump to the Using HTTPS with a load balancer section if you are using a load balancer such as hipache, haproxy or nginx.
To secure your application via SSL you basically need two things:
- Private key (.key)
- SSL certificate (.crt)
When using CA certified certificates, these files are provided to you by the CA. When using self-signed certificates you need to generate these files yourself. Skip to Strengthening the server security section if you are armed with CA certified SSL certificates.
Generation of Self Signed Certificates
Generation of self-signed SSL certificates involves a simple 3 step procedure.
STEP 1: Create the server private key
openssl genrsa -out gitlab.key 2048
STEP 2: Create the certificate signing request (CSR)
openssl req -new -key gitlab.key -out gitlab.csr
STEP 3: Sign the certificate using the private key and CSR
openssl x509 -req -days 3650 -in gitlab.csr -signkey gitlab.key -out gitlab.crt
Congratulations! you have now generated an SSL certificate that will be valid for 10 years.
Strengthening the server security
This section provides you with instructions to strengthen your server security. To achieve this we need to generate stronger DHE parameters.
openssl dhparam -out dhparam.pem 2048
Installation of the SSL Certificates
Out of the four files generated above, we need to install the gitlab.key
, gitlab.crt
and dhparam.pem
files at the gitlab server. The CSR file is not needed, but do make sure you safely backup the file (in case you ever need it again).
The default path that the gitlab application is configured to look for the SSL certificates is at /home/git/data/certs
, this can however be changed using the SSL_KEY_PATH
, SSL_CERTIFICATE_PATH
and SSL_DHPARAM_PATH
configuration options.
If you remember from above, the /home/git/data
path is the path of the data store, which means that we have to create a folder named certs/
inside /srv/docker/gitlab/gitlab/
and copy the files into it and as a measure of security we'll update the permission on the gitlab.key
file to only be readable by the owner.
mkdir -p /srv/docker/gitlab/gitlab/certs
cp gitlab.key /srv/docker/gitlab/gitlab/certs/
cp gitlab.crt /srv/docker/gitlab/gitlab/certs/
cp dhparam.pem /srv/docker/gitlab/gitlab/certs/
chmod 400 /srv/docker/gitlab/gitlab/certs/gitlab.key
Great! we are now just one step away from having our application secured.
Enabling HTTPS support
HTTPS support can be enabled by setting the GITLAB_HTTPS
option to true
. Additionally, when using self-signed SSL certificates you need to the set SSL_SELF_SIGNED
option to true
as well. Assuming we are using self-signed certificates
docker run --name gitlab -d \
--publish 10022:22 --publish 10080:80 --publish 10443:443 \
--env 'GITLAB_SSH_PORT=10022' --env 'GITLAB_PORT=10443' \
--env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:8.5.1
In this configuration, any requests made over the plain http protocol will automatically be redirected to use the https protocol. However, this is not optimal when using a load balancer.
Configuring HSTS
HSTS if supported by the browsers makes sure that your users will only reach your sever via HTTPS. When the user comes for the first time it sees a header from the server which states for how long from now this site should only be reachable via HTTPS - that's the HSTS max-age value.
With NGINX_HSTS_MAXAGE
you can configure that value. The default value is 31536000
seconds. If you want to disable a already sent HSTS MAXAGE value, set it to 0
.
docker run --name gitlab -d \
--env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \
--env 'NGINX_HSTS_MAXAGE=2592000' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:8.5.1
If you want to completely disable HSTS set NGINX_HSTS_ENABLED
to false
.
Using HTTPS with a load balancer
Load balancers like nginx/haproxy/hipache talk to backend applications over plain http and as such the installation of ssl keys and certificates are not required and should NOT be installed in the container. The SSL configuration has to instead be done at the load balancer.
However, when using a load balancer you MUST set GITLAB_HTTPS
to true
. Additionally you will need to set theSSL_SELF_SIGNED
option to true
if self signed SSL certificates are in use.
With this in place, you should configure the load balancer to support handling of https requests. But that is out of the scope of this document. Please refer to Using SSL/HTTPS with HAProxy for information on the subject.
When using a load balancer, you probably want to make sure the load balancer performs the automatic http to https redirection. Information on this can also be found in the link above.
In summation, when using a load balancer, the docker command would look for the most part something like this:
docker run --name gitlab -d \
--publish 10022:22 --publish 10080:80 \
--env 'GITLAB_SSH_PORT=10022' --env 'GITLAB_PORT=443' \
--env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:8.5.1
Again, drop the --env 'SSL_SELF_SIGNED=true'
option if you are using CA certified SSL certificates.
In case Gitlab responds to any kind of POST request (login, OAUTH, changing settings etc.) with a 422 HTTP Error, consider adding this to your reverse proxy configuration:
proxy_set_header X-Forwarded-Ssl on;
(nginx format)
Establishing trust with your server
This section deals will self-signed ssl certificates. If you are using CA certified certificates, your done.
This section is more of a client side configuration so as to add a level of confidence at the client to be 100 percent sure they are communicating with whom they think they.
This is simply done by adding the servers certificate into their list of trusted certificates. On ubuntu, this is done by copying thegitlab.crt
file to /usr/local/share/ca-certificates/
and executing update-ca-certificates
.
Again, this is a client side configuration which means that everyone who is going to communicate with the server should perform this configuration on their machine. In short, distribute the gitlab.crt
file among your developers and ask them to add it to their list of trusted ssl certificates. Failure to do so will result in errors that look like this:
git clone https://git.local.host/gitlab-ce.git
fatal: unable to access 'https://git.local.host/gitlab-ce.git': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
You can do the same at the web browser. Instructions for installing the root certificate for firefox can be found here. You will find similar options chrome, just make sure you install the certificate under the authorities tab of the certificate manager dialog.
There you have it, thats all there is to it.
Installing Trusted SSL Server Certificates
If your GitLab CI server is using self-signed SSL certificates then you should make sure the GitLab CI server certificate is trusted on the GitLab server for them to be able to talk to each other.
The default path image is configured to look for the trusted SSL certificates is at /home/git/data/certs/ca.crt
, this can however be changed using the SSL_CA_CERTIFICATES_PATH
configuration option.
Copy the ca.crt
file into the certs directory on the datastore. The ca.crt
file should contain the root certificates of all the servers you want to trust. With respect to GitLab CI, this will be the contents of the gitlab_ci.crt file as described in the READMEof the docker-gitlab-ci container.
By default, our own server certificate gitlab.crt is added to the trusted certificates list.
Deploy to a subdirectory (relative url root)
By default GitLab expects that your application is running at the root (eg. /). This section explains how to run your application inside a directory.
Let's assume we want to deploy our application to '/git'. GitLab needs to know this directory to generate the appropriate routes. This can be specified using the GITLAB_RELATIVE_URL_ROOT
configuration option like so:
docker run --name gitlab -it --rm \
--env 'GITLAB_RELATIVE_URL_ROOT=/git' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:8.5.1
GitLab will now be accessible at the /git
path, e.g. http://www.example.com/git
.
Note: The GITLAB_RELATIVE_URL_ROOT
parameter should always begin with a slash and SHOULD NOT have any trailing slashes.
OmniAuth Integration
GitLab leverages OmniAuth to allow users to sign in using Twitter, GitHub, and other popular services. Configuring OmniAuth does not prevent standard GitLab authentication or LDAP (if configured) from continuing to work. Users can choose to sign in using any of the configured mechanisms.
Refer to the GitLab documentation for additional information.
CAS3
To enable the CAS OmniAuth provider you must register your application with your CAS instance. This requires the service URL GitLab will supply to CAS. It should be something like: https://git.example.com:443/users/auth/cas3/callback?url. By default handling for SLO is enabled, you only need to configure CAS for backchannel logout.
For example, if your cas server url is https://sso.example.com
, then adding --env 'OAUTH_CAS3_SERVER=https://sso.example.com'
to the docker run command enables support for CAS3 OAuth. Please refer toAvailable Configuration Parameters for additional CAS3 configuration parameters.
To enable the Google OAuth2 OmniAuth provider you must register your application with Google. Google will generate a client ID and secret key for you to use. Please refer to the GitLab documentation for the procedure to generate the client ID and secret key with google.
Once you have the client ID and secret keys generated, configure them using the OAUTH_GOOGLE_API_KEY
andOAUTH_GOOGLE_APP_SECRET
environment variables respectively.
For example, if your client ID is xxx.apps.googleusercontent.com
and client secret key is yyy
, then adding --env 'OAUTH_GOOGLE_API_KEY=xxx.apps.googleusercontent.com' --env 'OAUTH_GOOGLE_APP_SECRET=yyy'
to the docker run command enables support for Google OAuth.
You can also restrict logins to a single domain by adding --env 'OAUTH_GOOGLE_RESTRICT_DOMAIN=example.com'
. This is particularly useful when combined with --env 'OAUTH_ALLOW_SSO=true'
and --env 'OAUTH_BLOCK_AUTO_CREATED_USERS=false'
.
To enable the Facebook OAuth2 OmniAuth provider you must register your application with Facebook. Facebook will generate a API key and secret for you to use. Please refer to the GitLab documentation for the procedure to generate the API key and secret.
Once you have the API key and secret generated, configure them using the OAUTH_FACEBOOK_API_KEY
andOAUTH_FACEBOOK_APP_SECRET
environment variables respectively.
For example, if your API key is xxx
and the API secret key is yyy
, then adding --env 'OAUTH_FACEBOOK_API_KEY=xxx' --env 'OAUTH_FACEBOOK_APP_SECRET=yyy'
to the docker run command enables support for Facebook OAuth.
To enable the Twitter OAuth2 OmniAuth provider you must register your application with Twitter. Twitter will generate a API key and secret for you to use. Please refer to the GitLab documentation for the procedure to generate the API key and secret with twitter.
Once you have the API key and secret generated, configure them using the OAUTH_TWITTER_API_KEY
andOAUTH_TWITTER_APP_SECRET
environment variables respectively.
For example, if your API key is xxx
and the API secret key is yyy
, then adding --env 'OAUTH_TWITTER_API_KEY=xxx' --env 'OAUTH_TWITTER_APP_SECRET=yyy'
to the docker run command enables support for Twitter OAuth.
GitHub
To enable the GitHub OAuth2 OmniAuth provider you must register your application with GitHub. GitHub will generate a Client ID and secret for you to use. Please refer to the GitLab documentation for the procedure to generate the Client ID and secret with github.
Once you have the Client ID and secret generated, configure them using the OAUTH_GITHUB_API_KEY
andOAUTH_GITHUB_APP_SECRET
environment variables respectively.
For example, if your Client ID is xxx
and the Client secret is yyy
, then adding --env 'OAUTH_GITHUB_API_KEY=xxx' --env 'OAUTH_GITHUB_APP_SECRET=yyy'
to the docker run command enables support for GitHub OAuth.
GitLab
To enable the GitLab OAuth2 OmniAuth provider you must register your application with GitLab. GitLab will generate a Client ID and secret for you to use. Please refer to the GitLab documentation for the procedure to generate the Client ID and secret with GitLab.
Once you have the Client ID and secret generated, configure them using the OAUTH_GITLAB_API_KEY
andOAUTH_GITLAB_APP_SECRET
environment variables respectively.
For example, if your Client ID is xxx
and the Client secret is yyy
, then adding --env 'OAUTH_GITLAB_API_KEY=xxx' --env 'OAUTH_GITLAB_APP_SECRET=yyy'
to the docker run command enables support for GitLab OAuth.
BitBucket
To enable the BitBucket OAuth2 OmniAuth provider you must register your application with BitBucket. BitBucket will generate a Client ID and secret for you to use. Please refer to the GitLab documentation for the procedure to generate the Client ID and secret with BitBucket.
Once you have the Client ID and secret generated, configure them using the OAUTH_BITBUCKET_API_KEY
andOAUTH_BITBUCKET_APP_SECRET
environment variables respectively.
For example, if your Client ID is xxx
and the Client secret is yyy
, then adding --env 'OAUTH_BITBUCKET_API_KEY=xxx' --env 'OAUTH_BITBUCKET_APP_SECRET=yyy'
to the docker run command enables support for BitBucket OAuth.
SAML
GitLab can be configured to act as a SAML 2.0 Service Provider (SP). This allows GitLab to consume assertions from a SAML 2.0 Identity Provider (IdP) such as Microsoft ADFS to authenticate users. Please refer to the GitLab documentation.
The following parameters have to be configured to enable SAML OAuth support in this image:OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL
, OAUTH_SAML_IDP_CERT_FINGERPRINT
, OAUTH_SAML_IDP_SSO_TARGET_URL
,OAUTH_SAML_ISSUER
and OAUTH_SAML_NAME_IDENTIFIER_FORMAT
.
You can also override the default "Sign in with" button label with OAUTH_SAML_LABEL
.
Please refer to Available Configuration Parameters for the default configurations of these parameters.
Crowd
To enable the Crowd server OAuth2 OmniAuth provider you must register your application with Crowd server.
Configure GitLab to enable access the Crowd server by specifying the OAUTH_CROWD_SERVER_URL
, OAUTH_CROWD_APP_NAME
andOAUTH_CROWD_APP_PASSWORD
environment variables.
Microsoft Azure
To enable the Microsoft Azure OAuth2 OmniAuth provider you must register your application with Azure. Azure will generate a Client ID, Client secret and Tenant ID for you to use. Please refer to the GitLab documentation for the procedure.
Once you have the Client ID, Client secret and Tenant ID generated, configure them using the OAUTH_AZURE_API_KEY
,OAUTH_AZURE_API_SECRET
and OAUTH_AZURE_TENANT_ID
environment variables respectively.
For example, if your Client ID is xxx
, the Client secret is yyy
and the Tenant ID is zzz
, then adding --env 'OAUTH_AZURE_API_KEY=xxx' --env 'OAUTH_AZURE_API_SECRET=yyy' --env 'OAUTH_AZURE_TENANT_ID=zzz'
to the docker run command enables support for Microsoft Azure OAuth.
External Issue Trackers
Since version 7.10.0
support for external issue trackers can be enabled in the "Service Templates" section of the settings panel.
If you are using the docker-redmine image, you can one up the gitlab integration with redmine by adding --volumes-from=gitlab
flag to the docker run command while starting the redmine container.
By using the above option the /home/git/data/repositories
directory will be accessible by the redmine container and now you can add your git repository path to your redmine project. If, for example, in your gitlab server you have a project namedopensource/gitlab
, the bare repository will be accessible at /home/git/data/repositories/opensource/gitlab.git
in the redmine container.
Host UID / GID Mapping
Per default the container is configured to run gitlab as user and group git
with uid
and gid
1000
. The host possibly uses this ids for different purposes leading to unfavorable effects. From the host it appears as if the mounted data volumes are owned by the host's user/group 1000
.
Also the container processes seem to be executed as the host's user/group 1000
. The container can be configured to map theuid
and gid
of git
to different ids on host by passing the environment variables USERMAP_UID
and USERMAP_GID
. The following command maps the ids to user and group git
on the host.
docker run --name gitlab -it --rm [options] \
--env "USERMAP_UID=$(id -u git)" --env "USERMAP_GID=$(id -g git)" \
sameersbn/gitlab:8.5.1
When changing this mapping, all files and directories in the mounted data volume /home/git/data
have to be re-owned by the new ids. This can be achieved automatically using the following command:
docker run --name gitlab -d [OPTIONS] \
sameersbn/gitlab:8.5.1 app:sanitize
https://github.com/sameersbn/docker-gitlab
docker-gitlab(转)的更多相关文章
- docker gitlab
Alternatively, you can manually launch the gitlab container and the supporting postgresql and redis ...
- docker+gitlab+gitlab-runner部署
环境 服务端:centos7 客户端:window 在centos7上部署docker+gitlab+gitlab-runner,win10利用ssh连接,开发人员只需提交代码,就可以进行项目文件上传 ...
- docker+gitlab的安装和迁移
docker+gitlab的安装 docker search gitlab docker pull docker.io/gitlab/gitlab-ce docker run --name=: -- ...
- 六、Docker+Gitlab
原文:六.Docker+Gitlab (1)下载镜像: docker pull gitlab/gitlab-ce (2)运行镜像: GITLAB_HOME=`pwd`/data/gitlab dock ...
- Docker Gitlab CI 部署 Spring Boot 项目
目前在学习这一块的内容,但是可能每个人环境都不同,导致找不到一篇博客能够完全操作下来没有错误的,所以自己也写一下,记录一下整个搭建的过程. Docker 的安装这里就不赘述了,基本上几行命令都可以了, ...
- Docker+GitLab+Jenkins+kubernetes实现DevOps 持续化集成和持续化部署概念图
Docker+GitLab+Jenkins+kubernetes实现DevOps 持续化集成和持续化部署概念图 转载自:原创 IT综合 作者:百联达 时间:2017-05-09 15:48:08 41 ...
- docker gitlab迁移 备份 部署 搭建以及各种问题
当前环境 服务器A 服务器B ubuntu docker gitlab(版本一致) docker安装gitlab 由于考虑到gitlab 包含了⾃身的nginx.数据库.端⼝占⽤等等因数,这⾥使⽤的是 ...
- docker gitlab,redmine,etc development enviroments
sameersbn-gitlab is better more than officals sameersbn/redmine https://hub.docker.com/r/sameersbn/r ...
- docker gitlab安装
mkdir -p /data/docker/volumes/gitlab chmod 777 /data/docker/volumes/gitlab cd /data/docker/volumes/g ...
- Docker GitLab镜像部署
环境说明 系统环境: CentOS Linux release 7.4 docker Version: 18.03.1-ce 运行镜像 docker run --detach \ --hostname ...
随机推荐
- BGP拓扑错误模拟配置
R1配置 --------------------------------------------- version 5.20, ESS 2207P45# sysname RT1# super pas ...
- Nginx对某个文件夹或整个站点进行登录认证的方法
比方要对 站点文件夹下的 test 文件夹 进行加密认证 首先须要在opt 的主文件夹中 /opt/ 创建一个新文件 htpasswd 此文件的书写格式是 username:password 每行一个 ...
- Ice-2.1.2在RHEL Server 5.5上的安装
因为项目的需要,服务器上的程序需要使用Ice接口与其它程序通信,对方提供了一个Windows版的工程,我要把它移植到Linux服务器上,既然Ice是跨平台跨语言的中间件,想来移植不是很困难, ...
- Windows phone 8 学习笔记(9) 集成
原文:Windows phone 8 学习笔记(9) 集成 本节整理了之前并没有提到的Windows phone 8 系统相关集成支持,包括选择器.锁定屏幕的.联系人的访问等.选择器列举了若干内置应用 ...
- CSDN-markdown语法之怎样使用LaTeX语法编写数学公式
文件夹 文件夹 正文 标记公式 行内公式 块级公式 上标和下标 分数表示 各种括号 根号表示 省略号 矢量表示 间隔空间 希腊字母 特殊字符 关系运算符 集合运算符 对数运算符 三角运算符 微积分运算 ...
- POJ1201 差分约束
给定ai,bi, ci 表示区间[ai,bi]内至少有ci个点, 要求对于所有给定的ai,bi,ci, 至少多少个点才能满足题目的条件 重做这一题学到的一点是, 可以设变量来表示一些东西,然后才能找 ...
- ACdream原创群赛(18)のAK's dream题解
只做了4题水题ADGI A题需要注意的就是“[...]”的输出了,何时输出,何时不输出. #include <stdio.h> int main() { int n, cur, d; ; ...
- C++出现计算机术语5
class template(类模板) 可以用来定义一个类定义了一组特定类型的类的.类模板template keyword其次是尖括号(<>)附上.的列表来定义. export keywo ...
- ACM:回溯,八皇后问题,素数环
(一)八皇后问题 (1)回溯 #include <iostream> #include <string> #define MAXN 100 using namespace st ...
- [Unity3D]转让Android介面
简单介绍 有一些手机功能.Unity没有提供对应的接口.比如震动,比如不锁屏,比如GPS.比如... 有太多的特殊功能Unity都没有提供接口.这时候,我们就须要通过使用Android原生的ADT编辑 ...