diff --git a/.env.example b/.env.example index 3eba4e5..609eff0 100644 --- a/.env.example +++ b/.env.example @@ -57,6 +57,13 @@ GITLAB_ROOT_PASSWORD= # Docker registry domain name # REGISTRY_HOST=docker. + +REGISTRY_STORAGE_S3_ACCESSKEY= +REGISTRY_STORAGE_S3_SECRETKEY= +REGISTRY_STORAGE_S3_REGIONENDPOINT=fra1.digitaloceanspaces.com +REGISTRY_STORAGE_S3_REGION=fra1 +REGISTRY_STORAGE_S3_BUCKET= + # DB credentials # DB_USER=gitlab @@ -90,7 +97,7 @@ S3_APPLICATION_KEY= # Network names # -#SERVICE_NETWORK=gitlab +SERVICE_NETWORK=service WEBPROXY_NETWORK=webproxy GITLAB_SECRETS_DB_KEY_BASE= diff --git a/docker-compose.yml b/docker-compose.yml index bb36e7f..c14b6fa 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,14 +14,14 @@ services: # - 443:443 expose: - 80 - # labels: - # - "traefik.enable=true" - # - "traefik.http.routers.gitlab-server.entrypoints=https" - # - "traefik.http.routers.gitlab-server.rule=Host(`${GITLAB_HOST}`)" - # - "traefik.http.routers.gitlab-server.tls=true" - # - "traefik.http.routers.gitlab-server.tls.certresolver=letsEncrypt" - # - "traefik.http.services.gitlab-server-service.loadbalancer.server.port=80" - # - "traefik.docker.network=webproxy" + labels: + - "traefik.enable=true" + - "traefik.http.routers.gitlab-rm-server.entrypoints=https" + - "traefik.http.routers.gitlab-rm-server.rule=Host(`${GITLAB_HOST}`)" + - "traefik.http.routers.gitlab-rm-server.tls=true" + - "traefik.http.routers.gitlab-rm-server.tls.certresolver=letsEncrypt" + - "traefik.http.services.gitlab-rm-server-service.loadbalancer.server.port=80" + - "traefik.docker.network=webproxy" volumes: - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab:/home/git/data:Z - ./ssl-certs:/certs @@ -41,11 +41,11 @@ services: - TZ=UTC - GITLAB_TIMEZONE=${GITLAB_TIMEZONE} - - GITLAB_HTTPS=false + - GITLAB_HTTPS=true - SSL_SELF_SIGNED=false - GITLAB_HOST=${GITLAB_HOST} - - GITLAB_PORT=80 + - GITLAB_PORT=443 - GITLAB_SSH_PORT=${GITLAB_SSH_PORT} - GITLAB_SECRETS_DB_KEY_BASE=${GITLAB_SECRETS_DB_KEY_BASE} - GITLAB_SECRETS_SECRET_KEY_BASE=${GITLAB_SECRETS_SECRET_KEY_BASE} @@ -98,8 +98,8 @@ services: retries: 5 start_period: 2m networks: - # - webproxy - - service + - ${WEBPROXY_NETWORK} + - ${SERVICE_NETWORK} registry: image: ${DOCKER_IMAGE_REGISTRY} @@ -107,14 +107,14 @@ services: restart: always expose: - 5000 - # labels: - # - "traefik.enable=true" - # - "traefik.http.routers.gitlab-registry.entrypoints=https" - # - "traefik.http.routers.gitlab-registry.rule=Host(`${REGISTRY_HOST}`)" - # - "traefik.http.routers.gitlab-registry.tls=true" - # - "traefik.http.routers.gitlab-registry.tls.certresolver=letsEncrypt" - # - "traefik.http.services.gitlab-registry-service.loadbalancer.server.port=5000" - # - "traefik.docker.network=webproxy" + labels: + - "traefik.enable=true" + - "traefik.http.routers.gitlab-rm-registry.entrypoints=https" + - "traefik.http.routers.gitlab-rm-registry.rule=Host(`${REGISTRY_HOST}`)" + - "traefik.http.routers.gitlab-rm-registry.tls=true" + - "traefik.http.routers.gitlab-rm-registry.tls.certresolver=letsEncrypt" + - "traefik.http.services.gitlab-rm-registry-service.loadbalancer.server.port=5000" + - "traefik.docker.network=webproxy" volumes: - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab/shared/registry:/registry - ./ssl-certs:/certs @@ -127,9 +127,16 @@ services: - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry.crt - REGISTRY_STORAGE_DELETE_ENABLED=true + # - REGISTRY_STORAGE=s3 + # - REGISTRY_STORAGE_S3_ACCESSKEY=${REGISTRY_STORAGE_S3_ACCESSKEY} + # - REGISTRY_STORAGE_S3_SECRETKEY=${REGISTRY_STORAGE_S3_SECRETKEY} + # - REGISTRY_STORAGE_S3_REGIONENDPOINT=${REGISTRY_STORAGE_S3_REGIONENDPOINT} + # - REGISTRY_STORAGE_S3_REGION=${REGISTRY_STORAGE_S3_REGION} + # - REGISTRY_STORAGE_S3_BUCKET=${REGISTRY_STORAGE_S3_BUCKET} + # - REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR=inmemory networks: - # - webproxy - - service + - ${WEBPROXY_NETWORK} + - ${SERVICE_NETWORK} postgresql: image: ${DOCKER_IMAGE_PGSQL} @@ -143,7 +150,7 @@ services: volumes: - ${SERVICE_DATA}/${SERVICE_NAME}/postgresql:/var/lib/postgresql:Z networks: - - service + - ${SERVICE_NETWORK} redis: restart: always @@ -154,7 +161,7 @@ services: volumes: - ${SERVICE_DATA}/${SERVICE_NAME}/redis:/var/lib/redis:Z networks: - - service + - ${SERVICE_NETWORK} runner_1: image: ${DOCKER_IMAGE_RUNNER} @@ -175,7 +182,7 @@ services: - RUNNER_EXECUTOR=docker - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest networks: - - service + - ${SERVICE_NETWORK} runner_2: image: ${DOCKER_IMAGE_RUNNER} @@ -196,7 +203,7 @@ services: - RUNNER_EXECUTOR=docker - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest networks: - - service + - ${SERVICE_NETWORK} runner_3: image: ${DOCKER_IMAGE_RUNNER} @@ -217,7 +224,7 @@ services: - RUNNER_EXECUTOR=docker - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest networks: - - service + - ${SERVICE_NETWORK} runner_4: image: ${DOCKER_IMAGE_RUNNER} @@ -238,7 +245,7 @@ services: - RUNNER_EXECUTOR=docker - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest networks: - - service + - ${SERVICE_NETWORK} # backup: # image: ${DOCKER_IMAGE_BACKUP} @@ -253,17 +260,17 @@ services: # - BACKUP_SCHEDULE=${BACKUP_SCHEDULE} # - BACKUP_DIR=${BACKUP_DIR} # - DOCKER_COMPOSE_DIR=${DOCKER_COMPOSE_DIR} - # - SERVICE_NAME=${SERVICE_NAME} + # - ${SERVICE_NETWORK} # - CONTAINER_NAME_GITLAB=${CONTAINER_NAME_GITLAB} # - S3_HOST_BASE=${S3_HOST_BASE} # - S3_ACCOUNT_ID=${S3_ACCOUNT_ID} # - S3_APPLICATION_KEY=${S3_APPLICATION_KEY} # networks: - # - service + # - ${SERVICE_NETWORK} networks: service: name: ${SERVICE_NAME} - # webproxy: - # external: - # name: ${WEBPROXY_NETWORK} + webproxy: + external: + name: ${WEBPROXY_NETWORK}