I am using git-ce latest image and docker-compose.
My docker-compose.yml looks like this:
docker-compose.yml
version: '2.1'
networks:
gitnet:
driver: bridge
# enable_ipv6: true
ipam:
driver: default
config:
- subnet: 10.79.79.1/24
#- subnet: fd00:1::/80
#gateway: fd00:1::1
services:
gitlab:
image: gitlab/gitlab-ce
restart: always
hostname: 'git.example.com'
container_name: 'git.example.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
#external_url = ['http://git.example.com','https://git.example.com','https://git6.example.com','http://git6.example.com']
external_url = ['https://git.example.com']
#registry_external_url = ['https://git6.example.com']
nginx['enable'] = true
nginx['client_max_body_size'] = '250m'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/privkey.pem"
nginx['ssl_trusted_certificate'] = "/etc/gitlab/ssl/chain.pem"
nginx['ssl'] = "on"
nginx['ssl_protocols'] = "TLSv1.2 TLSv1.1 TLSv1"
nginx['ssl_prefer_server_ciphers'] = "on"
nginx['ssl_ciphers'] = "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
nginx['keepalive_timeout'] = "70"
nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparam.pem"
nginx['ssl_session_cache'] = "shared:SSL:10m"
nginx['ssl_session_timeout'] = "10m"
letsencrypt['enable'] = false
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'git@example.com'
gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
gitlab_rails['gitlab_email_display_name'] = 'Gitlab Admin'
gitlab_rails['gitlab_email_subject_suffix'] = '[git@example.com]'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "172.16.185.62"
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_domain'] = "smtp.gmail.com"
unicorn['worker_timeout'] = 60
unicorn['worker_processes'] = 13
gitlab_rails['gitlab_shell_ssh_port'] = 8822
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'example.com'
host: 'sso.example.com'
port: 20018
uid: 'uid'
method: 'ssl' # "tls" or "ssl" or "plain"
bind_dn: 'cn=admin,dc=example,dc=com'
password: '123123123'
active_directory: false
allow_username_or_email_login: true
verify_certificates: false
base: 'ou=People,dc=example,dc=com'
sync_ssh_keys: true
EOS
gitlab_rails['omniauth_providers'] = [
{ 'name' => 'openid_connect',
'label' => 'sso.example.com',
'args' => {
'name' => 'openid_connect',
'scope' => ['openid','profile'],
'response_type' => 'code',
# realm url
'issuer' => 'https://sso.example.com:8843/auth/realms/example.com',
#Gitlab fetch all the endpoints from
#https://<keycloak-url>/auth/realms/<realm>/.well-known/openid-configuration
'discovery' => true,
'client_auth_method' => 'basic',
#Client Configuration
'client_options' => {
'identifier' => 'git.example.com',
'secret' => 'asdfasdfasdf-423dsf-saf324-dafa432-asdf89sd7a',
'redirect_uri' => 'http://git.example.com/users/auth/openid_connect/callback'
}
}
}
]
ports:
- '80:80'
- '443:443'
- '8822:22'
volumes:
- '/opt/www/git.example.com/config:/etc/gitlab'
#- '/opt/www/git.example.com/gitlab.rb:/etc/gitlab/gitlab.rb'
- '/opt/www/git.example.com/logs:/var/log/gitlab'
- '/opt/www/git.example.com/data:/var/opt/gitlab'
- '/etc/resolv.conf:/etc/resolv.conf:ro'
networks:
gitnet:
ipv4_address: 10.79.79.79
extra_hosts:
- "sso:192.168.185.56"
root@git:/# gitlab-rails console
--------------------------------------------------------------------------------
GitLab: 13.0.6 (5aa982e01ea) FOSS
GitLab Shell: 13.2.0
PostgreSQL: 11.7
--------------------------------------------------------------------------------
Loading production environment (Rails 6.0.3)
irb(main):001:0> Gitlab::Application.routes.default_url_options
=> {:host=>"git.example.com", :protocol=>"http", :script_name=>""}
Here is the content of config/ssl:
-rw-r--r-- 1 root root 1647 Jun 17 15:19 chain.pem
-rw-r--r-- 1 root root 769 Jun 17 09:25 dhparam.pem
-rw-r--r-- 1 root root 3542 Jun 17 06:59 fullchain.pem
-rw-r--r-- 1 root root 1310 Jun 17 02:21 git.example.com.crt
-rw-r--r-- 1 root root 1679 Jun 17 02:21 git.example.com.key
drw-r--r-- 2 root root 4096 Jun 17 02:16 old
-rw------- 1 root root 1708 Jun 17 06:59 privkey.pem
I used let’s encrypt to get my wildcard certificate. My server can’t connect internet, so I can’t use let’s encrypt module.
I even converted the config in docker-compose.yml to gitlab.rb and saved into config. Still, no effect.