archive-gh-me/docker-gitlab
1
0
Fork 0
mirror of https://github.com/sameersbn/docker-gitlab.git synced 2026-01-25 14:08:09 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into master

Browse Source
This commit is contained in:
eiabea 2020-01-10 09:58:27 +01:00 committed by GitHub
commit ec111c7805
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
35 changed files with 1789 additions and 469 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
.circleci/config.yml Normal file
View File

@ -0,0 +1,93 @@
version: 2
jobs:
shellcheck:
docker:
- image: nlknguyen/alpine-shellcheck:v0.4.6
steps:
- checkout
- run:
name: Check Docker Hub Hooks
command: |
find hooks -type f | wc -l
find hooks -type f | xargs shellcheck -e SC2086 --external-sources
- run:
name: Check Scripts
command: |
find . -type f -name '*.sh' | wc -l
find . -type f -name '*.sh' | xargs shellcheck -e SC2086 -e SC1090 --external-sources
build:
docker:
- image: circleci/golang:1-stretch-browsers-legacy
environment:
IMAGE_NAME: "sameersbn/gitlab"
steps:
- checkout
- setup_remote_docker:
version: 18.03.1-ce
- run:
name: Docker info
command: |
docker version
docker info
- restore_cache:
keys:
- cache-v2-{{ .Branch }}
paths:
- /tmp/cache/layers.tar
- run:
name: Loading docker cache
command: |
if [[ -f /tmp/cache/layers.tar ]]; then
echo "Loading cache ..."
docker load -i /tmp/cache/layers.tar
docker image ls
else
echo "Couldn't find any caches"
fi
- run:
name: Build docker image
command: |
docker build \
--pull \
--cache-from=${IMAGE_NAME} \
--build-arg BUILD_DATE="$(date +"%Y-%m-%d %H:%M:%S%:z")" \
--build-arg VCS_REF=$(git rev-parse --short HEAD) \
-t ${IMAGE_NAME}:$(cat VERSION) .
no_output_timeout: 60m
- run:
name: Launching container for testing
command: |
docker-compose up -d
sleep 180
- run:
name: Testing image
command: |
docker run --network container:$(docker-compose ps -q gitlab) \
appropriate/curl --retry 15 --retry-delay 5 --retry-connrefused http://localhost/explore
- run:
name: Generate docker build image cache
command: |
mkdir -p /tmp/cache/
docker save -o /tmp/cache/layers.tar ${IMAGE_NAME}
- save_cache:
key: cache-v2-{{ .Branch }}
paths:
- /tmp/cache/layers.tar
workflows:
version: 2
build-and-test:
jobs:
- shellcheck
- build

1
.gitignore vendored
View File

@ -1,4 +1,3 @@
*.gem
*.tar.gz
docker-compose.yml

60
.gitlab-ci.yml
View File

@ -1,5 +1,59 @@
image: docker:dind
image: docker:18-git
deploy:
stages:
- build
before_script:
- export VERSION=$(cat VERSION)
- export CI_REGISTRY=${CI_REGISTRY:-hub.docker.com}
- export CI_REGISTRY_USER=${CI_REGISTRY_USER:-gitlab-ci-token}
- export CI_REGISTRY_PASSWORD=${CI_REGISTRY_PASSWORD:-${CI_JOB_TOKEN}}
- export DOCKER_IMAGE=${DOCKER_IMAGE:-${CI_REGISTRY}/${CI_PROJECT_PATH}}
- |
if [ "${DOCKER_IMAGE}" = "/" ]; then
export DOCKER_IMAGE=sameersbn/gitlab
fi
docker:build:
stage: build
only:
- master
script:
- ci/gitlab
- docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
- docker build
--pull
--cache-from=${DOCKER_IMAGE}
--build-arg=VCS_REF=$(git rev-parse --short HEAD)
--build-arg=BUILD_DATE="$(date +"%Y-%m-%d %H:%M:%S%:z")"
--tag ${DOCKER_IMAGE} .
- docker push ${DOCKER_IMAGE}
docker:build:branches:
stage: build
only:
- branches
except:
- master
script:
- docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
- docker build
--pull
--cache-from=${DOCKER_IMAGE}:${CI_COMMIT_REF_SLUG}
--build-arg=VCS_REF=$(git rev-parse --short HEAD)
--build-arg=BUILD_DATE="$(date +"%Y-%m-%d %H:%M:%S%:z")"
--tag ${DOCKER_IMAGE}:${CI_COMMIT_REF_SLUG} .
- docker push ${DOCKER_IMAGE}:${CI_COMMIT_REF_SLUG}
docker:build:release:
stage: build
only:
- tags
script:
- docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
- docker build
--pull
--cache-from=${DOCKER_IMAGE}:${VERSION}
--build-arg=VCS_REF=$(git rev-parse --short HEAD)
--build-arg=BUILD_DATE="$(date +"%Y-%m-%d %H:%M:%S%:z")"
--tag ${DOCKER_IMAGE}:${VERSION} .
- docker push ${DOCKER_IMAGE}:${VERSION}

9
.travis.yml
View File

@ -1,9 +0,0 @@
sudo: required
language: bash
services:
- docker
script:
- docker build -t sammeersbn/gitlab .

12
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,12 @@
# GitLab-CI Configuration
When using your own gitlab instance, the provided .gitlab-ci.yml will be automatically be using the settings provided by the GitLab Instance. If needed several options can be overriden.
Overrides for these values can be set within the project, under `Settings` -> `CI/CD` -> `Variables`.
| Variable | Default Value | Description |
| ---------------------- | ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `CI_REGISTRY` | `hub.docker.com` | If available this will be automatically overriden by registry address which is configured within the GitLab instance |
| `CI_REGISTRY_USER` | `gitlab-ci-token` | Username for the registry |
| `CI_REGISTRY_PASSWORD` | `${CI_JOB_TOKEN}` | Password for the registry |
| `DOCKER_IMAGE` | `sameersbn/gitlab` | Docker image name, will be automatically be overriden by the running GitLab instance with the `${CI_PROJECT_PATH}` variable. This will case the image to be uploaded to the local registry of the project within GitLab. |

485
Changelog.md
View File

@ -1,7 +1,488 @@
# Changelog
This file only reflects the changes that are made in this image. Please refer to the upstream GitLab [CHANGELOG](
https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) for the list of changes in GitLab.
https://gitlab.com/gitlab-org/gitlab-foss/blob/master/CHANGELOG.md) for the list of changes in GitLab.
**12.5.5**
- gitlab: upgrade CE to v12.5.5
**12.5.4**
- gitlab: upgrade CE to v12.5.4
- Update golang to 1.12.14
**12.5.3**
- gitlab: upgrade CE to v12.5.3
**12.5.2**
- gitlab: upgrade CE to v12.5.2
**12.5.1**
- gitlab: upgrade CE to v12.5.1
**12.5.0**
- gitlab: upgrade CE to v12.5.0
**12.4.3**
- gitlab: upgrade CE to v12.4.3
**12.4.2**
- gitlab: upgrade CE to v12.4.2
**12.4.1**
- gitlab: upgrade CE to v12.4.1
**12.4.0**
- gitlab: upgrade CE to v12.4.0
**12.3.5**
- gitlab: upgrade CE to v12.3.5
**12.3.4**
- gitlab: upgrade CE to v12.3.4
**12.3.3**
- gitlab: upgrade CE to v12.3.3
**12.3.2**
- gitlab: upgrade CE to v12.3.2
**12.3.1**
- gitlab: upgrade CE to v12.3.1
**12.3.0**
- gitlab: upgrade CE to v12.3.0
**12.2.5**
- gitlab: upgrade CE to v12.2.5
**12.2.4**
- gitlab: upgrade CE to v12.2.4
**12.2.3**
- gitlab: upgrade CE to v12.2.3
**12.2.1**
- gitlab: upgrade CE to v12.2.1
**12.2.0**
- gitlab: upgrade CE to v12.2.0
- upgrade base image to ubuntu:bionic
**12.1.6**
- gitlab: upgrade CE to v12.1.6
**12.1.4**
- gitlab: upgrade CE to v12.1.4
**12.1.3**
- gitlab: upgrade CE to v12.1.3
**12.1.2**
- gitlab: upgrade CE to v12.1.2
**12.1.1**
- gitlab: upgrade CE to v12.1.1
**12.1.0**
- gitlab: upgrade CE to v12.1.0
- Removed MySQL related information and packages. GitLab v12.1.X or greater requires only PostgreSQL. Do an Migration before upgrading to v12.1.X. For more Information have a look at the [Migration Guide](https://docs.gitlab.com/ce/update/mysql_to_postgresql.html)
**12.0.4**
- gitlab: upgrade CE to v12.0.4
**12.0.3**
- gitlab: upgrade CE to v12.0.3
**12.0.2**
- gitlab: upgrade CE to v12.0.2
**12.0.1**
- gitlab: upgrade CE to v12.0.1
**12.0.0**
- gitlab: upgrade CE to v12.0.0
- Update gitaly to 1.47.0
- Update gitlab-shell to 9.3.0
- Update gitlab-pages to 1.6.1
- ruby: update to 2.6
- python: update to 3
**11.11.3**
- gitlab: upgrade CE to v11.11.3
- Update gitaly to 1.42.4
- Update golang to 1.12.6
**11.11.2**
- gitlab: upgrade CE to v11.11.2
- Update gitaly to 1.42.3
**11.11.1**
- gitlab: upgrade CE to v11.11.1
- Update gitaly to 1.42.2
**11.11.0**
- gitlab: upgrade CE to v11.11.0
- Update gitaly to 1.42.0
- Update gitlab-shell to 9.1.0
- Update gitlab-workhorse to 8.7.0
**11.10.4**
- gitlab: upgrade CE to v11.10.4
**11.10.3**
- gitlab: upgrade CE to v11.10.3
**11.10.2**
- gitlab: upgrade CE to v11.10.2
**11.10.1**
- gitlab: upgrade CE to v11.10.1
**11.10.0**
- gitlab: upgrade CE to v11.10.0
**11.9.8**
- gitlab: upgrade CE to v11.9.8
**11.9.7**
- gitlab: upgrade CE to v11.9.7
**11.9.6**
- gitlab: upgrade CE to v11.9.6
**11.9.5**
- gitlab: upgrade CE to v11.9.5
**11.9.4**
- gitlab: upgrade CE to v11.9.4
- Update gitlab-workhorse to 8.3.3
**11.9.1**
- gitlab: upgrade CE to v11.9.1
- Update gitaly to 1.27.1
**11.9.0**
- gitlab: upgrade CE to v11.9.0
**11.8.3**
- gitlab: upgrade CE to v11.8.3
**11.8.2**
- gitlab: upgrade CE to v11.8.2
**11.8.1**
- gitlab: upgrade CE to v11.8.1
**11.8.0**
- gitlab: upgrade CE to v11.8.0
- Update gitlab-workhorse to 8.3.1
- Update gitaly to 1.20.0
- Update gitlab-pages to 1.5.0
**11.7.5**
- gitlab: upgrade CE to v11.7.5
**11.7.4**
- gitlab: upgrade CE to v11.7.4
**11.7.3**
- gitlab: upgrade CE to v11.7.3
- Update gitlab-workhorse to 8.1.1
- Update gitaly to 1.13.0
- Update gitlab-pages to 1.4.0
**11.7.0**
- gitlab: upgrade CE to v11.7.0
**11.6.5**
- gitlab: upgrade CE to v11.6.5
**11.6.4**
- gitlab: upgrade CE to v11.6.4
**11.6.3**
- gitlab: upgrade CE to v11.6.3
**11.6.2**
- gitlab: upgrade CE to v11.6.2
**11.6.1**
- gitlab: upgrade CE to v11.6.1
- Added `GITLAB_IMPERSONATION_ENABLED`
- Added `OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME`
- Added `GITLAB_PAGES_ACCESS_CONTROL_SERVER`
- Added `GITLAB_PAGES_ACCESS_CLIENT_ID`
- Added `GITLAB_PAGES_ACCESS_CLIENT_SECRET`
- Added `GITLAB_PAGES_ACCESS_SECRET`
- Added `GITLAB_PAGES_ACCESS_REDIRECT_URI`
**11.6.0**
- gitlab: upgrade CE to v11.6.0
- Update gitaly to 1.7.1
- Update gitlab-shell to 8.4.3
- Update gitlab-workhorse to 7.6.0
- Update golang to 1.11.4
- Added `LDAP_USER_ATTRIBUTE_USERNAME`
- Added `LDAP_USER_ATTRIBUTE_MAIL`
- Added `LDAP_USER_ATTRIBUTE_NAME`
- Added `LDAP_USER_ATTRIBUTE_FIRSTNAME`
- Added `LDAP_USER_ATTRIBUTE_LASTNAME`
- Added `GITLAB_BACKUP_DIR_CHOWN`
- Added `GITLAB_BACKUP_DIR_GROUP`
- Added `GITLAB_PAGES_NGINX_PROXY`
**11.5.5**
- gitlab: upgrade CE to v11.5.5
**11.5.4**
- gitlab: upgrade CE to v11.5.4
**11.5.3**
- gitlab: upgrade CE to v11.5.3
**11.5.2**
- gitlab: upgrade CE to v11.5.2
**11.5.1-1**
- Fixed GitLab Dependencies
**11.5.1**
- gitlab: upgrade CE to v11.5.1
**11.5.0**
- gitlab: upgrade CE to v11.5.0
**11.4.7**
- gitlab: upgrade CE to v11.4.7
**11.4.6**
- gitlab: upgrade CE to v11.4.6
**11.4.5**
- gitlab: upgrade CE to v11.4.5
**11.4.4**
- gitlab: upgrade CE to v11.4.4
- golang: update to 1.10.4
**11.4.3**
- gitlab: upgrade CE to v11.4.3
**11.4.2**
- gitlab: upgrade CE to v11.4.2
**11.4.1**
- gitlab: upgrade CE to v11.4.1
- Add docs how to reuse ssh port [#1731](https://github.com/sameersbn/docker-gitlab/pull/1731)
**11.4.0**
- gitlab: upgrade CE to v11.4.0
- baseimage: upgrade to xenial-20181005
**11.3.6**
- gitlab: upgrade CE to v11.3.6
**11.3.5**
- gitlab: upgrade CE to v11.3.5
**11.3.4**
- gitlab: upgrade CE to v11.3.4
**11.3.3**
- gitlab: upgrade CE to v11.3.3
**11.3.2**
- gitlab: upgrade CE to v11.3.2
**11.3.1**
- gitlab: upgrade CE to v11.3.1
**11.3.0**
- gitlab: upgrade CE to v11.3.0
- Fix backup config stripping for when AWS & GCS backups are disabled [#1725](https://github.com/sameersbn/docker-gitlab/pull/1725)
- Correct Backup Date format for selective backups [#1699](https://github.com/sameersbn/docker-gitlab/pull/1699)
- Fix gitlay-ssh symlink to enable rebase/squash in forks
**11.2.3**
- gitlab: upgrade CE to v11.2.3
**11.2.2**
- gitlab: upgrade CE to v11.2.2
**11.2.1**
- gitlab: upgrade CE to v11.2.1
**11.2.0**
- gitlab: upgrade CE to v11.2.0
- ADD `GITLAB_DEFAULT_THEME`
**11.1.4**
- gitlab: upgrade CE to v11.1.4
**11.1.3**
- gitlab: upgrade CE to v11.1.3
- Upgrade redis to 4.0.9-1
**11.1.2**
- gitlab: upgrade CE to v11.1.2
**11.1.1**
- gitlab: upgrade CE to v11.1.1
**11.1.0**
- gitlab: upgrade CE to v11.1.0
**11.0.4**
- gitlab: upgrade CE to v11.0.4
**11.0.3**
- gitlab: upgrade CE to v11.0.3
- ruby: update to 2.4
**11.0.2**
- gitlab: upgrade CE to v11.0.2
**11.0.1**
- gitlab: upgrade CE to v11.0.1
**11.0.0**
- gitlab: upgrade CE to v11.0.0
**10.8.4**
- gitlab: upgrade CE to v10.8.4
**10.8.3-1**
- Fix boot loops that were introduced during [#1621](https://github.com/sameersbn/docker-gitlab/pull/1621) and will be fixed with [#1628](https://github.com/sameersbn/docker-gitlab/pull/1628)
**10.8.3**
- gitlab: upgrade CE to v10.8.3
- Fix potential boot problems on clean setups [#1621](https://github.com/sameersbn/docker-gitlab/pull/1621)
**10.8.2**
- gitlab: upgrade CE to v10.8.2
**10.8.1**
- gitlab: upgrade CE to v10.8.1
**10.8.0**
- gitlab: upgrade CE to v10.8.0
- Add support for swarm mode with docker-configs and docker secrets ([#1540](https://github.com/sameersbn/docker-gitlab/pull/1540))
**10.7.4**
- gitlab: upgrade CE to v10.7.4
- FIX `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT`
**10.7.3**
- gitlab: upgrade CE to v10.7.3
**10.7.2**
- gitlab: upgrade CE to v10.7.2
**10.7.1**
- gitlab: upgrade CE to v10.7.1
**10.7.0**
- gitlab: upgrade CE to v10.7.0
- ADD `GITLAB_SIDEKIQ_LOG_FORMAT`
- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED`
- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY`
- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD`
- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD`
- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER`
- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID`
- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY`
- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_REGION`
- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST`
- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT`
- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE`
- ADD `GITLAB_LFS_OBJECT_STORE_ENABLED`
- ADD `GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY`
- ADD `GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD`
- ADD `GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD`
- ADD `GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD`
- ADD `GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER`
- ADD `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID`
- ADD `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY`
- ADD `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_REGION`
- ADD `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST`
- ADD `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT`
- ADD `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE`
- ADD `GITLAB_UPLOADS_OBJECT_STORE_ENABLED`
- ADD `GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY`
- ADD `GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD`
- ADD `GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD`
- ADD `GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD`
- ADD `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER`
- ADD `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID`
- ADD `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY`
- ADD `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_REGION`
- ADD `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST`
- ADD `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT`
- ADD `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE`
**10.6.4**
- gitlab: upgrade CE to v10.6.4
**10.6.3**
- gitlab: upgrade CE to v10.6.3
**10.6.2**
- gitlab: upgrade CE to v10.6.2
- golang: update to 1.9.5
**10.6.1**
- gitlab: upgrade CE to v10.6.1
**10.6.0**
- gitlab: upgrade CE to v10.6.0
**10.5.6**
- gitlab: security upgrade CE to v10.5.6
**10.5.5**
- gitlab: upgrade CE to v10.5.5
**10.5.4**
- gitlab: upgrade CE to v10.5.4
**10.5.3**
- gitlab: upgrade CE to v10.5.3
**10.5.2**
- gitlab: upgrade CE to v10.5.2
- Fix `GITLAB_UPLOADS_STORAGE_PATH`
**10.5.1**
- gitlab: upgrade CE to v10.5.1
**10.5.0**
- gitlab: upgrade CE to v10.5.0
- Add `GITLAB_UPLOADS_STORAGE_PATH`
- Add `GITLAB_UPLOADS_BASE_DIR`
- Add `LDAP_LOWERCASE_USERNAMES`
**10.4.4**
- gitlab: upgrade CE to v10.4.4
**10.4.3**
- gitlab: upgrade CE to v10.4.3
**10.4.2-1**
- FIXED SSH Host Key generation through droping the support for rsa1
**10.4.2**
- gitlab: upgrade CE to v10.4.2
**10.4.1**
- gitlab: upgrade CE to v10.4.1
**10.4.0**
- gitlab: upgrade CE to v10.4.0
- docker: upgrade to ubuntu xenial as baseimage
- golang: update to 1.9.3
**10.3.6**
- gitlab: upgrade CE to v10.3.6
@ -131,7 +612,7 @@ https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) for the list o
**9.3.8**
- gitlab: upgrade to CE v9.3.8
- Added RE2 library to build dependencies ([issue 35342](https://gitlab.com/gitlab-org/gitlab-ce/issues/35342))
- Added RE2 library to build dependencies ([issue 35342](https://gitlab.com/gitlab-org/gitlab-foss/issues/35342))
**9.3.7**
- gitlab: upgrade to CE v9.3.7

66
Dockerfile
View File

@ -1,13 +1,16 @@
FROM sameersbn/ubuntu:14.04.20180124
LABEL maintainer="sameer@damagehead.com"
FROM ubuntu:bionic-20191010
ENV GITLAB_VERSION=10.3.6 \
RUBY_VERSION=2.3 \
GOLANG_VERSION=1.8.3 \
GITLAB_SHELL_VERSION=5.10.2 \
GITLAB_WORKHORSE_VERSION=3.3.1 \
GITLAB_PAGES_VERSION=0.6.0 \
GITALY_SERVER_VERSION=0.59.2 \
ARG BUILD_DATE
ARG VCS_REF
ARG VERSION=12.5.5
ENV GITLAB_VERSION=${VERSION} \
RUBY_VERSION=2.6 \
GOLANG_VERSION=1.12.14 \
GITLAB_SHELL_VERSION=10.2.0 \
GITLAB_WORKHORSE_VERSION=8.14.1 \
GITLAB_PAGES_VERSION=1.12.0 \
GITALY_SERVER_VERSION=1.72.1 \
GITLAB_USER="git" \
GITLAB_HOME="/home/git" \
GITLAB_LOG_DIR="/var/log/gitlab" \
@ -17,36 +20,40 @@ ENV GITLAB_VERSION=10.3.6 \
ENV GITLAB_INSTALL_DIR="${GITLAB_HOME}/gitlab" \
GITLAB_SHELL_INSTALL_DIR="${GITLAB_HOME}/gitlab-shell" \
GITLAB_WORKHORSE_INSTALL_DIR="${GITLAB_HOME}/gitlab-workhorse" \
GITLAB_PAGES_INSTALL_DIR="${GITLAB_HOME}/gitlab-pages" \
GITLAB_GITALY_INSTALL_DIR="${GITLAB_HOME}/gitaly" \
GITLAB_DATA_DIR="${GITLAB_HOME}/data" \
GITLAB_BUILD_DIR="${GITLAB_CACHE_DIR}/build" \
GITLAB_RUNTIME_DIR="${GITLAB_CACHE_DIR}/runtime"
RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv E1DD270288B4E6030699E45FA1715D88E1DF1F24 \
&& echo "deb http://ppa.launchpad.net/git-core/ppa/ubuntu trusty main" >> /etc/apt/sources.list \
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
wget ca-certificates apt-transport-https gnupg2
RUN set -ex && \
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv E1DD270288B4E6030699E45FA1715D88E1DF1F24 \
&& echo "deb http://ppa.launchpad.net/git-core/ppa/ubuntu bionic main" >> /etc/apt/sources.list \
&& apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 80F70E11F0F0D5F10CB20E62F5DA5F09C3173AA6 \
&& echo "deb http://ppa.launchpad.net/brightbox/ruby-ng/ubuntu trusty main" >> /etc/apt/sources.list \
&& echo "deb http://ppa.launchpad.net/brightbox/ruby-ng/ubuntu bionic main" >> /etc/apt/sources.list \
&& apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 8B3981E7A6852F782CC4951600A6F0A3C300EE8C \
&& echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu trusty main" >> /etc/apt/sources.list \
&& echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu bionic main" >> /etc/apt/sources.list \
&& wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
&& echo 'deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main' > /etc/apt/sources.list.d/pgdg.list \
&& echo 'deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main' > /etc/apt/sources.list.d/pgdg.list \
&& wget --quiet -O - https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \
&& echo 'deb https://deb.nodesource.com/node_8.x trusty main' > /etc/apt/sources.list.d/nodesource.list \
&& echo 'deb https://deb.nodesource.com/node_12.x bionic main' > /etc/apt/sources.list.d/nodesource.list \
&& wget --quiet -O - https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
&& echo 'deb https://dl.yarnpkg.com/debian/ stable main' > /etc/apt/sources.list.d/yarn.list \
&& set -ex \
&& apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y supervisor logrotate locales curl \
nginx openssh-server mysql-client postgresql-client redis-tools \
git-core ruby${RUBY_VERSION} python2.7 python-docutils nodejs yarn gettext-base \
libmysqlclient18 libpq5 zlib1g libyaml-0-2 libssl1.0.0 \
libgdbm3 libreadline6 libncurses5 libffi6 \
libxml2 libxslt1.1 libcurl3 libicu52 \
&& DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
sudo supervisor logrotate locales curl \
nginx openssh-server postgresql-client-10 postgresql-contrib-10 redis-tools \
git-core ruby${RUBY_VERSION} python3 python3-docutils nodejs yarn gettext-base graphicsmagick \
libpq5 zlib1g libyaml-0-2 libssl1.0.0 \
libgdbm5 libreadline7 libncurses5 libffi6 \
libxml2 libxslt1.1 libcurl4 libicu60 libre2-dev tzdata unzip libimage-exiftool-perl \
&& update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \
&& locale-gen en_US.UTF-8 \
&& DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales \
&& gem install --no-document bundler \
&& gem install --no-document bundler -v 1.17.3 \
&& rm -rf /var/lib/apt/lists/*
COPY assets/build/ ${GITLAB_BUILD_DIR}/
@ -56,6 +63,17 @@ COPY assets/runtime/ ${GITLAB_RUNTIME_DIR}/
COPY entrypoint.sh /sbin/entrypoint.sh
RUN chmod 755 /sbin/entrypoint.sh
LABEL \
maintainer="sameer@damagehead.com" \
org.label-schema.schema-version="1.0" \
org.label-schema.build-date=${BUILD_DATE} \
org.label-schema.name=gitlab \
org.label-schema.vendor=damagehead \
org.label-schema.url="https://github.com/sameersbn/docker-gitlab" \
org.label-schema.vcs-url="https://github.com/sameersbn/docker-gitlab.git" \
org.label-schema.vcs-ref=${VCS_REF} \
com.damagehead.gitlab.license=MIT
EXPOSE 22/tcp 80/tcp 443/tcp
VOLUME ["${GITLAB_DATA_DIR}", "${GITLAB_LOG_DIR}"]

344
README.md
View File

@ -1,7 +1,7 @@
[![Docker Repository on Quay.io](https://quay.io/repository/sameersbn/gitlab/status "Docker Repository on Quay.io")](https://quay.io/repository/sameersbn/gitlab)
[![](https://images.microbadger.com/badges/image/sameersbn/gitlab.svg)](http://microbadger.com/images/sameersbn/gitlab "Get your own image badge on microbadger.com")
# sameersbn/gitlab:10.3.6
# sameersbn/gitlab:12.5.5
- [Introduction](#introduction)
- [Changelog](Changelog.md)
@ -18,10 +18,6 @@
- [PostgreSQL (Recommended)](#postgresql)
- [External PostgreSQL Server](#external-postgresql-server)
- [Linking to PostgreSQL Container](#linking-to-postgresql-container)
- [MySQL](#mysql)
- [Internal MySQL Server](#internal-mysql-server)
- [External MySQL Server](#external-mysql-server)
- [Linking to MySQL Container](#linking-to-mysql-container)
- [Redis](#redis)
- [Internal Redis Server](#internal-redis-server)
- [External Redis Server](#external-redis-server)
@ -49,9 +45,11 @@
- [SAML](#saml)
- [Crowd](#crowd)
- [Microsoft Azure](#microsoft-azure)
- [Gitlab Pages](#gitlab-pages)
- [External Issue Trackers](#external-issue-trackers)
- [Host UID / GID Mapping](#host-uid--gid-mapping)
- [Piwik](#piwik)
- [Exposing ssh port in dockerized gitlab-ce](docs/exposing-ssh-port.md)
- [Available Configuration Parameters](#available-configuration-parameters)
- [Maintenance](#maintenance)
- [Creating Backups](#creating-backups)
@ -71,9 +69,9 @@
Dockerfile to build a [GitLab](https://about.gitlab.com/) image for the [Docker](https://www.docker.com/products/docker-engine) opensource container platform.
GitLab CE is set up in the Docker image using the [install from source](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/install/installation.md) method as documented in the the official GitLab documentation.
GitLab CE is set up in the Docker image using the [install from source](https://docs.gitlab.com/ce/install/installation.html) method as documented in the the official GitLab documentation.
For other methods to install GitLab please refer to the [Official GitLab Installation Guide](https://about.gitlab.com/installation/) which includes a [GitLab image for Docker](https://gitlab.com/gitlab-org/gitlab-ce/tree/master/docker).
For other methods to install GitLab please refer to the [Official GitLab Installation Guide](https://about.gitlab.com/install/) which includes a [GitLab image for Docker](https://docs.gitlab.com/omnibus/docker/).
# Contributing
@ -126,7 +124,7 @@ Automated builds of the image are available on [Dockerhub](https://hub.docker.co
> **Note**: Builds are also available on [Quay.io](https://quay.io/repository/sameersbn/gitlab)
```bash
docker pull sameersbn/gitlab:10.3.6
docker pull sameersbn/gitlab:12.5.5
```
You can also pull the `latest` tag which is built from the repository *HEAD*
@ -173,7 +171,7 @@ docker run --name gitlab-postgresql -d \
--env 'DB_USER=gitlab' --env 'DB_PASS=password' \
--env 'DB_EXTENSION=pg_trgm' \
--volume /srv/docker/gitlab/postgresql:/var/lib/postgresql \
sameersbn/postgresql:9.6-2
sameersbn/postgresql:10-2
```
Step 2. Launch a redis container
@ -181,7 +179,7 @@ Step 2. Launch a redis container
```bash
docker run --name gitlab-redis -d \
--volume /srv/docker/gitlab/redis:/var/lib/redis \
sameersbn/redis:latest
sameersbn/redis:4.0.9-2
```
Step 3. Launch the gitlab container
@ -195,7 +193,7 @@ docker run --name gitlab -d \
--env 'GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alpha-numeric-string' \
--env 'GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alpha-numeric-string' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:10.3.6
sameersbn/gitlab:12.5.5
```
*Please refer to [Available Configuration Parameters](#available-configuration-parameters) to understand `GITLAB_PORT` and other configuration options*
@ -230,14 +228,14 @@ Volumes can be mounted in docker by specifying the `-v` option in the docker run
```bash
docker run --name gitlab -d \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:10.3.6
sameersbn/gitlab:12.5.5
```
## Database
GitLab uses a database backend to store its data. You can configure this image to use either MySQL or PostgreSQL.
GitLab uses a database backend to store its data. You can configure this image to use PostgreSQL.
*Note: GitLab HQ recommends using PostgreSQL over MySQL*
*Note: GitLab requieres PostgreSQL now. So use an older image < 12.1 or migrate to PostgresSQL*
### PostgreSQL
@ -259,25 +257,25 @@ We are now ready to start the GitLab application.
```bash
docker run --name gitlab -d \
--env 'DB_ADAPTER=postgresql' --env 'DB_HOST=192.168.1.100' \
--env 'DB_HOST=192.168.1.100' \
--env 'DB_NAME=gitlabhq_production' \
--env 'DB_USER=gitlab' --env 'DB_PASS=password' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:10.3.6
sameersbn/gitlab:12.5.5
```
#### Linking to PostgreSQL Container
You can link this image with a postgresql container for the database requirements. The alias of the postgresql server container should be set to **postgresql** while linking with the gitlab image.
If a postgresql container is linked, only the `DB_ADAPTER`, `DB_HOST` and `DB_PORT` settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the `DB_NAME`, `DB_USER`, `DB_PASS` and so on.
If a postgresql container is linked, only the `DB_HOST` and `DB_PORT` settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the `DB_NAME`, `DB_USER`, `DB_PASS` and so on.
To illustrate linking with a postgresql container, we will use the [sameersbn/postgresql](https://github.com/sameersbn/docker-postgresql) image. When using postgresql image in production you should mount a volume for the postgresql data store. Please refer the [README](https://github.com/sameersbn/docker-postgresql/blob/master/README.md) of docker-postgresql for details.
First, lets pull the postgresql image from the docker index.
```bash
docker pull sameersbn/postgresql:9.6-2
docker pull sameersbn/postgresql:10-2
```
For data persistence lets create a store for the postgresql and start the container.
@ -297,7 +295,7 @@ docker run --name gitlab-postgresql -d \
--env 'DB_USER=gitlab' --env 'DB_PASS=password' \
--env 'DB_EXTENSION=pg_trgm' \
--volume /srv/docker/gitlab/postgresql:/var/lib/postgresql \
sameersbn/postgresql:9.6-2
sameersbn/postgresql:10-2
```
The above command will create a database named `gitlabhq_production` and also create a user named `gitlab` with the password `password` with access to the `gitlabhq_production` database.
@ -307,7 +305,7 @@ We are now ready to start the GitLab application.
```bash
docker run --name gitlab -d --link gitlab-postgresql:postgresql \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:10.3.6
sameersbn/gitlab:12.5.5
```
Here the image will also automatically fetch the `DB_NAME`, `DB_USER` and `DB_PASS` variables from the postgresql container as they are specified in the `docker run` command for the postgresql container. This is made possible using the magic of docker links and works with the following images:
@ -317,103 +315,6 @@ Here the image will also automatically fetch the `DB_NAME`, `DB_USER` and `DB_PA
- [orchardup/postgresql](https://hub.docker.com/r/orchardup/postgresql/)
- [paintedfox/postgresql](https://hub.docker.com/r/paintedfox/postgresql/)
### MySQL
#### Internal MySQL Server
The internal mysql server has been removed from the image. Please use a [linked mysql](#linking-to-mysql-container) container or specify a connection to a [external mysql](#external-mysql-server) server.
If you have been using the internal mysql server follow these instructions to migrate to a linked mysql container:
Assuming that your mysql data is available at `/srv/docker/gitlab/mysql`
```bash
docker run --name gitlab-mysql -d \
--volume /srv/docker/gitlab/mysql:/var/lib/mysql \
sameersbn/mysql:latest
```
This will start a mysql container with your existing mysql data. Now login to the mysql container and create a user for the existing `gitlabhq_production` database.
All you need to do now is link this mysql container to the gitlab ci container using the `--link gitlab-mysql:mysql` option and provide the `DB_NAME`, `DB_USER` and `DB_PASS` parameters.
Refer to [Linking to MySQL Container](#linking-to-mysql-container) for more information.
#### External MySQL Server
The image can be configured to use an external MySQL database. The database configuration should be specified using environment variables while starting the GitLab image.
Before you start the GitLab image create user and database for gitlab.
```sql
CREATE USER 'gitlab'@'%.%.%.%' IDENTIFIED BY 'password';
CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
GRANT ALL PRIVILEGES ON `gitlabhq_production`.* TO 'gitlab'@'%.%.%.%';
```
We are now ready to start the GitLab application.
*Assuming that the mysql server host is 192.168.1.100*
```bash
docker run --name gitlab -d \
--env 'DB_ADAPTER=mysql2' --env 'DB_HOST=192.168.1.100' \
--env 'DB_NAME=gitlabhq_production' \
--env 'DB_USER=gitlab' --env 'DB_PASS=password' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:10.3.6
```
#### Linking to MySQL Container
You can link this image with a mysql container for the database requirements. The alias of the mysql server container should be set to **mysql** while linking with the gitlab image.
If a mysql container is linked, only the `DB_ADAPTER`, `DB_HOST` and `DB_PORT` settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the `DB_NAME`, `DB_USER`, `DB_PASS` and so on.
To illustrate linking with a mysql container, we will use the [sameersbn/mysql](https://github.com/sameersbn/docker-mysql) image. When using docker-mysql in production you should mount a volume for the mysql data store. Please refer the [README](https://github.com/sameersbn/docker-mysql/blob/master/README.md) of docker-mysql for details.
First, lets pull the mysql image from the docker index.
```bash
docker pull sameersbn/mysql:latest
```
For data persistence lets create a store for the mysql and start the container.
SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.
```bash
mkdir -p /srv/docker/gitlab/mysql
sudo chcon -Rt svirt_sandbox_file_t /srv/docker/gitlab/mysql
```
The run command looks like this.
```bash
docker run --name gitlab-mysql -d \
--env 'DB_NAME=gitlabhq_production' \
--env 'DB_USER=gitlab' --env 'DB_PASS=password' \
--volume /srv/docker/gitlab/mysql:/var/lib/mysql \
sameersbn/mysql:latest
```
The above command will create a database named `gitlabhq_production` and also create a user named `gitlab` with the password `password` with full/remote access to the `gitlabhq_production` database.
We are now ready to start the GitLab application.
```bash
docker run --name gitlab -d --link gitlab-mysql:mysql \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:10.3.6
```
Here the image will also automatically fetch the `DB_NAME`, `DB_USER` and `DB_PASS` variables from the mysql container as they are specified in the `docker run` command for the mysql container. This is made possible using the magic of docker links and works with the following images:
- [mysql](https://hub.docker.com/_/mysql/)
- [sameersbn/mysql](https://quay.io/repository/sameersbn/mysql/)
- [centurylink/mysql](https://hub.docker.com/r/centurylink/mysql/)
- [orchardup/mysql](https://hub.docker.com/r/orchardup/mysql/)
## Redis
GitLab uses the redis server for its key-value data store. The redis server connection details can be specified using environment variables.
@ -431,7 +332,7 @@ The image can be configured to use an external redis server. The configuration s
```bash
docker run --name gitlab -it --rm \
--env 'REDIS_HOST=192.168.1.100' --env 'REDIS_PORT=6379' \
sameersbn/gitlab:10.3.6
sameersbn/gitlab:12.5.5
```
### Linking to Redis Container
@ -443,7 +344,7 @@ To illustrate linking with a redis container, we will use the [sameersbn/redis](
First, lets pull the redis image from the docker index.
```bash
docker pull sameersbn/redis:latest
docker pull sameersbn/redis:4.0.9-2
```
Lets start the redis container
@ -451,14 +352,14 @@ Lets start the redis container
```bash
docker run --name gitlab-redis -d \
--volume /srv/docker/gitlab/redis:/var/lib/redis \
sameersbn/redis:latest
sameersbn/redis:4.0.9-2
```
We are now ready to start the GitLab application.
```bash
docker run --name gitlab -d --link gitlab-redis:redisio \
sameersbn/gitlab:10.3.6
sameersbn/gitlab:12.5.5
```
### Mail
@ -471,7 +372,7 @@ If you are using Gmail then all you need to do is:
docker run --name gitlab -d \
--env 'SMTP_USER=USER@gmail.com' --env 'SMTP_PASS=PASSWORD' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:10.3.6
sameersbn/gitlab:12.5.5
```
Please refer the [Available Configuration Parameters](#available-configuration-parameters) section for the list of SMTP parameters that can be specified.
@ -491,7 +392,7 @@ docker run --name gitlab -d \
--env 'IMAP_USER=USER@gmail.com' --env 'IMAP_PASS=PASSWORD' \
--env 'GITLAB_INCOMING_EMAIL_ADDRESS=USER+%{key}@gmail.com' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:10.3.6
sameersbn/gitlab:12.5.5
```
Please refer the [Available Configuration Parameters](#available-configuration-parameters) section for the list of IMAP parameters that can be specified.
@ -568,7 +469,7 @@ docker run --name gitlab -d \
--env 'GITLAB_SSH_PORT=10022' --env 'GITLAB_PORT=10443' \
--env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:10.3.6
sameersbn/gitlab:12.5.5
```
In this configuration, any requests made over the plain http protocol will automatically be redirected to use the https protocol. However, this is not optimal when using a load balancer.
@ -584,7 +485,7 @@ docker run --name gitlab -d \
--env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \
--env 'NGINX_HSTS_MAXAGE=2592000' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:10.3.6
sameersbn/gitlab:12.5.5
```
If you want to completely disable HSTS set `NGINX_HSTS_ENABLED` to `false`.
@ -607,7 +508,7 @@ docker run --name gitlab -d \
--env 'GITLAB_SSH_PORT=10022' --env 'GITLAB_PORT=443' \
--env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:10.3.6
sameersbn/gitlab:12.5.5
```
Again, drop the `--env 'SSL_SELF_SIGNED=true'` option if you are using CA certified SSL certificates.
@ -627,8 +528,8 @@ This is simply done by adding the servers certificate into their list of trusted
Again, this is a client side configuration which means that everyone who is going to communicate with the server should perform this configuration on their machine. In short, distribute the `gitlab.crt` file among your developers and ask them to add it to their list of trusted ssl certificates. Failure to do so will result in errors that look like this:
```bash
git clone https://git.local.host/gitlab-ce.git
fatal: unable to access 'https://git.local.host/gitlab-ce.git': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
git clone https://git.local.host/gitlab-foss.git
fatal: unable to access 'https://git.local.host/gitlab-foss.git': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
```
You can do the same at the web browser. Instructions for installing the root certificate for firefox can be found [here](http://portal.threatpulse.com/docs/sol/Content/03Solutions/ManagePolicy/SSL/ssl_firefox_cert_ta.htm). You will find similar options chrome, just make sure you install the certificate under the authorities tab of the certificate manager dialog.
@ -655,7 +556,7 @@ Let's assume we want to deploy our application to '/git'. GitLab needs to know t
docker run --name gitlab -it --rm \
--env 'GITLAB_RELATIVE_URL_ROOT=/git' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:10.3.6
sameersbn/gitlab:12.5.5
```
GitLab will now be accessible at the `/git` path, e.g. `http://www.example.com/git`.
@ -766,6 +667,51 @@ Once you have the Client ID, Client secret and Tenant ID generated, configure th
For example, if your Client ID is `xxx`, the Client secret is `yyy` and the Tenant ID is `zzz`, then adding `--env 'OAUTH_AZURE_API_KEY=xxx' --env 'OAUTH_AZURE_API_SECRET=yyy' --env 'OAUTH_AZURE_TENANT_ID=zzz'` to the docker run command enables support for Microsoft Azure OAuth.
### Gitlab Pages
Gitlab Pages allows a user to host static websites from a project. Gitlab pages can be enabled with setting the envrionment variable `GITLAB_PAGES_ENABLED` to `true`.
### Gitlab Pages Access Control
Since version `11.5.0` Gitlab pages supports access control. This allows only access to a published website if you are a project member, or have access to a certain project.
Gitlab pages access control requires additional configuration before activating it through the variable `GITLAB_PAGES_ACCESS_CONTROL`.
Gitab pages access control makes use of the Gitlab OAuth Module.
- Goto the Gitlab Admin area
- Select `Applications` in the menu
- Create `New Application`
- Name: `Gitlab Pages`
- Scopes:
- api
- Trusted: NO (Do not select)
- Redirect URI: https://projects.<GITLAB_PAGES_DOMAIN>/auth
Note about the `Redirect URI`; this can be tricky to configure or figure out, What needs to be achieved is to following, the redirect URI needs to end up at the `gitlab-pages` daemon with the `/auth` endpoint.
This means that if you run your gitlab pages at domain `pages.example.io` this will be a wilcard domain where your projects are created based on their namespace. The best trick is to enter a NON-Existing gitlab project pages URI as the redirect URI.
In the example above; the pages domain `projects` has been chosen. This will cause the nginx, either the built in or your own loadbalancer to redirect `*.<GITLAB_PAGES_DOMAIN>` to the `gitlab-pages` daemon. Which will trigger the pages endpoint.
Make sure to choose own which does not exist and make sure that the request is routed to the `gitlab-pages` daemon if you are using your own HTTP load balancer in front of Gitlab.
After creating the OAuth application endpoint for the Gitlab Pages Daemon. Gitlab pages access control can now be enabled.
Add to following environment variables to your Gitlab Container.
| Variable | R/O | Description |
|----------|-----|-------------|
| GITLAB_PAGES_ACCESS_CONTROL | Required | Set to `true` to enable access control. |
| GITLAB_PAGES_ACCESS_SECRET | Optional | Secret Hash, minimal 32 characters, if omitted, it will be auto generated. |
| GITLAB_PAGES_ACCESS_CONTROL_SERVER | Required | Gitlab instance URI, example: `https://gitlab.example.io` |
| GITLAB_PAGES_ACCESS_CLIENT_ID | Required | Client ID from earlier generated OAuth application |
| GITLAB_PAGES_ACCESS_CLIENT_SECRET | Required | Client Secret from earlier genereated OAuth application |
| GITLAB_PAGES_ACCESS_REDIRECT_URI | Required | Redirect URI, non existing pages domain to redirect to pages daemon, `https://projects.example.io` |
After you have enabled the gitlab pages access control. When you go to a project `General Settings` -> `Permissions` you can choose the pages persmission level for the project.
### External Issue Trackers
Since version `7.10.0` support for external issue trackers can be enabled in the "Service Templates" section of the settings panel.
@ -783,14 +729,14 @@ Also the container processes seem to be executed as the host's user/group `1000`
```bash
docker run --name gitlab -it --rm [options] \
--env "USERMAP_UID=$(id -u git)" --env "USERMAP_GID=$(id -g git)" \
sameersbn/gitlab:10.3.6
sameersbn/gitlab:12.5.5
```
When changing this mapping, all files and directories in the mounted data volume `/home/git/data` have to be re-owned by the new ids. This can be achieved automatically using the following command:
```bash
docker run --name gitlab -d [OPTIONS] \
sameersbn/gitlab:10.3.6 app:sanitize
sameersbn/gitlab:12.5.5 app:sanitize
```
### Piwik
@ -801,9 +747,11 @@ These options should contain something like:
- `PIWIK_URL=piwik.example.org`
- `PIWIK_SITE_ID=42`
### Available Configuration Parameters
*Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose.*
*Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose. docker-compose users and Docker Swarm mode users can also use the [secrets and config file options](#docker-secrets-and-configs)*
Below is the complete list of available options that can be used to customize your gitlab installation.
@ -824,9 +772,14 @@ Below is the complete list of available options that can be used to customize yo
| `GITLAB_EMAIL_REPLY_TO` | The reply-to address of emails sent out by GitLab. Defaults to value of `GITLAB_EMAIL`, else defaults to `noreply@example.com`. |
| `GITLAB_EMAIL_SUBJECT_SUFFIX` | The e-mail subject suffix used in e-mails sent by GitLab. No defaults. |
| `GITLAB_EMAIL_ENABLED` | Enable or disable gitlab mailer. Defaults to the `SMTP_ENABLED` configuration. |
| `GITLAB_EMAIL_SMIME_ENABLE` | Enable or disable email S/MIME signing. Defaults is `false`. |
| `GITLAB_EMAIL_SMIME_KEY_FILE` | Specifies the path to a S/MIME private key file in PEM format, unencrypted. Defaults to ``. |
| `GITLAB_EMAIL_SMIME_CERT_FILE` | Specifies the path to a S/MIME public certificate key in PEM format. Defaults to ``. |
| `GITLAB_DEFAULT_THEME` | Default theme ID, by default 2. (1 - Indigo, 2 - Dark, 3 - Light, 4 - Blue, 5 - Green, 6 - Light Indigo, 7 - Light Blue, 8 - Light Green, 9 - Red, 10 - Light Red) |
| `GITLAB_INCOMING_EMAIL_ADDRESS` | The incoming email address for reply by email. Defaults to the value of `IMAP_USER`, else defaults to `reply@example.com`. Please read the [reply by email](http://doc.gitlab.com/ce/incoming_email/README.html) documentation to currently set this parameter. |
| `GITLAB_INCOMING_EMAIL_ENABLED` | Enable or disable gitlab reply by email feature. Defaults to the value of `IMAP_ENABLED`. |
| `GITLAB_SIGNUP_ENABLED` | Enable or disable user signups (first run only). Default is `true`. |
| `GITLAB_IMPERSONATION_ENABLED` | Enable or disable impersonation. Defaults to `true`. |
| `GITLAB_PROJECTS_LIMIT` | Set default projects limit. Defaults to `100`. |
| `GITLAB_USERNAME_CHANGE` | Enable or disable ability for users to change their username. Defaults to `true`. |
| `GITLAB_CREATE_GROUP` | Enable or disable ability for users to create groups. Defaults to `true`. |
@ -841,14 +794,67 @@ Below is the complete list of available options that can be used to customize yo
| `GITLAB_NOTIFY_PUSHER` | Add pusher to recipients list of broken build notification emails. Defaults to `false` |
| `GITLAB_REPOS_DIR` | The git repositories folder in the container. Defaults to `/home/git/data/repositories` |
| `GITLAB_BACKUP_DIR` | The backup folder in the container. Defaults to `/home/git/data/backups` |
| `GITLAB_BACKUP_DIR_CHOWN` | Optionally change ownership of backup files on start-up. Defaults to `true` |
| `GITLAB_BACKUP_DIR_GROUP` | Optionally group backups into a subfolder. Can also be used to place backups in to a subfolder on remote storage. Not used by default. |
| `GITLAB_BUILDS_DIR` | The build traces directory. Defaults to `/home/git/data/builds` |
| `GITLAB_DOWNLOADS_DIR` | The repository downloads directory. A temporary zip is created in this directory when users click **Download Zip** on a project. Defaults to `/home/git/data/tmp/downloads`. |
| `GITLAB_SHARED_DIR` | The directory to store the build artifacts. Defaults to `/home/git/data/shared` |
| `GITLAB_ARTIFACTS_ENABLED` | Enable/Disable GitLab artifacts support. Defaults to `true`. |
| `GITLAB_ARTIFACTS_DIR` | Directory to store the artifacts. Defaults to `$GITLAB_SHARED_DIR/artifacts` |
| `GITLAB_PIPELINE_SCHEDULE_WORKER_CRON` | Cron notation for the Gitlab pipeline schedule worker. Defaults to `'0 */12 * * *'` |
| `AWS_ACCESS_KEY_ID`| Default AWS access key to be used for object store. Defaults to `AWS_ACCESS_KEY_ID`|
| `AWS_SECRET_ACCESS_KEY`| Default AWS access key to be used for object store. Defaults to `AWS_SECRET_ACCESS_KEY`|
| `GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT`| Default Google project to use for Object Store.|
| `GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL`| Default Google service account email to use for Object Store.|
| `GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION`| Default Google key file Defaults to `/gcs/key.json`|
| `GITLAB_OBJECT_STORE_CONNECTION_PROVIDER`| Default object store connection provider. Defaults to `AWS`|
| `GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED` | Enables Object Store for Artifacts that will be remote stored. Defaults to `false` |
| `GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY` | Bucket name to store the artifacts. Defaults to `artifacts` |
| `GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD` | Set to true to enable direct upload of Artifacts without the need of local shared storage. Defaults to `false` |
| `GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD` | Temporary option to limit automatic upload. Defaults to `false` |
| `GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD` | Passthrough all downloads via GitLab instead of using Redirects to Object Storage. Defaults to `false` |
| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER` | Connection Provider for the Object Store. (`AWS` or `Google`) Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER` (`AWS`) |
| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID` | AWS Access Key ID for the Bucket. Defaults to `$AWS_ACCESS_KEY_ID` |
| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY` | AWS Secret Access Key. Defaults to `$AWS_SECRET_ACCESS_KEY` |
| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_REGION` | AWS Region. Defaults to `us-east-1` |
| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST` | Configure this for an compatible AWS host like minio. Defaults to `s3.amazonaws.com` |
| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT` | AWS Endpoint like `http://127.0.0.1:9000`. Defaults to `nil` |
| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE` | Changes AWS Path Style to 'host/bucket_name/object' instead of 'bucket_name.host/object'. Defaults to `true` |
| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT`| Google project. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT`|
| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL`| Google service account. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL`|
| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION`| Default Google key file. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION` (`/gcs/key.json`)|
| `GITLAB_PIPELINE_SCHEDULE_WORKER_CRON` | Cron notation for the GitLab pipeline schedule worker. Defaults to `'19 * * * *'` |
| `GITLAB_LFS_ENABLED` | Enable/Disable Git LFS support. Defaults to `true`. |
| `GITLAB_LFS_OBJECTS_DIR` | Directory to store the lfs-objects. Defaults to `$GITLAB_SHARED_DIR/lfs-objects` |
| `GITLAB_LFS_OBJECT_STORE_ENABLED` | Enables Object Store for LFS that will be remote stored. Defaults to `false` |
| `GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY` | Bucket name to store the LFS. Defaults to `lfs-object` |
| `GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD` | Temporary option to limit automatic upload. Defaults to `false` |
| `GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD` | Passthrough all downloads via GitLab instead of using Redirects to Object Storage. Defaults to `false` |
| `GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER` | Connection Provider for the Object Store. (`AWS` or `Google`) Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER` (`AWS`) |
| `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID` | AWS Access Key ID for the Bucket. Defaults to `AWS_ACCESS_KEY_ID` |
| `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY` | AWS Secret Access Key. Defaults to `AWS_SECRET_ACCESS_KEY` |
| `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_REGION` | AWS Region. Defaults to `us-east-1` |
| `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST` | Configure this for an compatible AWS host like minio. Defaults to `s3.amazonaws.com` |
| `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT` | AWS Endpoint like `http://127.0.0.1:9000`. Defaults to `nil` |
| `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE` | Changes AWS Path Style to 'host/bucket_name/object' instead of 'bucket_name.host/object'. Defaults to `true` |
| `GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT`| Google project. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT`|
| `GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL`| Google service account. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL`|
| `GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION`| Default Google key file. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION` (`/gcs/key.json`)|
| `GITLAB_UPLOADS_STORAGE_PATH` | The location where uploads objects are stored. Defaults to `$GITLAB_SHARED_DIR/public`. |
| `GITLAB_UPLOADS_BASE_DIR` | Mapping for the `GITLAB_UPLOADS_STORAGE_PATH`. Defaults to `uploads/-/system` |
| `GITLAB_UPLOADS_OBJECT_STORE_ENABLED` | Enables Object Store for UPLOADS that will be remote stored. Defaults to `false` |
| `GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY` | Bucket name to store the UPLOADS. Defaults to `uploads` |
| `GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD` | Temporary option to limit automatic upload. Defaults to `false` |
| `GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD` | Passthrough all downloads via GitLab instead of using Redirects to Object Storage. Defaults to `false` |
| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER` | Connection Provider for the Object Store. (`AWS` or `Google`) Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER` (`AWS`) |
| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID` | AWS Access Key ID for the Bucket. Defaults to `AWS_ACCESS_KEY_ID` |
| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY` | AWS Secret Access Key. Defaults to `AWS_SECRET_ACCESS_KEY` |
| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_REGION` | AWS Region. Defaults to `us-east-1` |
| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST` | Configure this for an compatible AWS host like minio. Defaults to `s3.amazonaws.com` |
| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT` | AWS Endpoint like `http://127.0.0.1:9000`. Defaults to `nil` |
| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE` | Changes AWS Path Style to 'host/bucket_name/object' instead of 'bucket_name.host/object'. Defaults to `true` |
| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT`| Google project. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT`|
| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL`| Google service account. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL`|
| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION`| Default Google key file. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION` (`/gcs/key.json`)|
| `GITLAB_MATTERMOST_ENABLED` | Enable/Disable GitLab Mattermost for *Add Mattermost button*. Defaults to `false`. |
| `GITLAB_MATTERMOST_URL` | Sets Mattermost URL. Defaults to `https://mattermost.example.com`. |
| `GITLAB_BACKUP_SCHEDULE` | Setup cron job to automatic backups. Possible values `disable`, `daily`, `weekly` or `monthly`. Disabled by default |
@ -876,6 +882,13 @@ Below is the complete list of available options that can be used to customize yo
| `GITLAB_PAGES_ARTIFACTS_SERVER` | Set to `true` to enable pages artifactsserver, enabled by default. |
| `GITLAB_PAGES_EXTERNAL_HTTP` | Sets GitLab Pages external http to receive request on an independen port. Disabled by default |
| `GITLAB_PAGES_EXTERNAL_HTTPS` | Sets GitLab Pages external https to receive request on an independen port. Disabled by default |
| `GITLAB_PAGES_ACCESS_CONTROL` | Set to `true` to enable access control for pages. Allows access to a Pages site to be controlled based on a users membership to that project. Disabled by default. |
| `GITLAB_PAGES_NGINX_PROXY` | Disable the nginx proxy for gitlab pages, defaults to `true`. When set to `false` this will turn off the nginx proxy to the gitlab pages daemon, used when the user provides their own http load balancer in combination with a gitlab pages custom domain setup. |
| `GITLAB_PAGES_ACCESS_SECRET` | Secret Hash, minimal 32 characters, if omitted, it will be auto generated. |
| `GITLAB_PAGES_ACCESS_CONTROL_SERVER` | Gitlab instance URI, example: `https://gitlab.example.io` |
| `GITLAB_PAGES_ACCESS_CLIENT_ID` | Client ID from earlier generated OAuth application |
| `GITLAB_PAGES_ACCESS_CLIENT_SECRET` | Client Secret from earlier genereated OAuth application |
| `GITLAB_PAGES_ACCESS_REDIRECT_URI` | Redirect URI, non existing pages domain to redirect to pages daemon, `https://projects.example.io/auth` |
| `GITLAB_HTTPS` | Set to `true` to enable https support, disabled by default. |
| `GITALY_CLIENT_PATH` | Set default path for gitaly. defaults to `/home/git/gitaly` |
| `GITALY_TOKEN` | Set a gitaly token, blank by default. |
@ -912,15 +925,16 @@ Below is the complete list of available options that can be used to customize yo
| `SIDEKIQ_CONCURRENCY` | The number of concurrent sidekiq jobs to run. Defaults to `25` |
| `SIDEKIQ_SHUTDOWN_TIMEOUT` | Timeout for sidekiq shutdown. Defaults to `4` |
| `SIDEKIQ_MEMORY_KILLER_MAX_RSS` | Non-zero value enables the SidekiqMemoryKiller. Defaults to `1000000`. For additional options refer [Configuring the MemoryKiller](http://doc.gitlab.com/ce/operations/sidekiq_memory_killer.html) |
| `DB_ADAPTER` | The database type. Possible values: `mysql2`, `postgresql`. Defaults to `postgresql`. |
| `DB_ENCODING` | The database encoding. For `DB_ADAPTER` values `postresql` and `mysql2`, this parameter defaults to `unicode` and `utf8` respectively. |
| `DB_COLLATION` | The database collation. Defaults to `utf8_general_ci` for `DB_ADAPTER` `mysql2`. This parameter is not supported for `DB_ADAPTER` `postresql` and will be removed. |
| `GITLAB_SIDEKIQ_LOG_FORMAT` | Sidekiq log format that will be used. Defaults to `json` |
| `DB_ADAPTER` | The database type. Currently only postgresql is supported. Over 12.1 postgres force. Possible values: `postgresql`. Defaults to `postgresql`. |
| `DB_ENCODING` | The database encoding. For `DB_ADAPTER` values `postresql` this parameter defaults and `utf8` respectively. |
| `DB_HOST` | The database server hostname. Defaults to `localhost`. |
| `DB_PORT` | The database server port. Defaults to `3306` for mysql and `5432` for postgresql. |
| `DB_PORT` | The database server port. Defaults to `5432` for postgresql. |
| `DB_NAME` | The database database name. Defaults to `gitlabhq_production` |
| `DB_USER` | The database database user. Defaults to `root` |
| `DB_PASS` | The database database password. Defaults to no password |
| `DB_POOL` | The database database connection pool count. Defaults to `10`. |
| `DB_PREPARED_STATEMENTS` | Whether use database prepared statements. No defaults. But set to `false` if you want to use with [PgBouncer](https://pgbouncer.github.io/) |
| `SMTP_ENABLED` | Enable mail delivery via SMTP. Defaults to `true` if `SMTP_USER` is defined, else defaults to `false`. |
| `SMTP_DOMAIN` | SMTP domain. Defaults to` www.gmail.com` |
| `SMTP_HOST` | SMTP server host. Defaults to `smtp.gmail.com`. |
@ -959,6 +973,12 @@ Below is the complete list of available options that can be used to customize yo
| `LDAP_BLOCK_AUTO_CREATED_USERS` | Locks down those users until they have been cleared by the admin. Defaults to `false`. |
| `LDAP_BASE` | Base where we can search for users. No default. |
| `LDAP_USER_FILTER` | Filter LDAP users. No default. |
| `LDAP_USER_ATTRIBUTE_USERNAME` | Attribute fields for the identification of a user. Default to `['uid', 'userid', 'sAMAccountName']` |
| `LDAP_USER_ATTRIBUTE_MAIL` | Attribute fields for the shown mail address. Default to `['mail', 'email', 'userPrincipalName']` |
| `LDAP_USER_ATTRIBUTE_NAME` | Attribute field for the used username of a user. Default to `cn`. |
| `LDAP_USER_ATTRIBUTE_FIRSTNAME` | Attribute field for the forename of a user. Default to `givenName` |
| `LDAP_USER_ATTRIBUTE_LASTNAME` | Attribute field for the surname of a user. Default to `sn` |
| `LDAP_LOWERCASE_USERNAMES` | GitLab will lower case the username for the LDAP Server. Defaults to `false` |
| `OAUTH_ENABLED` | Enable OAuth support. Defaults to `true` if any of the support OAuth providers is configured, else defaults to `false`. |
| `OAUTH_AUTO_SIGN_IN_WITH_PROVIDER` | Automatically sign in with a specific OAuth provider without showing GitLab sign-in page. Accepted values are `cas3`, `github`, `bitbucket`, `gitlab`, `google_oauth2`, `facebook`, `twitter`, `saml`, `crowd`, `auth0` and `azure_oauth2`. No default. |
| `OAUTH_ALLOW_SSO` | Comma separated list of oauth providers for single sign-on. This allows users to login without having a user account. The account is created automatically when authentication is successful. Accepted values are `cas3`, `github`, `bitbucket`, `gitlab`, `google_oauth2`, `facebook`, `twitter`, `saml`, `crowd`, `auth0` and `azure_oauth2`. No default. |
@ -1000,6 +1020,7 @@ Below is the complete list of available options that can be used to customize yo
| `OAUTH_SAML_GROUPS_ATTRIBUTE` | Map groups attribute in a SAMLResponse to external groups. No defaults. |
| `OAUTH_SAML_EXTERNAL_GROUPS` | List of external groups in a SAMLResponse. Value is comma separated list of single quoted groups. Example: `'group1','group2'`. No defaults. |
| `OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL` | Map 'email' attribute name in a SAMLResponse to entries in the OmniAuth info hash, No defaults. See [GitLab documentation](http://doc.gitlab.com/ce/integration/saml.html#attribute_statements) for more details. |
| `OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME` | Map 'username' attribute in a SAMLResponse to entries in the OmniAuth info hash, No defaults. See [GitLab documentation](http://doc.gitlab.com/ce/integration/saml.html#attribute_statements) for more details. |
| `OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME` | Map 'name' attribute in a SAMLResponse to entries in the OmniAuth info hash, No defaults. See [GitLab documentation](http://doc.gitlab.com/ce/integration/saml.html#attribute_statements) for more details. |
| `OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME` | Map 'first_name' attribute in a SAMLResponse to entries in the OmniAuth info hash, No defaults. See [GitLab documentation](http://doc.gitlab.com/ce/integration/saml.html#attribute_statements) for more details. |
| `OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME` | Map 'last_name' attribute in a SAMLResponse to entries in the OmniAuth info hash, No defaults. See [GitLab documentation](http://doc.gitlab.com/ce/integration/saml.html#attribute_statements) for more details. |
@ -1009,6 +1030,7 @@ Below is the complete list of available options that can be used to customize yo
| `OAUTH_AUTH0_CLIENT_ID` | Auth0 Client ID. No defaults. |
| `OAUTH_AUTH0_CLIENT_SECRET` | Auth0 Client secret. No defaults. |
| `OAUTH_AUTH0_DOMAIN` | Auth0 Domain. No defaults. |
| `OAUTH_AUTH0_SCOPE` | Auth0 Scope. Defaults to `openid profile email`. |
| `OAUTH_AZURE_API_KEY` | Azure Client ID. No defaults. |
| `OAUTH_AZURE_API_SECRET` | Azure Client secret. No defaults. |
| `OAUTH_AZURE_TENANT_ID` | Azure Tenant ID. No defaults. |
@ -1029,6 +1051,7 @@ Below is the complete list of available options that can be used to customize yo
| `AWS_BACKUP_MULTIPART_CHUNK_SIZE` | Enables mulitpart uploads when file size reaches a defined size. See at [AWS S3 Docs](http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) |
| `AWS_BACKUP_ENCRYPTION` | Turns on AWS Server-Side Encryption. Defaults to `false`. See at [AWS S3 Docs](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) |
| `AWS_BACKUP_STORAGE_CLASS` | Configure the storage class for the item. Defaults to `STANDARD` See at [AWS S3 Docs](http://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) |
| `AWS_BACKUP_SIGNATURE_VERSION` | Configure the storage signature version. Defaults to `4` See at [AWS S3 Docs](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) |
| `GCS_BACKUPS` | Enables automatic uploads to an Google Cloud Storage (GCS) instance. Defaults to `false`. |
| `GCS_BACKUP_ACCESS_KEY_ID` | GCS access key id. No defaults |
| `GCS_BACKUP_SECRET_ACCESS_KEY` | GCS secret access key. No defaults |
@ -1040,6 +1063,27 @@ Below is the complete list of available options that can be used to customize yo
| `RACK_ATTACK_FINDTIME` | Number of seconds before resetting the per IP auth attempt counter. Defaults to `60`. |
| `RACK_ATTACK_BANTIME` | Number of seconds an IP should be banned after too many auth attempts. Defaults to `3600`. |
| `GITLAB_WORKHORSE_TIMEOUT` | Timeout for gitlab workhorse http proxy. Defaults to `5m0s`. |
| `SENTRY_ENABLED` | Enables Error Reporting and Logging with Sentry. Defaults to `false`. |
| `SENTRY_DSN` | Sentry DSN. No defaults. |
| `SENTRY_CLIENTSIDE_DSN` | Sentry clientside DSN. No defaults. |
| `SENTRY_ENVIRONMENT` | Sentry environment. Defaults to `production`. |
### Docker secrets and configs
All the above environment variables can be put into a [secrets](https://docs.docker.com/compose/compose-file/#secrets) or [config](https://docs.docker.com/compose/compose-file/#configs) file
and then both docker-compose and Docker Swarm can import them into your gitlab container.
On startup, the gitlab container will source env vars from a config file labeled `gitlab-config`, and then a secrets file labeled `gitlab-secrets` (both mounted in the default locations).
See the example [`contrib/docker-swarm/docker-compose.yml`](./contrib/docker-swarm/docker-compose.yml) file, and the
example `gitlab.configs` and `gitlab.secrets` file.
You may as well choose file names other than the example source files (`gitlab.configs` and `gitlab.secrets`) and update
the `file: ./gitlab.configs` and `file: ./gitlab.secrets` references accordingly. But do not alter the config
keys [`gitlab-configs`](contrib/docker-swarm/docker-compose.yml#L158) and
[`gitlab-secrets`](contrib/docker-swarm/docker-compose.yml#L162) as they are currently
[hardcoded](./assets/runtime/functions#L4:L9) and thus must be kept as in the example.
If you're not using one of these files, then don't include its entry in the docker-compose file.
# Maintenance
@ -1057,7 +1101,7 @@ Execute the rake task to create a backup.
```bash
docker run --name gitlab -it --rm [OPTIONS] \
sameersbn/gitlab:10.3.6 app:rake gitlab:backup:create
sameersbn/gitlab:12.5.5 app:rake gitlab:backup:create
```
A backup will be created in the backups folder of the [Data Store](#data-store). You can change the location of the backups using the `GITLAB_BACKUP_DIR` configuration parameter.
@ -1067,9 +1111,16 @@ A backup will be created in the backups folder of the [Data Store](#data-store).
When using `docker-compose` you may use the following command to execute the backup.
```bash
docker-compose rm -sf gitlab
docker-compose run --rm gitlab app:rake gitlab:backup:create
```
Afterwards you can bring your Instance back with the following command:
```bash
docker-compose up -d
```
## Restoring Backups
GitLab also defines a rake task to restore a backup.
@ -1085,14 +1136,14 @@ you need to prepare the database:
```bash
docker run --name gitlab -it --rm [OPTIONS] \
sameersbn/gitlab:10.3.6 app:rake db:setup
sameersbn/gitlab:12.5.5 app:rake db:setup
```
Execute the rake task to restore a backup. Make sure you run the container in interactive mode `-it`.
```bash
docker run --name gitlab -it --rm [OPTIONS] \
sameersbn/gitlab:10.3.6 app:rake gitlab:backup:restore
sameersbn/gitlab:12.5.5 app:rake gitlab:backup:restore
```
The list of all available backups will be displayed in reverse chronological order. Select the backup you want to restore and continue.
@ -1110,6 +1161,7 @@ docker-compose run --rm gitlab app:rake gitlab:backup:restore # List available b
docker-compose run --rm gitlab app:rake gitlab:backup:restore BACKUP=1515629493_2018_01_11_10.3.6 # Choose to restore from 1515629493
```
## Host Key Backups (ssh)
SSH keys are not backed up in the normal gitlab backup process. You
@ -1149,7 +1201,7 @@ The `app:rake` command allows you to run gitlab rake tasks. To run a rake task s
```bash
docker run --name gitlab -it --rm [OPTIONS] \
sameersbn/gitlab:10.3.6 app:rake gitlab:env:info
sameersbn/gitlab:12.5.5 app:rake gitlab:env:info
```
You can also use `docker exec` to run raketasks on running gitlab instance. For example,
@ -1162,7 +1214,7 @@ Similarly, to import bare repositories into GitLab project instance
```bash
docker run --name gitlab -it --rm [OPTIONS] \
sameersbn/gitlab:10.3.6 app:rake gitlab:import:repos
sameersbn/gitlab:12.5.5 app:rake gitlab:import:repos
```
Or
@ -1193,7 +1245,7 @@ Copy all the **bare** git repositories to the `repositories/` directory of the [
```bash
docker run --name gitlab -it --rm [OPTIONS] \
sameersbn/gitlab:10.3.6 app:rake gitlab:import:repos
sameersbn/gitlab:12.5.5 app:rake gitlab:import:repos
```
Watch the logs and your repositories should be available into your new gitlab container.
@ -1215,12 +1267,12 @@ To upgrade to newer gitlab releases, simply follow this 4 step upgrade procedure
> **Note**
>
> Upgrading to `sameersbn/gitlab:10.3.6` from `sameersbn/gitlab:7.x.x` can cause issues. It is therefore required that you first upgrade to `sameersbn/gitlab:8.0.5-1` before upgrading to `sameersbn/gitlab:8.1.0` or higher.
> Upgrading to `sameersbn/gitlab:12.5.5` from `sameersbn/gitlab:7.x.x` can cause issues. It is therefore required that you first upgrade to `sameersbn/gitlab:8.0.5-1` before upgrading to `sameersbn/gitlab:8.1.0` or higher.
- **Step 1**: Update the docker image.
```bash
docker pull sameersbn/gitlab:10.3.6
docker pull sameersbn/gitlab:12.5.5
```
- **Step 2**: Stop and remove the currently running image
@ -1246,7 +1298,7 @@ Replace `x.x.x` with the version you are upgrading from. For example, if you are
> **Note**: Since GitLab `8.11.0` you need to provide the `GITLAB_SECRETS_SECRET_KEY_BASE` and `GITLAB_SECRETS_OTP_KEY_BASE` parameters while starting the image. These should initially both have the same value as the contents of the `/home/git/data/.secret` file. See [Available Configuration Parameters](#available-configuration-parameters) for more information on these parameters.
```bash
docker run --name gitlab -d [OPTIONS] sameersbn/gitlab:10.3.6
docker run --name gitlab -d [OPTIONS] sameersbn/gitlab:12.5.5
```
## Shell Access

2
VERSION
View File

@ -1 +1 @@
10.3.6
12.5.5

139
assets/build/install.sh
View File

@ -1,25 +1,34 @@
#!/bin/bash
set -e
GITLAB_CLONE_URL=https://gitlab.com/gitlab-org/gitlab-ce.git
GITLAB_SHELL_URL=https://gitlab.com/gitlab-org/gitlab-shell/repository/archive.tar.gz
GITLAB_CLONE_URL=https://gitlab.com/gitlab-org/gitlab-foss.git
GITLAB_SHELL_URL=https://gitlab.com/gitlab-org/gitlab-shell/-/archive/v${GITLAB_SHELL_VERSION}/gitlab-shell-v${GITLAB_SHELL_VERSION}.tar.bz2
GITLAB_WORKHORSE_URL=https://gitlab.com/gitlab-org/gitlab-workhorse.git
GITLAB_PAGES_URL=https://gitlab.com/gitlab-org/gitlab-pages.git
GITLAB_GITALY_URL=https://gitlab.com/gitlab-org/gitaly.git
GITLAB_WORKHORSE_BUILD_DIR=/tmp/gitlab-workhorse
GITLAB_PAGES_BUILD_DIR=/tmp/gitlab-pages
GITLAB_GITALY_BUILD_DIR=/tmp/gitaly
GEM_CACHE_DIR="${GITLAB_BUILD_DIR}/cache"
GOROOT=/tmp/go
PATH=${GOROOT}/bin:$PATH
export GOROOT PATH
BUILD_DEPENDENCIES="gcc g++ make patch pkg-config cmake paxctl \
libc6-dev ruby${RUBY_VERSION}-dev \
libmysqlclient-dev libpq-dev zlib1g-dev libyaml-dev libssl-dev \
libpq-dev zlib1g-dev libyaml-dev libssl-dev \
libgdbm-dev libreadline-dev libncurses5-dev libffi-dev \
libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev \
gettext"
gettext libkrb5-dev"
## Execute a command as GITLAB_USER
exec_as_git() {
if [[ $(whoami) == ${GITLAB_USER} ]]; then
$@
if [[ $(whoami) == "${GITLAB_USER}" ]]; then
"$@"
else
sudo -HEu ${GITLAB_USER} "$@"
fi
@ -27,28 +36,15 @@ exec_as_git() {
# install build dependencies for gem installation
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y ${BUILD_DEPENDENCIES}
# Install RE2 library wich became dependencie since 9.3.8 version
# https://gitlab.com/gitlab-org/gitlab-ce/issues/35342
DEBIAN_FRONTEND=noninteractive apt-get install -y checkinstall
cd /tmp
git clone https://github.com/google/re2.git
cd re2/ && make && make test
checkinstall -D --install=no -y --pkgname=re2 --pkgversion=1-current
dpkg -i re2_1-current-1_amd64.deb
ldconfig
cd -
rm -rf /tmp/re2
DEBIAN_FRONTEND=noninteractive apt-get purge -y --auto-remove checkinstall
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ${BUILD_DEPENDENCIES}
# PaX-mark ruby
# Applying the mark late here does make the build usable on PaX kernels, but
# still the build itself must be executed on a non-PaX kernel. It's done here
# only for simplicity.
paxctl -Cm `which ruby${RUBY_VERSION}`
paxctl -cvm "$(command -v ruby${RUBY_VERSION})"
# https://en.wikibooks.org/wiki/Grsecurity/Application-specific_Settings#Node.js
paxctl -Cm `which nodejs`
paxctl -cvm "$(command -v nodejs)"
# remove the host keys generated during openssh-server installation
rm -rf /etc/ssh/ssh_host_*_key /etc/ssh/ssh_host_*_key.pub
@ -66,16 +62,18 @@ EOF
exec_as_git git config --global core.autocrlf input
exec_as_git git config --global gc.auto 0
exec_as_git git config --global repack.writeBitmaps true
exec_as_git git config --global receive.advertisePushOptions true
# shallow clone gitlab-ce
echo "Cloning gitlab-ce v.${GITLAB_VERSION}..."
# shallow clone gitlab-foss
echo "Cloning gitlab-foss v.${GITLAB_VERSION}..."
exec_as_git git clone -q -b v${GITLAB_VERSION} --depth 1 ${GITLAB_CLONE_URL} ${GITLAB_INSTALL_DIR}
GITLAB_SHELL_VERSION=${GITLAB_SHELL_VERSION:-$(cat ${GITLAB_INSTALL_DIR}/GITLAB_SHELL_VERSION)}
GITLAB_WORKHORSE_VERSION=${GITLAB_WORKHOUSE_VERSION:-$(cat ${GITLAB_INSTALL_DIR}/GITLAB_WORKHORSE_VERSION)}
GITLAB_PAGES_VERSION=${GITLAB_PAGES_VERSION:-$(cat ${GITLAB_INSTALL_DIR}/GITLAB_PAGES_VERSION)}
#download golang
# download golang
echo "Downloading Go ${GOLANG_VERSION}..."
wget -cnv https://storage.googleapis.com/golang/go${GOLANG_VERSION}.linux-amd64.tar.gz -P ${GITLAB_BUILD_DIR}/
tar -xf ${GITLAB_BUILD_DIR}/go${GOLANG_VERSION}.linux-amd64.tar.gz -C /tmp/
@ -83,56 +81,63 @@ tar -xf ${GITLAB_BUILD_DIR}/go${GOLANG_VERSION}.linux-amd64.tar.gz -C /tmp/
# install gitlab-shell
echo "Downloading gitlab-shell v.${GITLAB_SHELL_VERSION}..."
mkdir -p ${GITLAB_SHELL_INSTALL_DIR}
wget -cq ${GITLAB_SHELL_URL}?ref=v${GITLAB_SHELL_VERSION} -O ${GITLAB_BUILD_DIR}/gitlab-shell-${GITLAB_SHELL_VERSION}.tar.gz
tar xf ${GITLAB_BUILD_DIR}/gitlab-shell-${GITLAB_SHELL_VERSION}.tar.gz --strip 1 -C ${GITLAB_SHELL_INSTALL_DIR}
rm -rf ${GITLAB_BUILD_DIR}/gitlab-shell-${GITLAB_SHELL_VERSION}.tar.gz
wget -cq ${GITLAB_SHELL_URL} -O ${GITLAB_BUILD_DIR}/gitlab-shell-${GITLAB_SHELL_VERSION}.tar.bz2
tar xf ${GITLAB_BUILD_DIR}/gitlab-shell-${GITLAB_SHELL_VERSION}.tar.bz2 --strip 1 -C ${GITLAB_SHELL_INSTALL_DIR}
rm -rf ${GITLAB_BUILD_DIR}/gitlab-shell-${GITLAB_SHELL_VERSION}.tar.bz2
chown -R ${GITLAB_USER}: ${GITLAB_SHELL_INSTALL_DIR}
cd ${GITLAB_SHELL_INSTALL_DIR}
exec_as_git cp -a ${GITLAB_SHELL_INSTALL_DIR}/config.yml.example ${GITLAB_SHELL_INSTALL_DIR}/config.yml
exec_as_git cp -a config.yml.example config.yml
if [[ -x ./bin/compile ]]; then
echo "Compiling gitlab-shell golang executables..."
exec_as_git PATH=/tmp/go/bin:$PATH GOROOT=/tmp/go ./bin/compile
./bin/compile
rm -rf go_build
fi
exec_as_git ./bin/install
./bin/install
# remove unused repositories directory created by gitlab-shell install
exec_as_git rm -rf ${GITLAB_HOME}/repositories
rm -rf ${GITLAB_HOME}/repositories
# download gitlab-workhorse
echo "Cloning gitlab-workhorse v.${GITLAB_WORKHORSE_VERSION}..."
exec_as_git git clone -q -b v${GITLAB_WORKHORSE_VERSION} --depth 1 ${GITLAB_WORKHORSE_URL} ${GITLAB_WORKHORSE_INSTALL_DIR}
chown -R ${GITLAB_USER}: ${GITLAB_WORKHORSE_INSTALL_DIR}
git clone -q -b v${GITLAB_WORKHORSE_VERSION} --depth 1 ${GITLAB_WORKHORSE_URL} ${GITLAB_WORKHORSE_BUILD_DIR}
make -C ${GITLAB_WORKHORSE_BUILD_DIR} install
#install gitlab-workhorse
cd ${GITLAB_WORKHORSE_INSTALL_DIR}
PATH=/tmp/go/bin:$PATH GOROOT=/tmp/go make install
# clean up
rm -rf ${GITLAB_WORKHORSE_BUILD_DIR}
#download pages
# download gitlab-pages
echo "Downloading gitlab-pages v.${GITLAB_PAGES_VERSION}..."
exec_as_git git clone -q -b v${GITLAB_PAGES_VERSION} --depth 1 ${GITLAB_PAGES_URL} ${GITLAB_PAGES_INSTALL_DIR}
chown -R ${GITLAB_USER}: ${GITLAB_PAGES_INSTALL_DIR}
git clone -q -b v${GITLAB_PAGES_VERSION} --depth 1 ${GITLAB_PAGES_URL} ${GITLAB_PAGES_BUILD_DIR}
#install gitlab-pages
cd ${GITLAB_PAGES_INSTALL_DIR}
PATH=/tmp/go/bin:$PATH GOROOT=/tmp/go make
cp -f gitlab-pages /usr/local/bin/
# install gitlab-pages
make -C ${GITLAB_PAGES_BUILD_DIR}
cp -a ${GITLAB_PAGES_BUILD_DIR}/gitlab-pages /usr/local/bin/
# download gitaly
# clean up
rm -rf ${GITLAB_PAGES_BUILD_DIR}
# download and build gitaly
echo "Downloading gitaly v.${GITALY_SERVER_VERSION}..."
exec_as_git git clone -q -b v${GITALY_SERVER_VERSION} --depth 1 ${GITLAB_GITALY_URL} ${GITLAB_GITALY_INSTALL_DIR}
chown -R ${GITLAB_USER}: ${GITLAB_GITALY_INSTALL_DIR}
# copy default config for gitaly
exec_as_git cp ${GITLAB_GITALY_INSTALL_DIR}/config.toml.example ${GITLAB_GITALY_INSTALL_DIR}/config.toml
git clone -q -b v${GITALY_SERVER_VERSION} --depth 1 ${GITLAB_GITALY_URL} ${GITLAB_GITALY_BUILD_DIR}
# install gitaly
cd ${GITLAB_GITALY_INSTALL_DIR}
ln -sf /tmp/go /usr/local/go
PATH=/tmp/go/bin:$PATH make install && make clean
rm -f /usr/local/go
make -C ${GITLAB_GITALY_BUILD_DIR} install
mkdir -p ${GITLAB_GITALY_INSTALL_DIR}
cp -a ${GITLAB_GITALY_BUILD_DIR}/ruby ${GITLAB_GITALY_INSTALL_DIR}/
cp -a ${GITLAB_GITALY_BUILD_DIR}/config.toml.example ${GITLAB_GITALY_INSTALL_DIR}/config.toml
rm -rf ${GITLAB_GITALY_INSTALL_DIR}/ruby/vendor/bundle/ruby/**/cache
chown -R ${GITLAB_USER}: ${GITLAB_GITALY_INSTALL_DIR}
# clean up
rm -rf ${GITLAB_GITALY_BUILD_DIR}
# remove go
rm -rf ${GITLAB_BUILD_DIR}/go${GOLANG_VERSION}.linux-amd64.tar.gz /tmp/go
rm -rf ${GITLAB_BUILD_DIR}/go${GOLANG_VERSION}.linux-amd64.tar.gz ${GOROOT}
# Fix for rebase in forks
echo "Linking $(command -v gitaly-ssh) to /"
ln -s "$(command -v gitaly-ssh)" /
# remove HSTS config from the default headers, we configure it in nginx
exec_as_git sed -i "/headers\['Strict-Transport-Security'\]/d" ${GITLAB_INSTALL_DIR}/app/controllers/application_controller.rb
@ -148,7 +153,7 @@ if [[ -d ${GEM_CACHE_DIR} ]]; then
chown -R ${GITLAB_USER}: ${GITLAB_INSTALL_DIR}/vendor/cache
fi
exec_as_git bundle install -j$(nproc) --deployment --without development test aws
exec_as_git bundle install -j"$(nproc)" --deployment --without development test mysql aws
# make sure everything in ${GITLAB_HOME} is owned by ${GITLAB_USER} user
chown -R ${GITLAB_USER}: ${GITLAB_HOME}
@ -156,14 +161,14 @@ chown -R ${GITLAB_USER}: ${GITLAB_HOME}
# gitlab.yml and database.yml are required for `assets:precompile`
exec_as_git cp ${GITLAB_INSTALL_DIR}/config/resque.yml.example ${GITLAB_INSTALL_DIR}/config/resque.yml
exec_as_git cp ${GITLAB_INSTALL_DIR}/config/gitlab.yml.example ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git cp ${GITLAB_INSTALL_DIR}/config/database.yml.mysql ${GITLAB_INSTALL_DIR}/config/database.yml
exec_as_git cp ${GITLAB_INSTALL_DIR}/config/database.yml.postgresql ${GITLAB_INSTALL_DIR}/config/database.yml
# Installs nodejs packages required to compile webpack
exec_as_git yarn install --production --pure-lockfile
exec_as_git yarn add ajv@^4.0.0
echo "Compiling assets. Please be patient, this could take a while..."
exec_as_git bundle exec rake gitlab:assets:compile USE_DB=false SKIP_STORAGE_VALIDATION=true
exec_as_git bundle exec rake gitlab:assets:compile USE_DB=false SKIP_STORAGE_VALIDATION=true NODE_OPTIONS="--max-old-space-size=4096"
# remove auto generated ${GITLAB_DATA_DIR}/config/secrets.yml
rm -rf ${GITLAB_DATA_DIR}/config/secrets.yml
@ -207,6 +212,7 @@ sed -i \
-e "s|^[#]*UsePrivilegeSeparation yes|UsePrivilegeSeparation no|" \
-e "s|^[#]*PasswordAuthentication yes|PasswordAuthentication no|" \
-e "s|^[#]*LogLevel INFO|LogLevel VERBOSE|" \
-e "s|^[#]*AuthorizedKeysFile.*|AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_proxy|" \
/etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config
@ -219,6 +225,9 @@ sed -i \
-e "s|error_log /var/log/nginx/error.log;|error_log ${GITLAB_LOG_DIR}/nginx/error.log;|" \
/etc/nginx/nginx.conf
# fix "unknown group 'syslog'" error preventing logrotate from functioning
sed -i "s|^su root syslog$|su root root|" /etc/logrotate.conf
# configure supervisord log rotation
cat > /etc/logrotate.d/supervisord <<EOF
${GITLAB_LOG_DIR}/supervisor/*.log {
@ -393,6 +402,22 @@ stdout_logfile=${GITLAB_LOG_DIR}/supervisor/%(program_name)s.log
stderr_logfile=${GITLAB_LOG_DIR}/supervisor/%(program_name)s.log
EOF
cat > /etc/supervisor/conf.d/groups.conf <<EOF
[group:core]
programs=gitaly
priority=5
[group:gitlab]
programs=unicorn,gitlab-workhorse
priority=10
[group:gitlab_extensions]
programs=sshd,nginx,mail_room,cron
priority=20
EOF
# purge build dependencies and cleanup apt
DEBIAN_FRONTEND=noninteractive apt-get purge -y --auto-remove ${BUILD_DEPENDENCIES}
rm -rf /var/lib/apt/lists/*
# clean up caches
exec_as_git rm -rf ${GITLAB_HOME}/.cache

10
assets/runtime/config/gitaly/config.toml
View File

@ -39,6 +39,16 @@ path = "{{GITLAB_REPOS_DIR}}"
# The directory where gitaly-ruby is installed
dir = "/home/git/gitaly/ruby"
# # Gitaly-ruby resident set size (RSS) that triggers a memory restart (bytes)
# max_rss = 300000000
#
# # Grace period before a gitaly-ruby process is forcibly terminated after exceeding max_rss (seconds)
# graceful_restart_timeout = "10m"
#
# # Time that gitaly-ruby memory must remain high before a restart (seconds)
# restart_delay = "5m"
[gitlab-shell]
# The directory where gitlab-shell is installed
dir = "/home/git/gitlab-shell"

18
assets/runtime/config/gitlab-shell/config.yml
View File

@ -35,24 +35,6 @@ secret_file: "{{GITLAB_SHELL_INSTALL_DIR}}/.gitlab_shell_secret"
# Default is hooks in the gitlab-shell directory.
custom_hooks_dir: "{{GITLAB_SHELL_INSTALL_DIR}}/hooks"
# Redis settings used for pushing commit notices to gitlab
redis:
bin: /usr/bin/redis-cli
host: "{{REDIS_HOST}}"
port: {{REDIS_PORT}}
# pass: redispass # Allows you to specify the password for Redis
database: {{REDIS_DB_NUMBER}}
# socket: /var/run/redis/redis.sock # Comment out this line if you want to use TCP or Sentinel
namespace: resque:gitlab
# sentinels:
# -
# host: 127.0.0.1
# port: 26380
# -
# host: 127.0.0.1
# port: 26381
# Log file.
# Default is gitlab-shell.log in the root directory.
log_file: "{{GITLAB_LOG_DIR}}/gitlab-shell/gitlab-shell.log"

5
assets/runtime/config/gitlabhq/database.yml
View File

@ -2,14 +2,13 @@
# PRODUCTION
#
production:
adapter: {{DB_ADAPTER}}
adapter: postgresql
encoding: {{DB_ENCODING}}
collation: {{DB_COLLATION}}
reconnect: false
database: {{DB_NAME}}
host: {{DB_HOST}}
port: {{DB_PORT}}
username: {{DB_USER}}
password: "{{DB_PASS}}"
pool: {{DB_POOL}}
prepared_statements: {{DB_PREPARED_STATEMENTS}}

150
assets/runtime/config/gitlabhq/gitlab.yml
View File

@ -26,6 +26,8 @@ production: &base
# 1. GitLab app settings
# ==========================
## GitLab settings
gitlab:
## Web server settings (note: host is the FQDN, do not include http://)
@ -68,6 +70,17 @@ production: &base
email_display_name: {{GITLAB_EMAIL_DISPLAY_NAME}}
email_reply_to: {{GITLAB_EMAIL_REPLY_TO}}
email_subject_suffix: '{{GITLAB_EMAIL_SUBJECT_SUFFIX}}'
#start-email-smime
email_smime:
# Uncomment and set to true if you need to enable email S/MIME signing (default: false)
enabled: {{GITLAB_EMAIL_SMIME_ENABLE}}
# S/MIME private key file in PEM format, unencrypted
# Default is '.gitlab_smime_key' relative to Rails.root (i.e. root of the GitLab app).
key_file: {{GITLAB_EMAIL_SMIME_KEY_FILE}}
# S/MIME public certificate key in PEM format, will be attached to signed messages
# Default is '.gitlab_smime_cert' relative to Rails.root (i.e. root of the GitLab app).
cert_file: {{GITLAB_EMAIL_SMIME_CERT_FILE}}
#end-email-smime
# Email server smtp settings are in config/initializers/smtp_settings.rb.sample
@ -75,13 +88,18 @@ production: &base
default_can_create_group: {{GITLAB_CREATE_GROUP}} # default: true
username_changing_enabled: {{GITLAB_USERNAME_CHANGE}} # default: true - User can change her username/namespace
## Default theme ID
## 1 - Graphite
## 2 - Charcoal
## 3 - Green
## 4 - Gray
## 5 - Violet
## 6 - Blue
# default_theme: 2 # default: 2
## 1 - Indigo
## 2 - Dark
## 3 - Light
## 4 - Blue
## 5 - Green
## 6 - Light Indigo
## 7 - Light Blue
## 8 - Light Green
## 9 - Red
## 10 - Light Red
default_theme: {{GITLAB_DEFAULT_THEME}}
# Enable or disable user signups (first run only)
signup_enabled: {{GITLAB_SIGNUP_ENABLED}}
@ -111,6 +129,9 @@ production: &base
# The default is 'shared/cache/archive/' relative to the root of the Rails app.
repository_downloads_path: {{GITLAB_DOWNLOADS_DIR}}
## Impersonation settings
impersonation_enabled: {{GITLAB_IMPERSONATION_ENABLED}}
## Reply by email
# Allow users to comment on issues and merge requests by replying to notification emails.
# For documentation on how to set this up, see http://doc.gitlab.com/ce/administration/reply_by_email.html
@ -148,12 +169,83 @@ production: &base
enabled: {{GITLAB_ARTIFACTS_ENABLED}}
# The location where build artifacts are stored (default: shared/artifacts).
path: {{GITLAB_ARTIFACTS_DIR}}
object_store:
enabled: {{GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED}}
remote_directory: {{GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY}} # The bucket name
direct_upload: {{GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD}} # Set to true to enable direct upload of Artifacts without the need of local shared storage.
background_upload: {{GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD}} # Temporary option to limit automatic upload (Default: true)
proxy_download: {{GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD}} # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
connection:
provider: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER}}
#start-artifacts-aws
aws_access_key_id: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID}}
aws_secret_access_key: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY}}
region: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_REGION}}
host: '{{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST}}' # default: s3.amazonaws.com
endpoint: '{{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT}}' # default: nil
path_style: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE}} # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
#end-artifacts-aws
#start-artifacts-gcs
google_project: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}}
google_client_email: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}}
google_json_key_location: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}}
#end-artifacts-gcs
## Git LFS
lfs:
enabled: {{GITLAB_LFS_ENABLED}}
# The location where LFS objects are stored (default: shared/lfs-objects).
storage_path: {{GITLAB_LFS_OBJECTS_DIR}}
object_store:
enabled: {{GITLAB_LFS_OBJECT_STORE_ENABLED}}
remote_directory: {{GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY}} # The bucket name
direct_upload: {{GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD}} # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false)
background_upload: {{GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD}} # Temporary option to limit automatic upload (Default: true)
proxy_download: {{GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD}} # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
connection:
provider: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER}}
#start-lfs-aws
aws_access_key_id: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID}}
aws_secret_access_key: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY}}
region: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_REGION}}
host: '{{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST}}' # default: s3.amazonaws.com
endpoint: '{{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT}}' # default: nil
path_style: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE}} # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
#end-lfs-aws
#start-lfs-gcs
google_project: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}}
google_client_email: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}}
google_json_key_location: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}}
#end-lfs-gcs
## Uploads (attachments, avatars, etc...)
uploads:
# The location where uploads objects are stored (default: public/).
storage_path: {{GITLAB_UPLOADS_STORAGE_PATH}}
base_dir: {{GITLAB_UPLOADS_BASE_DIR}}
object_store:
enabled: {{GITLAB_UPLOADS_OBJECT_STORE_ENABLED}}
remote_directory: {{GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY}} # The bucket name
direct_upload: {{GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD}} # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false)
background_upload: {{GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD}} # Temporary option to limit automatic upload (Default: true)
proxy_download: {{GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD}} # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
connection:
provider: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER}}
#start-uploads-aws
aws_access_key_id: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID}}
aws_secret_access_key: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY}}
region: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_REGION}}
host: '{{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST}}' # default: s3.amazonaws.com
endpoint: '{{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT}}' # default: nil
path_style: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE}} # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
#end-uploads-aws
#start-uploads-gcs
google_project: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}}
google_client_email: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}}
google_json_key_location: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}}
#end-uploads-gcs
## GitLab Pages
pages:
@ -167,10 +259,10 @@ production: &base
port: {{GITLAB_PAGES_PORT}} # Set to 443 if you serve the pages with HTTPS
https: {{GITLAB_PAGES_HTTPS}} # Set to true if you serve the pages with HTTPS
artifacts_server: {{GITLAB_PAGES_ARTIFACTS_SERVER}}
access_control: {{GITLAB_PAGES_ACCESS_CONTROL}} # If true, allows access to a Pages site to be controlled based on a users membership to that project
external_http: {{GITLAB_PAGES_EXTERNAL_HTTP}} # If defined, enables custom domain support in GitLab Pages
external_https: {{GITLAB_PAGES_EXTERNAL_HTTPS}} # If defined, enables custom domain and certificate support in GitLab Pages
## Mattermost
## For enabling Add to Mattermost button
mattermost:
@ -178,15 +270,22 @@ production: &base
host: '{{GITLAB_MATTERMOST_URL}}'
## Gravatar
## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html
## If using gravatar.com, there's nothing to change here. For Libravatar
## you'll need to provide the custom URLs. For more information,
## see: https://docs.gitlab.com/ee/customization/libravatar.html
gravatar:
enabled: {{GITLAB_GRAVATAR_ENABLED}} # Use user avatar image from Gravatar.com (default: true)
# gravatar urls: possible placeholders: %{hash} %{size} %{email} %{username}
plain_url: "{{GITLAB_GRAVATAR_HTTP_URL}}" # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
plain_url: "{{GITLAB_GRAVATAR_HTTP_URL}}" # default: https://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
ssl_url: "{{GITLAB_GRAVATAR_HTTPS_URL}}" # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
## Sidekiq
sidekiq:
log_format: {{GITLAB_SIDEKIQ_LOG_FORMAT}} # (default is the original format)
## Auxiliary jobs
# Periodically executed jobs, to self-heal Gitlab, do external synchronizations, etc.
# Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc.
# Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
cron_jobs:
# Flag stuck CI jobs as failed
@ -209,6 +308,10 @@ production: &base
repository_archive_cache_worker:
cron: "0 * * * *"
# Verify custom GitLab Pages domains
pages_domain_verification_cron_worker:
cron: "*/15 * * * *"
registry:
enabled: {{GITLAB_REGISTRY_ENABLED}}
host: {{GITLAB_REGISTRY_HOST}}
@ -218,6 +321,13 @@ production: &base
path: {{GITLAB_REGISTRY_DIR}}
issuer: {{GITLAB_REGISTRY_ISSUER}}
## Error Reporting and Logging with Sentry
sentry:
enabled: {{SENTRY_ENABLED}}
dsn: {{SENTRY_DSN}}
clientside_dsn: {{SENTRY_CLIENTSIDE_DSN}}
environment: '{{SENTRY_ENVIRONMENT}}' # e.g. development, staging, production
#
# 2. GitLab CI settings
# ==========================
@ -325,15 +435,18 @@ production: &base
# them in issues, merge request and comments (like `@username`).
# If the attribute specified for `username` contains an email address,
# the GitLab username will be the part of the email address before the '@'.
username: ['uid', 'userid', 'sAMAccountName']
email: ['mail', 'email', 'userPrincipalName']
username: {{LDAP_USER_ATTRIBUTE_USERNAME}}
email: {{LDAP_USER_ATTRIBUTE_MAIL}}
# If no full name could be found at the attribute specified for `name`,
# the full name is determined using the attributes specified for
# `first_name` and `last_name`.
name: 'cn'
first_name: 'givenName'
last_name: 'sn'
name: '{{LDAP_USER_ATTRIBUTE_NAME}}'
first_name: '{{LDAP_USER_ATTRIBUTE_FIRSTNAME}}'
last_name: '{{LDAP_USER_ATTRIBUTE_LASTNAME}}'
# If lowercase_usernames is enabled, GitLab will lower case the username.
lowercase_usernames: {{LDAP_LOWERCASE_USERNAMES}}
# GitLab EE only: add more LDAP servers
# Choose an ID made of a-z and 0-9 . This ID will be stored in the database
@ -443,6 +556,7 @@ production: &base
attribute_statements: {
first_name: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME}}'],
last_name: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME}}'],
username: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME}}'],
name: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME}}'],
email: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL}}'] },
name_identifier_format: '{{OAUTH_SAML_NAME_IDENTIFIER_FORMAT}}' } }
@ -455,7 +569,8 @@ production: &base
args: {
client_id: '{{OAUTH_AUTH0_CLIENT_ID}}',
client_secret: '{{OAUTH_AUTH0_CLIENT_SECRET}}',
namespace: '{{OAUTH_AUTH0_DOMAIN}}' } }
domain: '{{OAUTH_AUTH0_DOMAIN}}',
scope: '{{OAUTH_AUTH0_SCOPE}}' } }
- { name: 'azure_oauth2',
args: {
client_id: '{{OAUTH_AZURE_API_KEY}}',
@ -510,6 +625,7 @@ production: &base
path_style: {{AWS_BACKUP_PATH_STYLE}}
aws_access_key_id: {{AWS_BACKUP_ACCESS_KEY_ID}}
aws_secret_access_key: '{{AWS_BACKUP_SECRET_ACCESS_KEY}}'
aws_signature_version: {{AWS_BACKUP_SIGNATURE_VERSION}}
# The remote 'directory' to store your backups. For S3, this would be the bucket name.
remote_directory: '{{AWS_BACKUP_BUCKET}}'
#start-multipart-aws

3
assets/runtime/config/nginx/gitlab-pages-ssl
View File

@ -23,7 +23,7 @@ server {
## Pages serving host
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ipv6only=on ssl http2;
listen [::]:443 ssl http2;
## Replace this with something like pages.gitlab.com
server_name ~^.*{{GITLAB_PAGES_DOMAIN}};
@ -31,7 +31,6 @@ server {
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
ssl on;
ssl_certificate {{SSL_PAGES_CERT_PATH}};
ssl_certificate_key {{SSL_PAGES_KEY_PATH}};

3
assets/runtime/config/nginx/gitlab-registry
View File

@ -16,7 +16,7 @@ server {
}
server {
# If a different port is specified in https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182,
# If a different port is specified in https://gitlab.com/gitlab-org/gitlab-foss/blob/8-8-stable/config/gitlab.yml.example#L182,
# it should be declared here as well
listen *:{{GITLAB_REGISTRY_PORT}} ssl http2;
server_name {{GITLAB_REGISTRY_HOST}};
@ -27,7 +27,6 @@ server {
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
ssl on;
ssl_certificate {{SSL_REGISTRY_CERT_PATH}};
ssl_certificate_key {{SSL_REGISTRY_KEY_PATH}};

1
assets/runtime/config/nginx/gitlab-ssl
View File

@ -53,7 +53,6 @@ server {
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
ssl on;
ssl_certificate {{SSL_CERTIFICATE_PATH}};
ssl_certificate_key {{SSL_KEY_PATH}};
ssl_verify_client {{SSL_VERIFY_CLIENT}};

115
assets/runtime/env-defaults
View File

@ -5,15 +5,18 @@ DEBUG=${DEBUG:-$DEBUG_ENTRYPOINT}
## GITLAB CORE
GITLAB_TEMP_DIR="${GITLAB_DATA_DIR}/tmp"
GITLAB_BACKUP_DIR="${GITLAB_BACKUP_DIR:-$GITLAB_DATA_DIR/backups}"
GITLAB_BACKUP_DIR_CHOWN=${GITLAB_BACKUP_DIR_CHOWN:-true}
GITLAB_BACKUP_DIR_GROUP=${GITLAB_BACKUP_DIR_GROUP:-}
GITLAB_REPOS_DIR="${GITLAB_REPOS_DIR:-$GITLAB_DATA_DIR/repositories}"
GITLAB_BUILDS_DIR="${GITLAB_BUILDS_DIR:-$GITLAB_DATA_DIR/builds}"
GITLAB_DOWNLOADS_DIR="${GITLAB_DOWNLOADS_DIR:-$GITLAB_TEMP_DIR/downloads}"
GITLAB_SHARED_DIR="${GITLAB_SHARED_DIR:-$GITLAB_DATA_DIR/shared}"
GITLAB_DEFAULT_THEME=${GITLAB_DEFAULT_THEME:-2}
GITLAB_HTTPS=${GITLAB_HTTPS:-false}
GITLAB_HOST=${GITLAB_HOST:-localhost}
GITLAB_CI_HOST=${GITLAB_CI_HOST:-}
GITLAB_PORT=${GITLAB_PORT:-}
GITLAB_IMPERSONATION_ENABLED=${GITLAB_IMPERSONATION_ENABLED:-true}
if [[ $GITLAB_HTTPS == true ]]; then
GITLAB_PORT=${GITLAB_PORT:-443}
else
@ -32,19 +35,18 @@ NGINX_HSTS_MAXAGE=${NGINX_HSTS_MAXAGE:-$GITLAB_HTTPS_HSTS_MAXAGE} # backward com
NGINX_HSTS_MAXAGE=${NGINX_HSTS_MAXAGE:-31536000}
## DATABASE
DB_ADAPTER=${DB_ADAPTER:-}
DB_ADAPTER=${DB_ADAPTER:-postgresql}
DB_ENCODING=${DB_ENCODING:-}
DB_COLLATION=${DB_COLLATION:-}
DB_HOST=${DB_HOST:-}
DB_PORT=${DB_PORT:-}
DB_NAME=${DB_NAME:-}
DB_USER=${DB_USER:-}
DB_PASS=${DB_PASS:-}
DB_POOL=${DB_POOL:-10}
DB_PREPARED_STATEMENTS=${DB_PREPARED_STATEMENTS:-true}
# backward compatibility
case ${DB_TYPE} in
mysql) DB_ADAPTER=${DB_ADAPTER:-mysql2} ;;
postgres) DB_ADAPTER=${DB_ADAPTER:-postgresql} ;;
esac
@ -57,6 +59,7 @@ REDIS_DB_NUMBER=${REDIS_DB_NUMBER:-0}
SIDEKIQ_SHUTDOWN_TIMEOUT=${SIDEKIQ_SHUTDOWN_TIMEOUT:-4}
SIDEKIQ_CONCURRENCY=${SIDEKIQ_CONCURRENCY:-25}
SIDEKIQ_MEMORY_KILLER_MAX_RSS=${SIDEKIQ_MEMORY_KILLER_MAX_RSS:-1000000}
GITLAB_SIDEKIQ_LOG_FORMAT=${GITLAB_SIDEKIQ_LOG_FORMAT:-json}
## UNICORN
UNICORN_WORKERS=${UNICORN_WORKERS:-3}
@ -86,10 +89,40 @@ GITLAB_WEBHOOK_TIMEOUT=${GITLAB_WEBHOOK_TIMEOUT:-10}
GITLAB_WORKHORSE_TIMEOUT=${GITLAB_WORKHORSE_TIMEOUT:-5m0s}
# OBJECTSTORE
GITLAB_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_OBJECT_STORE_CONNECTION_PROVIDER:-AWS}
AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-AWS_ACCESS_KEY_ID}
AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-AWS_SECRET_ACCESS_KEY}
GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-"/gcs/key.json"}
## ARTIFACTS
GITLAB_ARTIFACTS_ENABLED=${GITLAB_ARTIFACTS_ENABLED:-true}
GITLAB_ARTIFACTS_DIR="${GITLAB_ARTIFACTS_DIR:-$GITLAB_SHARED_DIR/artifacts}"
GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED=${GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED:-false}
GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY:-artifacts}
GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD=${GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD:-false}
GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD=${GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD:-false}
GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD=${GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD:-false}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER}
# ARTIFACTS:AWS
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY_ID}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_ACCESS_KEY}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_REGION=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_REGION:-us-east-1}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST:-s3.amazonaws.com}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT:-nil}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE:-true}
# ARTIFACTS:Google
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}
## Cron Jobs
GITLAB_PIPELINE_SCHEDULE_WORKER_CRON=${GITLAB_PIPELINE_SCHEDULE_WORKER_CRON:-"19 * * * *"}
@ -97,7 +130,52 @@ GITLAB_PIPELINE_SCHEDULE_WORKER_CRON=${GITLAB_PIPELINE_SCHEDULE_WORKER_CRON:-"19
GITLAB_LFS_ENABLED=${GITLAB_LFS_ENABLED:-true}
GITLAB_LFS_OBJECTS_DIR="${GITLAB_LFS_OBJECTS_DIR:-$GITLAB_SHARED_DIR/lfs-objects}"
## Mattermose
GITLAB_LFS_OBJECT_STORE_ENABLED=${GITLAB_LFS_OBJECT_STORE_ENABLED:-false}
GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY:-lfs-objects}
GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD=${GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD:-false}
GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD=${GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD:-false}
GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD=${GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD:-false}
GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER}
# LFS:AWS
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY_ID}
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_ACCESS_KEY}
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_REGION=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_REGION:-us-east-1}
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST:-s3.amazonaws.com}
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT:-nil}
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE:-true}
# LFS:Google
GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}
## Uploads
GITLAB_UPLOADS_STORAGE_PATH="${GITLAB_UPLOADS_STORAGE_PATH:-$GITLAB_INSTALL_DIR/public}"
GITLAB_UPLOADS_BASE_DIR="${GITLAB_UPLOADS_BASE_DIR:-uploads/-/system}"
GITLAB_UPLOADS_OBJECT_STORE_ENABLED=${GITLAB_UPLOADS_OBJECT_STORE_ENABLED:-false}
GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY:-uploads}
GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD=${GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD:-false}
GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD=${GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD:-false}
GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD=${GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD:-false}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER}
# Uploads:AWS
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY_ID}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_ACCESS_KEY}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_REGION=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_REGION:-us-east-1}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST:-s3.amazonaws.com}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT:-nil}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE:-true}
# Uploads:Google
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}
## Mattermost
GITLAB_MATTERMOST_ENABLED=${GITLAB_MATTERMOST_ENABLED:-false}
GITLAB_MATTERMOST_URL=${GITLAB_MATTERMOST_URL:-https://mattermost.example.com}
@ -160,6 +238,7 @@ AWS_BACKUP_BUCKET=${AWS_BACKUP_BUCKET}
AWS_BACKUP_MULTIPART_CHUNK_SIZE=${AWS_BACKUP_MULTIPART_CHUNK_SIZE}
AWS_BACKUP_ENCRYPTION=${AWS_BACKUP_ENCRYPTION}
AWS_BACKUP_STORAGE_CLASS=${AWS_BACKUP_STORAGE_CLASS:-STANDARD}
AWS_BACKUP_SIGNATURE_VERSION=${AWS_BACKUP_SIGNATURE_VERSION:-4}
### GCS BACKUPS
GCS_BACKUPS=${GCS_BACKUPS:-false}
@ -203,6 +282,9 @@ GITLAB_EMAIL_SUBJECT_SUFFIX=${GITLAB_EMAIL_SUBJECT_SUFFIX:-}
GITLAB_EMAIL=${GITLAB_EMAIL:-example@example.com}
GITLAB_EMAIL_REPLY_TO=${GITLAB_EMAIL_REPLY_TO:-noreply@example.com}
GITLAB_EMAIL_DISPLAY_NAME=${GITLAB_EMAIL_DISPLAY_NAME:-GitLab}
GITLAB_EMAIL_SMIME_ENABLE=${GITLAB_EMAIL_SMIME_ENABLE:-false}
GITLAB_EMAIL_SMIME_KEY_FILE=${GITLAB_EMAIL_SMIME_KEY_FILE:-}
GITLAB_EMAIL_SMIME_CERT_FILE=${GITLAB_EMAIL_SMIME_CERT_FILE:-}
## INCOMING MAIL
IMAP_HOST=${IMAP_HOST:-imap.gmail.com}
@ -238,6 +320,12 @@ LDAP_ACTIVE_DIRECTORY=${LDAP_ACTIVE_DIRECTORY:-true}
LDAP_BLOCK_AUTO_CREATED_USERS=${LDAP_BLOCK_AUTO_CREATED_USERS:-false}
LDAP_BASE=${LDAP_BASE:-}
LDAP_USER_FILTER=${LDAP_USER_FILTER:-}
LDAP_USER_ATTRIBUTE_USERNAME=${LDAP_USER_ATTRIBUTE_USERNAME:-['uid', 'userid', 'sAMAccountName']}
LDAP_USER_ATTRIBUTE_MAIL=${LDAP_USER_ATTRIBUTE_MAIL:-['mail', 'email', 'userPrincipalName']}
LDAP_USER_ATTRIBUTE_NAME=${LDAP_USER_ATTRIBUTE_NAME:-cn}
LDAP_USER_ATTRIBUTE_FIRSTNAME=${LDAP_USER_ATTRIBUTE_FIRSTNAME:-givenName}
LDAP_USER_ATTRIBUTE_LASTNAME=${LDAP_USER_ATTRIBUTE_LASTNAME:-sn}
LDAP_LOWERCASE_USERNAMES="${LDAP_LOWERCASE_USERNAMES:-false}"
LDAP_LABEL=${LDAP_LABEL:-LDAP}
LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-}
case ${LDAP_UID} in
@ -329,6 +417,7 @@ OAUTH_SAML_GROUPS_ATTRIBUTE=${OAUTH_SAML_GROUPS_ATTRIBUTE:-}
OAUTH_SAML_EXTERNAL_GROUPS=${OAUTH_SAML_EXTERNAL_GROUPS:-}
OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL:-}
OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME:-}
OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME:-}
OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME:-}
OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME:-}
@ -340,6 +429,9 @@ OAUTH_CAS3_LOGIN_URL=${OAUTH_CAS3_LOGIN_URL:-/cas/login}
OAUTH_CAS3_VALIDATE_URL=${OAUTH_CAS3_VALIDATE_URL:-/cas/p3/serviceValidate}
OAUTH_CAS3_LOGOUT_URL=${OAUTH_CAS3_LOGOUT_URL:-/cas/logout}
### AUTH0
OAUTH_AUTH0_SCOPE=${OAUTH_AUTH0_SCOPE:-openid profile email}
## ANALYTICS
### GOOGLE
@ -366,6 +458,13 @@ GITLAB_PAGES_ARTIFACTS_SERVER=${GITLAB_PAGES_ARTIFACTS_SERVER:-true}
GITLAB_PAGES_HTTPS=${GITLAB_PAGES_HTTPS:-false}
GITLAB_PAGES_EXTERNAL_HTTP=${GITLAB_PAGES_EXTERNAL_HTTP:-}
GITLAB_PAGES_EXTERNAL_HTTPS=${GITLAB_PAGES_EXTERNAL_HTTPS:-}
GITLAB_PAGES_ACCESS_CONTROL=${GITLAB_PAGES_ACCESS_CONTROL:-false}
GITLAB_PAGES_ACCESS_CONTROL_SERVER=${GITLAB_PAGES_ACCESS_CONTROL_SERVER:-}
GITLAB_PAGES_ACCESS_SECRET=${GITLAB_PAGES_ACCESS_SECRET:-}
GITLAB_PAGES_ACCESS_CLIENT_ID=${GITLAB_PAGES_ACCESS_CLIENT_ID:-}
GITLAB_PAGES_ACCESS_CLIENT_SECRET=${GITLAB_PAGES_ACCESS_CLIENT_SECRET:-}
GITLAB_PAGES_ACCESS_REDIRECT_URI=${GITLAB_PAGES_ACCESS_REDIRECT_URI:-}
GITLAB_PAGES_NGINX_PROXY=${GITLAB_PAGES_NGINX_PROXY:-true}
## Gitaly
GITALY_CLIENT_PATH=${GITALY_CLIENT_PATH:-$GITLAB_GITALY_INSTALL_DIR}
@ -379,3 +478,9 @@ GITLAB_MONITORING_IP_WHITELIST=${GITLAB_MONITORING_IP_WHITELIST:-"0.0.0.0/8"}
GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED=${GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED:-true}
GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS=${GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS:-"0.0.0.0"}
GITLAB_MONITORING_SIDEKIQ_EXPORTER_PORT=${GITLAB_MONITORING_SIDEKIQ_EXPORTER_PORT:-3807}
## Sentry
SENTRY_ENABLED=${SENTRY_ENABLED:-false}
SENTRY_DSN=${SENTRY_DSN:-}
SENTRY_CLIENTSIDE_DSN=${SENTRY_CLIENTSIDE_DSN:-}
SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT:-production}

428
assets/runtime/functions
View File

@ -1,5 +1,13 @@
#!/bin/bash
set -e
for file in /gitlab-configs /run/secrets/gitlab-secrets; do
if [[ -e "$file" ]]; then
echo "Loading $file"
source "$file"
fi
done
echo "Loading ${GITLAB_RUNTIME_DIR}/env-defaults"
source ${GITLAB_RUNTIME_DIR}/env-defaults
SYSCONF_TEMPLATES_DIR="${GITLAB_RUNTIME_DIR}/config"
@ -91,50 +99,32 @@ update_template() {
}
gitlab_finalize_database_parameters() {
# is a mysql or postgresql database linked?
# requires that the mysql or postgresql containers have exposed
# port 3306 and 5432 respectively.
if [[ -n ${MYSQL_PORT_3306_TCP_ADDR} ]]; then
DB_ADAPTER=${DB_ADAPTER:-mysql2}
DB_HOST=${DB_HOST:-${MYSQL_PORT_3306_TCP_ADDR}}
DB_PORT=${DB_PORT:-${MYSQL_PORT_3306_TCP_PORT}}
# is a postgresql database linked?
# requires that the postgresql containers have exposed port 5432.
DB_HOST=${DB_HOST:-${POSTGRESQL_PORT_5432_TCP_ADDR}}
DB_PORT=${DB_PORT:-${POSTGRESQL_PORT_5432_TCP_PORT}}
# support for linked sameersbn/mysql image
DB_USER=${DB_USER:-${MYSQL_ENV_DB_USER}}
DB_PASS=${DB_PASS:-${MYSQL_ENV_DB_PASS}}
DB_NAME=${DB_NAME:-${MYSQL_ENV_DB_NAME}}
# support for linked official postgres image
DB_USER=${DB_USER:-${POSTGRESQL_ENV_POSTGRES_USER}}
DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_POSTGRES_PASSWORD}}
DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_POSTGRES_DB}}
DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_POSTGRES_USER}}
# support for linked orchardup/mysql and enturylink/mysql image
# also supports official mysql image
DB_USER=${DB_USER:-${MYSQL_ENV_MYSQL_USER}}
DB_PASS=${DB_PASS:-${MYSQL_ENV_MYSQL_PASSWORD}}
DB_NAME=${DB_NAME:-${MYSQL_ENV_MYSQL_DATABASE}}
elif [[ -n ${POSTGRESQL_PORT_5432_TCP_ADDR} ]]; then
DB_ADAPTER=${DB_ADAPTER:-postgresql}
DB_HOST=${DB_HOST:-${POSTGRESQL_PORT_5432_TCP_ADDR}}
DB_PORT=${DB_PORT:-${POSTGRESQL_PORT_5432_TCP_PORT}}
# support for linked sameersbn/postgresql image
DB_USER=${DB_USER:-${POSTGRESQL_ENV_DB_USER}}
DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_DB_PASS}}
DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_DB_NAME}}
# support for linked official postgres image
DB_USER=${DB_USER:-${POSTGRESQL_ENV_POSTGRES_USER}}
DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_POSTGRES_PASSWORD}}
DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_POSTGRES_DB}}
DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_POSTGRES_USER}}
# support for linked orchardup/postgresql image
DB_USER=${DB_USER:-${POSTGRESQL_ENV_POSTGRESQL_USER}}
DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_POSTGRESQL_PASS}}
DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_POSTGRESQL_DB}}
# support for linked sameersbn/postgresql image
DB_USER=${DB_USER:-${POSTGRESQL_ENV_DB_USER}}
DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_DB_PASS}}
DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_DB_NAME}}
# support for linked paintedfox/postgresql image
DB_USER=${DB_USER:-${POSTGRESQL_ENV_USER}}
DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_PASS}}
DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_DB}}
# support for linked orchardup/postgresql image
DB_USER=${DB_USER:-${POSTGRESQL_ENV_POSTGRESQL_USER}}
DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_POSTGRESQL_PASS}}
DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_POSTGRESQL_DB}}
# support for linked paintedfox/postgresql image
DB_USER=${DB_USER:-${POSTGRESQL_ENV_USER}}
DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_PASS}}
DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_DB}}
fi
if [[ -z ${DB_HOST} ]]; then
echo
@ -147,27 +137,9 @@ gitlab_finalize_database_parameters() {
fi
# set default port number if not specified
DB_ADAPTER=${DB_ADAPTER:-postgresql}
case ${DB_ADAPTER} in
mysql2)
DB_ENCODING=${DB_ENCODING:-utf8}
DB_COLLATION=${DB_COLLATION:-utf8_general_ci}
DB_PORT=${DB_PORT:-3306}
;;
postgresql)
DB_ENCODING=${DB_ENCODING:-unicode}
# DB_COLLATION: Not supported for postgresql and will be removed below.
DB_PORT=${DB_PORT:-5432}
;;
*)
echo
echo "ERROR: "
echo " Please specify the database type in use via the DB_ADAPTER configuration option."
echo " Accepted values are \"postgresql\" or \"mysql2\". Aborting..."
echo
return 1
;;
esac
DB_PORT=${DB_PORT:-5432}
DB_ENCODING=${DB_ENCODING:-unicode}
# set default user and database
DB_USER=${DB_USER:-root}
@ -175,15 +147,10 @@ gitlab_finalize_database_parameters() {
}
gitlab_check_database_connection() {
case ${DB_ADAPTER} in
mysql2)
prog="mysqladmin -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} ${DB_PASS:+-p$DB_PASS} status"
;;
postgresql)
prog=$(find /usr/lib/postgresql/ -name pg_isready)
prog="${prog} -h ${DB_HOST} -p ${DB_PORT} -U ${DB_USER} -d ${DB_NAME} -t 1"
;;
esac
prog=$(find /usr/lib/postgresql/ -name pg_isready)
prog="${prog} -h ${DB_HOST} -p ${DB_PORT} -U ${DB_USER} -d ${DB_NAME} -t 1"
timeout=60
while ! ${prog} >/dev/null 2>&1
do
@ -206,22 +173,14 @@ gitlab_configure_database() {
gitlab_check_database_connection
update_template ${GITLAB_DATABASE_CONFIG} \
DB_ADAPTER \
DB_ENCODING \
DB_COLLATION \
DB_HOST \
DB_PORT \
DB_NAME \
DB_USER \
DB_PASS \
DB_POOL
if [[ ${DB_ADAPTER} == postgresql ]]; then
exec_as_git sed -i \
-e "/reconnect: /d" \
-e "/collation: /d" \
${GITLAB_DATABASE_CONFIG}
fi
DB_POOL \
DB_PREPARED_STATEMENTS
}
gitlab_finalize_redis_parameters() {
@ -294,7 +253,6 @@ gitlab_configure_monitoring() {
GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED \
GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS \
GITLAB_MONITORING_SIDEKIQ_EXPORTER_PORT
}
gitlab_configure_gitlab_workhorse() {
@ -390,6 +348,17 @@ gitlab_configure_mail_delivery() {
GITLAB_EMAIL_DISPLAY_NAME \
GITLAB_EMAIL_REPLY_TO \
GITLAB_EMAIL_SUBJECT_SUFFIX
if [[ ${GITLAB_EMAIL_SMIME_ENABLE} == true ]]; then
exec_as_git sed -i "/#start-email-smime/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/#end-email-smime/d" ${GITLAB_CONFIG}
update_template ${GITLAB_CONFIG} \
GITLAB_EMAIL_SMIME_ENABLE \
GITLAB_EMAIL_SMIME_KEY_FILE \
GITLAB_EMAIL_SMIME_CERT_FILE
else
exec_as_git sed -i "/#start-email-smime/,/#end-email-smime/d" ${GITLAB_CONFIG}
fi
}
gitlab_configure_mailroom() {
@ -455,6 +424,12 @@ gitlab_configure_ldap() {
LDAP_BLOCK_AUTO_CREATED_USERS \
LDAP_BASE \
LDAP_USER_FILTER \
LDAP_LOWERCASE_USERNAMES \
LDAP_USER_ATTRIBUTE_USERNAME \
LDAP_USER_ATTRIBUTE_MAIL \
LDAP_USER_ATTRIBUTE_NAME \
LDAP_USER_ATTRIBUTE_FIRSTNAME \
LDAP_USER_ATTRIBUTE_LASTNAME \
LDAP_LABEL
}
@ -585,6 +560,9 @@ gitlab_configure_oauth_saml_attribute_statements() {
OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME \
OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME
# Remove undefined optional attributes
exec_as_git sed -i "/email: \\[''\\],/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/name: \\[''\\],/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/username: \\[''\\],/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/first_name: \\[''\\],/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/last_name: \\[''\\],/d" ${GITLAB_CONFIG}
else
@ -635,15 +613,17 @@ gitlab_configure_oauth_crowd() {
gitlab_configure_oauth_auth0() {
if [[ -n ${OAUTH_AUTH0_CLIENT_ID} && \
-n ${OAUTH_AUTH0_CLIENT_SECRET} && \
-n ${OAUTH_AUTH0_SCOPE} && \
-n ${OAUTH_AUTH0_DOMAIN} ]]; then
echo "Configuring gitlab::oauth::auth0..."
OAUTH_ENABLED=${OAUTH_ENABLED:-true}
update_template ${GITLAB_CONFIG} \
OAUTH_AUTH0_CLIENT_ID \
OAUTH_AUTH0_CLIENT_SECRET \
OAUTH_AUTH0_DOMAIN
OAUTH_AUTH0_DOMAIN \
OAUTH_AUTH0_SCOPE
else
exec_as_git sed -i "/name: 'auth0'/,/{{OAUTH_AUTH0_DOMAIN}}/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/name: 'auth0'/,/{{OAUTH_AUTH0_SCOPE}}/d" ${GITLAB_CONFIG}
fi
}
@ -741,6 +721,10 @@ gitlab_configure_secrets() {
gitlab_configure_sidekiq() {
echo "Configuring gitlab::sidekiq..."
# configure gitlab sidekiq log format
update_template ${GITLAB_CONFIG} \
GITLAB_SIDEKIQ_LOG_FORMAT
# configure sidekiq
update_template /etc/supervisor/conf.d/sidekiq.conf \
SIDEKIQ_CONCURRENCY \
@ -772,7 +756,11 @@ gitlab_configure_backups_schedule() {
weekly) day_of_week=0 ;;
monthly) day_of_month=01 ;;
esac
echo "$min $hour $day_of_month $month $day_of_week /bin/bash -l -c 'cd ${GITLAB_INSTALL_DIR} && bundle exec rake gitlab:backup:create SKIP=${GITLAB_BACKUP_SKIP} RAILS_ENV=${RAILS_ENV}'" >> /tmp/cron.${GITLAB_USER}
if [[ -n ${GITLAB_BACKUP_DIR_GROUP} ]]; then
echo "$min $hour $day_of_month $month $day_of_week /bin/bash -l -c 'cd ${GITLAB_INSTALL_DIR} && bundle exec rake gitlab:backup:create SKIP=${GITLAB_BACKUP_SKIP} DIRECTORY=${GITLAB_BACKUP_DIR_GROUP} RAILS_ENV=${RAILS_ENV}'" >> /tmp/cron.${GITLAB_USER}
else
echo "$min $hour $day_of_month $month $day_of_week /bin/bash -l -c 'cd ${GITLAB_INSTALL_DIR} && bundle exec rake gitlab:backup:create SKIP=${GITLAB_BACKUP_SKIP} RAILS_ENV=${RAILS_ENV}'" >> /tmp/cron.${GITLAB_USER}
fi
crontab -u ${GITLAB_USER} /tmp/cron.${GITLAB_USER}
fi
rm -rf /tmp/cron.${GITLAB_USER}
@ -820,7 +808,8 @@ gitlab_configure_backups_aws() {
AWS_BACKUP_SECRET_ACCESS_KEY \
AWS_BACKUP_BUCKET \
AWS_BACKUP_MULTIPART_CHUNK_SIZE \
AWS_BACKUP_STORAGE_CLASS
AWS_BACKUP_STORAGE_CLASS \
AWS_BACKUP_SIGNATURE_VERSION
}
gitlab_configure_backup_gcs() {
@ -847,7 +836,7 @@ gitlab_configure_backups() {
GITLAB_BACKUP_ARCHIVE_PERMISSIONS
gitlab_configure_backups_schedule
if [[ ${AWS_BACKUPS} != true && ${GCS_BACKUPS} != true ]]; then
exec_as_git sed -i "/upload:/,/#end-gcs/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/\s\+upload:/,/#end-gcs/d" ${GITLAB_CONFIG}
return 0
fi
if [[ ${AWS_BACKUPS} == true && ${GCS_BACKUPS} == true ]]; then
@ -936,6 +925,42 @@ gitlab_configure_ci() {
}
gitlab_configure_artifacts() {
if [[ ${GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED} == true ]]; then
echo "Configuring gitlab::artifacts:object_store"
if [[ "${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER}" == "Google" ]]; then
echo " -> Google ARTIFACTS provider selected removing aws config"
exec_as_git sed -i "/#start-artifacts-aws/,/#end-artifacts-aws/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/#start-artifacts-gcs/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/#end-artifacts-gcs/d" ${GITLAB_CONFIG}
fi
if [[ "${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER}" == "AWS" ]]; then
echo " -> AWS ARTIFACTS provider selected removing Google config"
exec_as_git sed -i "/#start-artifacts-gcs/,/#end-artifacts-gcs/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/#start-artifacts-aws/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/#end-artifacts-aws/d" ${GITLAB_CONFIG}
fi
update_template ${GITLAB_CONFIG} \
GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED \
GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY \
GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD \
GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD \
GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD \
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER \
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID \
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY \
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_REGION \
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST \
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT \
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE \
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT \
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL \
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION
else
exec_as_git sed -i -e "/path: {{GITLAB_ARTIFACTS_DIR}}/{n;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;d;}" ${GITLAB_CONFIG}
fi
echo "Configuring gitlab::artifacts..."
update_template ${GITLAB_CONFIG} \
GITLAB_ARTIFACTS_ENABLED \
@ -943,12 +968,92 @@ gitlab_configure_artifacts() {
}
gitlab_configure_lfs() {
if [[ ${GITLAB_LFS_OBJECT_STORE_ENABLED} == true ]]; then
echo "Configuring gitlab::lfs:object_store"
if [[ "${GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER}" == "Google" ]]; then
echo " -> Google LFS provider selected removing aws config"
exec_as_git sed -i "/#start-lfs-aws/,/#end-lfs-aws/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/#start-lfs-gcs/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/#end-lfs-gcs/d" ${GITLAB_CONFIG}
fi
if [[ "${GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER}" == "AWS" ]]; then
echo " -> AWS LFS provider selected removing Google config"
exec_as_git sed -i "/#start-lfs-gcs/,/#end-lfs-gcs/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/#start-lfs-aws/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/#end-lfs-aws/d" ${GITLAB_CONFIG}
fi
update_template ${GITLAB_CONFIG} \
GITLAB_LFS_OBJECT_STORE_ENABLED \
GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY \
GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD \
GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD \
GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD \
GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER \
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID \
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY \
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_REGION \
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST \
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT \
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE \
GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT \
GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL \
GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION
else
exec_as_git sed -i -e "/path: {{GITLAB_LFS_OBJECTS_DIR}}/{n;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;d;}" ${GITLAB_CONFIG}
fi
echo "Configuring gitlab::lfs..."
update_template ${GITLAB_CONFIG} \
GITLAB_LFS_ENABLED \
GITLAB_LFS_OBJECTS_DIR
}
gitlab_configure_uploads() {
if [[ ${GITLAB_UPLOADS_OBJECT_STORE_ENABLED} == true ]]; then
echo "Configuring gitlab::uploads:object_store"
if [[ "${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER}" == "Google" ]]; then
echo " -> Google UPLOADS provider selected removing aws config"
exec_as_git sed -i "/#start-uploads-aws/,/#end-uploads-aws/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/#start-uploads-gcs/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/#end-uploads-gcs/d" ${GITLAB_CONFIG}
fi
if [[ "${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER}" == "AWS" ]]; then
echo " -> AWS UPLOADS provider selected removing Google config"
exec_as_git sed -i "/#start-uploads-gcs/,/#end-uploads-gcs/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/#start-uploads-aws/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/#end-uploads-aws/d" ${GITLAB_CONFIG}
fi
update_template ${GITLAB_CONFIG} \
GITLAB_UPLOADS_OBJECT_STORE_ENABLED \
GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY \
GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD \
GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD \
GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD \
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER \
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID \
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY \
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_REGION \
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST \
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT \
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE \
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT \
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL \
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION
else
exec_as_git sed -i -e "/base_dir: {{GITLAB_UPLOADS_BASE_DIR}}/{n;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;d;}" ${GITLAB_CONFIG}
fi
echo "Configuring gitlab::uploads..."
update_template ${GITLAB_CONFIG} \
GITLAB_UPLOADS_STORAGE_PATH \
GITLAB_UPLOADS_BASE_DIR
}
gitlab_configure_mattermost() {
echo "Configuring gitlab::mattermost..."
update_template ${GITLAB_CONFIG} \
@ -997,7 +1102,8 @@ gitlab_configure_pages(){
GITLAB_PAGES_DOMAIN \
GITLAB_PAGES_PORT \
GITLAB_PAGES_HTTPS \
GITLAB_PAGES_ARTIFACTS_SERVER
GITLAB_PAGES_ARTIFACTS_SERVER \
GITLAB_PAGES_ACCESS_CONTROL
if [[ -n ${GITLAB_PAGES_EXTERNAL_HTTP} ]]; then
update_template ${GITLAB_CONFIG} \
@ -1014,6 +1120,14 @@ gitlab_configure_pages(){
fi
}
gitlab_configure_sentry(){
echo "Configuring gitlab::sentry..."
update_template ${GITLAB_CONFIG} \
SENTRY_ENABLED \
SENTRY_DSN \
SENTRY_CLIENTSIDE_DSN \
SENTRY_ENVIRONMENT
}
nginx_configure_gitlab_ssl() {
if [[ ${GITLAB_HTTPS} == true && -f ${SSL_CERTIFICATE_PATH} && -f ${SSL_KEY_PATH} && -f ${SSL_DHPARAM_PATH} ]]; then
@ -1044,22 +1158,24 @@ nginx_configure_gitlab_hsts() {
fi
}
nginx_configure_gitlab_ipv6() {
if [[ ! -f /proc/net/if_inet6 ]]; then
# disable ipv6 support in nginx for gitlab
sed -i \
-e "/listen \[::\]:80/d" \
-e "/listen \[::\]:443/d" \
${GITLAB_NGINX_CONFIG}
# disable ipv6 support in nginx for pages
if [[ ${GITLAB_PAGES_ENABLED} == true ]]; then
sed -i \
-e "/listen \[::\]:80/d" \
-e "/listen \[::\]:443/d" \
${GITLAB_PAGES_NGINX_CONFIG}
fi
fi
}
nginx_configure_gitlab_ipv6() {
if [[ ! -f /proc/net/if_inet6 ]]; then
# disable ipv6 support in nginx for gitlab
sed -i \
-e "/listen \[::\]:80/d" \
-e "/listen \[::\]:443/d" \
${GITLAB_NGINX_CONFIG}
# disable ipv6 support in nginx for pages
if [[ ${GITLAB_PAGES_ENABLED} == true ]]; then
if [[ ${GITLAB_PAGES_NGINX_PROXY} == true ]]; then
sed -i \
-e "/listen \[::\]:80/d" \
-e "/listen \[::\]:443/d" \
${GITLAB_PAGES_NGINX_CONFIG}
fi
fi
fi
}
nginx_configure_gitlab_real_ip() {
if [[ ${NGINX_REAL_IP_RECURSIVE} == on && \
@ -1122,21 +1238,26 @@ nginx_configure_pages(){
local GITLAB_PAGES_DOMAIN=$(echo $GITLAB_PAGES_DOMAIN | sed 's/\./\\\\./g')
if [[ ${GITLAB_PAGES_ENABLED} == true ]]; then
echo "Configuring nginx::gitlab-pages..."
if [[ ${GITLAB_PAGES_HTTPS} == true ]]; then
update_template ${GITLAB_PAGES_NGINX_CONFIG} \
GITLAB_PORT \
GITLAB_PAGES_DOMAIN \
GITLAB_PAGES_PORT \
GITLAB_LOG_DIR \
GITLAB_PAGES_DOMAIN \
SSL_PAGES_CERT_PATH \
SSL_PAGES_KEY_PATH \
SSL_DHPARAM_PATH \
GITLAB_LOG_DIR
if [[ ${GITLAB_PAGES_NGINX_PROXY} == true ]]; then
if [[ ${GITLAB_PAGES_HTTPS} == true ]]; then
update_template ${GITLAB_PAGES_NGINX_CONFIG} \
GITLAB_PORT \
GITLAB_PAGES_DOMAIN \
GITLAB_PAGES_PORT \
GITLAB_LOG_DIR \
GITLAB_PAGES_DOMAIN \
SSL_PAGES_CERT_PATH \
SSL_PAGES_KEY_PATH \
SSL_DHPARAM_PATH \
GITLAB_LOG_DIR
else
update_template ${GITLAB_PAGES_NGINX_CONFIG} \
GITLAB_PAGES_DOMAIN \
GITLAB_LOG_DIR
fi
else
update_template ${GITLAB_PAGES_NGINX_CONFIG} \
GITLAB_PAGES_DOMAIN \
GITLAB_LOG_DIR
echo "Gitlab pages nginx proxy disabled"
echo "Assuming custom domain setup with own HTTP(S) load balancer'"
fi
fi
}
@ -1253,7 +1374,9 @@ initialize_datadir() {
# create the backups directory
mkdir -p ${GITLAB_BACKUP_DIR}
chown ${GITLAB_USER}: ${GITLAB_BACKUP_DIR}
if [[ ${GITLAB_BACKUP_DIR_CHOWN} == true ]]; then
chown ${GITLAB_USER}: ${GITLAB_BACKUP_DIR}
fi
# create the uploads directory
mkdir -p ${GITLAB_DATA_DIR}/uploads
@ -1335,10 +1458,9 @@ generate_ssh_key() {
}
generate_ssh_host_keys() {
sed -i "s|HostKey /etc/ssh/|HostKey ${GITLAB_DATA_DIR}/ssh/|g" /etc/ssh/sshd_config
sed -i "s|#HostKey /etc/ssh/|HostKey ${GITLAB_DATA_DIR}/ssh/|g" /etc/ssh/sshd_config
if [[ ! -e ${GITLAB_DATA_DIR}/ssh/ssh_host_rsa_key ]]; then
echo -n "Generating OpenSSH host keys... "
generate_ssh_key rsa1 ${GITLAB_DATA_DIR}/ssh/ssh_host_key
generate_ssh_key rsa ${GITLAB_DATA_DIR}/ssh/ssh_host_rsa_key
generate_ssh_key dsa ${GITLAB_DATA_DIR}/ssh/ssh_host_dsa_key
generate_ssh_key ecdsa ${GITLAB_DATA_DIR}/ssh/ssh_host_ecdsa_key
@ -1401,11 +1523,21 @@ install_configuration_templates() {
## ${GITLAB_PAGES_NGINX_CONFIG}
if [[ ${GITLAB_PAGES_ENABLED} == true ]]; then
if [[ ${GITLAB_PAGES_HTTPS} == true && -f ${SSL_PAGES_CERT_PATH} && -f ${SSL_PAGES_KEY_PATH} ]]; then
install_template root: nginx/gitlab-pages-ssl ${GITLAB_PAGES_NGINX_CONFIG}
if [[ ${GITLAB_PAGES_NGINX_PROXY} == true ]]; then
install_template root: nginx/gitlab-pages-ssl ${GITLAB_PAGES_NGINX_CONFIG}
else
echo "Gitlab pages nginx proxy disabled"
echo "Assuming custom domain setup with own HTTP(S) load balancer'"
fi
else
echo "SSL Key, SSL Certificate were not found."
echo "Assuming that the container is running behind a HTTPS enabled load balancer."
install_template root: nginx/gitlab-pages ${GITLAB_PAGES_NGINX_CONFIG}
if [[ ${GITLAB_PAGES_NGINX_PROXY} == true ]]; then
echo "SSL Key, SSL Certificate were not found."
echo "Assuming that the container is running behind a HTTPS enabled load balancer."
install_template root: nginx/gitlab-pages ${GITLAB_PAGES_NGINX_CONFIG}
else
echo "Gitlab pages nginx proxy disabled"
echo "Assuming custom domain setup with own HTTP(S) load balancer'"
fi
fi
fi
@ -1443,9 +1575,11 @@ configure_gitlab() {
GITLAB_SSH_HOST \
GITLAB_SSH_PORT \
GITLAB_SIGNUP_ENABLED \
GITLAB_IMPERSONATION_ENABLED \
GITLAB_PROJECTS_LIMIT \
GITLAB_USERNAME_CHANGE \
GITLAB_CREATE_GROUP
GITLAB_DEFAULT_THEME \
GITLAB_CREATE_GROUP
gitlab_configure_database
gitlab_configure_redis
@ -1462,6 +1596,7 @@ configure_gitlab() {
gitlab_configure_ci
gitlab_configure_artifacts
gitlab_configure_lfs
gitlab_configure_uploads
gitlab_configure_mattermost
gitlab_configure_project_features
gitlab_configure_mail_delivery
@ -1474,6 +1609,7 @@ configure_gitlab() {
gitlab_configure_backups
gitlab_configure_registry
gitlab_configure_pages
gitlab_configure_sentry
# remove stale gitlab.socket
rm -rf ${GITLAB_INSTALL_DIR}/tmp/sockets/gitlab.socket
@ -1522,6 +1658,20 @@ cat >> /etc/supervisor/conf.d/gitlab-pages.conf <<EOF
EOF
fi
if [[ ${GITLAB_PAGES_ACCESS_CONTROL} == true ]]; then
if [[ -z ${GITLAB_PAGES_ACCESS_SECRET} ]]; then
GITLAB_PAGES_ACCESS_SECRET=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40 ; echo '')
fi
cat >> /etc/supervisor/conf.d/gitlab-pages.conf <<EOF
-auth-server ${GITLAB_PAGES_ACCESS_CONTROL_SERVER}
-auth-secret ${GITLAB_PAGES_ACCESS_SECRET}
-auth-client-id ${GITLAB_PAGES_ACCESS_CLIENT_ID}
-auth-client-secret ${GITLAB_PAGES_ACCESS_CLIENT_SECRET}
-auth-redirect-uri ${GITLAB_PAGES_ACCESS_REDIRECT_URI}
EOF
fi
cat >> /etc/supervisor/conf.d/gitlab-pages.conf <<EOF
user=git
autostart=true
@ -1547,16 +1697,9 @@ configure_nginx() {
migrate_database() {
# run the `gitlab:setup` rake task if required
case ${DB_ADAPTER} in
mysql2)
QUERY="SELECT count(*) FROM information_schema.tables WHERE table_schema = '${DB_NAME}';"
COUNT=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} ${DB_PASS:+-p$DB_PASS} -ss -e "${QUERY}")
;;
postgresql)
QUERY="SELECT count(*) FROM information_schema.tables WHERE table_schema = 'public';"
COUNT=$(PGPASSWORD="${DB_PASS}" psql -h ${DB_HOST} -p ${DB_PORT} -U ${DB_USER} -d ${DB_NAME} -Atw -c "${QUERY}")
;;
esac
QUERY="SELECT count(*) FROM information_schema.tables WHERE table_schema = 'public';"
COUNT=$(PGPASSWORD="${DB_PASS}" psql -h ${DB_HOST} -p ${DB_PORT} -U ${DB_USER} -d ${DB_NAME} -Atw -c "${QUERY}")
if [[ -z ${COUNT} || ${COUNT} -eq 0 ]]; then
echo "Setting up GitLab for firstrun. Please be patient, this could take a while..."
@ -1596,10 +1739,6 @@ migrate_database() {
echo "Migrating database..."
exec_as_git bundle exec rake db:migrate >/dev/null
if [[ ${DB_ADAPTER} == mysql2 ]]; then
exec_as_git bundle exec rake add_limits_mysql >/dev/null
fi
echo "${GITLAB_VERSION}" > ${GITLAB_TEMP_DIR}/VERSION
rm -rf ${GITLAB_TEMP_DIR}/GITLAB_RELATIVE_URL_ROOT # force cache cleanup
fi
@ -1610,7 +1749,7 @@ migrate_database() {
# assets need to be recompiled when GITLAB_RELATIVE_URL_ROOT is used
if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then
echo "Recompiling assets (relative_url in use), this could take a while..."
exec_as_git bundle exec rake gitlab:assets:compile >/dev/null 2>&1
exec_as_git bundle exec rake gitlab:assets:compile NODE_OPTIONS="--max-old-space-size=4096" >/dev/null 2>&1
fi
echo "Clearing cache..."
@ -1625,7 +1764,16 @@ execute_raketask() {
return 1
fi
if [[ ${1} == gitlab:backup:create ]]; then
/usr/bin/supervisord -c /etc/supervisor/supervisord.conf
supervisorctl stop gitlab_extensions:*
supervisorctl stop gitlab:*
fi
if [[ ${1} == gitlab:backup:restore ]]; then
/usr/bin/supervisord -c /etc/supervisor/supervisord.conf
supervisorctl stop gitlab_extensions:*
supervisorctl stop gitlab:*
interactive=true
for arg in $@
do
@ -1646,7 +1794,7 @@ execute_raketask() {
echo
for b in $(ls ${GITLAB_BACKUP_DIR} | grep _gitlab_backup | sort -r)
do
echo "‣ $b (created at $(date --date="@${b%%_gitlab_backup.tar}" +'%d %b, %G - %H:%M:%S %Z'))"
echo "‣ $b (created at $(date --date="@${b%%_*_gitlab_backup.tar}" +'%d %b, %G - %H:%M:%S %Z'))"
done
echo

15
ci/gitlab
View File

@ -1,15 +0,0 @@
#!/bin/sh
set -e
VERSION=$(cat VERSION)
DOCKER_REGISTRY_HOST=${DOCKER_REGISTRY_HOST:-hub.docker.com}
DOCKER_IMAGE=${DOCKER_IMAGE:-sameersbn/gitlab}
docker build -t $DOCKER_IMAGE .
docker tag $DOCKER_IMAGE $DOCKER_REGISTRY_HOST/$DOCKER_IMAGE:latest
docker tag $DOCKER_IMAGE $DOCKER_REGISTRY_HOST/$DOCKER_IMAGE:$VERSION
docker push $DOCKER_REGISTRY_HOST/$DOCKER_IMAGE:latest
docker push $DOCKER_REGISTRY_HOST/$DOCKER_IMAGE:$VERSION

164
contrib/docker-swarm/docker-compose.yml Normal file
View File

@ -0,0 +1,164 @@
version: '3.4'
services:
redis:
restart: always
image: sameersbn/redis:4.0.9-2
command:
- --loglevel warning
volumes:
- /srv/docker/gitlab/redis:/var/lib/redis:Z
postgresql:
restart: always
image: sameersbn/postgresql:9.6-2
volumes:
- /srv/docker/gitlab/postgresql:/var/lib/postgresql:Z
environment:
- DB_USER=gitlab
- DB_PASS=password
- DB_NAME=gitlabhq_production
- DB_EXTENSION=pg_trgm
gitlab:
restart: always
image: sameersbn/gitlab:10.7.2
depends_on:
- redis
- postgresql
ports:
- "10080:80"
- "10022:22"
volumes:
- /srv/docker/gitlab/gitlab:/home/git/data:Z
configs:
- gitlab-configs
secrets:
- gitlab-secrets
environment:
- DEBUG=false
- DB_ADAPTER=postgresql
- DB_HOST=postgresql
- DB_PORT=5432
- DB_USER=gitlab
- DB_PASS=password
- DB_NAME=gitlabhq_production
- REDIS_HOST=redis
- REDIS_PORT=6379
- TZ=Asia/Kolkata
- GITLAB_TIMEZONE=Kolkata
- GITLAB_HTTPS=false
- SSL_SELF_SIGNED=false
- GITLAB_HOST=localhost
- GITLAB_PORT=10080
- GITLAB_SSH_PORT=10022
- GITLAB_RELATIVE_URL_ROOT=
- GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alphanumeric-string
- GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alphanumeric-string
- GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alphanumeric-string
- GITLAB_ROOT_PASSWORD=
- GITLAB_ROOT_EMAIL=
- GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
- GITLAB_NOTIFY_PUSHER=false
- GITLAB_EMAIL=notifications@example.com
- GITLAB_EMAIL_REPLY_TO=noreply@example.com
- GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com
- GITLAB_BACKUP_SCHEDULE=daily
- GITLAB_BACKUP_TIME=01:00
- SMTP_ENABLED=false
- SMTP_DOMAIN=www.example.com
- SMTP_HOST=smtp.gmail.com
- SMTP_PORT=587
- SMTP_USER=mailer@example.com
- SMTP_PASS=password
- SMTP_STARTTLS=true
- SMTP_AUTHENTICATION=login
- IMAP_ENABLED=false
- IMAP_HOST=imap.gmail.com
- IMAP_PORT=993
- IMAP_USER=mailer@example.com
- IMAP_PASS=password
- IMAP_SSL=true
- IMAP_STARTTLS=false
- OAUTH_ENABLED=false
- OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
- OAUTH_ALLOW_SSO=
- OAUTH_BLOCK_AUTO_CREATED_USERS=true
- OAUTH_AUTO_LINK_LDAP_USER=false
- OAUTH_AUTO_LINK_SAML_USER=false
- OAUTH_EXTERNAL_PROVIDERS=
- OAUTH_CAS3_LABEL=cas3
- OAUTH_CAS3_SERVER=
- OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
- OAUTH_CAS3_LOGIN_URL=/cas/login
- OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
- OAUTH_CAS3_LOGOUT_URL=/cas/logout
- OAUTH_GOOGLE_API_KEY=
- OAUTH_GOOGLE_APP_SECRET=
- OAUTH_GOOGLE_RESTRICT_DOMAIN=
- OAUTH_FACEBOOK_API_KEY=
- OAUTH_FACEBOOK_APP_SECRET=
- OAUTH_TWITTER_API_KEY=
- OAUTH_TWITTER_APP_SECRET=
- OAUTH_GITHUB_API_KEY=
- OAUTH_GITHUB_APP_SECRET=
- OAUTH_GITHUB_URL=
- OAUTH_GITHUB_VERIFY_SSL=
- OAUTH_GITLAB_API_KEY=
- OAUTH_GITLAB_APP_SECRET=
- OAUTH_BITBUCKET_API_KEY=
- OAUTH_BITBUCKET_APP_SECRET=
- OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
- OAUTH_SAML_IDP_CERT_FINGERPRINT=
- OAUTH_SAML_IDP_SSO_TARGET_URL=
- OAUTH_SAML_ISSUER=
- OAUTH_SAML_LABEL="Our SAML Provider"
- OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
- OAUTH_SAML_GROUPS_ATTRIBUTE=
- OAUTH_SAML_EXTERNAL_GROUPS=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=
- OAUTH_CROWD_SERVER_URL=
- OAUTH_CROWD_APP_NAME=
- OAUTH_CROWD_APP_PASSWORD=
- OAUTH_AUTH0_CLIENT_ID=
- OAUTH_AUTH0_CLIENT_SECRET=
- OAUTH_AUTH0_DOMAIN=
- OAUTH_AUTH0_SCOPE=
- OAUTH_AZURE_API_KEY=
- OAUTH_AZURE_API_SECRET=
- OAUTH_AZURE_TENANT_ID=
configs:
gitlab-configs:
file: ./gitlab.configs
secrets:
gitlab-secrets:
file: ./gitlab.secrets

3
contrib/docker-swarm/gitlab.configs Normal file
View File

@ -0,0 +1,3 @@
# config file to be sourced on startup - will over-ride any env set in the docker-compose.yml
TEST=none

13
contrib/docker-swarm/gitlab.secrets Normal file
View File

@ -0,0 +1,13 @@
# config file to be sourced on startup - will over-ride any env set in the docker-compose.yml
LDAP_ENABLED=true
LDAP_LABEL="LDAP login"
LDAP_HOST=pool.ldap.example.com
LDAP_PORT=3268
LDAP_BIND_DN=the-ldap
LDAP_PASS=no-not-really
LDAP_BASE=ou=People,dc=example,dc=com
#LDAP_LOWERCASE_USERNAMES=true
##LDAP_USER_FILTER=uid={login}
##LDAP_UID=
#

33
contrib/expose-gitlab-ssh-port.sh Normal file
View File

@ -0,0 +1,33 @@
#!/usr/bin/env bash
set -ev
GITLAB_USERGROUP=${GITLAB_USERGROUP:-1010}
GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-9922}
if ! id -u git >> /dev/null 2>&1; then
groupadd -g ${GITLAB_USERGROUP} git
useradd -m -u ${GITLAB_USERGROUP} -g git -s /bin/sh -d /home/git git
fi
su git -c "mkdir -p /home/git/.ssh/"
su git -c "if [ ! -f /home/git/.ssh/id_rsa ]; then ssh-keygen -t rsa -b 4096 -N \"\" -f /home/git/.ssh/id_rsa; fi"
su git -c "if [ -f /home/git/.ssh/id_rsa.pub ]; then mv /home/git/.ssh/id_rsa.pub /home/git/.ssh/authorized_keys_proxy; fi"
mkdir -p /home/git/gitlab-shell/bin/
rm -f /home/git/gitlab-shell/bin/gitlab-shell
tee -a /home/git/gitlab-shell/bin/gitlab-shell > /dev/null <<EOF
#!/bin/sh
ssh -i /home/git/.ssh/id_rsa -p ${GITLAB_SSH_PORT} -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"\$SSH_ORIGINAL_COMMAND\" \$0 \$@"
EOF
chown git:git /home/git/gitlab-shell/bin/gitlab-shell
chmod u+x /home/git/gitlab-shell/bin/gitlab-shell
mkdir -p /var/lib/gitlab/data/.ssh/
chown git:git -R /var/lib/gitlab/data/.ssh/
chown git:git -R /home/git/.ssh
su git -c "touch /var/lib/gitlab/data/.ssh/authorized_keys"
rm -f /home/git/.ssh/authorized_keys
su git -c "ln -s /var/lib/gitlab/data/.ssh/authorized_keys /home/git/.ssh/authorized_keys"
echo "Next start GitLab container"

19
docker-compose.yml
View File

@ -3,17 +3,17 @@ version: '2'
services:
redis:
restart: always
image: sameersbn/redis:latest
image: sameersbn/redis:4.0.9-2
command:
- --loglevel warning
volumes:
- /srv/docker/gitlab/redis:/var/lib/redis:Z
- redis-data:/var/lib/redis:Z
postgresql:
restart: always
image: sameersbn/postgresql:9.6-2
image: sameersbn/postgresql:10-2
volumes:
- /srv/docker/gitlab/postgresql:/var/lib/postgresql:Z
- postgresql-data:/var/lib/postgresql:Z
environment:
- DB_USER=gitlab
- DB_PASS=password
@ -22,7 +22,7 @@ services:
gitlab:
restart: always
image: sameersbn/gitlab:10.3.6
image: sameersbn/gitlab:12.5.5
depends_on:
- redis
- postgresql
@ -30,7 +30,7 @@ services:
- "10080:80"
- "10022:22"
volumes:
- /srv/docker/gitlab/gitlab:/home/git/data:Z
- gitlab-data:/home/git/data:Z
environment:
- DEBUG=false
@ -134,6 +134,7 @@ services:
- OAUTH_SAML_EXTERNAL_GROUPS=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=
@ -144,7 +145,13 @@ services:
- OAUTH_AUTH0_CLIENT_ID=
- OAUTH_AUTH0_CLIENT_SECRET=
- OAUTH_AUTH0_DOMAIN=
- OAUTH_AUTH0_SCOPE=
- OAUTH_AZURE_API_KEY=
- OAUTH_AZURE_API_SECRET=
- OAUTH_AZURE_TENANT_ID=
volumes:
redis-data:
postgresql-data:
gitlab-data:

14
docs/container_registry.md
View File

@ -284,7 +284,7 @@ docker stop registry gitlab && docker rm registry gitlab
Execute the rake task with a removeable container.
```bash
docker run --name gitlab -it --rm [OPTIONS] \
sameersbn/gitlab:10.3.6 app:rake gitlab:backup:create
sameersbn/gitlab:12.5.5 app:rake gitlab:backup:create
```
## Restoring Backups
@ -300,7 +300,7 @@ Execute the rake task to restore a backup. Make sure you run the container in in
```bash
docker run --name gitlab -it --rm [OPTIONS] \
sameersbn/gitlab:10.3.6 app:rake gitlab:backup:restore
sameersbn/gitlab:12.5.5 app:rake gitlab:backup:restore
```
The list of all available backups will be displayed in reverse chronological order. Select the backup you want to restore and continue.
@ -309,7 +309,7 @@ To avoid user interaction in the restore operation, specify the timestamp of the
```bash
docker run --name gitlab -it --rm [OPTIONS] \
sameersbn/gitlab:10.3.6 app:rake gitlab:backup:restore BACKUP=1417624827
sameersbn/gitlab:12.5.5 app:rake gitlab:backup:restore BACKUP=1417624827
```
# Upgrading from an existing GitLab installation
@ -320,7 +320,7 @@ If you want enable this feature for an existing instance of GitLab you need to d
- **Step 1**: Update the docker image.
```bash
docker pull sameersbn/gitlab:10.3.6
docker pull sameersbn/gitlab:12.5.5
```
- **Step 2**: Stop and remove the currently running image
@ -373,14 +373,14 @@ docker run --name gitlab -d [PREVIOUS_OPTIONS] \
--env 'GITLAB_REGISTRY_CERT_PATH=/certs/registry-auth.crt' \
--env 'GITLAB_REGISTRY_KEY_PATH=/certs/registry-auth.key' \
--link registry:registry
sameersbn/gitlab:10.3.6
sameersbn/gitlab:12.5.5
```
[wildcard certificate]: https://en.wikipedia.org/wiki/Wildcard_certificate
[ce-4040]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4040
[ce-4040]: https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/4040
[docker-insecure]: https://docs.docker.com/registry/insecure/
[registry-deploy]: https://docs.docker.com/registry/deploying/
[storage-config]: https://docs.docker.com/registry/configuration/#storage
[token-config]: https://docs.docker.com/registry/configuration/#token
[8-8-docs]: https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/doc/administration/container_registry.md
[8-8-docs]: https://gitlab.com/gitlab-org/gitlab-foss/blob/8-8-stable/doc/administration/container_registry.md

2
docs/docker-compose-registry.yml
View File

@ -3,7 +3,7 @@ version: '2'
services:
redis:
restart: always
image: sameersbn/redis:latest
image: sameersbn/redis:4.0.9-2
command:
- --loglevel warning
volumes:

8
docs/exposing-ssh-port.md Normal file
View File

@ -0,0 +1,8 @@
# Exposing ssh port in dockerized gitlab-ce
This is how to expose this internal ssh port without affecting the existing ssh port on the host server:
* use this configuration script: [`../contrib/expose-gitlab-ssh-port.sh`](../contrib/expose-gitlab-ssh-port.sh)
* see implementation example in Vagrant: [harobed/docker-gitlab-vagrant-test
](https://github.com/harobed/docker-gitlab-vagrant-test)
* more information, see [« Exposing ssh port in dockerized gitlab-ce »](https://blog.xiaket.org/2017/exposing.ssh.port.in.dockerized.gitlab-ce.html) post

7
docs/s3_compatible_storage.md
View File

@ -72,7 +72,7 @@ version: '2'
services:
redis:
restart: always
image: sameersbn/redis:latest
image: sameersbn/redis:4.0.9-2
command:
- --loglevel warning
volumes:
@ -80,7 +80,7 @@ services:
postgresql:
restart: always
image: sameersbn/postgresql:9.6-2
image: sameersbn/postgresql:10-2
volumes:
- /tmp/docker/gitlab/postgresql:/var/lib/postgresql:Z
environment:
@ -184,6 +184,7 @@ services:
- OAUTH_SAML_EXTERNAL_GROUPS=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=
- OAUTH_CROWD_SERVER_URL=
@ -192,6 +193,7 @@ services:
- OAUTH_AUTH0_CLIENT_ID=
- OAUTH_AUTH0_CLIENT_SECRET=
- OAUTH_AUTH0_DOMAIN=
- OAUTH_AUTH0_SCOPE=
- OAUTH_AZURE_API_KEY=
- OAUTH_AZURE_API_SECRET=
- OAUTH_AZURE_TENANT_ID=
@ -236,4 +238,3 @@ To avoid user interaction in the restore operation, specify the timestamp of the
docker run --name gitlab -it --rm [OPTIONS] \
sameersbn/gitlab:8.16.4 app:rake gitlab:backup:restore BACKUP=1417624827
```

12
entrypoint.sh
View File

@ -1,6 +1,8 @@
#!/bin/bash
set -e
source ${GITLAB_RUNTIME_DIR}/functions
set -o pipefail
source "${GITLAB_RUNTIME_DIR}/functions"
[[ $DEBUG == true ]] && set -x
@ -15,7 +17,13 @@ case ${1} in
case ${1} in
app:start)
/usr/bin/supervisord -nc /etc/supervisor/supervisord.conf &
SUPERVISOR_PID=$!
migrate_database
kill -15 $SUPERVISOR_PID
if ps h -p $SUPERVISOR_PID > /dev/null ; then
wait $SUPERVISOR_PID || true
fi
rm -rf /var/run/supervisor.sock
exec /usr/bin/supervisord -nc /etc/supervisor/supervisord.conf
;;
@ -27,7 +35,7 @@ case ${1} in
;;
app:rake)
shift 1
execute_raketask $@
execute_raketask "$@"
;;
esac
;;

12
hooks/build Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash
# Docker Daemon Build Hook
# $IMAGE_NAME var is injected into the build so the tag is correct.
docker pull ${DOCKER_REPO}:latest
docker build \
--cache-from=${DOCKER_REPO}:latest \
--build-arg=BUILD_DATE="$(date +"%Y-%m-%d %H:%M:%S%:z")" \
--build-arg=VCS_REF="$(git rev-parse --short HEAD)" \
-t ${IMAGE_NAME} .

4
kubernetes/deploy.sh
View File

@ -1,6 +1,8 @@
#!/bin/bash
set -e
set -o pipefail
if ! which -s kubectl; then
if ! command -v kubectl > /dev/null; then
echo "kubectl command not installed"
exit 1
fi

2
kubernetes/gitlab-rc.yml
View File

@ -14,7 +14,7 @@ spec:
spec:
containers:
- name: gitlab
image: sameersbn/gitlab:10.3.6
image: sameersbn/gitlab:12.5.5
env:
- name: TZ
value: Asia/Kolkata

2
kubernetes/postgresql-rc.yml
View File

@ -14,7 +14,7 @@ spec:
spec:
containers:
- name: postgresql
image: sameersbn/postgresql:9.6-2
image: sameersbn/postgresql:10-2
env:
- name: DB_USER
value: gitlab

4
kubernetes/teardown.sh
View File

@ -1,6 +1,8 @@
#!/bin/bash
set -e
set -o pipefail
if ! which -s kubectl; then
if ! command -v kubectl > /dev/null; then
echo "kubectl command not installed"
exit 1
fi