sameersbn/gitlab:17.3.0

Introduction
- Changelog
Contributing
Team
Issues
Announcements
Prerequisites
Installation
Quick Start
Configuration
Maintenance
Monitoring
- Health Check
Container Registry
Deploy in Docker Swarm mode, with HTTPS handled by Traefik proxy and Docker Registry
References

Introduction

Dockerfile to build a GitLab image for the Docker opensource container platform.

GitLab CE is set up in the Docker image using the install from source method as documented in the official GitLab documentation.

For other methods to install GitLab please refer to the Official GitLab Installation Guide which includes a GitLab image for Docker.

Contributing

If you find this image useful here's how you can help:

Send a Pull Request with your awesome new features and bug fixes
Be a part of the community and help resolve Issues
Support the development of this image with a donation

Team

Niclas Mietz (solidnerd)
Sameer Naik (sameersbn)

See Contributors for the complete list developers that have contributed to this project.

Issues

Docker is actively being developed and tested by a thriving community of developers and testers and every release of Docker features many enhancements and bugfixes.

Given the nature of the development and release cycle it is very important that you have the latest version of Docker installed because any issue that you encounter might have already been fixed with a newer Docker release.

Install the most recent version of the Docker Engine for your platform using the official Docker releases, which can also be installed using:

wget -qO- https://get.docker.com/ | sh

Fedora and RHEL/CentOS users should try disabling selinux with setenforce 0 and check if resolves the issue. If it does than there is not much that I can help you with. You can either stick with selinux disabled (not recommended by redhat) or switch to using ubuntu.

You may also set DEBUG=true to enable debugging of the entrypoint script, which could help you pinpoint any configuration issues.

If using the latest docker version and/or disabling selinux does not fix the issue then please file an issue request on the issues page.

In your issue report please make sure you provide the following information:

The host distribution and release version.
Output of the docker version command
Output of the docker info command
The docker run command you used to run the image (mask out the sensitive bits).

Prerequisites

Your docker host needs to have 1GB or more of available RAM to run GitLab. Please refer to the GitLab hardware requirements documentation for additional information.

Installation

Automated builds of the image are available on Dockerhub and is the recommended method of installation.

docker pull sameersbn/gitlab:17.3.0

You can also pull the latest tag which is built from the repository HEAD

docker pull sameersbn/gitlab:latest

Alternatively you can build the image locally.

docker build -t sameersbn/gitlab github.com/sameersbn/docker-gitlab

Quick Start

The quickest way to get started is using docker-compose.

wget https://raw.githubusercontent.com/sameersbn/docker-gitlab/master/docker-compose.yml

Generate random strings that are at least 64 characters long for each of GITLAB_SECRETS_OTP_KEY_BASE, GITLAB_SECRETS_DB_KEY_BASE, GITLAB_SECRETS_SECRET_KEY_BASE, GITLAB_SECRETS_ENCRYPTED_SETTINGS_KEY_BASE. These values are used for the following:

GITLAB_SECRETS_OTP_KEY_BASE is used to encrypt 2FA secrets in the database. If you lose or rotate this secret, none of your users will be able to log in using 2FA.
GITLAB_SECRETS_DB_KEY_BASE is used to encrypt CI secret variables, as well as import credentials, in the database. If you lose or rotate this secret, you will not be able to use existing CI secrets.
GITLAB_SECRETS_SECRET_KEY_BASE is used for password reset links, and other 'standard' auth features. If you lose or rotate this secret, password reset tokens in emails will reset.
GITLAB_SECRETS_ENCRYPTED_SETTINGS_KEY_BASE is used for reading settings from encrypted files such as SMTP or LDAP credentials.

Tip: You can generate a random string using pwgen -Bsv1 64 and assign it as the value of GITLAB_SECRETS_DB_KEY_BASE.

Start GitLab using:

docker-compose up

Alternatively, you can manually launch the gitlab container and the supporting postgresql and redis containers by following this three step guide.

Step 1. Launch a postgresql container

docker run --name gitlab-postgresql -d \
    --env 'DB_NAME=gitlabhq_production' \
    --env 'DB_USER=gitlab' --env 'DB_PASS=password' \
    --env 'DB_EXTENSION=pg_trgm,btree_gist' \
    --volume /srv/docker/gitlab/postgresql:/var/lib/postgresql \
    sameersbn/postgresql:14-20230628

Step 2. Launch a redis container

docker run --name gitlab-redis -d \
    --volume /srv/docker/gitlab/redis:/data \
    redis:6.2

Step 3. Launch the gitlab container

docker run --name gitlab -d \
    --link gitlab-postgresql:postgresql --link gitlab-redis:redisio \
    --publish 10022:22 --publish 10080:80 \
    --env 'GITLAB_PORT=10080' --env 'GITLAB_SSH_PORT=10022' \
    --env 'GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alpha-numeric-string' \
    --env 'GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alpha-numeric-string' \
    --env 'GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alpha-numeric-string' \
    --env 'GITLAB_SECRETS_ENCRYPTED_SETTINGS_KEY_BASE=long-and-random-alpha-numeric-string' \
    --volume /srv/docker/gitlab/gitlab:/home/git/data \
    sameersbn/gitlab:17.3.0

Please refer to Available Configuration Parameters to understand GITLAB_PORT and other configuration options

NOTE: Please allow a couple of minutes for the GitLab application to start.

Point your browser to http://localhost:10080 and set a password for the root user account.

You should now have the GitLab application up and ready for testing. If you want to use this image in production then please read on.

The rest of the document will use the docker command line. You can quite simply adapt your configuration into a docker-compose.yml file if you wish to do so.

Configuration

Data Store

GitLab is a code hosting software and as such you don't want to lose your code when the docker container is stopped/deleted. To avoid losing any data, you should mount a volume at,

/home/git/data

Note: that if you are using the docker-compose approach, you must "inspect" the volumes (docker volume inspect) to check the mounted path.

SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.

mkdir -p /srv/docker/gitlab/gitlab
sudo chcon -Rt svirt_sandbox_file_t /srv/docker/gitlab/gitlab

Volumes can be mounted in docker by specifying the -v option in the docker run command.

docker run --name gitlab -d \
    --volume /srv/docker/gitlab/gitlab:/home/git/data \
    sameersbn/gitlab:17.3.0

Database

GitLab uses a database backend to store its data. You can configure this image to use PostgreSQL.

Note: GitLab requires PostgreSQL now. So use an older image < 12.1 or migrate to PostgresSQL

PostgreSQL

Important note: This image is shipped with different versions of the postgresql-client.

During the startup of the container, the major version of the database system is checked based on the specified connection destination. Only the version of the postgresql-client, that matches the major version of the Postgres database is used. If the major version of any version of the included clients does not match, the latest client is used (but may cause issues). All other versions of the postgresql-client are deleted at runtime.

This behavior can be checked using the command docker logs and an output like the following should be available:

…
Configuring gitlab::database
- Installing postgresql client to avoid version mismatch on dumping
-- Detected server version: 140007
- Generating /home/git/.postgresqlrc
14 postgresql:5432 gitlabhq_production
- Uninstalling unused client(s): postgresql-client-12 postgresql-client-13 postgresql-client-15
…

Please note furthermore, that only compatible versions of the postgresql-client to GitLab are shipped with this image. Currently, these belong to

postgresql-client-13,
postgresql-client-14,
and postgresql-client-15.

NOTE: Version 13.7.0 and later requires PostgreSQL version 12.x. Version 16.0.0 and later requires PostgreSQL version 13.x

External PostgreSQL Server

The image also supports using an external PostgreSQL Server. This is also controlled via environment variables.

CREATE ROLE gitlab with LOGIN CREATEDB PASSWORD 'password';
CREATE DATABASE gitlabhq_production;
GRANT ALL PRIVILEGES ON DATABASE gitlabhq_production to gitlab;

Additionally, since GitLab 8.6.0 the pg_trgm extension should also be loaded for the gitlabhq_production database.

We are now ready to start the GitLab application.

Note: The following applies assuming that the PostgreSQL server host is 192.168.1.100.

docker run --name gitlab -d \
    --env 'DB_HOST=192.168.1.100' \
    --env 'DB_NAME=gitlabhq_production' \
    --env 'DB_USER=gitlab' --env 'DB_PASS=password' \
    --volume /srv/docker/gitlab/gitlab:/home/git/data \
    sameersbn/gitlab:17.3.0

Linking to PostgreSQL Container

You can link this image with a postgresql container for the database requirements. The alias of the postgresql server container should be set to postgresql while linking with the gitlab image.

If a postgresql container is linked, only the DB_HOST and DB_PORT settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the DB_NAME, DB_USER, DB_PASS and so on.

To illustrate linking with a postgresql container, we will use the sameersbn/postgresql image. When using postgresql image in production you should mount a volume for the postgresql data store. Please refer the README of docker-postgresql for details.

First, let's pull the postgresql image from the docker index.

docker pull sameersbn/postgresql:14-20230628

For data persistence lets create a store for the postgresql and start the container.

SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.

mkdir -p /srv/docker/gitlab/postgresql
sudo chcon -Rt svirt_sandbox_file_t /srv/docker/gitlab/postgresql

The run command looks like this.

docker run --name gitlab-postgresql -d \
    --env 'DB_NAME=gitlabhq_production' \
    --env 'DB_USER=gitlab' --env 'DB_PASS=password' \
    --env 'DB_EXTENSION=pg_trgm' \
    --volume /srv/docker/gitlab/postgresql:/var/lib/postgresql \
    sameersbn/postgresql:14-20230628

The above command will create a database named gitlabhq_production and also create a user named gitlab with the password password with access to the gitlabhq_production database.

We are now ready to start the GitLab application.

docker run --name gitlab -d --link gitlab-postgresql:postgresql \
    --volume /srv/docker/gitlab/gitlab:/home/git/data \
    sameersbn/gitlab:17.3.0

Here the image will also automatically fetch the DB_NAME, DB_USER and DB_PASS variables from the postgresql container as they are specified in the docker run command for the postgresql container. This is made possible using the magic of docker links and works with the following images:

Upgrading PostgreSQL

When this Gitlab image upgrades its dependency on specific version of PostgreSQL you will need to make sure to use corresponding version of PostgreSQL.

If you are setting a brand new install, there is no data migration involved. However, if you already have an existing setup, the PostgreSQL data will