commit 69a337ac108b0a927ba5ea8762a93715d7c7933a Author: pashko Date: Fri Sep 12 11:43:42 2025 +0800 Add docker-compose.yml diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..f50c5f5 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,107 @@ +services: + gitlab: + image: ${DOCKER_IMAGE_GITLAB} + container_name: ${SERVICE_NAME}_${CONTAINER_NAME_GITLAB} + restart: always + # ports: + # - "${GITLAB_SSH_PORT}:22" + # - 8080:80 + # - 8443:443 + logging: + options: + max-size: "200M" + max-file: "3" + expose: + - 80 + labels: + - "traefik.enable=true" + - "traefik.http.routers.gitlab-server.entrypoints=https" + - "traefik.http.routers.gitlab-server.rule=Host(`${GITLAB_HOST}`)" + - "traefik.http.routers.gitlab-server.tls=true" + - "traefik.http.routers.gitlab-server.tls.certresolver=letsEncrypt" + - "traefik.http.services.gitlab-server-service.loadbalancer.server.port=80" + - "traefik.docker.network=proxy" + volumes: + - '${SERVICE_DATA}/${SERVICE_NAME}/gitlab/gitlab-cfg:/etc/gitlab' + - '${SERVICE_DATA}/${SERVICE_NAME}/gitlab/gitlab-data:/var/opt/gitlab' + - '${SERVICE_DATA}/${SERVICE_NAME}/gitlab/gitlab-logs:/var/log/gitlab' + - './ssl-certs:/certs' + environment: + GITLAB_OMNIBUS_CONFIG: | + external_url '${EXTERNAL_URL}' + letsencrypt['enable'] = false + gitlab_rails['smtp_enable'] = false + gitlab_rails['pages_object_store_enabled'] = false + gitlab_rails['time_zone'] = '${GITLAB_TIMEZONE}' + gitlab_rails['initial_root_password'] = "${GITLAB_ROOT_PASSWORD}" + gitlab_rails['display_initial_root_password'] = false + nginx['listen_port'] = 80 + nginx['listen_https'] = false + nginx['redirect_http_to_https'] = false + registry_nginx['listen_https'] = false + registry_external_url '${REGISTRY_EXTERNAL_URL}' + gitlab_rails['registry_enabled'] = true + gitlab_rails['registry_host'] = "${REGISTRY_HOST}" + gitlab_rails['registry_api_url'] = "http://registry:5000" + gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" + # healthcheck: + # test: ["CMD", "/usr/local/sbin/healthcheck"] + # interval: 1m + # timeout: 5s + # retries: 5 + # start_period: 2m + networks: + - proxy + - service + + registry: + image: ${DOCKER_IMAGE_REGISTRY} + container_name: ${SERVICE_NAME}_${CONTAINER_NAME_REGISTRY} + restart: always + depends_on: + gitlab: + condition: service_healthy + expose: + - 5000 + logging: + options: + max-size: "200M" + max-file: "3" + labels: + - "traefik.enable=true" + - "traefik.http.routers.gitlab-registry.entrypoints=https" + - "traefik.http.routers.gitlab-registry.rule=Host(`${REGISTRY_HOST}`)" + - "traefik.http.routers.gitlab-registry.tls=true" + - "traefik.http.routers.gitlab-registry.tls.certresolver=letsEncrypt" + - "traefik.http.services.gitlab-registry-service.loadbalancer.server.port=5000" + - "traefik.docker.network=proxy" + volumes: + - '${SERVICE_DATA}/${SERVICE_NAME}/gitlab/gitlab-data/gitlab-rails/shared/registry:/registry' + - '${SERVICE_DATA}/${SERVICE_NAME}/gitlab/gitlab-data/registry:/certs/' + environment: + - REGISTRY_AUTH_TOKEN_AUTOREDIRECT=false + - REGISTRY_LOG_LEVEL=debug + # - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry + - REGISTRY_AUTH_TOKEN_REALM=https://${GITLAB_HOST}/jwt/auth + - REGISTRY_AUTH_TOKEN_SERVICE=container_registry + - REGISTRY_AUTH_TOKEN_ISSUER=omnibus-gitlab-issuer + - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/gitlab-registry.crt + - REGISTRY_STORAGE_DELETE_ENABLED=true + - REGISTRY_STORAGE=s3 + - REGISTRY_STORAGE_S3_ACCESSKEY=${REGISTRY_STORAGE_S3_ACCESSKEY} + - REGISTRY_STORAGE_S3_SECRETKEY=${REGISTRY_STORAGE_S3_SECRETKEY} + - REGISTRY_STORAGE_S3_REGIONENDPOINT=${REGISTRY_STORAGE_S3_REGIONENDPOINT} + - REGISTRY_STORAGE_S3_REGION=${REGISTRY_STORAGE_S3_REGION} + - REGISTRY_STORAGE_S3_BUCKET=${REGISTRY_STORAGE_S3_BUCKET} + - REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR=inmemory + networks: + - proxy + - service + + +networks: + service: + name: ${SERVICE_NETWORK} + proxy: + name: ${WEBPROXY_NETWORK} + external: true