Add docker-compose.yml

2025-09-12 11:43:42 +08:00 · 2025-09-12 11:43:42 +08:00 · 69a337ac10
commit 69a337ac10
1 changed files with 107 additions and 0 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,107 @@
+services:
+    gitlab:
+      image: ${DOCKER_IMAGE_GITLAB}
+      container_name: ${SERVICE_NAME}_${CONTAINER_NAME_GITLAB}
+      restart: always
+      # ports:
+        # - "${GITLAB_SSH_PORT}:22"
+        # - 8080:80
+        # - 8443:443
+      logging:
+        options:
+          max-size: "200M"
+          max-file: "3"
+      expose:
+        - 80
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.gitlab-server.entrypoints=https"
+        - "traefik.http.routers.gitlab-server.rule=Host(`${GITLAB_HOST}`)"
+        - "traefik.http.routers.gitlab-server.tls=true"
+        - "traefik.http.routers.gitlab-server.tls.certresolver=letsEncrypt"
+        - "traefik.http.services.gitlab-server-service.loadbalancer.server.port=80"
+        - "traefik.docker.network=proxy"
+      volumes:
+        - '${SERVICE_DATA}/${SERVICE_NAME}/gitlab/gitlab-cfg:/etc/gitlab'
+        - '${SERVICE_DATA}/${SERVICE_NAME}/gitlab/gitlab-data:/var/opt/gitlab'
+        - '${SERVICE_DATA}/${SERVICE_NAME}/gitlab/gitlab-logs:/var/log/gitlab'
+        - './ssl-certs:/certs'
+      environment:
+        GITLAB_OMNIBUS_CONFIG: |
+          external_url '${EXTERNAL_URL}'
+          letsencrypt['enable'] = false
+          gitlab_rails['smtp_enable'] = false
+          gitlab_rails['pages_object_store_enabled'] = false
+          gitlab_rails['time_zone'] = '${GITLAB_TIMEZONE}'
+          gitlab_rails['initial_root_password'] = "${GITLAB_ROOT_PASSWORD}"
+          gitlab_rails['display_initial_root_password'] = false
+          nginx['listen_port'] = 80
+          nginx['listen_https'] = false
+          nginx['redirect_http_to_https'] = false
+          registry_nginx['listen_https'] = false
+          registry_external_url '${REGISTRY_EXTERNAL_URL}'
+          gitlab_rails['registry_enabled'] = true
+          gitlab_rails['registry_host'] = "${REGISTRY_HOST}"
+          gitlab_rails['registry_api_url'] = "http://registry:5000"
+          gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
+      # healthcheck:
+      #   test: ["CMD", "/usr/local/sbin/healthcheck"]
+      #   interval: 1m
+      #   timeout: 5s
+      #   retries: 5
+      #   start_period: 2m
+      networks:
+        - proxy
+        - service
+
+    registry:
+      image: ${DOCKER_IMAGE_REGISTRY}
+      container_name: ${SERVICE_NAME}_${CONTAINER_NAME_REGISTRY}
+      restart: always
+      depends_on:
+        gitlab:
+          condition: service_healthy
+      expose:
+        - 5000
+      logging:
+        options:
+          max-size: "200M"
+          max-file: "3"
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.gitlab-registry.entrypoints=https"
+        - "traefik.http.routers.gitlab-registry.rule=Host(`${REGISTRY_HOST}`)"
+        - "traefik.http.routers.gitlab-registry.tls=true"
+        - "traefik.http.routers.gitlab-registry.tls.certresolver=letsEncrypt"
+        - "traefik.http.services.gitlab-registry-service.loadbalancer.server.port=5000"
+        - "traefik.docker.network=proxy"
+      volumes:
+        - '${SERVICE_DATA}/${SERVICE_NAME}/gitlab/gitlab-data/gitlab-rails/shared/registry:/registry'
+        - '${SERVICE_DATA}/${SERVICE_NAME}/gitlab/gitlab-data/registry:/certs/'
+      environment:
+        - REGISTRY_AUTH_TOKEN_AUTOREDIRECT=false
+        - REGISTRY_LOG_LEVEL=debug
+        # - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
+        - REGISTRY_AUTH_TOKEN_REALM=https://${GITLAB_HOST}/jwt/auth
+        - REGISTRY_AUTH_TOKEN_SERVICE=container_registry
+        - REGISTRY_AUTH_TOKEN_ISSUER=omnibus-gitlab-issuer
+        - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/gitlab-registry.crt
+        - REGISTRY_STORAGE_DELETE_ENABLED=true
+        - REGISTRY_STORAGE=s3
+        - REGISTRY_STORAGE_S3_ACCESSKEY=${REGISTRY_STORAGE_S3_ACCESSKEY}
+        - REGISTRY_STORAGE_S3_SECRETKEY=${REGISTRY_STORAGE_S3_SECRETKEY}
+        - REGISTRY_STORAGE_S3_REGIONENDPOINT=${REGISTRY_STORAGE_S3_REGIONENDPOINT}
+        - REGISTRY_STORAGE_S3_REGION=${REGISTRY_STORAGE_S3_REGION}
+        - REGISTRY_STORAGE_S3_BUCKET=${REGISTRY_STORAGE_S3_BUCKET}
+        - REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR=inmemory
+      networks:
+        - proxy
+        - service
+
+
+networks:
+    service:
+      name: ${SERVICE_NETWORK}
+    proxy:
+      name: ${WEBPROXY_NETWORK}
+      external: true