services: gitlab: image: ${DOCKER_IMAGE_GITLAB} container_name: ${SERVICE_NAME}_${CONTAINER_NAME_GITLAB} restart: always # ports: # - "${GITLAB_SSH_PORT}:22" # - 8080:80 # - 8443:443 logging: options: max-size: "200M" max-file: "3" expose: - 80 labels: - "traefik.enable=true" - "traefik.http.routers.gitlab-server.entrypoints=https" - "traefik.http.routers.gitlab-server.rule=Host(`${GITLAB_HOST}`)" - "traefik.http.routers.gitlab-server.tls=true" - "traefik.http.routers.gitlab-server.tls.certresolver=letsEncrypt" - "traefik.http.services.gitlab-server-service.loadbalancer.server.port=80" - "traefik.docker.network=proxy" volumes: - '${SERVICE_DATA}/${SERVICE_NAME}/gitlab/gitlab-cfg:/etc/gitlab' - '${SERVICE_DATA}/${SERVICE_NAME}/gitlab/gitlab-data:/var/opt/gitlab' - '${SERVICE_DATA}/${SERVICE_NAME}/gitlab/gitlab-logs:/var/log/gitlab' - './ssl-certs:/certs' environment: GITLAB_OMNIBUS_CONFIG: | external_url '${EXTERNAL_URL}' letsencrypt['enable'] = false gitlab_rails['smtp_enable'] = false gitlab_rails['pages_object_store_enabled'] = false gitlab_rails['time_zone'] = '${GITLAB_TIMEZONE}' gitlab_rails['initial_root_password'] = "${GITLAB_ROOT_PASSWORD}" gitlab_rails['display_initial_root_password'] = false nginx['listen_port'] = 80 nginx['listen_https'] = false nginx['redirect_http_to_https'] = false registry_nginx['listen_https'] = false registry_external_url '${REGISTRY_EXTERNAL_URL}' gitlab_rails['registry_enabled'] = true gitlab_rails['registry_host'] = "${REGISTRY_HOST}" gitlab_rails['registry_api_url'] = "http://registry:5000" gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" # healthcheck: # test: ["CMD", "/usr/local/sbin/healthcheck"] # interval: 1m # timeout: 5s # retries: 5 # start_period: 2m networks: - proxy - service registry: image: ${DOCKER_IMAGE_REGISTRY} container_name: ${SERVICE_NAME}_${CONTAINER_NAME_REGISTRY} restart: always depends_on: gitlab: condition: service_healthy expose: - 5000 logging: options: max-size: "200M" max-file: "3" labels: - "traefik.enable=true" - "traefik.http.routers.gitlab-registry.entrypoints=https" - "traefik.http.routers.gitlab-registry.rule=Host(`${REGISTRY_HOST}`)" - "traefik.http.routers.gitlab-registry.tls=true" - "traefik.http.routers.gitlab-registry.tls.certresolver=letsEncrypt" - "traefik.http.services.gitlab-registry-service.loadbalancer.server.port=5000" - "traefik.docker.network=proxy" volumes: - '${SERVICE_DATA}/${SERVICE_NAME}/gitlab/gitlab-data/gitlab-rails/shared/registry:/registry' - '${SERVICE_DATA}/${SERVICE_NAME}/gitlab/gitlab-data/registry:/certs/' environment: - REGISTRY_AUTH_TOKEN_AUTOREDIRECT=false - REGISTRY_LOG_LEVEL=debug # - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry - REGISTRY_AUTH_TOKEN_REALM=https://${GITLAB_HOST}/jwt/auth - REGISTRY_AUTH_TOKEN_SERVICE=container_registry - REGISTRY_AUTH_TOKEN_ISSUER=omnibus-gitlab-issuer - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/gitlab-registry.crt - REGISTRY_STORAGE_DELETE_ENABLED=true - REGISTRY_STORAGE=s3 - REGISTRY_STORAGE_S3_ACCESSKEY=${REGISTRY_STORAGE_S3_ACCESSKEY} - REGISTRY_STORAGE_S3_SECRETKEY=${REGISTRY_STORAGE_S3_SECRETKEY} - REGISTRY_STORAGE_S3_REGIONENDPOINT=${REGISTRY_STORAGE_S3_REGIONENDPOINT} - REGISTRY_STORAGE_S3_REGION=${REGISTRY_STORAGE_S3_REGION} - REGISTRY_STORAGE_S3_BUCKET=${REGISTRY_STORAGE_S3_BUCKET} - REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR=inmemory networks: - proxy - service networks: service: name: ${SERVICE_NETWORK} proxy: name: ${WEBPROXY_NETWORK} external: true