跳转至

Docker 部署Gitlab

下载镜像

docker pull gitlab/gitlab-ce:18.10.0-ce.0

为卷创建目录

Bash
1
2
# 创建目录
mkdir -p /opt/gitlab/{data,logs,config}

启动一个临时容器

Bash
1
2
3
4
5
6
7
# 启动一个临时容器
docker run -itd --name temp gitlab/gitlab-ce:18.10.0-ce.0
# 进入临时容器,这一步主要查看当前版本的配置文件内容及目录
docker exec -it temp /bin/bash
# 如果查阅好了,就可以删除临时容器
docker stop temp
docker rm temp

创建docker-compose.yml

YAML
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
services:
  gitlab:
    image: gitlab/gitlab-ce:18.10.0-ce.0
    container_name: gitlab
    restart: always
    hostname: 'git.example.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        nginx['listen_port'] = 80
        nginx['listen_https'] = false
        external_url 'https://git.example.com'
        gitlab_rails['gitlab_shell_ssh_port'] = 2222
        gitlab_rails['time_zone'] = 'Asia/Shanghai'
        gitlab_rails['smtp_enable'] = true
        gitlab_rails['smtp_address'] = "smtp.qiye.aliyun.com"
        gitlab_rails['smtp_port'] = 465
        gitlab_rails['smtp_user_name'] = "gitlab@domain.com"
        gitlab_rails['smtp_password'] = "password"
        gitlab_rails['smtp_domain'] = "domain.com"
        gitlab_rails['smtp_authentication'] = "login"
        gitlab_rails['smtp_enable_starttls_auto'] = false
        gitlab_rails['smtp_tls'] = true
        gitlab_rails['gitlab_email_from'] = "gitlab@domain.com"
        gitlab_rails['gitlab_email_reply_to'] = "gitlab@domain.com"
        gitlab_rails['gitlab_email_enabled'] = true
        gitlab_rails['manage_backup_path'] = true
        gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
        gitlab_rails['backup_keep_time'] = 604800
    ports:
      - '8080:80'
      - '2222:22'
    volumes:
      - './config:/etc/gitlab'
      - './logs:/var/log/gitlab'
      - './data:/var/opt/gitlab'
    shm_size: '256m'

启动容器

Bash
1
2
cd /opt/gitlab
docker compose up -d

配置一下nginx

Bash
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
server {
    listen 80;
    listen 443 ssl;
    server_name git.example.com;

    ssl_certificate     /etc/nginx/ssl/example.com.pem;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;

    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDH:AESGCM:HIGH:!RC4:!DH:!MD5:!aNULL:!eNULL;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_read_timeout 300;
        proxy_connect_timeout 300;
    }
}

浏览器访问

访问地址:

https://git.example.com

容器启动后的初始密码在/etc/gitlab/initial_root_password, 也就是宿主机的/opt/gitlab/config/initial_root_password

账户:root

配置说明

  1. 访问

    • HTTPS:浏览器访问 https://git.example.com,请求到达宿主机 443 端口
    • SSH:Git 客户端使用 ssh://git@git.example.com:2222,请求到达宿主机 2222 端口

  2. Nginx反向代理

    • 监听 443 端口,携带 SSL 证书完成 HTTPS 解密
    • 将解密后的 HTTP 请求转发至本地 127.0.0.1:8080

  3. Docker端口映射

    • 宿主机 8080 → 容器 80(GitLab Web 服务,仅 HTTP)
    • 宿主机 2222 → 容器 22(GitLab SSH 服务)

  4. Gitlab容器配置

    • external_url 'https://git.example.com' 确保生成的链接为 HTTPS
    • gitlab_rails['gitlab_shell_ssh_port'] = 2222 使 SSH 克隆地址显示正确端口
    • nginx['listen_port'] = 80nginx['listen_https'] = false 使 GitLab 内部仅监听 HTTP