How to Install Gitlab on Ubuntu 20.04 using Docker Compose, external DB, Gitlab-Runner and Certbot.

GitLab is a popular platform for managing software development projects, providing features such as version control, issue tracking, continuous integration and deployment, and more. In this tutorial, we will show you how to install GitLab on Ubuntu 22 using Docker Compose.

Prerequisites

Before we begin, make sure you have the following prerequisites:

  • A server running Ubuntu 20.04.
  • Docker and Docker Compose installed on your server. You can install Docker using the following command:
sudo apt update 

sudo apt install docker.io

  • Docker Compose can be installed using the following commands:

sudo apt update

sudo apt install docker-compose

Step 1: Create the Docker Compose File

Create a new directory where you will store the GitLab Docker Compose file, and navigate to it:

mkdir gitlab

cd gitlab

mkdir config

mkdir logs

mkdir data

mkdir certificates

Create a new file named docker-compose.yml using your preferred text editor, and paste the following content into it:

version: '3'

services:
  gitlab:
    image: gitlab/gitlab-ce:latest
    restart: always
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.example.com'
        gitlab_rails['gitlab_shell_ssh_port'] = 22
        puma['workers'] = 2
        puma['worker_timeout'] = 3600
        puma['max_threads'] = 4
        puma['min_threads'] = 1
        puma['log_level'] = 'info'
        puma['enable_early_hints'] = true
        postgresql['shared_buffers'] = '256MB'
        postgresql['max_connections'] = 200
        nginx['ssl_certificate'] = "/etc/gitlab/ssl/cert.pem"
        nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/cert.key"
    ports:
      - "80:80"
      - "443:443"
      - "22:22"
    volumes:
      - /gitlab/config:/etc/gitlab
      - /gitlab/logs:/var/log/gitlab
      - /gitlab/data:/var/opt/gitlab
      - /gitlab/certificates:/etc/gitlab/ssl
    networks:
      - gitlab_network
  gitlab-runner:
    image: gitlab/gitlab-runner:v14.3.2
    container_name: runner
    restart: always
    depends_on:
      - gitlab
    volumes:
      - ./config/gitlab-runner:/etc/gitlab-runner
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - gitlab_network

  mariadb:
    image: mariadb:latest
    restart: always
    environment:
      - MYSQL_HOST=<MYSQLSERVER>
      - MYSQL_ROOT_PASSWORD=<MYSQLROOTPASSWORD>
      - MYSQL_DATABASE=<MYSQLDATABASE>
      - MYSQL_USER=<MYSQLUSER>
      - MYSQL_PASSWORD=<MYSQLPASSWORD>
    volumes:
      - /data/mariadb:/var/lib/mysql
    networks:
      - gitlab_network

  certbot:
    image: certbot/certbot:latest
    restart: always
    volumes:
      - /gitlab/certificates:/etc/letsencrypt
    environment:
      - CLOUDFLARE_EMAIL=example@example.com
      - CLOUDFLARE_API_KEY=your_cloudflare_api_key
      - CERTBOT_EMAIL=example@example.com
      - CERTBOT_DOMAIN=example.com
    command: certonly --dns-cloudflare --dns-cloudflare-credentials /root/cloudflare.ini --email $CERTBOT_EMAIL --agree-tos --no-eff-email --force-renewal -d $CERTBOT_DOMAIN
    depends_on:
      - gitlab
    networks:
      - gitlab_network

networks:
  gitlab_network:
    driver: bridge

secrets:
  gitlab_root_password:
    file: ./root_password.txt

Here’s a brief explanation of each service:

  • gitlab: This service runs a container using the gitlab/gitlab-ce:latest image. It exposes ports 80, 443, and 22 and mounts several volumes to persist data. The environment variable GITLAB_OMNIBUS_CONFIG is used to configure various settings such as the external URL, SSH port, Puma workers and threads, PostgreSQL shared buffers and max connections, and Nginx SSL certificate and key.
  • gitlab-runner: This service runs a container using the gitlab/gitlab-runner:v14.3.2 image. It depends on the gitlab service and mounts two volumes: one for the GitLab Runner configuration and one for the Docker socket. This allows the runner to use the host’s Docker daemon to run jobs.
  • mariadb: This service runs a container using the mariadb:latest image. It mounts a volume to persist data and sets several environment variables to configure the MariaDB server such as the root password, database name, and user credentials.
  • certbot: This service runs a container using the certbot/certbot:latest image. It mounts a volume for storing certificates and sets several environment variables to configure Certbot such as the Cloudflare email and API key, Certbot email and domain. The command specified is used to obtain an SSL certificate using the Cloudflare DNS plugin.

Here’s an explanation of the environment variables used in each service:

  • gitlab: The GITLAB_OMNIBUS_CONFIG variable is used to set various GitLab settings using the Omnibus configuration format. Some of the settings that can be configured include the external URL (external_url), SSH port (gitlab_rails['gitlab_shell_ssh_port']), Puma workers and threads (puma['workers'], puma['worker_timeout'], puma['max_threads'], puma['min_threads']), Puma log level (puma['log_level']), Puma early hints (puma['enable_early_hints']), PostgreSQL shared buffers (postgresql['shared_buffers']), PostgreSQL max connections (postgresql['max_connections']), Nginx SSL certificate (nginx['ssl_certificate']), and Nginx SSL certificate key (nginx['ssl_certificate_key']).
  • mariadb: The environment variables for this service are used to configure the MariaDB server. The MYSQL_HOST variable sets the hostname of the MariaDB server. The MYSQL_ROOT_PASSWORD variable sets the password for the root user. The MYSQL_DATABASE variable sets the name of the database to create. The MYSQL_USER and MYSQL_PASSWORD variables set the username and password for a user that will have access to the specified database.
  • certbot: The environment variables for this service are used to configure Certbot and the Cloudflare DNS plugin. The CLOUDFLARE_EMAIL and CLOUDFLARE_API_KEY variables set the email and API key for your Cloudflare account. The CERTBOT_EMAIL variable sets the email address to use for important account notifications. The CERTBOT_DOMAIN variable sets the domain name for which to obtain an SSL certificate.

The purpose of each volume

Volumes are used to persist data across container restarts and to share data between containers. Here’s an explanation of the purpose of each volume used in the script:

  • gitlab: This service mounts four volumes:
    1. /gitlab/config:/etc/gitlab: This volume is used to persist GitLab configuration data.
    2. /gitlab/logs:/var/log/gitlab: This volume is used to persist GitLab log data.
    3. /gitlab/data:/var/opt/gitlab: This volume is used to persist GitLab application data.
    4. /gitlab/certificates:/etc/gitlab/ssl: This volume is used to store SSL certificates for Nginx.
  • gitlab-runner: This service mounts two volumes:
    1. ./config/gitlab-runner:/etc/gitlab-runner: This volume is used to persist GitLab Runner configuration data.
    2. /var/run/docker.sock:/var/run/docker.sock: This volume mounts the Docker socket from the host into the container. This allows the runner to use the host’s Docker daemon to run jobs.
  • mariadb: This service mounts one volume:
    1. /data/mariadb:/var/lib/mysql: This volume is used to persist MariaDB data.
  • certbot: This service mounts one volume:
    1. /gitlab/certificates:/etc/letsencrypt: This volume is used to store SSL certificates obtained by Certbot.

More about GitLab Omnibus configuration

GitLab Omnibus is a package that includes all the dependencies required to run GitLab, including Ruby, PostgreSQL, Redis, Nginx, and more. The Omnibus package makes it easy to install and configure GitLab on your server.

The GITLAB_OMNIBUS_CONFIG environment variable is used to set various GitLab settings using the Omnibus configuration format. This variable contains a string of configuration options in a Ruby-like syntax. Each line sets a different configuration option.

For example, the line external_url 'https://gitlab.example.com' sets the external URL of the GitLab instance to https://gitlab.example.com. The line gitlab_rails['gitlab_shell_ssh_port'] = 22 sets the SSH port used by GitLab Shell to 22.

Certbot

Certbot is a free, open-source software tool for automatically using Let’s Encrypt certificates on manually-administered websites to enable HTTPS 1. It is made by the Electronic Frontier Foundation (EFF), a nonprofit organization based in San Francisco that defends digital privacy, free speech, and innovation 1.

Certbot can automate the tasks of obtaining certificates and configuring web servers to use them. It is easy to use and can be run on Unix-based operating systems 2.

Learn more:

  1. Certbot

2. eff-certbot.readthedocs.io

3. certbot.eff.org

In conclusion, this tutorial has shown you how to install GitLab on Ubuntu 22 using Docker Compose. By following the steps outlined in this tutorial, you can easily set up a GitLab instance on your server and take advantage of the many features that GitLab has to offer for managing software development projects. With Docker Compose, the installation process is simplified and streamlined, allowing you to get up and running with GitLab quickly and easily.

Don’t forget we have a referral program! Earn £££ for referrals.

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Comments

No comments to show.
WordPress Appliance - Powered by TurnKey Linux