Published on

Debian 12 利用 Docker 建置 GitLab

Authors
  • avatar
    Name
    Rick Jiang
    Twitter
Table of Contents

Debian 12 利用 Docker 建置 GitLab 的過程

1. Host 系統設定

# Install sudo
apt install sudo -y

# Fix `Username Is Not In The Sudoers File. This Incident Will Be Reported`
$ usermod -a -G sudo <username>

# System Update
$ sudo apt update && sudo apt upgrade
$ sudo apt install unattended-upgrades -y
$ sudo systemctl start unattended-upgrades && sudo systemctl enable unattended-upgrades
$ sudo unattended-upgrades --dry-run --debug
$ reboot

# Change HostName
$ hostnamectl set-hostname gitlab

# Timezone & Sync
$ timedatectl set-timezone Asia/Ho_Chi_Minh

# SSH Key
$ chmod 700 /root/.ssh
$ chmod 600 /root/.ssh/authorized_keys

# Change SSH Port
$ vi /etc/ssh/sshd_config
  # 一開始不要急著就把 22 Port 改掉,可以先同時存在兩個 Port 號
  # 等確定 2222 Port 可以正常連線後再把 22 Port 拿掉,以免有問題無法連到主機
  Port 22
  Port 2222

$ service sshd restart

# Install Docker
$ sudo apt-get update
$ sudo apt-get install ca-certificates curl gnupg -y
$ sudo install -m 0755 -d /etc/apt/keyrings
$ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
$ sudo chmod a+r /etc/apt/keyrings/docker.gpg
$ echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
$ sudo apt-get update
$ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

2. GitLab

docker-compose.yml
services:
  gitlab:
    image: 'gitlab/gitlab-ce:latest'
    container_name: 'gitlab'
    restart: always
    hostname: 'gitlab'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab'
        gitlab_rails['smtp_enable'] = true
        gitlab_rails['smtp_address'] = '192.168.23.6'
        gitlab_rails['smtp_port'] = 25
        gitlab_rails['smtp_user_name'] = 'gitlab@example.com'
        gitlab_rails['smtp_password'] = ''
        gitlab_rails['smtp_domain'] = 'example.com'
        gitlab_rails['smtp_authentication'] = 'login'
        gitlab_rails['smtp_enable_starttls_auto'] = false
        gitlab_rails['smtp_tls'] = false
        gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
        gitlab_rails['gitlab_email_from'] = 'gitlab@example.com'
        gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
    ports:
      - '80:80'
      - '443:443'
      - '22:22'
    volumes:
      - gitlab_data:/etc/gitlab
      - gitlab_data:/var/log/gitlab
      - gitlab_data:/var/opt/gitlab

volumes:
  gitlab_data:

# Get GitLab Root Default Password
docker exec -it gitlab sh
cat /etc/gitlab/initial_root_password

# SMTP Test
docker exec -it <container-id> gitlab-rails console
Notify.test_email('rick.jiang@example.com', 'Message Subject', 'Message Body').deliver_now

3. GitLab Runner

GitLab 起來後基本上 SSL 運作是正常的,但是當你要註冊 GitLab Runner 時會遇到 x509: certificate relies on legacy Common Name field, use SANs instead 的問題,需要重新自己簽一張憑證替換後就搞定了,可以參考上一篇文章利用 Docker 建置 GitLab + GitLab Runner

Discuss on TwitterView on GitHub