Gitlab CE setup

Posted on Wed 02 November 2016 in tech

The latest addition to my server at home is a Gitlab Community Edition instance. I use the docker image provided by Gitlab behind a nginx reverse proxy. Below are some notes for setting up, configuring and troubleshooting the installation.

Docker command

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
#!/bin/bash

sudo docker run --detach \
    --publish 11180:80 --publish 11122:22 \
    --name gitlab \
    --restart always \
    --volume /var/docker/volumes/gitlab/config:/etc/gitlab:Z \
    --volume /var/docker/volumes/gitlab/logs:/var/log/gitlab:Z \
    --volume /var/docker/volumes/gitlab/data:/var/opt/gitlab:Z \
    gitlab/gitlab-ce:latest

See run.sh

Gitlab config

Open a shell in the docker container (sudo docker exec -it gitlab /bin/bash) then edit /etc/gitlab/gitlab.rb. The following subsections show the parts I changed or added. After changing the config gitlab-ctl reconfigure can be run (still in the docker container) to restart gitlab.

external_url and relative root

The goal was to run Gitlab over SSL/TLS behind a reverse proxy. Instead of running Gitlab under / it should be accessible under /gitlab. This requires some extra effort:

external_url 'https://SOMEDOMAIN/gitlab' # default: http://hostname

(note httpS and /gitlab). Also setting RAILS_RELATIVE_URL_ROOT was necessary:

gitlab_rails['env'] = {
'RAILS_RELATIVE_URL_ROOT' => "/gitlab"
}

Email Configuration

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "**.**.ch"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_authentication'] = "plain"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_ssl'] = true
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
gitlab_rails['smtp_user_name'] = "**@**.ch"
gitlab_rails['smtp_password'] = **
gitlab_rails['smtp_domain'] = **
gitlab_rails['gitlab_email_from'] = '[email protected]**.ch'
gitlab_rails['gitlab_email_reply_to'] = '[email protected]**.ch'

Settings for running behind a reverse proxy

SSL is terminated at the reverse proxy. The communication between nginx and Gitlab will be HTTP.

nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
  "X-Forwarded-Proto" => "https",
  "X-Forwarded-Ssl" => "on"
}

NGINX Reverse proxy configuration

The following snippet proxies requests to /gitlab on nginx back to the locally running Gitlab container.

server {
    .....

    location ^~ /gitlab/ {
      client_max_body_size 0;
      gzip off;
      ## https://github.com/gitlabhq/gitlabhq/issues/694
      ## Some requests take more than 30 seconds.
      proxy_read_timeout      300;
      proxy_connect_timeout   300;
      proxy_redirect          off;
      proxy_http_version 1.1;
      proxy_set_header    Host                $http_host;
      proxy_set_header    X-Real-IP           $remote_addr;
      proxy_set_header    X-Forwarded-Ssl     on;
      proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
      proxy_set_header    X-Forwarded-Proto   $scheme;
      proxy_pass http://127.0.0.1:11180;
    }
}

Assets not found

Since Gitlab is run under /gitlab it's possible that some fonts, icons and images cannot be found. Running the following commands inside the docker container should fix this:

gitlab-ctl reconfigure
NO_PRIVILEGE_DROP=true USE_DB=false gitlab-rake assets:clean assets:precompile
gitlab-ctl restart

Source