API tools faq
paste
Advertisement
Guest User

Gitlab w/ Docker Registry Integration + LDAP

a guest
Sep 18th, 2017
430
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.50 KB | None | 0 0
raw download clone embed print report
  1. version: '2'
  2.  
  3. services:
  4. git-example-org-app:
  5. container_name: git-example-org-app
  6. restart: always
  7. image: sameersbn/gitlab
  8. depends_on:
  9. - git-example-org-redis
  10. - git-example-org-db
  11. volumes:
  12. - /var/local/data/git.example.org/data:/home/git/data:Z
  13. - /var/local/data/git.example.org/logs:/var/log/gitlab
  14. networks:
  15. - proxy-tier
  16. environment:
  17. - VIRTUAL_HOST=git.example.org
  18. - VIRTUAL_NETWORK=nginx-proxy
  19. - VIRTUAL_PORT=80
  20. - LETSENCRYPT_HOST=git.example.org
  21. - LETSENCRYPT_EMAIL=techsupport@example.org
  22.  
  23. - DEBUG=false
  24.  
  25. - MYSQL_ROOT_PASSWORD=password
  26. - DB_ADAPTER=mysql2
  27. - DB_HOST=git-example-org-db
  28. - DB_PORT=3306
  29. - DB_USER=gitlab
  30. - DB_PASS=password
  31. - DB_NAME=gitlab
  32.  
  33. - REDIS_HOST=git-example-org-redis
  34. - REDIS_PORT=6379
  35.  
  36. - USERMAP_UID=60000
  37. - USERMAP_GID=60000
  38.  
  39. - TZ=America/Vancouver
  40. - GITLAB_TIMEZONE=America/Vancouver
  41.  
  42. - GITLAB_HTTPS=true
  43. - SSL_SELF_SIGNED=false
  44.  
  45. - GITLAB_HOST=git.example.org
  46. - GITLAB_PORT=443
  47. - GITLAB_SSH_PORT=10022
  48. - GITLAB_RELATIVE_URL_ROOT=
  49. - GITLAB_SECRETS_DB_KEY_BASE=12345
  50. - GITLAB_SECRETS_SECRET_KEY_BASE=12345
  51. - GITLAB_SECRETS_OTP_KEY_BASE=12345
  52.  
  53. - GITLAB_ROOT_PASSWORD=password
  54. - GITLAB_ROOT_EMAIL=
  55.  
  56. - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
  57. - GITLAB_NOTIFY_PUSHER=false
  58.  
  59. - GITLAB_EMAIL=git@example.org
  60. - GITLAB_EMAIL_REPLY_TO=noreply@example.org
  61. - GITLAB_INCOMING_EMAIL_ADDRESS=git@example.org
  62. - GITLAB_EMAIL_DISPLAY_NAME=SD Git
  63.  
  64. - PIWIK_URL=analytics.example.org
  65. - PIWIK_SITE_ID=1
  66.  
  67. - SMTP_ENABLED=true
  68. - SMTP_DOMAIN=git.example.org
  69. - SMTP_HOST=postfix-relay
  70. - SMTP_PORT=25
  71. #- SMTP_USER=mailer@example.com
  72. #- SMTP_PASS=password
  73. #- SMTP_STARTTLS=true
  74. #- SMTP_AUTHENTICATION=login
  75.  
  76. - IMAP_ENABLED=false
  77. - IMAP_HOST=imap.gmail.com
  78. - IMAP_PORT=993
  79. - IMAP_USER=mailer@example.com
  80. - IMAP_PASS=password
  81. - IMAP_SSL=true
  82. - IMAP_STARTTLS=false
  83.  
  84. - LDAP_ENABLED=true
  85. - LDAP_LABEL=LDAP
  86. - LDAP_HOST=directory-example-org-app
  87. - LDAP_PORT=389
  88. - LDAP_UID=uid
  89. - LDAP_METHOD=plain
  90. - LDAP_BIND_DN=cn=dsa-gitlab,ou=dsa,ou=Syustem,dc=example,dc=org
  91. - LDAP_PASS=supersecurepassword
  92. - LDAP_ACTIVE_DIRECTORY=false
  93. - LDAP_BASE=dc=example,dc=org
  94. - LDAP_USER_FILTER=(memberOf=cn=app-git,ou=groups,ou=Access,dc=example,dc=org)
  95. - LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=true
  96.  
  97. - GITLAB_USERNAME_CHANGE=false
  98. - GITLAB_CREATE_GROUPS=false
  99. - OAUTH_ENABLED=false
  100. - OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
  101. - OAUTH_ALLOW_SSO=
  102. - OAUTH_BLOCK_AUTO_CREATED_USERS=true
  103. - OAUTH_AUTO_LINK_LDAP_USER=false
  104. - OAUTH_AUTO_LINK_SAML_USER=false
  105. - OAUTH_EXTERNAL_PROVIDERS=
  106.  
  107. - OAUTH_CAS3_LABEL=cas3
  108. - OAUTH_CAS3_SERVER=
  109. - OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
  110. - OAUTH_CAS3_LOGIN_URL=/cas/login
  111. - OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
  112. - OAUTH_CAS3_LOGOUT_URL=/cas/logout
  113.  
  114. - OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
  115. - OAUTH_SAML_IDP_CERT_FINGERPRINT=
  116. - OAUTH_SAML_IDP_SSO_TARGET_URL=
  117. - OAUTH_SAML_ISSUER=
  118. - OAUTH_SAML_LABEL="Our SAML Provider"
  119. - OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
  120. - OAUTH_SAML_GROUPS_ATTRIBUTE=
  121. - OAUTH_SAML_EXTERNAL_GROUPS=
  122. - OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
  123. - OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
  124. - OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
  125. - OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=
  126.  
  127. - OAUTH_CROWD_SERVER_URL=
  128. - OAUTH_CROWD_APP_NAME=
  129. - OAUTH_CROWD_APP_PASSWORD=
  130.  
  131. - OAUTH_AUTH0_CLIENT_ID=
  132. - OAUTH_AUTH0_CLIENT_SECRET=
  133. - OAUTH_AUTH0_DOMAIN=
  134.  
  135. - GITLAB_REGISTRY_ENABLED=true
  136. - GITLAB_REGISTRY_HOST=registry.example.org
  137. - GITLAB_REGISTRY_PORT=443
  138. - GITLAB_REGISTRY_API_URL=http://git-registry-example-org:5000
  139. - GITLAB_REGISTRY_KEY_PATH=/home/git/data/certs/registry-auth.key
  140. - SSL_REGISTRY_KEY_PATH=/home/git/data/certs/registry.example.org.key
  141. - SSL_REGISTRY_CERT_PATH=/home/git/data/certs/registry.example.org.crt
  142. - GITLAB_SECRETS_DB_KEY_BASE=superrandomsecret
  143.  
  144. git-example-org-redis:
  145. container_name: git-example-org-redis
  146. restart: always
  147. image: registry.example.org/docker/redis:latest
  148. #image: redis:latest
  149. networks:
  150. - proxy-tier
  151. volumes:
  152. - /var/local/db/git.example.org/redis:/var/lib/redis:Z
  153. environment:
  154. - ZABBIX_HOSTNAME=git-example-org-redis
  155. - ZABBIX_SERVER=zabbix-proxy
  156. - ZABBIX_SERVER_PORT=10051
  157.  
  158. git-example-org-db:
  159. container_name: git-example-org-db
  160. restart: always
  161. image: registry.example.org/docker/mariadb
  162. volumes:
  163. - /var/local/db/git.example.org/mysql:/var/lib/mysql:Z
  164. networks:
  165. - proxy-tier
  166. environment:
  167. - MYSQL_ROOT_PASSWORD=rootpassword
  168. - MYSQL_DATABASE=gitlab
  169. - MYSQL_USER=gitlab
  170. - MYSQL_PASSWORD=password
  171.  
  172. git-example-org-db-backup:
  173. container_name: git-example-org-db-backup
  174. image: registry.example.org/docker/mysql-backup
  175. links:
  176. - git-example-org-db
  177. volumes:
  178. - /var/local/data/git.example.org/dbbackup:/backup
  179. - /etc/localtime:/etc/localtime:ro
  180. environment:
  181. - DB_SERVER=git-example-org-db
  182. - DB_NAME=gitlab
  183. - DB_USER=gitlab
  184. - DB_PASSWORD=T6z6t4KMRCvA27cq
  185. - DB_DUMP_FREQ=1440
  186. #- DB_DUMP_BEGIN=0000
  187. - DB_CLEANUP_TIME=8640
  188. - COMPRESSION=BZ
  189. - MD5=TRUE
  190. networks:
  191. - proxy-tier
  192. restart: always
  193.  
  194.  
  195.  
  196. git-registry-example-org:
  197. container_name: git-registry-example-org
  198. restart: always
  199. image: registry
  200. #image: registry:2.5.0
  201. volumes:
  202. - ./data/shared/registry:/registry
  203. - ./data/certs:/certs
  204. environment:
  205. - VIRTUAL_HOST=registry.example.org
  206. - VIRTUAL_NETWORK=nginx-proxy
  207. - VIRTUAL_PORT=5000
  208. - LETSENCRYPT_HOST=registry.example.org
  209. - LETSENCRYPT_EMAIL=techsupport@example.org
  210.  
  211. - REGISTRY_LOG_LEVEL=info
  212. - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
  213. - REGISTRY_AUTH_TOKEN_REALM=https://git.example.org/jwt/auth
  214. - REGISTRY_AUTH_TOKEN_SERVICE=container_registry
  215. - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
  216. - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry-auth.crt
  217. - REGISTRY_STORAGE_DELETE_ENABLED=true
  218. networks:
  219. - proxy-tier
  220.  
  221. networks:
  222. proxy-tier:
  223. external:
  224. name: nginx-proxy
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!