version: '3' services: gitlab: image: gitlab/gitlab-ce:latest container_name: gitlab restart: unless-stopped environment: GITLAB_OMNIBUS_CONFIG: | external_url 'https://gitlab.{{ server.domain }}' gitlab_rails['lfs_enabled'] = true gitlab_rails['gitlab_shell_ssh_port'] = 22 nginx['listen_port'] = 80 nginx['listen_https'] = false nginx['proxy_set_headers'] = { 'X-Forwarded-Proto' => 'https', 'X-Forwarded-Ssl' => 'on', 'Host' => 'gitlab.{{ server.domain }}' } registry['enable'] = true registry_external_url 'https://registry.{{ server.domain }}' registry_nginx['listen_port'] = 80 registry_nginx['listen_https'] = false puma['worker_processes'] = 0 sidekiq['max_concurrency'] = 10 gitlab_rails['env'] = { 'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000' } gitaly['configuration'] = { concurrency: [ { 'rpc' => "/gitaly.SmartHTTPService/PostReceivePack", 'max_per_repo' => 3, }, { 'rpc' => "/gitaly.SSHService/SSHUploadPack", 'max_per_repo' => 3, }, ], cgroups: { repositories: { count: 2, }, mountpoint: '/sys/fs/cgroup', hierarchy_root: 'gitaly', memory_bytes: 500000, cpu_shares: 512, }, } gitaly['env'] = { 'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000', 'GITALY_COMMAND_SPAWN_MAX_PARALLEL' => '2' } volumes: - {{ server.work_dir }}/gitlab/data/:/var/opt/gitlab/ - {{ server.work_dir }}/gitlab/config/:/etc/gitlab/ - {{ server.work_dir }}/gitlab/logs/:/var/log/gitlab/ - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro networks: - proxy - interne - metrics labels: - traefik.enable=true - traefik.docker.network=proxy # HTTP Reverse proxy Gitlab - traefik.http.routers.gitlab-secure.entrypoints=https - traefik.http.routers.gitlab-secure.rule=Host(`gitlab.{{ server.domain }}`) - traefik.http.routers.gitlab-secure.tls=true - traefik.http.routers.gitlab-secure.tls.certresolver=sslResolver - traefik.http.routers.gitlab-secure.service=gitlab - traefik.http.services.gitlab.loadbalancer.server.port=80 # HTTP Reverse proxy Registry - traefik.http.routers.gitlab-registry-secure.entrypoints=https - traefik.http.routers.gitlab-registry-secure.rule=Host(`registry.{{ server.domain }}`) - traefik.http.routers.gitlab-registry-secure.tls=true - traefik.http.routers.gitlab-registry-secure.tls.certresolver=sslResolver - traefik.http.routers.gitlab-registry-secure.service=gitlab-registry - traefik.http.services.gitlab-registry.loadbalancer.server.port=80 # TCP SSH Reverse proxy Gitlab - traefik.tcp.routers.gitlab-ssh.rule=HostSNI(`gitlab.{{ server.domain }}`) - traefik.tcp.routers.gitlab-ssh.entrypoints=ssh - traefik.tcp.routers.gitlab-ssh.service=gitlab-ssh - traefik.tcp.services.gitlab-ssh.loadbalancer.server.port=22 logging: driver: loki options: loki-url: "https://lokidoki:vEGH5Z5siWgcDkNknvCVzPCyqhHSBJCBjeBRZJvxUP8SdgfxJ6AqCGutCWugGsx5@loki.mrdev023.fr/loki/api/v1/push" mode: non-blocking gitlab-runner: image: gitlab/gitlab-runner:alpine container_name: gitlab-runner restart: unless-stopped depends_on: - gitlab volumes: - {{ server.work_dir }}/gitlab/runner/:/etc/gitlab-runner/ - /var/run/docker.sock:/var/run/docker.sock networks: - interne logging: driver: loki options: loki-url: "https://lokidoki:vEGH5Z5siWgcDkNknvCVzPCyqhHSBJCBjeBRZJvxUP8SdgfxJ6AqCGutCWugGsx5@loki.mrdev023.fr/loki/api/v1/push" mode: non-blocking networks: interne: metrics: external: true proxy: external: true