GitLab

name: gitlab
services:
  gitlab:
    image: gitlab/gitlab-ce:17.3.2-ce.0
    container_name: gitlab
    restart: unless-stopped
    # Do not use 'gitlab.${MYDOMAIN}', because the runner would use it and skip Traefik, resulting certificate error
    hostname: 'gitlab'
    environment:
      TZ: ${TIMEZONE}
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.${MYDOMAIN}'
        # Add any other gitlab.rb configuration here, each on its own line
        gitlab_rails['gitlab_shell_ssh_port'] = 3022
        # HTTPS is handled by Traefik
        nginx['listen_https'] = false
        nginx['listen_port'] = 80        
    ports:
      - '3022:22' # expose GitLab SSH on port 3022 on the host, as Traefik does not yet support TCP routing
    volumes:
      - '${DOCKER_VOLUMES}/gitlab/config:/etc/gitlab'
      - '${DOCKER_VOLUMES}/gitlab/logs:/var/log/gitlab'
      - '${DOCKER_VOLUMES}/gitlab/data:/var/opt/gitlab'
    shm_size: '256m'
    networks:
      - proxy

    labels:
      traefik.enable: true
      traefik.http.routers.gitlab.entrypoints: websecure
      traefik.http.routers.gitlab.middlewares: https-local@file
      traefik.http.services.gitlab.loadbalancer.server.port: 80

      homepage.group: Tools
      homepage.name: GitLab
      homepage.icon: gitlab.png
      homepage.href: https://gitlab.${MYDOMAIN}/
      homepage.description: "GitLab Community Edition"

  gitlab-runner:
    image: gitlab/gitlab-runner:v17.3.1
    container_name: gitlab-runner
    restart: unless-stopped
    environment:
      TZ: ${TIMEZONE}
    volumes:
      - '${DOCKER_VOLUMES}/gitlab-runner/config:/etc/gitlab-runner'
      # kics-scan ignore-line
      - '/var/run/docker.sock:/var/run/docker.sock'
    networks:
      - proxy

networks:
  proxy:
    external: true