Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Docker版本Omnibus Gitlab 加Lets Encrypt免费SSL一键搭建

0
0

首先使用下列文件gitlab_run.sh生成LetsEncrypt的certificate。

来源:

https://github.com/flasheryu/docker-letsencrypt-nginx-proxy-companion-examples


#!/bin/bash
# This example will run a basic nginx server provisionned with an index.html file
# Make sure to replace "site.example.com" with a public accessible domain poiting to the server you will run this on.
# This nginx container will get a configuration generated by the docker-gen instance and act as a reverse-proxy
echo "Starting nginx instance..."
docker run -d -p 81:80 -p 444:443\
--name nginx \
-v /etc/nginx/conf.d \
-v /etc/nginx/vhost.d \
-v /usr/share/nginx/html \
-v $(pwd)/../../volumes/proxy/certs:/etc/nginx/certs:ro \
nginx
#docker run -d -p 80:80 -p 443:443 \
# --name nginx \
# -v /etc/nginx/conf.d \
# -v /etc/nginx/vhost.d \
# -v /usr/share/nginx/html \
# -v $(pwd)/../../volumes/proxy/certs:/etc/nginx/certs:ro \
# nginx
# This nginx-gen container using the docker-gen image will generate a 'default.conf' file from the 'nginx.tmpl' located in volumes/proxy/templates.
echo "Starting docker-gen instance..."
docker run -d \
--name nginx-gen \
--volumes-from nginx \
-v $(pwd)/../../volumes/proxy/templates/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
jwilder/docker-gen \
-notify-sighup nginx -watch -only-exposed -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
echo "Starting letsencrypt-nginx-proxy-companion..."
docker run -d \
-e "NGINX_DOCKER_GEN_CONTAINER=nginx-gen" \
--volumes-from nginx \
-v $(pwd)/../../volumes/proxy/certs:/etc/nginx/certs:rw \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
jrcs/letsencrypt-nginx-proxy-companion
# This an example service that will get picked up and served by the reverse proxy.
# Make sure you change all the default values in this file and in volumes/examples/simple-site
echo "Starting simple-site nginx example..."
docker run -d \
--name simple-site \
-e "VIRTUAL_HOST=dockeryu.com" \
-e "LETSENCRYPT_HOST=dockeryu.com" \
-e "LETSENCRYPT_EMAIL=yugq@gityu.com" \
-v $(pwd)/../../volumes/examples/simple-site/conf.d/:/etc/nginx/conf.d \
nginx

然后在生成了certs以后,使用如下命令可一键搭建带有LetsEncrypt免费SSL版本的Omnibus版本Gitlab。


docker run --detach --hostname dockeryu.com --env GITLAB_OMNIBUS_CONFIG="registry_external_url 'https://dockeryu.com:4040';registry_nginx['ssl_certificate']='/etc/letsencrypt/live/dockeryu.com/dockeryu.com.crt';registry_nginx['ssl_certificate_key']='/etc/letsencrypt/live/dockeryu.com/dockeryu.com.key';external_url 'https://dockeryu.com/';nginx['redirect_http_to_https']=true;nginx['ssl_certificate']='/etc/letsencrypt/live/dockeryu.com/dockeryu.com.crt';nginx['ssl_certificate_key']='/etc/letsencrypt/live/dockeryu.com/dockeryu.com.key';" --publish 443:443 --publish 80:80 --publish 222:22 --publish 4040:4040 --name gitlab --restart always --volume /srv/gitlab/config:/etc/gitlab --volume /srv/gitlab/logs:/var/log/gitlab --volume /srv/gitlab/data:/var/opt/gitlab --volume /volumes/proxy/certs:/etc/letsencrypt/live/dockeryu.com gitlab/gitlab-ce

两分钟后gitlab可启动成功。

Gitlab更多配置使用方法参考:

http://docs.gitlab.com/omnibus/docker/


Viewing all articles
Browse latest Browse all 12749