标签:
首先使用下列文件gitlab_run.sh生成LetsEncrypt的certificate。
来源:
https://github.com/flasheryu/docker-letsencrypt-nginx-proxy-companion-examples
#!/bin/bash # This example will run a basic nginx server provisionned with an index.html file # Make sure to replace "site.example.com" with a public accessible domain poiting to the server you will run this on. # This nginx container will get a configuration generated by the docker-gen instance and act as a reverse-proxy echo "Starting nginx instance..." docker run -d -p 80:80 -p 443:443 --name nginx -v /etc/nginx/conf.d -v /etc/nginx/vhost.d -v /usr/share/nginx/html -v $(pwd)/../../volumes/proxy/certs:/etc/nginx/certs:ro nginx # This nginx-gen container using the docker-gen image will generate a ‘default.conf‘ file from the ‘nginx.tmpl‘ located in volumes/proxy/templates. echo "Starting docker-gen instance..." docker run -d --name nginx-gen --volumes-from nginx -v $(pwd)/../../volumes/proxy/templates/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/docker-gen -notify-sighup nginx -watch -only-exposed -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf echo "Starting letsencrypt-nginx-proxy-companion..." docker run -d -e "NGINX_DOCKER_GEN_CONTAINER=nginx-gen" --volumes-from nginx -v $(pwd)/../../volumes/proxy/certs:/etc/nginx/certs:rw -v /var/run/docker.sock:/var/run/docker.sock:ro jrcs/letsencrypt-nginx-proxy-companion # This an example service that will get picked up and served by the reverse proxy. # Make sure you change all the default values in this file and in volumes/examples/simple-site echo "Starting simple-site nginx example..." docker run -d --name simple-site -e "VIRTUAL_HOST=dockeryu.com" -e "LETSENCRYPT_HOST=dockeryu.com" -e "LETSENCRYPT_EMAIL=yugq@gityu.com" -v $(pwd)/../../volumes/examples/simple-site/conf.d/:/etc/nginx/conf.d nginx
然后待/volumes/proxy/certs下生成了certs以后,使用如下命令可一键搭建带有LetsEncrypt免费SSL版本的Omnibus版本Gitlab。
docker run --detach --hostname dockeryu.com --env GITLAB_OMNIBUS_CONFIG="registry_external_url ‘https://dockeryu.com:4040‘;registry_nginx[‘ssl_certificate‘]=‘/etc/letsencrypt/live/dockeryu.com/dockeryu.com.crt‘;registry_nginx[‘ssl_certificate_key‘]=‘/etc/letsencrypt/live/dockeryu.com/dockeryu.com.key‘;external_url ‘https://dockeryu.com/‘;nginx[‘redirect_http_to_https‘]=true;nginx[‘ssl_certificate‘]=‘/etc/letsencrypt/live/dockeryu.com/dockeryu.com.crt‘;nginx[‘ssl_certificate_key‘]=‘/etc/letsencrypt/live/dockeryu.com/dockeryu.com.key‘;" --publish 443:443 --publish 80:80 --publish 222:22 --publish 4040:4040 --name gitlab --restart always --volume /srv/gitlab/config:/etc/gitlab --volume /srv/gitlab/logs:/var/log/gitlab --volume /srv/gitlab/data:/var/opt/gitlab --volume /volumes/proxy/certs:/etc/letsencrypt/live/dockeryu.com gitlab/gitlab-ce
两分钟后gitlab可启动成功。
Gitlab更多配置使用方法参考:
http://docs.gitlab.com/omnibus/docker/
注意,使用LetsEncrypt可能超限(limit rates,20次一周),具体参见:
https://letsencrypt.org/docs/rate-limits/
Docker版本Omnibus Gitlab 加Lets Encrypt免费SSL一键搭建
标签:
原文地址:http://www.cnblogs.com/flasheryu/p/5776492.html
