From 428cda4bf8b69318985359d1f85d2457e555b9d2 Mon Sep 17 00:00:00 2001 From: jonnybravo Date: Wed, 18 Oct 2023 20:13:04 +0200 Subject: [PATCH] added --- gitlab/group_vars/all/main.yml | 2 +- gitlab/roles/docker_gitlab/files/traefik.yml | 53 ------------------- gitlab/roles/docker_gitlab/tasks/main.yml | 8 --- .../templates/docker-compose.yml.j2 | 46 +++------------- gitlab/roles/docker_gitlab/vars/main.yml | 3 +- 5 files changed, 9 insertions(+), 103 deletions(-) delete mode 100755 gitlab/roles/docker_gitlab/files/traefik.yml diff --git a/gitlab/group_vars/all/main.yml b/gitlab/group_vars/all/main.yml index 1b49f28..c0babfc 100755 --- a/gitlab/group_vars/all/main.yml +++ b/gitlab/group_vars/all/main.yml @@ -3,5 +3,5 @@ gitlab_dir: - "/home/{{ansible_user}}/.gitlab2/config" - "/home/{{ansible_user}}/.gitlab2/log" - "/home/{{ansible_user}}/.gitlab2/data" - - "/home/{{ansible_user}}/.gitlab2/cert" + - "/home/{{ansible_user}}/.gitlab2/config/cert" diff --git a/gitlab/roles/docker_gitlab/files/traefik.yml b/gitlab/roles/docker_gitlab/files/traefik.yml deleted file mode 100755 index 6afdd52..0000000 --- a/gitlab/roles/docker_gitlab/files/traefik.yml +++ /dev/null @@ -1,53 +0,0 @@ -global: - checkNewVersion: true - sendAnonymousUsage: false - -log: - level: DEBUG - -accessLog: - filePath: "/certs/access.log" - format: json - -entryPoints: - web: - address: ":80" - websecure: - address: ":443" -providers: - docker: - endpoint: "unix:///var/run/docker.sock" - exposedByDefault: false - file: - filename: /etc/traefik/traefik.yml # THIS IS THE IMPORTANT PART - watch: true - -api: - dashboard: true -# insecure: true - -http: - routers: - middlewares: - redirect: - redirectScheme: - scheme: https - -tls: - stores: - default: - defaultCertificate: - certFile: "/certs/gitlab.cer" - keyFile: "/certs/gitlab.key" - certificates: - - certFile: "/certs/gitlab.cer" - keyFile: "/certs/gitlab.key" - options: - myTLSOptions: - minVersion: versionTLS13 - cipherSuites: - - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 - - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 diff --git a/gitlab/roles/docker_gitlab/tasks/main.yml b/gitlab/roles/docker_gitlab/tasks/main.yml index e33e5d9..582d101 100755 --- a/gitlab/roles/docker_gitlab/tasks/main.yml +++ b/gitlab/roles/docker_gitlab/tasks/main.yml @@ -7,14 +7,6 @@ group: "{{ansible_user}}" mode: 0777 -- name: Copy traefik Config - copy: - src: traefik.yml - dest: "{{gitlab_dir[0]}}/traefik.yml" - owner: "{{ansible_user}}" - group: "{{ansible_user}}" - mode: 0777 - - name: Generate an OpenSSL private key with the default values (4096 bits, RSA) openssl_privatekey: path: "{{gitlab_dir[4]}}/gitlab.key" diff --git a/gitlab/roles/docker_gitlab/templates/docker-compose.yml.j2 b/gitlab/roles/docker_gitlab/templates/docker-compose.yml.j2 index 423b536..ffa7263 100755 --- a/gitlab/roles/docker_gitlab/templates/docker-compose.yml.j2 +++ b/gitlab/roles/docker_gitlab/templates/docker-compose.yml.j2 @@ -1,56 +1,22 @@ version: '3.8' services: - traefik: - image: traefik:latest - command: - - "--api=true" - - "--api.dashboard=true" - - "--log.level=DEBUG" - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--providers.docker.network=web" - - "--entrypoints.web.address=:80" - - "--entrypoints.websecure.address=:443" - # - "--certificatesresolvers.myresolver.acme.httpchallenge=true" - # - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - # für Testzwecke geeignet, da Let's Encrypt "rate limiting" einsetzt - # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" - # - "--certificatesresolvers.myresolver.acme.email=webmaster@example.net" - # - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - labels: - - "traefik.enable=true" - - traefik.http.routers.api.rule=Host("traefik.{{ansible_hostname}}") - - "traefik.http.routers.api.service=api@internal" - - "traefik.http.routers.api.middlewares=auth" - - "traefik.http.middlewares.auth.basicauth.users=JonnyBravo:$$apr1$$sl3.va5H$$DwEAtzKda4XA6lypIZ/271" - - "traefik.http.routers.api.entrypoints=websecure" - - "traefik.http.routers.api.tls=true" - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - {{gitlab_dir[0]}}/traefik.yml:/etc/traefik/traefik.yml - - {{gitlab_dir[4]}}:/certs - ports: - - 80:80 - - 443:443 - web: + gitlab: image: 'gitlab/gitlab-ce:latest' restart: always hostname: 'localhost' container_name: gitlab-ce environment: GITLAB_OMNIBUS_CONFIG: | - external_url 'http://{{ansible_host}}:{{web_port}}' + external_url 'https://{{ansible_host}}' gitlab_rails['gitlab_shell_ssh_port'] = {{ssh_port}} - nginx['listen_port'] = 80 + nginx['listen_port'] = 443 + nginx['ssl_certificate'] = '/etc/gitlab/certs/gitlab.cer' + nginx['ssl_certificate_key'] = '/etc/gitlab/certs/gitlab.key' ports: + - '{{http_ssl}}:443' - '{{ssh_port}}:22' volumes: - '{{gitlab_dir[1]}}:/etc/gitlab' - '{{gitlab_dir[2]}}:/var/log/gitlab' - '{{gitlab_dir[3]}}:/var/opt/gitlab' - labels: - - "traefik.enable=true" - - traefik.http.routers.wordpress.rule=Host("gitlab.{{ansible_hostname}}") - - "traefik.http.routers.wordpress.entrypoints=websecure" - - "traefik.http.routers.wordpress.tls=true" shm_size: '{{shm_size}}' \ No newline at end of file diff --git a/gitlab/roles/docker_gitlab/vars/main.yml b/gitlab/roles/docker_gitlab/vars/main.yml index cc7b43f..a1b5e16 100755 --- a/gitlab/roles/docker_gitlab/vars/main.yml +++ b/gitlab/roles/docker_gitlab/vars/main.yml @@ -1,3 +1,4 @@ -web_port: 8929 +web_port: 80 +http_ssl: 443 ssh_port: 2222 shm_size: "1024m"