added

gitlab/group_vars/all/main.yml

@@ -3,5 +3,5 @@ gitlab_dir:
   - "/home/{{ansible_user}}/.gitlab2/config"
   - "/home/{{ansible_user}}/.gitlab2/log"
   - "/home/{{ansible_user}}/.gitlab2/data"
-  - "/home/{{ansible_user}}/.gitlab2/cert"
+  - "/home/{{ansible_user}}/.gitlab2/config/cert"
 

gitlab/roles/docker_gitlab/files/traefik.yml

@@ -1,53 +0,0 @@
-global:
-  checkNewVersion: true
-  sendAnonymousUsage: false
-
-log:
-  level: DEBUG
-
-accessLog:
-   filePath: "/certs/access.log"
-   format: json
-
-entryPoints:
-  web:
-    address: ":80"
-  websecure:
-   address: ":443"
-providers:
-  docker:
-    endpoint: "unix:///var/run/docker.sock"
-    exposedByDefault: false
-  file:
-    filename: /etc/traefik/traefik.yml # THIS IS THE IMPORTANT PART
-    watch: true
-
-api:
-   dashboard: true
-#   insecure: true
- 
-http:
-  routers:
-  middlewares:
-    redirect:
-      redirectScheme:
-        scheme: https
-
-tls:
-  stores:
-     default:
-        defaultCertificate:
-           certFile: "/certs/gitlab.cer"
-           keyFile: "/certs/gitlab.key"
-  certificates:
-    - certFile: "/certs/gitlab.cer"
-      keyFile: "/certs/gitlab.key"
-  options:
-    myTLSOptions:
-      minVersion: versionTLS13
-      cipherSuites:
-        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

gitlab/roles/docker_gitlab/tasks/main.yml

@@ -7,14 +7,6 @@
     group: "{{ansible_user}}"
     mode: 0777
 
-- name: Copy traefik Config
-  copy:
-    src: traefik.yml
-    dest: "{{gitlab_dir[0]}}/traefik.yml"
-    owner: "{{ansible_user}}"
-    group: "{{ansible_user}}"
-    mode: 0777
-
 - name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
   openssl_privatekey:
     path: "{{gitlab_dir[4]}}/gitlab.key"

gitlab/roles/docker_gitlab/templates/docker-compose.yml.j2

@@ -1,56 +1,22 @@
 version: '3.8'
 services:
-  traefik:
+  gitlab:
-    image: traefik:latest
-    command:
-      - "--api=true"
-      - "--api.dashboard=true"
-      - "--log.level=DEBUG"
-      - "--providers.docker=true"
-      - "--providers.docker.exposedbydefault=false"
-      - "--providers.docker.network=web"
-      - "--entrypoints.web.address=:80"
-      - "--entrypoints.websecure.address=:443"
-     # - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
-     # - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
-     # für Testzwecke geeignet, da Let's Encrypt "rate limiting" einsetzt
-     # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
-     # - "--certificatesresolvers.myresolver.acme.email=webmaster@example.net"
-     # - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
-    labels:
-      - "traefik.enable=true"
-      - traefik.http.routers.api.rule=Host("traefik.{{ansible_hostname}}")
-      - "traefik.http.routers.api.service=api@internal"
-      - "traefik.http.routers.api.middlewares=auth"
-      - "traefik.http.middlewares.auth.basicauth.users=JonnyBravo:$$apr1$$sl3.va5H$$DwEAtzKda4XA6lypIZ/271"
-      - "traefik.http.routers.api.entrypoints=websecure"
-      - "traefik.http.routers.api.tls=true"
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - {{gitlab_dir[0]}}/traefik.yml:/etc/traefik/traefik.yml
-      - {{gitlab_dir[4]}}:/certs 
-    ports:
-      - 80:80
-      - 443:443
-  web:
     image: 'gitlab/gitlab-ce:latest'
     restart: always
     hostname: 'localhost'
     container_name: gitlab-ce
     environment:
       GITLAB_OMNIBUS_CONFIG: |
-        external_url 'http://{{ansible_host}}:{{web_port}}'
+        external_url 'https://{{ansible_host}}'
         gitlab_rails['gitlab_shell_ssh_port'] = {{ssh_port}}
-        nginx['listen_port'] = 80
+        nginx['listen_port'] = 443
+        nginx['ssl_certificate'] = '/etc/gitlab/certs/gitlab.cer'
+        nginx['ssl_certificate_key'] = '/etc/gitlab/certs/gitlab.key'
     ports:
+      - '{{http_ssl}}:443'
       - '{{ssh_port}}:22'
     volumes:
       - '{{gitlab_dir[1]}}:/etc/gitlab'
       - '{{gitlab_dir[2]}}:/var/log/gitlab'
       - '{{gitlab_dir[3]}}:/var/opt/gitlab'
-    labels:
-      - "traefik.enable=true"
-      - traefik.http.routers.wordpress.rule=Host("gitlab.{{ansible_hostname}}")
-      - "traefik.http.routers.wordpress.entrypoints=websecure"
-      - "traefik.http.routers.wordpress.tls=true"
     shm_size: '{{shm_size}}'

gitlab/roles/docker_gitlab/vars/main.yml

@@ -1,3 +1,4 @@
-web_port: 8929
+web_port: 80
+http_ssl: 443
 ssh_port: 2222
 shm_size: "1024m"