What I have to do for to enable gitlab-pages with hugo static site generator in gitlab docker ?
The gitlab server is already running on my server. I only need the gitlab-pages and hugo part
My work :
J'utilise la distribution debian.
sshd
Le port 22 est utilisé pour le ssh du container gitlab-container.
Je paramètre le serveur ssh du serveur en éditant le fichier /etc/ssh/sshd_config :
Port 65522
Pour appliquer les paramètres sshd, je reboot.
Il faudra se reconnecter au serveur ssh sur le nouveau port 65522.
ssl
src : https://certbot-dns-ovh.readthedocs.io/en/stable/
J'installe les outils nécessaires à la création des certificats ssl :
sudo apt install certbot python3-certbot-dns-ovh
J'édite le fichier /root/.ovhapi
dns_ovh_endpoint = ovh-eu
dns_ovh_application_key = xxxxxxxxxxxxxxxx
dns_ovh_application_secret = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
dns_ovh_consumer_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sudo chmod 600 /root/.ovhapi
sudo certbot certonly --dns-ovh --dns-ovh-credentials /root/.ovhapi \
--non-interactive --agree-tos --email info@freec0ding.dev \
-d freec0ding.dev -d *.freec0ding.dev
docker
src : https://docs.docker.com/engine/install/debian/
sudo apt-get install ca-certificates curl gnupg lsb-release
sudo mkdir -p /etc/apt/keyrings && \
curl -fsSL https://download.docker.com/linux/debian/gpg | \
sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
"deb [arch=$(dpkg --print-architecture) \
signed-by=/etc/apt/keyrings/docker.gpg] \
https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update && \
sudo apt-get install docker-ce docker-ce-cli \
containerd.io docker-compose-plugin
gitlab container
J'utilise le port 13000 pour gitlab et le port 13001 pour gitlab-pages.
sudo mkdir -p /srv/gitlab/etc /srv/gitlab/var/log /srv/gitlab/var/opt
volumes:
gitlab_etc:
name: gitlab-etc
driver_opts:
type: none
device: /srv/gitlab/etc/
o: bind
gitlab_log:
name: gitlab-log
driver_opts:
type: none
device: /srv/gitlab/var/log/
o: bind
gitlab_opt:
name: gitlab-opt
driver_opts:
type: none
device: /srv/gitlab/var/opt/
o: bind
secrets:
ssl_certificate:
file: /etc/letsencrypt/live/freec0ding.dev/fullchain.pem
ssl_certificate_key:
file: /etc/letsencrypt/live/freec0ding.dev/privkey.pem
ssl_trusted_certificate:
file: /etc/letsencrypt/live/freec0ding.dev/chain.pem
networks:
gitlab_network:
name: gitlab-network
services:
gitlab:
container_name: gitlab-container
image: gitlab/gitlab-ce
hostname: 'gitlab.freec0ding.dev'
ports:
- 22:22 # ssh
restart: always
volumes:
- gitlab_etc:/etc/gitlab
- gitlab_log:/var/log/gitlab
- gitlab_opt:/var/opt/gitlab
expose:
- '13000' # gitlab
- '13001' # gitlab-pages
secrets:
- source: ssl_certificate
target: freec0ding-fullchain.pem
- source: ssl_certificate_key
target: freec0ding-privkey.pem
- source: ssl_trusted_certificate
target: freec0ding-chain.pem
networks:
- gitlab_network
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.freec0ding.dev'
pages_external_url 'https://pages.freec0ding.dev'
letsencrypt['enable'] = false
gitlab_rails['gitlab_ssh_host'] = 'freec0ding.dev'
gitlab_rails['smtp_enable'] = false
gitlab_rails['gitlab_email_enabled'] = false
gitlab_rails['gitlab_default_projects_features_issues'] = false
gitlab_rails['gitlab_default_projects_features_merge_requests'] = false
gitlab_rails['gitlab_default_projects_features_wiki'] = false
gitlab_rails['gitlab_default_projects_features_snippets'] = false
gitlab_rails['gitlab_default_projects_features_builds'] = false
gitlab_rails['gitlab_default_projects_features_container_registry'] = false
gitlab_rails['incoming_email_enabled'] = false
gitlab_rails['gitlab_shell_ssh_port'] = 22
nginx['enable'] = true
nginx['listen_port'] = 13000
nginx['listen_https'] = true
nginx['ssl_certificate'] = '/var/run/secrets/freec0ding-fullchain.pem';
nginx['ssl_certificate_key'] = '/var/run/secrets/freec0ding-privkey.pem';
nginx['ssl_trusted_certificate'] = '/var/run/secrets/freec0ding-chain.pem';
gitlab_pages['enable'] = true
pages_nginx['enable'] = true
pages_nginx['listen_port'] = 13001
pages_nginx['listen_https'] = true
pages_nginx['ssl_certificate'] = '/var/run/secrets/freec0ding-fullchain.pem';
pages_nginx['ssl_certificate_key'] = '/var/run/secrets/freec0ding-privkey.pem';
pages_nginx['ssl_trusted_certificate'] = '/var/run/secrets/freec0ding-chain.pem';
sudo docker compose -p gitlab -f ./gitlab-docker-compose.yml up -d
web container
sudo mkdir -p /srv/web/var/www /srv/web/etc/nginx /srv/web/var/log/nginx
volumes:
nginx_www:
name: nginx-www
driver_opts:
type: none
device: /srv/web/var/www/
o: bind
nginx_etc:
name: nginx-etc
driver_opts:
type: none
device: /srv/web/etc/nginx/
o: bind
nginx_log:
name: nginx-log
driver_opts:
type: none
device: /srv/web/var/log/nginx/
o: bind
secrets:
ssl_certificate:
file: /etc/letsencrypt/live/freec0ding.dev/fullchain.pem
ssl_certificate_key:
file: /etc/letsencrypt/live/freec0ding.dev/privkey.pem
ssl_trusted_certificate:
file: /etc/letsencrypt/live/freec0ding.dev/chain.pem
networks:
nginx_network:
name: nginx-network
gitlab_network:
name: gitlab-network
external: true
services:
nginx:
container_name: nginx-container
image: nginx
hostname: 'nginx.freec0ding.dev'
ports:
- 80:80 # http
- 443:443 # https
restart: always
volumes:
- nginx_www:/var/www/
- nginx_etc:/etc/nginx/
- nginx_log:/var/log/nginx/
secrets:
- source: ssl_certificate
target: freec0ding-fullchain.pem
- source: ssl_certificate_key
target: freec0ding-privkey.pem
- source: ssl_trusted_certificate
target: freec0ding-chain.pem
networks:
- nginx_network
- gitlab_network
sudo docker compose -p web -f ./web-docker-compose.yml up -d
sudo openssl dhparam -out /srv/web/etc/nginx/dhparam.pem 2048
Je sauvegarde le fichier de config actuel /srv/web/etc/nginx/nginx.conf :
sudo cp /srv/web/etc/nginx/nginx.conf \
/srv/web/etc/nginx/nginx.conf.bak-`date "+%Y%m%d-%Hh%Mm%S"`
Le contenu du fichier /srv/web/etc/nginx/nginx.conf :
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
# MIME
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging
access_log /var/log/nginx/access.log combined;
# SSL
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites
ssl_dhparam /etc/nginx/dhparam.pem;
# Mozilla Intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
include /etc/nginx/conf.d/*.conf;
}
Le contenu du fichier /srv/web/etc/nginx/conf.d/gitlab.conf :
server {
listen 80;
listen [::]:80;
server_name gitlab.freec0ding.dev;
# Logging
access_log /var/log/nginx/gitlab.access.log combined;
error_log /var/log/nginx/gitlab.error.log warn;
location / {
return 301 https://gitlab.freec0ding.dev$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name gitlab.freec0ding.dev;
# Logging
access_log /var/log/nginx/gitlab.access.log combined;
error_log /var/log/nginx/gitlab.error.log warn;
# SSL
ssl_certificate /var/run/secrets/freec0ding-fullchain.pem;
ssl_certificate_key /var/run/secrets/freec0ding-privkey.pem;
ssl_trusted_certificate /var/run/secrets/freec0ding-chain.pem;
location / {
proxy_pass https://gitlab:13000;
proxy_redirect off;
# The proxy_set_header directive is used to pass vital information about the request to the upstream servers
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
}
Le contenu du fichier /srv/web/etc/nginx/conf.d/pages.conf :
server {
listen 80;
listen [::]:80;
server_name pages.freec0ding.dev;
# Logging
access_log /var/log/nginx/pages.access.log combined;
error_log /var/log/nginx/pages.error.log warn;
location / {
return 301 https://pages.freec0ding.dev$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name pages.freec0ding.dev;
# Logging
access_log /var/log/nginx/pages.access.log combined;
error_log /var/log/nginx/pages.error.log warn;
# SSL
ssl_certificate /var/run/secrets/freec0ding-fullchain.pem;
ssl_certificate_key /var/run/secrets/freec0ding-privkey.pem;
ssl_trusted_certificate /var/run/secrets/freec0ding-chain.pem;
location / {
proxy_pass https://gitlab:13001;
proxy_redirect off;
# The proxy_set_header directive is used to pass vital information about the request to the upstream servers
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
}
Je restart nginx :
sudo docker restart nginx-container
I try to add gitlab-pages on my server and in my docker container, and with hugo static site generator.
