GitLab Docker images
Both GitLab CE and EE are in Docker Hub:
The GitLab Docker images are monolithic images of GitLab running all the necessary services on a single container.
In the following examples we are using the image of GitLab CE. To use GitLab EE instead of GitLab CE, replace the image name to gitlab/gitlab-ee:latest.
If you want to use the latest RC image, use gitlab/gitlab-ce:rc or gitlab/gitlab-ee:rc for GitLab CE and GitLab EE respectively.
The GitLab Docker images can be run in multiple ways:
Prerequisites
Docker installation is required, see the official installation docs.
Note: Using a native Docker install instead of Docker Toolbox is recommended in order to use the persisted volumes
Warning: We do not officially support running on Docker for Windows. There are known issues with volume permissions, and potentially other unknown issues. If you are trying to run on Docker for Windows, please see our getting help page for links to community resources (IRC, forum, etc) to seek help from other users.
Run the image
Run the image:
sudo docker run --detach \
--hostname gitlab.example.com \
--publish 443:443 --publish 80:80 --publish 22:22 \
--name gitlab \
--restart always \
--volume /srv/gitlab/config:/etc/gitlab \
--volume /srv/gitlab/logs:/var/log/gitlab \
--volume /srv/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
This will download and start a GitLab CE container and publish ports needed to access SSH, HTTP and HTTPS. All GitLab data will be stored as subdirectories of /srv/gitlab/. The container will automatically restart after a system reboot.
You can now login to the web interface as explained in After starting a container.
If you are on SELinux then run this instead:
sudo docker run --detach \
--hostname gitlab.example.com \
--publish 443:443 --publish 80:80 --publish 22:22 \
--name gitlab \
--restart always \
--volume /srv/gitlab/config:/etc/gitlab:Z \
--volume /srv/gitlab/logs:/var/log/gitlab:Z \
--volume /srv/gitlab/data:/var/opt/gitlab:Z \
gitlab/gitlab-ce:latest
This will ensure that the Docker process has enough permissions to create the config files in the mounted volumes.
Where is the data stored?
The GitLab container uses host mounted volumes to store persistent data:
| Local location | Container location | Usage |
|---|---|---|
/srv/gitlab/data |
/var/opt/gitlab |
For storing application data |
/srv/gitlab/logs |
/var/log/gitlab |
For storing logs |
/srv/gitlab/config |
/etc/gitlab |
For storing the GitLab configuration files |
You can fine tune these directories to meet your requirements.
Configure GitLab
This container uses the official Omnibus GitLab package, so all configuration is done in the unique configuration file /etc/gitlab/gitlab.rb.
To access GitLab’s configuration file, you can start a shell session in the context of a running container. This will allow you to browse all directories and use your favorite text editor:
sudo docker exec -it gitlab /bin/bash
You can also just edit /etc/gitlab/gitlab.rb:
sudo docker exec -it gitlab vi /etc/gitlab/gitlab.rb
Once you open /etc/gitlab/gitlab.rb make sure to set the external_url to point to a valid URL.
To receive e-mails from GitLab you have to configure the SMTP settings because the GitLab Docker image doesn’t have an SMTP server installed.
You may also be interested in Enabling HTTPS.
After you make all the changes you want, you will need to restart the container in order to reconfigure GitLab:
sudo docker restart gitlab
Note: GitLab will reconfigure itself whenever the container starts.
For more options about configuring GitLab please check the Omnibus GitLab documentation.
Pre-configure Docker container
You can pre-configure the GitLab Docker image by adding the environment variable GITLAB_OMNIBUS_CONFIG to docker run command. This variable can contain any gitlab.rb setting and will be evaluated before loading the container’s gitlab.rb file. That way you can easily configure GitLab’s external URL, make any database configuration or any other option from the Omnibus GitLab template.
Note: The settings contained in GITLAB_OMNIBUS_CONFIG will not be written to the gitlab.rb configuration file, they’re evaluated on load.
Here’s an example that sets the external URL and enables LFS while starting the container:
sudo docker run --detach \
--hostname gitlab.example.com \
--env GITLAB_OMNIBUS_CONFIG="external_url 'http://my.domain.com/'; gitlab_rails['lfs_enabled'] = true;" \
--publish 443:443 --publish 80:80 --publish 22:22 \
--name gitlab \
--restart always \
--volume /srv/gitlab/config:/etc/gitlab \
--volume /srv/gitlab/logs:/var/log/gitlab \
--volume /srv/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
Note that every time you execute a docker run command, you need to provide the GITLAB_OMNIBUS_CONFIG option. The content of GITLAB_OMNIBUS_CONFIG is not preserved between subsequent runs.
There are also a limited number of environment variables to configure GitLab. They are documented in the environment variables section of the GitLab documentation.
After starting a container
After starting a container you can visit http://localhost/ or http://192.168.59.103 if you use boot2docker. It might take a while before the Docker container starts to respond to queries.
Note: The initialization process may take a long time. You can track this process with the command sudo docker logs -f gitlab
The very first time you visit GitLab, you will be asked to set up the admin password. After you change it, you can login with username root and the password you set up.
Upgrade GitLab to newer version
To upgrade GitLab to a new version you have to:
-
Stop the running container:
sudo docker stop gitlab
Remove existing container:
sudo docker rm gitlab
Pull the new image:
sudo docker pull gitlab/gitlab-ce:latest
Create the container once again with previously specified options:
sudo docker run --detach \
--hostname gitlab.example.com \
--publish 443:443 --publish 80:80 --publish 22:22 \
--name gitlab \
--restart always \
--volume /srv/gitlab/config:/etc/gitlab \
--volume /srv/gitlab/logs:/var/log/gitlab \
--volume /srv/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
On the first run, GitLab will reconfigure and update itself.
Use tagged versions of GitLab
We provide tagged versions of GitLab Docker images.
To see all available tags check:
To use a specific tagged version, replace gitlab/gitlab-ce:latest with the GitLab version you want to run, for example gitlab/gitlab-ce:8.4.3.
Run GitLab CE on public IP address
You can make Docker to use your IP address and forward all traffic to the GitLab CE container by modifying the --publish flag.
To expose GitLab CE on IP 198.51.100.1:
sudo docker run --detach \
--hostname gitlab.example.com \
--publish 198.51.100.1:443:443 \
--publish 198.51.100.1:80:80 \
--publish 198.51.100.1:22:22 \
--name gitlab \
--restart always \
--volume /srv/gitlab/config:/etc/gitlab \
--volume /srv/gitlab/logs:/var/log/gitlab \
--volume /srv/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
You can then access your GitLab instance at http://198.51.100.1/ and https://198.51.100.1/.
Expose GitLab on different ports
GitLab will occupy some ports inside the container.
If you want to use a different host port than 80 (HTTP) or 443 (HTTPS), you need to add a separate --publish directive to the docker run command.
Do NOT use any of the above ports to replace the defaults 80 or 443 inside the container, otherwise there will be conflicts.
For example, to expose the web interface on port 8929, and the SSH service on port 2289, use the following docker run command:
sudo docker run --detach \
--hostname gitlab.example.com \
--publish 8929:80 --publish 2289:22 \
--name gitlab \
--restart always \
--volume /srv/gitlab/config:/etc/gitlab \
--volume /srv/gitlab/logs:/var/log/gitlab \
--volume /srv/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
Note: The format for publishing ports is hostPort:containerPort. Read more in Docker’s documentation about exposing incoming ports.
You then need to appropriately configure gitlab.rb:
-
Set
external_url:# For HTTP external_url "http://gitlab.example.com:8929" or # For HTTPS (notice the https) external_url "https://gitlab.example.com:8929"
-
For more information see the NGINX documentation.
- Set
gitlab_shell_ssh_port:
gitlab_rails['gitlab_shell_ssh_port'] = 2289 - Set
Following the above example you will be able to reach GitLab from your web browser under <hostIP>:8929 and push using SSH under the port 2289.
A docker-compose.yml example that uses different ports can be found in the docker-compose section.
Diagnose potential problems
Read container logs:
sudo docker logs gitlab
Enter running container:
sudo docker exec -it gitlab /bin/bash
From within the container you can administer the GitLab container as you would normally administer an Omnibus installation
Install GitLab using docker-compose
With Docker compose you can easily configure, install, and upgrade your Docker-based GitLab installation.
Install Docker Compose
-
Create a
docker-compose.ymlfile (or download an example):web: image: 'gitlab/gitlab-ce:latest' restart: always hostname: 'gitlab.example.com' environment: GITLAB_OMNIBUS_CONFIG: | external_url 'https://gitlab.example.com' # Add any other gitlab.rb configuration here, each on its own line ports: - '80:80' - '443:443' - '22:22' volumes: - '/srv/gitlab/config:/etc/gitlab' - '/srv/gitlab/logs:/var/log/gitlab' - '/srv/gitlab/data:/var/opt/gitlab' Make sure you are in the same directory as
docker-compose.ymland rundocker-compose up -dto start GitLab
Read “Pre-configure Docker container” to see how the GITLAB_OMNIBUS_CONFIG variable works.
Below is another docker-compose.yml example with GitLab running on a custom HTTP and SSH port. Notice how the GITLAB_OMNIBUS_CONFIG variables match the ports section:
web:
image: 'gitlab/gitlab-ce:latest'
restart: always
hostname: 'gitlab.example.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://gitlab.example.com:9090'
gitlab_rails['gitlab_shell_ssh_port'] = 2224
ports:
- '9090:9090'
- '2224:22'
volumes:
- '/srv/gitlab/config:/etc/gitlab'
- '/srv/gitlab/logs:/var/log/gitlab'
- '/srv/gitlab/data:/var/opt/gitlab'
This is the same as using --publish 9090:9090 --publish 2224:22.
Update GitLab using Docker compose
Provided you installed GitLab using docker-compose, all you have to do is run docker-compose pull and docker-compose up -d to download a new release and upgrade your GitLab instance.
Deploy GitLab in a Docker swarm
With Docker swarm you can easily configure and deploy your Docker-based GitLab installation in a swarm cluster.
In swarm mode you can leverage Docker secrets and Docker configs to efficiently and securely deploy your GitLab instance. Secrets can be used to securely pass your initial root password without exposing it as an environment variable. Configs can help you to keep your GitLab image as generic as possible.
Here’s an example that deploys GitLab with four runners as a stack, using secrets and configs:
-
Create a
docker-compose.ymlfile:version: "3.6" services: gitlab: image: gitlab/gitlab-ce:latest ports: - "22:22" - "80:80" - "443:443" volumes: - /srv/gitlab/data:/var/opt/gitlab - /srv/gitlab/logs:/var/log/gitlab - /srv/gitlab/config:/etc/gitlab environment: GITLAB_OMNIBUS_CONFIG: "from_file('/omnibus_config.rb')" configs: - source: gitlab target: /omnibus_config.rb secrets: - gitlab_root_password gitlab-runner: image: gitlab/gitlab-runner:alpine deploy: mode: replicated replicas: 4 configs: gitlab: file: ./gitlab.rb secrets: gitlab_root_password: file: ./root_password.txt
-
For simplicity reasons, the
networkconfiguration was omitted. More information can be found in the official Compose file reference.- Create a
gitlab.rbfile:
external_url 'https://my.domain.com/' gitlab_rails['initial_root_password'] = File.read('/run/secrets/gitlab_root_password') - Create a
Create a root_password.txt file:
MySuperSecretAndSecurePass0rd!
Make sure you are in the same directory as docker-compose.yml and run:
docker stack deploy --compose-file docker-compose.yml mystack
Install GitLab into a cluster
The GitLab Docker images can also be deployed to various container scheduling platforms.
- Kubernetes using the GitLab Helm Charts.
- Mesosphere DC/OS using the DC/OS Package.
- Docker Cloud using the docker-compose config.
Troubleshooting
500 Internal Error
When updating the Docker image you may encounter an issue where all paths display the infamous 500 page. If this occurs, try to run sudo docker restart gitlab to restart the container and rectify the issue.
Permission problems
When updating from older GitLab Docker images you might encounter permission problems. This happens due to a fact that users in previous images were not preserved correctly. There’s script that fixes permissions for all files.
To fix your container, simply execute update-permissions and restart the container afterwards:
sudo docker exec gitlab update-permissions
sudo docker restart gitlab
Windows/Mac: Error executing action run on resource ruby_block[directory resource: /data/GitLab]
This error occurs when using Docker Toolbox with VirtualBox on Windows or Mac, and making use of Docker volumes. The /c/Users volume is mounted as a VirtualBox Shared Folder, and does not support the all POSIX filesystem features. The directory ownership and permissions cannot be changed without remounting, and GitLab fails.
Our recommendation is to switch to using the native Docker install for your platform, instead of using Docker Toolbox.
If you cannot use the native Docker install (Windows 10 Home Edition, or Windows < 10), then an alternative solution is to setup NFS mounts instead of VirtualBox shares for Docker Toolbox’s boot2docker.
Linux ACL issues
If you are using file ACLs on the docker host, the docker1 group requires full access to the volumes in order for GitLab to work. $ getfacl /srv/gitlab # file: /srv/gitlab # owner: XXXX # group: XXXX user::rwx group::rwx group:docker:rwx mask::rwx default:user::rwx default:group::rwx default:group:docker:rwx default:mask::rwx default:other::r-x
If these are not correct, set them with: $ sudo setfacl -mR default:group:docker:rwx /srv/gitlab
