version: '2.1'
services:
smtp:
{% if real_mailserver is defined %}
image: tecnativa/postfix-relay
volumes:
- smtp:/var/spool/postfix
networks:
default:
public:
environment:
MAILNAME: "{{ domain }}"
MAIL_RELAY_HOST: "{{ mailserver }}"
MAIL_RELAY_PORT: "{{ smtpport }}"
MAIL_RELAY_USER: "{{ smtpuser }}"
MAIL_RELAY_PASS: "{{ smtppass }}"
MAIL_CANONICAL_DOMAINS: "{{ domain }}"
MAIL_NON_CANONICAL_DEFAULT: "{{ domain }}"
{% else %}
image: mailhog/mailhog
networks:
default:
inverseproxy_smtp:
labels:
traefik.docker.network: "inverseproxy_smtp"
traefik.enable: "true"
traefik.http.routers.gitlabsmtp.middlewares: "auth@file, smtp-stripprefix@file"
traefik.http.routers.gitlabsmtp.rule: "Host(`{{ git_url }}`) && PathPrefix(`/smtp/`)"
traefik.http.routers.gitlabsmtp.service: "gitlabsmtp"
traefik.http.services.gitlabsmtp.loadbalancer.server.port: "8025"
{% endif %}
container_name: gitlab_smtp
restart: unless-stopped
gitlab:
image: gitlab/gitlab-ce:latest
container_name: gitlab
restart: unless-stopped
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://{{ git_url }}'
nginx['redirect_http_to_https'] = false
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
'X-Forwarded-Proto' => 'https',
'X-Forwarded-Ssl' => 'on'
}
nginx['client_max_body_size'] = '2G'
unicorn['worker_timeout'] = 60
unicorn['worker_processes'] = 2
sidekiq['concurrency'] = 15
postgresql['shared_buffers'] = "512MB"
gitlab_ci['backup_keep_time'] = 172600
gitlab_rails['artifacts_enabled'] = true
gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-artifacts"
gitlab_rails['lfs_enabled'] = true
gitlab_rails['backup_keep_time'] = 86400
{% if enable_omniauth is defined %}
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_providers'] = [
{
"name" => 'openid_connect',
"args" => {
'name' => 'openid_connect',
'issuer' => 'https://{{ sso_url }}',
'scope' => ['openid', 'profile', 'email'],
'response_type' => 'code',
'client_auth_method' => 'client_secret_post',
'discovery' => true,
'uid_field' => 'sub',
'client_options' => {
'redirect_uri' => 'http://{{ git_url }}/users/auth/openid_connect/callback',
'identifier' => '{{ sso_oidc_gitlab_id }}',
'secret' => '{{ sso_oidc_gitlab_secret }}',
}
},
"label" => 'Le Filament SSO'
}
]
{% endif %}
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = 'smtp'
{% if real_mailserver is defined %}
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_domain'] = '{{ domain }}'
{% else %}
gitlab_rails['smtp_port'] = 1025
{% endif %}
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_ssl'] = false
gitlab_rails['smtp_force_ssl'] = false
ports:
- "22:22"
volumes:
- config:/etc/gitlab:z
- data:/var/opt/gitlab:z
- logs:/var/log/gitlab:z
networks:
default:
inverseproxy_shared:
labels:
traefik.enable: "true"
traefik.http.routers.gitlab.rule: "Host(`{{ git_url }}`)"
traefik.http.routers.gitlab.service: "gitlab"
traefik.http.services.gitlab.loadbalancer.server.port: "80"
networks:
default:
internal: true
driver_opts:
encrypted: 1
inverseproxy_shared:
external: true
{% if real_mailserver is defined %}
public:
{% else %}
inverseproxy_smtp:
external: true
{% endif %}
volumes:
config:
data:
logs:
{% if real_mailserver is defined %}
smtp:
{% endif %}