diff --git a/README.md b/README.md index 959404b7c7..2fcb909ef3 100644 --- a/README.md +++ b/README.md @@ -803,7 +803,8 @@ These options should contain something like: ### Available Configuration Parameters -*Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose.* +*Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose. docker-compose users and Docker Swarm mode users can also use the [secrets and config file options](#docker-secrets-and-configs)* + Below is the complete list of available options that can be used to customize your gitlab installation. @@ -1044,6 +1045,43 @@ Below is the complete list of available options that can be used to customize yo | `RACK_ATTACK_BANTIME` | Number of seconds an IP should be banned after too many auth attempts. Defaults to `3600`. | | `GITLAB_WORKHORSE_TIMEOUT` | Timeout for gitlab workhorse http proxy. Defaults to `5m0s`. | +### Docker secrets and configs + +All the above environment variables can be put into a [secrets](https://docs.docker.com/compose/compose-file/#secrets) or [config](https://docs.docker.com/compose/compose-file/#configs) file +and then both docker-compose and Docker Swarm can import them into your gitlab container. + +On startup, the gitlab container will source env vars from a config file named `gitlab-config`, and then a secrets file named `gitlab-secrets` (both mounted in the default locations). + +To modify your existing `docker-compose.yml` file, add the following to your gitlab service: + +> Note: you also need to change the docker-compose file version `version: "3.4"`. + +``` +services: + gitlab: + +... + + configs: + - gitlab-configs + secrets: + - gitlab-secrets +``` + +And then define those secrets and configs: + +``` +configs: + gitlab-configs: + file: ./gitlab.configs + +secrets: + gitlab-secrets: + file: ./gitlab.secrets +``` + +If you're not using one of these files, then don't include its entry in the docker-compose file. + # Maintenance ## Creating backups diff --git a/assets/runtime/functions b/assets/runtime/functions index 6c6a1f2b34..04de601b8f 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -1,5 +1,13 @@ #!/bin/bash set -e + +for file in /gitlab-configs /run/secrets/gitlab-secrets; do + if [[ -e "$file" ]]; then + echo "Loading $file" + source "$file" + fi +done +echo "Loading ${GITLAB_RUNTIME_DIR}/env-defaults" source ${GITLAB_RUNTIME_DIR}/env-defaults SYSCONF_TEMPLATES_DIR="${GITLAB_RUNTIME_DIR}/config" diff --git a/docker-compose.yml b/docker-compose.yml index d02ed09065..18843ee819 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,4 @@ -version: '2' +version: '3.4' services: redis: @@ -31,6 +31,10 @@ services: - "10022:22" volumes: - /srv/docker/gitlab/gitlab:/home/git/data:Z + #configs: + # - gitlab-configs + #secrets: + # - gitlab-secrets environment: - DEBUG=false @@ -148,3 +152,11 @@ services: - OAUTH_AZURE_API_KEY= - OAUTH_AZURE_API_SECRET= - OAUTH_AZURE_TENANT_ID= + +#configs: +# gitlab-configs: +# file: ./gitlab.configs +# +#secrets: +# gitlab-secrets: +# file: ./gitlab.secrets