2

Hi I have an issue with my GitLab setup.

What I'm trying to achieve:

  • running GitLab inside a Docker container
  • access GitLab through a subdomain (gitlab.mydomain.com) at ports 80 and 443 for https
  • manage SSL through a wildcard certificate for *.mydomain.com provided by LetsEncrypt and Plesk (already in use for subdomains managed by Plesk)
  • beeing able to run build tasks in GitLab container (npm scripts etc.) and finally move specific output files to directories of subdomains managed by Plesk (outside of container)

What I did so far:

  • got a v-server running Ubuntu 18.04.2 with preinstalled Plesk Onyx 17.8.11
  • setup mydomain.com through Plesk
  • setup LetsEncrypt wildcard certificate for mydomain.com through Plesk
  • installed Docker via ssh (not Plesk)
  • ran GitLab inside a container at mydomain.com:30080

I'm completely new to server envs and Docker so I'm not sure about the needed structure of things. Maybe you guys know what to do?

Thanks!

Thomas D.
  • 123
  • 3

1 Answers1

0

This setup is working for me:

  1. create a sub-domain from Plesk (ex. gitlab.mydomain.com)
  2. select your Let's Encrypt certificate in "Hosting Settings" and be sure to set a permanent 301 redirect on HTTPS (simply tick the checkbox)
  3. when starting your Docker container, expose port 80 (ex. 80:10080)
  4. in "Apache & nginx Settings" add the following:
location / {
    proxy_pass http://localhost:10080;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
}

This will serve your sub-domain through HTTPS and your Let's Encrypt certificate, while proxying requests to port 80 of your container so you don't have to bother about passing the certificate to GitLab from outside the container.

From my understanding this is safe, since un-encrypted traffic is confined in the server (if your Docker daemon is on the same server as Plesk) and unaccessible from the outside.

--

For your last point

beeing able to run build tasks in GitLab container (npm scripts etc.) and finally move specific output files to directories of subdomains managed by Plesk (outside of container)

that's a whole question by itself.

To run builds you'll need to install GitLab Runner. GitLab docs suggests to install it on a different host, but you may try using their Docker image on the same host.

For building and deploying your applications, see GitLab Runner docs. You will need to setup "pipelines" for what is called "Continuous Deployment".

To create a sub-domain for every app you could either:

  • create the sub-domains manually from Plesk and deploying the files with scripting as the final step of your "pipeline" build
  • use some scripting and Plesk API's to create sub-domains automatically
  • ignore Plesk and go full Docker; use a reverse-proxy that will handle all your sub-domains and Let's Encrypt certificates, such as Traefik

These are just pointers, I suggest you to search and read more on the subject of CI/CD.

le0m
  • 116
  • Cool thanks for your reply, I've figured it out at this point using the [plesk docker extension](https://www.plesk.com/extensions/docker/). This way, I don't need to setup a custom nginx config manually as I can just select the desired port for a specific subdomain through a dropdown. It's a nice visual feedback for running containers and downloaded images too. – Thomas D. Jun 27 '19 at 14:04
  • 1
    What I still struggle with, is setting up a subdomain, that listens to specific ports, which are individually proxied to different containers. But for this setup it might be a better choice to go full docker with something like [jwilder/nginx-proxy](https://github.com/jwilder/nginx-proxy) in front. This way you don't even need to publish ports, as you can proxy your containers through a virtual hostname. – Thomas D. Jun 27 '19 at 14:04
  • If you're referring to the "Docker Proxy Rules" It was not working for me, I had to use the nginx configuration. Yes, I suggest you to go full docker and forget about Plesk. – le0m Jul 02 '19 at 15:04