this post was submitted on 23 Nov 2024
47 points (98.0% liked)

Selfhosted

40438 readers
453 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I’ve started building a small decentralized, non commercial app with a Rust backend + Node.js frontend running on k8s. I would have my own dedicated server for this. Just mentioning the setup because it might grow and for git there seem to be only GitHub and GitLab around and I prefer GitLab.

I care a lot about security and was wondering if it makes sense to self-host GitLab. I‘m not afraid of doing it, but after setup it shouldn’t take more than 1-2 hours per week for me to maintain it in the long run and I’m wondering if that’s realistic.

Would love to hear about the experience of people who did what I’m planning to do.

EDIT: Thanks for all the answers, trying my best to reply. I want CI/CD, container registry and secrets management that's what I was hoping to get out of GitLab.

you are viewing a single comment's thread
view the rest of the comments
[–] scottmeme@sh.itjust.works 1 points 4 days ago* (last edited 4 days ago)

Incoming wall of text

Here is my install script to set up Ubuntu since it has a bit of extra steps for privileged ports https://gitlab.meme.beer/-/snippets/1

Docker compose example, note that my config has a shared network with containers in another compose called nginx to keep traffic inside docker.

name: "gitlab"
services:
  gitlab:
    image: 'gitlab/gitlab-ce:latest'
    #command: update-permissions
    restart: always
    hostname: 'gitlab.example.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.example.com/'

        pages_external_url 'https://pages.example.com/'
        pages_nginx['enable'] = true
        pages_nginx['listen_port'] = 6000
        pages_nginx['listen_https'] = false
        pages_nginx['redirect_http_to_https'] = false

        #puma['per_worker_max_memory_mb'] = 2048 # 2GB

        gitlab_rails['gitlab_email_from'] = 'gitlab@mailer.example.com'
        gitlab_rails['gitlab_email_display_name'] = 'GitLab'
        gitlab_rails['smtp_enable'] = true
        gitlab_rails['smtp_address'] = "smtp.sendgrid.net"
        gitlab_rails['smtp_port'] = 587
        gitlab_rails['smtp_user_name'] = 'apikey'
        gitlab_rails['smtp_password'] = '$SENDGRID_API_KEY_HERE'
        gitlab_rails['smtp_domain'] = "smtp.sendgrid.net"
        gitlab_rails['smtp_authentication'] = "login"
        gitlab_rails['smtp_enable_starttls_auto'] = true
        gitlab_rails['smtp_tls'] = false

        gitlab_rails['gitlab_default_theme'] = 2

        gitlab_rails['gitlab_shell_ssh_port'] = 2224

        gitlab_rails['gitlab_default_projects_features_container_registry'] = true
        gitlab_rails['registry_enabled'] = true
        gitlab_rails['registry_api_url'] = 'https://registry.example.com/'
        gitlab_rails['registry_issuer'] = 'gitlab-issuer'
        registry['log_level'] = 'info'
        registry_external_url 'https://registry.example.com/'
        registry_nginx['enable'] = true
        registry_nginx['listen_port'] = 5050
        registry_nginx['listen_https'] = false
        registry_nginx['redirect_http_to_https'] = false

        gitlab_shell['log_level'] = 'INFO'
        letsencrypt['enable'] = false
        nginx['error_log_level'] = 'info'
        nginx['listen_https'] = false
        #nginx['proxy_protocol'] = true
        #nginx['trusted_proxies'] = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]

        # Workhorse
        gitlab_workhorse['enable'] = true
        gitlab_workhorse['ha'] = false
        gitlab_workhorse['listen_network'] = "tcp"
        gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
        gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"

        # Errors
	# for sentry error logging the GitLab service
        #gitlab_rails['sentry_enabled'] = true
        #gitlab_rails['sentry_dsn'] = ''
        #gitlab_rails['sentry_clientside_dsn'] = ''
        #gitlab_rails['sentry_environment'] = 'production'
        # Add any other gitlab.rb configuration here, each on its own line
    networks:
      - nginx
    ports:
      # gitlab loves https on 443
      #- '80:80'
      #- '443:443'
      - '2224:22'
    volumes:
      - ./config:/etc/gitlab
      - ./logs:/var/log/gitlab
      - ./data:/var/opt/gitlab
    shm_size: '256m'
    #deploy:
    #  resources:
    #    limits:
    #      cpus: '6'
    #      memory: 12G
    #    reservations:
    #      cpus: '4'
    #      memory: 6G
    # disable healthcheck for restoring backup
    #healthcheck:
    #  disable: true
networks:
  nginx:
    external: true
    name: nginx