os:linux:debian:docker

Gitlab

Configure gitlab docker container on apache2 subdomain with ssl

# Install everything:
apt-get install docker docker-compose python-certbot python-certbot-apache

docker-compose.yml

web:
  image: 'gitlab/gitlab-ce:latest'
  restart: always
  hostname: 'gitlab.hostname.de'
  environment:
    GITLAB_OMNIBUS_CONFIG: |
      external_url 'https://gitlab.hostname.de:8443'
      # Add any other gitlab.rb configuration here, each on its own line
  ports:
    - '8443:8443'
    - '22:22'
  volumes:
    - '/srv/gitlab/config:/etc/gitlab'
    - '/srv/gitlab/logs:/var/log/gitlab'
    - '/srv/gitlab/data:/var/opt/gitlab'

# launch container:
docker-compose up
 
# install certificate and add subdomain
certbot --apache
certbot certonly --apache --expand -d hostname.de -d gitlab.hostname.de
 
# rework and copy certificate into gitlab data storage:
cd /etc/letsencrypt/live/hostname.de
cat cert.pem fullchain.crt > gitlab.hostname.de.crt  
cp privkey.pem gitlab.hostname.de.key  
mv gitlab.* /srv/gitlab/config/ssl

apache-default.conf

<VirtualHost _default_:80>
    ServerName unknown
    Redirect 200 /
    ErrorDocument 200 "No such site."
</VirtualHost>
 
<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName hostname.de
        ServerAdmin webmaster@hostname.de
 
        # whatever you want apache to do 
 
        #Include conf-available/serve-cgi-bin.conf
        SSLCertificateFile /etc/letsencrypt/live/lieblichknuffeltal.de/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/lieblichknuffeltal.de/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
 
</VirtualHost>
</IfModule>
 
# force ssl
<VirtualHost *:80>
    ServerName hostname.de
    ServerAdmin webmaster@hostname.de
 
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =hostname.de
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
 
</VirtualHost>

gitlab.conf

# this is probably redundant
<VirtualHost *:80>
  ServerName gitlab.hostname.de
 
  RewriteEngine On
  RewriteCond %{HTTP_HOST} ^(.+)\.hostname\.de$
  RewriteRule ^(.*)$ https://%1.hostname.de/$1 [R=302,L]
</VirtualHost>
 
<VirtualHost *:443>
    ServerName gitlab.hostname.de
    redirect / https://gitlab.hostname.de:8443/
 
    SSLCertificateFile /etc/letsencrypt/live/hostname.de/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/hostname.de/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
 
</VirtualHost>
</conf>