Separate traefik files + better defaults

5d5226cc · David Beniamine · 72fbb4f8 · 5d5226cc · 5d5226cc
Verified Commit 5d5226cc authored 1 year ago by David Beniamine
--- a/docker-compose.yml.sample
+++ b/docker-compose.yml.sample
@@ -24,7 +24,7 @@ services:
        gitlab_rails['allowed_hosts'] = ['gitlab.FQDN', 'localhost', '127.0.0.1', 'gitlab']
        # Each address is added to the the NGINX config as 'set_real_ip_from <address>;'
        # TODO replace the 172.19.0.6 ip by traefik's one
-        nginx['real_ip_trusted_addresses'] = [ '172.19.0.6' ]
+        nginx['real_ip_trusted_addresses'] = [ '172.19.0.2' ]
        # other real_ip config options
        nginx['real_ip_header'] = 'X-Forwarded-For'
        nginx['real_ip_recursive'] = 'on'
@@ -34,7 +34,7 @@ services:
        gitlab_rails['rack_attack_git_basic_auth'] = {
            'enabled' => true,
            # TODO replace the 172.19.0.6 ip by traefik's one
-            'ip_whitelist' => ["127.0.0.1", '172.19.0.6'],
+            'ip_whitelist' => ["127.0.0.1", '172.19.0.2'],
            'maxretry' => 10, # Limit the number of Git HTTP authentication attempts per IP
            'findtime' => 60, # Reset the auth attempt counter per IP after 60 seconds
            'bantime' => 3600 # Ban an IP for one hour (3600s) after too many auth attempts
@@ -47,7 +47,7 @@ services:
        gitlab_rails['smtp_password'] = "changeme"
        gitlab_rails['smtp_domain'] = "changeme"
        gitlab_rails['smtp_authentication'] = "login"
-        gitlab_rails['smtp_enable_starttls_auto'] = true
+        gitlab_rails['smtp_enable_starttls_auto'] = false
        gitlab_rails['smtp_tls'] = true
        gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
        # If your SMTP server does not like the default 'From: gitlab@localhost' you
@@ -93,14 +93,6 @@ services:
      - 'gitlab_logs:/var/log/gitlab'
      - 'gitlab_data:/var/opt/gitlab'
    shm_size: '256m'
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=traefik"
-      - "traefik.http.routers.gitlab.rule=Host(`${HOST}`)"
-      - "traefik.http.routers.gitlab.tls.certresolver=myresolver"
-      - "traefik.http.routers.gitlab.entrypoints=web,websecure"
-      - "traefik.http.services.gitlab.loadbalancer.server.port=80"
-      - "traefik.http.routers.gitlab.middlewares=hardening@docker"

 volumes:
  gitlab_config:

--- a/traefik.yml
+++ b/traefik.yml
+version: '3'
+services:
+
+  gitlab:
+    networks:
+      - traefik
+      - default
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.gitlab.rule=Host(`${HOST}`)"
+      - "traefik.http.routers.gitlab.tls.certresolver=myresolver"
+      - "traefik.http.routers.gitlab.entrypoints=web,websecure"
+      - "traefik.http.services.gitlab.loadbalancer.server.port=80"
+      - "traefik.http.routers.gitlab.middlewares=hardening@docker"
+networks:
+  traefik:
+    external: true