From 8139371e6dee701e3d86b222af7ac286dbe124cc Mon Sep 17 00:00:00 2001
From: Elian Loraux <elian.loraux@tetras-libre.fr>
Date: Tue, 27 Feb 2024 15:15:24 +0100
Subject: [PATCH] Variable for : traefik ip, smtp tls, smtp auth methode and
ssh port
---
.env.sample | 10 ++++++++++
docker-compose.yml | 12 ++++++------
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/.env.sample b/.env.sample
index 4759bd6..74a2d60 100644
--- a/.env.sample
+++ b/.env.sample
@@ -3,8 +3,18 @@ COMPOSE_FILE=docker-compose.yml:traefik.yml
HOST=gitlab.DOMAINE.FR
TZ=Europe/Paris
+
+GITLAB_SHELL_SSH_PORT=2222
+
#EMAIL
GITLAB_MAIL=gitlab@DOMAINE.FR
SMTP_ADRESS=ADRESS_OF_SMTP #ssl0.ovh.net FOR ovh
SMTP_PASS=GITLAB_MAIL_SECRET_PASSWORD
SMTP_DOMAINE=DOMAINE.FR
+
+SMTP_AUTH=login
+SMTP_ENABLE_STARTTLS_AUTO=FALSE
+SMTP_TLS=true
+
+# TRAEFIK
+TRAEFIK_IP=172.19.0.2
diff --git a/docker-compose.yml b/docker-compose.yml
index 39c3d17..8737c8e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,7 +10,7 @@ services:
environment:
TZ:
GITLAB_OMNIBUS_CONFIG: |
- gitlab_rails['gitlab_shell_ssh_port'] = 2222
+ gitlab_rails['gitlab_shell_ssh_port'] = ${GITLAB_SHELL_SSH_PORT}
external_url = 'https://${HOST}'
nginx['listen_port'] = 80
nginx['listen_https'] = false
@@ -23,7 +23,7 @@ services:
gitlab_rails['allowed_hosts'] = ['${HOST}', 'localhost', '127.0.0.1', 'gitlab']
# Each address is added to the the NGINX config as 'set_real_ip_from <address>;'
# TODO replace the 172.19.0.6 ip by traefik's one
- nginx['real_ip_trusted_addresses'] = [ '172.19.0.2' ]
+ nginx['real_ip_trusted_addresses'] = [ '${TRAEFIK_IP}' ]
# other real_ip config options
nginx['real_ip_header'] = 'X-Forwarded-For'
nginx['real_ip_recursive'] = 'on'
@@ -33,7 +33,7 @@ services:
gitlab_rails['rack_attack_git_basic_auth'] = {
'enabled' => true,
# TODO replace the 172.19.0.6 ip by traefik's one
- 'ip_whitelist' => ["127.0.0.1", '172.19.0.2'],
+ 'ip_whitelist' => ["127.0.0.1", '${TRAEFIK_IP}'],
'maxretry' => 10, # Limit the number of Git HTTP authentication attempts per IP
'findtime' => 60, # Reset the auth attempt counter per IP after 60 seconds
'bantime' => 3600 # Ban an IP for one hour (3600s) after too many auth attempts
@@ -45,9 +45,9 @@ services:
gitlab_rails['smtp_user_name'] = "${GITLAB_MAIL}"
gitlab_rails['smtp_password'] = "${SMTP_PASS}"
gitlab_rails['smtp_domain'] = "${SMTP_DOMAINE}"
- gitlab_rails['smtp_authentication'] = "login"
- gitlab_rails['smtp_enable_starttls_auto'] = false
- gitlab_rails['smtp_tls'] = true
+ gitlab_rails['smtp_authentication'] = "${SMTP_AUTH}"
+ gitlab_rails['smtp_enable_starttls_auto'] = ${SMTP_ENABLE_STARTTLS_AUTO}
+ gitlab_rails['smtp_tls'] = ${SMTP_TLS}
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
# If your SMTP server does not like the default 'From: gitlab@localhost' you
# # can change the 'From' with this setting.
--
GitLab