Skip to content
Snippets Groups Projects
Commit 8139371e authored by Elian Loraux's avatar Elian Loraux
Browse files

Variable for : traefik ip, smtp tls, smtp auth methode and ssh port

parent ffee0ef4
No related branches found
No related tags found
1 merge request!1Separate all variable
...@@ -3,8 +3,18 @@ COMPOSE_FILE=docker-compose.yml:traefik.yml ...@@ -3,8 +3,18 @@ COMPOSE_FILE=docker-compose.yml:traefik.yml
HOST=gitlab.DOMAINE.FR HOST=gitlab.DOMAINE.FR
TZ=Europe/Paris TZ=Europe/Paris
GITLAB_SHELL_SSH_PORT=2222
#EMAIL #EMAIL
GITLAB_MAIL=gitlab@DOMAINE.FR GITLAB_MAIL=gitlab@DOMAINE.FR
SMTP_ADRESS=ADRESS_OF_SMTP #ssl0.ovh.net FOR ovh SMTP_ADRESS=ADRESS_OF_SMTP #ssl0.ovh.net FOR ovh
SMTP_PASS=GITLAB_MAIL_SECRET_PASSWORD SMTP_PASS=GITLAB_MAIL_SECRET_PASSWORD
SMTP_DOMAINE=DOMAINE.FR SMTP_DOMAINE=DOMAINE.FR
SMTP_AUTH=login
SMTP_ENABLE_STARTTLS_AUTO=FALSE
SMTP_TLS=true
# TRAEFIK
TRAEFIK_IP=172.19.0.2
...@@ -10,7 +10,7 @@ services: ...@@ -10,7 +10,7 @@ services:
environment: environment:
TZ: TZ:
GITLAB_OMNIBUS_CONFIG: | GITLAB_OMNIBUS_CONFIG: |
gitlab_rails['gitlab_shell_ssh_port'] = 2222 gitlab_rails['gitlab_shell_ssh_port'] = ${GITLAB_SHELL_SSH_PORT}
external_url = 'https://${HOST}' external_url = 'https://${HOST}'
nginx['listen_port'] = 80 nginx['listen_port'] = 80
nginx['listen_https'] = false nginx['listen_https'] = false
...@@ -23,7 +23,7 @@ services: ...@@ -23,7 +23,7 @@ services:
gitlab_rails['allowed_hosts'] = ['${HOST}', 'localhost', '127.0.0.1', 'gitlab'] gitlab_rails['allowed_hosts'] = ['${HOST}', 'localhost', '127.0.0.1', 'gitlab']
# Each address is added to the the NGINX config as 'set_real_ip_from <address>;' # Each address is added to the the NGINX config as 'set_real_ip_from <address>;'
# TODO replace the 172.19.0.6 ip by traefik's one # TODO replace the 172.19.0.6 ip by traefik's one
nginx['real_ip_trusted_addresses'] = [ '172.19.0.2' ] nginx['real_ip_trusted_addresses'] = [ '${TRAEFIK_IP}' ]
# other real_ip config options # other real_ip config options
nginx['real_ip_header'] = 'X-Forwarded-For' nginx['real_ip_header'] = 'X-Forwarded-For'
nginx['real_ip_recursive'] = 'on' nginx['real_ip_recursive'] = 'on'
...@@ -33,7 +33,7 @@ services: ...@@ -33,7 +33,7 @@ services:
gitlab_rails['rack_attack_git_basic_auth'] = { gitlab_rails['rack_attack_git_basic_auth'] = {
'enabled' => true, 'enabled' => true,
# TODO replace the 172.19.0.6 ip by traefik's one # TODO replace the 172.19.0.6 ip by traefik's one
'ip_whitelist' => ["127.0.0.1", '172.19.0.2'], 'ip_whitelist' => ["127.0.0.1", '${TRAEFIK_IP}'],
'maxretry' => 10, # Limit the number of Git HTTP authentication attempts per IP 'maxretry' => 10, # Limit the number of Git HTTP authentication attempts per IP
'findtime' => 60, # Reset the auth attempt counter per IP after 60 seconds 'findtime' => 60, # Reset the auth attempt counter per IP after 60 seconds
'bantime' => 3600 # Ban an IP for one hour (3600s) after too many auth attempts 'bantime' => 3600 # Ban an IP for one hour (3600s) after too many auth attempts
...@@ -45,9 +45,9 @@ services: ...@@ -45,9 +45,9 @@ services:
gitlab_rails['smtp_user_name'] = "${GITLAB_MAIL}" gitlab_rails['smtp_user_name'] = "${GITLAB_MAIL}"
gitlab_rails['smtp_password'] = "${SMTP_PASS}" gitlab_rails['smtp_password'] = "${SMTP_PASS}"
gitlab_rails['smtp_domain'] = "${SMTP_DOMAINE}" gitlab_rails['smtp_domain'] = "${SMTP_DOMAINE}"
gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_authentication'] = "${SMTP_AUTH}"
gitlab_rails['smtp_enable_starttls_auto'] = false gitlab_rails['smtp_enable_starttls_auto'] = ${SMTP_ENABLE_STARTTLS_AUTO}
gitlab_rails['smtp_tls'] = true gitlab_rails['smtp_tls'] = ${SMTP_TLS}
gitlab_rails['smtp_openssl_verify_mode'] = 'peer' gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
# If your SMTP server does not like the default 'From: gitlab@localhost' you # If your SMTP server does not like the default 'From: gitlab@localhost' you
# # can change the 'From' with this setting. # # can change the 'From' with this setting.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment