Install The GitLab server using Docker
1. Docker pulls gitLab Community edition
docker pull gitlab/gitlab-ce:latest
Copy the codeCheck whether the pull is successful
[root@testGitlab] Docker images REPOSITORY TAG ID CREATED SIZE Gitlab /gitlab- CE Latest 75d591b81FD7 4 days ago 2.23GBCopy the code2. Use the container volume to map data to the local device and run it
| Host location | Container location | role |
|---|---|---|
| /usr/local/gitlab/config | /etc/gitlab | Used to store GitLab configuration files |
| /usr/local/gitlab/logs | /var/log/gitlab | Used to store logs |
| /usr/local/gitlab/data | /var/opt/gitlab | Store application data |
Create a mapping directory on the host
[root@test ~] mkdir -p /usr/local/gitlab/config # recursively create directories, even if the parent directory does not exist, automatically create directories at the directory level
[root@test ~] mkdir -p /usr/local/gitlab/logs
[root@test ~] mkdir -p /usr/local/gitlab/data
[root@test ~] cd /usr/local/gitlab
[root@test gitlab] ls
config data logs
Copy the code3.1 Creation Method 1
creategitlab_start.shfile
[root@test gitlab] touch gitlab_start.sh
[root@test gitlab] vim gitlab_start.sh
Copy the codeWrite the content
#! /bin/sh
GITLAB_HOME=/usr/local/gitlab sudo docker run --detach --hostname IP address of the deployed server -- Publish 444:443 -- Publish 80:80 -- Publish 10080:22 --name Gitlab --restart always --volume$GITLAB_HOME/config:/etc/gitlab
--volume $GITLAB_HOME/logs:/var/log/gitlab
--volume $GITLAB_HOME/data:/var/opt/gitlab
gitlab/gitlab-ce:latest
Copy the codeParameter description:
–detach: set the container to run in the background –hostname: set the container’s hostname, if local localhost, otherwise external IP –publish: Port forwarding rules (80: Http access port, 443: Https access port, 10080: SSH access port of the host, 22: SSH access port of the Docker container) –name: container name –restart always: Restart GitLab every time you start the container –volume: mount the shared directory, that is, data is shared inside and outside the Docker container –e: Configure the environment variables in which GitLab runs
In this file directory, grant gitlab_start.sh execute permission
chmod +x gitlab_start.sh
Copy the code./gitlab_start.sh # Execute script
Copy the codeErrors you might encounter
[root@test gitlab] ./gitlab_start.sh
000dc7b1b6e35d94171be203c49ef7a57a1ffb8ea76c72b6765cbed9b5de347b
docker: Error response from daemon: driver failed programming external connectivity on endpoint gitlab (757b5ee12c5202b00ff312c9a927621ebb63e3e5272c827ba36baf19614ee7d7): Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use.
Copy the codeCheck whether the port is occupied
[root@test gitlab] netstat -ntulp | grep 80 Check all port 80 usageTCP 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 13389/nginx: master tcp6 0 0: ::8080 :::* LISTEN 5233/ JavaCopy the codeModify the gitlab_start.sh file to change the port mapped to the host to 8088 or any other port that is not in use
--publish 443:443 --publish 8088:80 --publish 10080:22 \
Copy the codeRun the./gitlab_start.sh file again and the following error is reported
[root@test gitlab] ./gitlab_start.sh
docker: Error response from daemon: Conflict. The container name "/gitlab" is already in use by container "000dc7b1b6e35d94171be203c49ef7a57a1ffb8ea76c72b6765cbed9b5de347b". You have to remove (or rename) that container to be able to reuse that name.
See 'docker run --help'.
Copy the codeThis is because the previous container is not running, but it has been created, so delete it
[root@test gitlab] docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
000dc7b1b6e3 gitlab/gitlab-ce:latest "/assets/wrapper" 7 minutes ago Created gitlab
Copy the code[root@test gitlab] docker rm 000d
000d
[root@test gitlab] docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Copy the codeRe-run the gitlab_start.sh file
[root@test gitlab] ./gitlab_start.sh
70b9da8332b287b9c154988e03eb6b92ba6c360f985d704b1b703367ffe30732
[root@test gitlab] docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
70b9da8332b2 gitlab/gitlab-ce:latest "/assets/wrapper"4 seconds ago Up 3 seconds (health: Starting 0.0.0.0) : 443 - > 443 / TCP, : : : 443 - > 443 / TCP, 0.0.0.0:10080-22 / TCP, > : : : 10080 - > 22 / TCP, 0.0.0.0:8088 - > 80 / TCP, :::8088->80/tcp gitlabCopy the codeYou can see that the container started successfully
3.2 Creation Method 2
Create the docker-compose. Yml file and run docker-compose up -d in the folder where the file is located
version: '2'
services:
gitlab:
image: 'gitlab/gitlab-ce:latest'
container_name: "gitlab"
restart: always
hostname: 'host IP'
environment:
TZ: 'Asia/Shanghai'
GITLAB_OMNIBUS_CONFIG: |
external_url '8088 http:// host IP:
gitlab_rails['gitlab_shell_ssh_port'] = 10080
gitlab_rails['time_zone'] = 'Asia/Shanghai'
ports:
- '8088:8088'
- '10080:22'
- '443:443'
volumes:
- /usr/local/gitlab/config:/etc/gitlab
- /usr/local/gitlab/logs:/var/log/gitlab
- /usr/local/gitlab/data:/var/opt/gitlab
Copy the codeNote: The port and mapping directory can be changed as required
If the port number of external_url is set to 80, the default port number is 80
4. Modify the Gitlab configuration file (required for Method 1)
If you create a vm using 3.1, you need to modify related configuration files
vim /usr/local/gitlab/config/gitlab.rb
Copy the codeChange SSH port to 10080 so that it does not conflict with host port 22
gitlab_rails['gitlab_shell_ssh_port'] = 10080
Configure the external access address
# the old version
# external_url 'IP address'
# the new version
external_url 'http://ip address'
Copy the code4.1 Applying configuration and Restarting the Service
While the Gitlab container is running, restart the service and remotely access the web site for testing
Enter gitlab bash
docker exec -it gitlab bash
# Reapply gitlab's configuration
gitlab-ctl reconfigure
# Restart gitLab service
gitlab-ctl restart
Check gitLab running status
gitlab-ctl status
Copy the code* If error 502 occurs when accessing Gitlab, use the command to check the cause of the error
gitlab-rake gitlab:check
Copy the codee.g.
Try fixing it:
Make sure GitLab is running;
Check the gitlab-shell configuration file:
sudo -u git -H editor /opt/gitlab/embedded/service/gitlab-shell/config.yml
Please fix the error above and rerun the checks.
Copy the codeView the preceding configuration file to find the cause of the error
Failed to access GitLab
Although the container started successfully, there was no way to access GitLab based on IP :port
Start a Tomcat container test port
Pull the Tomcat image
docker pull tomcat:jdk8-openjdk
Copy the codeTo test whether port 8088 is available, pause gitlab’s container
docker stop gitlab
Copy the codeStart the Tomcat container and map port 8080 of the Tomcat container to port 8088 of the host
[root@test ~] docker run -d --name tomcat -p 8088:8080 tomcat:jdk8-openjdk
aa29b816196ae32f12915a74e447f01bedae64cd200aaa5cab0dedcc383710f7
[root@test ~] docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
aa29b816196a tomcat:jdk8-openjdk "catalina.sh run"3 seconds ago Up 3 seconds 0.0.0.0:8088->8080/ TCP, :::8088->8080/ TCP tomcat [root@test ~] lsof -i:8088
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 2257 root 4u IPv4 2690446 0t0 TCP *:radan-http (LISTEN)
docker-pr 2262 root 4u IPv6 2689770 0t0 TCP *:radan-http (LISTEN)
Copy the codeEverything is ok, access IP :8088, or as before can not access
Enable the firewall and port
Since the firewall of the system has been off before and other services can access normally, there is no doubt that the firewall is the problem
[root@test ~] firewall-cmd --state
not running
[root@test ~] firewall-cmd --permanent --add-port=8088/tcp
FirewallD is not running
Copy the codeTurn the firewall on.
[root@test ~] systemctl start firewalld.service
Copy the codeThe service that can be accessed normally before accessing, can not be accessed normally as expected.
The service port development, normal access.
Open port 8088
[root@test ~] firewall-cmd --permanent --add-port=8088/tcp
success
[root@test ~] firewall-cmd --reload
success
Copy the codeTo visit again
The HTTP Status 404 – Not Found page is displayed
Although it is a 404 page, the port is accessible
Start the GitLab service again
Stop the Tomcat container and run the Gitlab container again
[root@test ~] docker stop tomcat
tomcat
[root@test ~] docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@test ~] docker start gitlab
Error response from daemon: driver failed programming external connectivity on endpoint gitlab (1d8b474e20fe113724f1c429c75b6ac3ece200e9c0beacb980907c15470c7d3e): (iptables failed: iptables --wait-t NAT -a DOCKER -p TCP -d 0/0 --dport 10080 -j DNAT --to-destination 172.18.0.2:22! -i br-12aa369ee4a6: iptables: No chain/target/match by that name. (exit status 1))
Error: failed to start containers: gitlab
Copy the codeIt didn’t get started, but it’s getting closer 🙂
Try to delete the container, create it again and still get the error.
[root@test gitlab] systemctl restart docker
[root@test gitlab] docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@test gitlab] docker-compose up -d
Starting gitlab ... done
[root@test gitlab]
Copy the codeStill can’t access, check whether there is a problem inside GitLab
[root@test gitlab] docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
7528489258e0 gitlab/gitlab-ce:latest "/assets/wrapper"18 minutes ago Up 2 minutes (healthy) 0.0.0.0:443->443/ TCP, :::443->443/ TCP, 80/ TCP, 0.0.0.0:8088->8088/ TCP, : : : 8088 - > 8088 / TCP, 0.0.0.0:10080-22 / TCP, > : : : 10080 - > 22 / TCP gitlab [root @test gitlab] docker exec -it gitlab bash
root@8:/ gitlab-ctl status
run: alertmanager: (pid 769) 250s; run: log: (pid 621) 281s
run: gitaly: (pid 281) 339s; run: log: (pid 316) 337s
run: gitlab-exporter: (pid 746) 251s; run: log: (pid 564) 302s
run: gitlab-workhorse: (pid 737) 251s; run: log: (pid 525) 314s
run: grafana: (pid 784) 249s; run: log: (pid 677) 270s
run: logrotate: (pid 253) 351s; run: log: (pid 261) 350s
run: nginx: (pid 539) 309s; run: log: (pid 548) 308s
run: postgres-exporter: (pid 777) 249s; run: log: (pid 636) 278s
run: postgresql: (pid 396) 333s; run: log: (pid 484) 330s
run: prometheus: (pid 759) 250s; run: log: (pid 607) 288s
run: puma: (pid 487) 327s; run: log: (pid 495) 324s
run: redis: (pid 265) 345s; run: log: (pid 273) 344s
run: redis-exporter: (pid 748) 251s; run: log: (pid 587) 294s
run: sidekiq: (pid 500) 321s; run: log: (pid 511) 318s
run: sshd: (pid 31) 361s; run: log: (pid 30) 361s root@8:/ gitlab-rake gitlab:check Checking GitLab subtasks ... Checking GitLab Shell ... GitLab Shell: ... GitLab Shell version >= 13.19.0? . OK (13.19.0) Running/opt/gitlab/embedded/service/gitlab - shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Gitaly ... Gitaly: ... default ... OK Checking Gitaly ... Finished Checking Sidekiq ... Sidekiq: ... Running? . yes Number of Sidekiq processes (cluster/worker) ... 1/1 Checking Sidekiq ... Finished Checking Incoming Email ... Incoming Email: ... Reply by email is disabledin config/gitlab.yml
Checking Incoming Email ... Finished
Checking LDAP ...
LDAP: ... LDAP is disabled inconfig/gitlab.yml Checking LDAP ... Finished Checking GitLab App ... Git configured correctly? . yes Database config exists? . yes All migrations up? . yes Database contains orphaned GroupMembers? . no GitLab config exists? . yes GitLab config up to date? . yes Log directory writable? . yes Tmp directory writable? . yes Uploads directory exists? . yes Uploads directory has correct permissions? . yes Uploads directory tmp has correct permissions? . skipped (no tmp uploads folder yet) Init script exists? . skipped (omnibus-gitlab has no init script) Init script up-to-date? . skipped (omnibus-gitlab has no init script) Projects have namespace: ... GitLab Instance / Monitoring ... Yes Redis version >= 5.0.0? . Yes Ruby version >= 2.7.2? . Yes (2.7.2) Git version >= 2.31.0? . Yes (2.32.0) Git user has default SSH configuration? . yes Active users: ... 1 Is authorized keys file accessible? . yes GitLab configured to store new projectsinhashed storage? . yes All projects areinhashed storage? . yes Checking GitLab App ... Finished Checking GitLab subtasks ... FinishedCopy the codeEverything is all right
I tested the tomcat container again and found that port 8088 was not accessible.
However, it is possible to ping the host from within the host
[root@testtomcat] curl localhost:8088 <! doctype html><html lang="en"><head><title>HTTP Status 404 -- Not Found</title><styletype="text/css">body {font-family:Tahoma,Arial,sans-serif; } h1, h2, h3, b {color:white; background-color:#525D76; } h1 {font-size:22px; } h2 {font-size:16px; } h3 {font-size:14px; } p {font-size:12px; } a {color:black; } .line {height:1px; background-color:#525D76; border:none; }HTTP Status 404 -- Not Found
Type Status Report
Description The origin server did not find a current representation for the target resource or is
< h3>Apache Tomcat/9.0.50
Copy the codeHowever, changing to IP :8088 does not work
Problem shifting: Why can’t the services in the container be accessed
reference
The Docker port mapping cannot be accessed
Why can’t Aliyun ECS Docker port mapping?
According to the above two articles, it is proposed that the eth0 network segment of Aliyun’s Intranet is in conflict with the 172 network segment of Docker’s virtual network adapter
It was observed that the cloud server I used was also Ali Cloud, and I checked through ifconfig
[root@testconfig] ifconfig br-12aa369ee4a6: Flags =4099<UP,BROADCAST,MULTICAST> MTU 1500 inet 172.18.0.1 netmask 255.255.0.0 BROADCAST 172.18.255.255 inet6 fe80::42:61ff:fedf:d41f prefixlen 64 scopeid 0x20<link> ether 02:42:61:df:d4:1f txqueuelen 0 (Ethernet) RX packets 6 Bytes 1174 (1.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 22 bytes 1682 (1.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 docker0: Flags = 4163 < UP, BROADCAST, RUNNING, MULTICAST > mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 BROADCAST 172.17.255.255 inet6 fe80::42:5dff:fe6c:be47 prefixlen 64 scopeid 0x20<link> ether 02:42:5d:6c:be:47 txqueuelen 0 (Ethernet) RX packets 283 Bytes 18925 (18.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 254 bytes 19725 (19.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: Flags = 4163 < UP, BROADCAST, RUNNING, MULTICAST > mtu 1500 inet 172 xx, xx netmask 7.0.x.x 255.255.240.0 BROADCAST 172.16.15.255 inet6 fe80::216:3eff:fe01:2f48 prefixlen 64 scopeid 0x20<link> ether 00:16:3e:01:2f:48 txqueuelen 1000 (Ethernet) RX Packets 504273 bytes 329083359 (313.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 273686 bytes 220530043 (210.3 MiB) TX errors 0 dropped 0 overruns 0 Carrier 0 collisions 0Copy the codeAnd check the Intranet IP of Ali Cloud is indeed beginning with 172.
Edit the configuration file /etc/docker/daemon.json if the file does not exist.
{
"bip": "192.168.1.5/24"
}
Copy the codeRestart the Docker service
systemctl restart docker
Copy the code[root@test docker]# ifconfigbr-12aa369ee4a6: Flags =4099<UP,BROADCAST,MULTICAST> MTU 1500 inet 172.18.0.1 netmask 255.255.0.0 BROADCAST 172.18.255.255 inet6 fe80::42:61ff:fedf:d41f prefixlen 64 scopeid 0x20<link> ether 02:42:61:df:d4:1f txqueuelen 0 (Ethernet) RX packets 508550 bytes 329587116 (314.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 276951 bytes 223924395 (213.5. MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 docker0: Flags = 4163 < UP, BROADCAST, RUNNING, MULTICAST > mtu 1500 inet 192.168.1.5 netmask 255.255.255.0 BROADCAST 192.168.1.255 inet6 fe80::42:5dff:fe6c:be47 prefixlen 64 scopeid 0x20<link> ether 02:42:5d:6c:be:47 txqueuelen 0 (Ethernet) RX packets 283 Bytes 18925 (18.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 258 bytes 20085 (19.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: Flags = 4163 < UP, BROADCAST, RUNNING, MULTICAST > mtu 1500 inet 172 xx, xx netmask 7.0.x.x 255.255.240.0 BROADCAST 172.16.15.255 inet6 fe80::216:3eff:fe01:2f48 prefixlen 64 scopeid 0x20<link> ether 00:16:3e:01:2f:48 txqueuelen 1000 (Ethernet) RX Packets 508550 bytes 329587116 (314.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 276958 bytes 223925673 (213.5 MiB) TX errors 0 dropped 0 overruns 0 Carrier 0 collisions 0Copy the codeYou can see that docker0’s address has changed.
Note, however, that a service started with Docker will use docker0 by default, and a service started with docker-compose will not. Br-12aa369ee4a6: for example, docker-compose: “Compose”, “compose”, “compose”, “compose”, “compose”, “compose”, “compose”, “compose”, “compose”, “compose”, “compose”, “compose”, “compose”,
Docker-compose up: Two ways to use a custom network segment (specified from its root)
According to method 2 of this article, that is, modify daemon.json. Docker :20.10.7,docker-compose:1.24.1
{
"bip": "192.168.1.5/24"."debug": true."default-address-pools": [{"base" : "192.168.1.5/16"."size": 24}]}Copy the codeLater, it was found that the reason for the access failure was the relationship between Docker and the firewall. The firewall can be turned off and Docker can be turned on. If the access fails, the firewall can be turned on. Back and forth between them. Later, I tried to close Firewalld and open iptables.
When iptables is enabled, iptables can be accessed normally if it is disabled, but cannot be accessed normally if it is enabled. When firewalld is enabled, the sequence between docker and Firewalld is different, sometimes with the firewall on can access, sometimes with the firewall off can access.
However, the external network cannot be accessed from the container, and the problem is still unresolved. A roundabout solution is for the container to use the host network mode
Problem: The setup between Docker, Firewalld, and iptables is suspected
The Docker and IPtables
Docker port mapping and external access failure
Docker and IPtables
Another way to fail to access GitLab is if the port mapping and configuration files are wrong.
Quick fix: Set the host port number to the same as the container number. See the blog below.
Install GitLab with GitLab Docker Images
conclusion
If the system environment is normal, the installation will be very smooth, generally there will be no strange problems. I have installed Aliyun CentOS 7.6 on different servers: the access is normal, but error 502 occurs due to insufficient memory, the container can connect to the external network normally. Aliyun Alibaba Cloud Linux 2: The container may not be able to access normally, and the container cannot connect to the external network normally. Suspect it is the firewall and Docker problem.