GitLab CE (Community Edition) is a complete, open-source DevOps platform that combines source code management, CI/CD pipelines, security testing, and project planning in a single application. This guide deploys GitLab CE using Docker Compose with Traefik handling automatic HTTPS, then retrieves the initial root password. By the end, you'll have a self-hosted GitLab instance running securely at your domain.
Set Up the Directory Structure
1. Create the project directory structure:
$ mkdir -p ~/gitlab/{config,logs,data,letsencrypt}
$ cd ~/gitlab
2. Create the environment file:
$ nano .env
GITLAB_DOMAIN=gitlab.example.com
LETSENCRYPT_EMAIL=admin@example.com
Deploy with Docker Compose
1. Add your user to the Docker group:
$ sudo usermod -aG docker $USER
$ newgrp docker
2. Create the Docker Compose manifest:
$ nano docker-compose.yml
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
environment:
DOCKER_API_VERSION: "1.44"
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--certificatesresolvers.le.acme.httpchallenge=true"
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL}"
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./letsencrypt:/letsencrypt
gitlab:
image: gitlab/gitlab-ce:latest
container_name: gitlab
restart: always
hostname: ${GITLAB_DOMAIN}
shm_size: '256m'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://${GITLAB_DOMAIN}'
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
gitlab_rails['gitlab_shell_ssh_port'] = 2222
ports:
- "2222:22"
volumes:
- ./config:/etc/gitlab
- ./logs:/var/log/gitlab
- ./data:/var/opt/gitlab
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitlab.rule=Host(`${GITLAB_DOMAIN}`)"
- "traefik.http.routers.gitlab.entrypoints=websecure"
- "traefik.http.routers.gitlab.tls=true"
- "traefik.http.routers.gitlab.tls.certresolver=le"
- "traefik.http.services.gitlab.loadbalancer.server.port=80"
3. Start the services:
$ docker compose up -d
4. Verify the services are running:
$ docker compose ps
GitLab takes a few minutes to initialize on the first start.
Access GitLab
1. Retrieve the initial root password:
$ sudo docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
This file auto-deletes after 24 hours, so capture the password right away.
2. Sign in:
-
URL:
https://gitlab.example.com -
Username:
root - Password: the value from the command above
Change the root password immediately after first login.
Next Steps
GitLab CE is running and served securely over HTTPS. From here you can:
- Create groups and projects, and invite team members
- Configure GitLab Runners to execute CI/CD pipelines
- Set up SMTP for email notifications and SAML/OIDC for SSO
For the full guide with additional tips, visit the original article on Vultr Docs.
Top comments (0)