I’ve started building a small decentralized, non commercial app with a Rust backend + Node.js frontend running on k8s. I would have my own dedicated server for this. Just mentioning the setup because it might grow and for git there seem to be only GitHub and GitLab around and I prefer GitLab.
I care a lot about security and was wondering if it makes sense to self-host GitLab. I‘m not afraid of doing it, but after setup it shouldn’t take more than 1-2 hours per week for me to maintain it in the long run and I’m wondering if that’s realistic.
Would love to hear about the experience of people who did what I’m planning to do.
EDIT: Thanks for all the answers, trying my best to reply. I want CI/CD, container registry and secrets management that’s what I was hoping to get out of GitLab.
Incoming wall of text
Here is my install script to set up Ubuntu since it has a bit of extra steps for privileged ports https://gitlab.meme.beer/-/snippets/1
Docker compose example, note that my config has a shared network with containers in another compose called
nginxto keep traffic inside docker.name: "gitlab" services: gitlab: image: 'gitlab/gitlab-ce:latest' #command: update-permissions restart: always hostname: 'gitlab.example.com' environment: GITLAB_OMNIBUS_CONFIG: | external_url 'https://gitlab.example.com' pages_external_url 'https://pages.example.com' pages_nginx['enable'] = true pages_nginx['listen_port'] = 6000 pages_nginx['listen_https'] = false pages_nginx['redirect_http_to_https'] = false #puma['per_worker_max_memory_mb'] = 2048 # 2GB gitlab_rails['gitlab_email_from'] = '[email protected]' gitlab_rails['gitlab_email_display_name'] = 'GitLab' gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.sendgrid.net" gitlab_rails['smtp_port'] = 587 gitlab_rails['smtp_user_name'] = 'apikey' gitlab_rails['smtp_password'] = '$SENDGRID_API_KEY_HERE' gitlab_rails['smtp_domain'] = "smtp.sendgrid.net" gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_tls'] = false gitlab_rails['gitlab_default_theme'] = 2 gitlab_rails['gitlab_shell_ssh_port'] = 2224 gitlab_rails['gitlab_default_projects_features_container_registry'] = true gitlab_rails['registry_enabled'] = true gitlab_rails['registry_api_url'] = 'https://registry.example.com' gitlab_rails['registry_issuer'] = 'gitlab-issuer' registry['log_level'] = 'info' registry_external_url 'https://registry.example.com' registry_nginx['enable'] = true registry_nginx['listen_port'] = 5050 registry_nginx['listen_https'] = false registry_nginx['redirect_http_to_https'] = false gitlab_shell['log_level'] = 'INFO' letsencrypt['enable'] = false nginx['error_log_level'] = 'info' nginx['listen_https'] = false #nginx['proxy_protocol'] = true #nginx['trusted_proxies'] = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"] # Workhorse gitlab_workhorse['enable'] = true gitlab_workhorse['ha'] = false gitlab_workhorse['listen_network'] = "tcp" gitlab_workhorse['listen_addr'] = "127.0.0.1:8181" gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse" # Errors # for sentry error logging the GitLab service #gitlab_rails['sentry_enabled'] = true #gitlab_rails['sentry_dsn'] = '' #gitlab_rails['sentry_clientside_dsn'] = '' #gitlab_rails['sentry_environment'] = 'production' # Add any other gitlab.rb configuration here, each on its own line networks: - nginx ports: # gitlab loves https on 443 #- '80:80' #- '443:443' - '2224:22' volumes: - ./config:/etc/gitlab - ./logs:/var/log/gitlab - ./data:/var/opt/gitlab shm_size: '256m' #deploy: # resources: # limits: # cpus: '6' # memory: 12G # reservations: # cpus: '4' # memory: 6G # disable healthcheck for restoring backup #healthcheck: # disable: true networks: nginx: external: true name: nginx