This is because of Synology OS it has nothing to do with the container or
the docker settings.

What you need to do is change the default templates for your synology. At
every reboot the system replaces the config files with their default. The
philosophy of Synology behind this is that if a user makes changes which
bricks the NAS then a reboot is sufficient to fix it.

Now here is to to bypass it; most of the changes can be done from the
/etc.defaults folder this is where the majority of the default files are
copied from.

Could you tell which internal files you are trying to change ?

Ps: I'm running a full gitlab setup on my synology. Including a docker
registry and runners. I've also build a Synology compatible runner image
which is compatible with the docker engine shipped with synology.

Currently I'm trying for months to have synology update the current docker
engine to a higher version. Could you do me a favor. And fo to your
synology support tool and submit a question to synology for the docker
package and simply asking when they will release an update for the latest
docker engine. The more people ask the sooner they will update it.

Hope this helps. I'm a very experienced Synology user have even been
helping synology to fix several things in their system for the past few
years.

Let me know how I can help you.

Op wo 19 apr. 2017 13:45 schreef MACE-Zer0 notifications@github.com:

First of all , great tool git lab is .. awesome realy , i know maybe u
guys dont support the versions in synology , but maybe someone can give me
a little help with this

Im trying to activate LDAP , with synology and docket , but inside the
terminal in the docker , the gitlab.yml in the config , when i enter the
LDAP setttings , after i reboot gitlab ,the files reverts back to its
orignal file , and no ldap activated , iv been seaching in a lot in google
, cant seem to find where the base fines that i need to change so docker
asumes the LDAP configurations ,

Can anyone help me with this ??

much apreciated

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180, or mute the
thread
https://github.com/notifications/unsubscribe-auth/AFynv7yACzZDGuV2A29WfkV54h6sD3rSks5rxe4hgaJpZM4NBis3
.

Thanks for you reply , i have gitlab running , just need to activate ldap so users in my company can login with their AD users in gitlab , but when i changed the gitlab.yml in the docker it would change back , do you know what files do i need to change to put ldap working ???

i need files that configure ldap :

# A human-friendly name for your LDAP server. It is OK to change the label later,

# for instance if you find out it is too large to fit on the web page.
#
# Example: 'Paris' or 'Acme, Ltd.'
label: 'LDAP'

# Example: 'ldap.mydomain.com'
host: '_your_ldap_server'
# This port is an example, it is sometimes different but it is always an integer and not a string
port: 389
uid: 'sAMAccountName'
method: 'plain' # "tls" or "ssl" or "plain"

dont know where they are in the synology side , have checked all of gitlab files , and the only place i found them was inside the docker , that doesnt allow change ,

can u tell me where the files are to configure ldap for gitlab ??

i willl ask synology for the update of docker no problem!!

What is the path of your gitlab.yml ?

Op wo 19 apr. 2017 18:32 schreef MACE-Zer0 notifications@github.com:

Thanks for you reply , i have gitlab running , just need to activate ldap
so users in my company can login with their AD users in gitlab , but when i
changed the gitlab.yml in the docker it would change back , do you know
what files do i need to change to put ldap working ???

i need files that configure ldap :
A human-friendly name for your LDAP server. It is OK to change the label
later, for instance if you find out it is too large to fit on the web
page. Example: 'Paris' or 'Acme, Ltd.'

label: 'LDAP'
Example: 'ldap.mydomain.com'

host: '_your_ldap_server'
This port is an example, it is sometimes different but it is always an
integer and not a string

port: 389
uid: 'sAMAccountName'
method: 'plain' # "tls" or "ssl" or "plain"

dont know where they are in the synology side , have checked all of gitlab
files , and the only place i found them was inside the docker , that doesnt
allow change ,

can u tell me where the files are to configure ldap for gitlab ??

i willl ask synology for the update of docker no problem!!

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-295334479,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynvwzfnU3cB2zCVl1ahQHfnb-GG7RPks5rxjcggaJpZM4NBis3
.

i could only find that file inside the docker synology_gitlab ,

could not find gitlab.yml outside docker ,

when i change the gitlab.yml inside the terminal on that docker it changes back when i reboot the docket

@MACE-Zer0 Why are you not making use of environment variables?
I have a Synology as well -- was running GitLab on it with LDAP with no issues until I moved it to another box (consolidating things).
Can you export your config file for your GitLab container -- sanitize the data (remove passwords, etc) and post it here? Just need to know what your setup is like so that I can help you out much better.

Also, you could move over to the release here instead of Synology -- there's plenty of info on how to import things.

@MACE-Zer0

Are you by any change running the gitlab from the Synology package center ? because that thing is not up-to-date. And I don't recommend it. I think that will explain your problems.

If you are running the gitlab from the package center, my question to you is do you want to know how to run the image from this repository, including backups etc.. (basically a correct setup of gitlab on Synology, sorry to be blunt)

Let me know, My money is on the fact that you have installed the gitlab image which is shown in the screenshot below. (BTW; this is a very old version of gitlab)

@GJRTimmer Yep -- get him off that image -- it's way too old and unsupported (in GitLab time anyways).
It's also way too easy to run GitLab from this repo rather than what Synology offers in the first place~

Thanks for all the replys , iv been running git server on synology , then i heard of gitlab , and i installed the one from synology , to try it out , im on a company , that wants to start using gitlab , so if the one from synology is old , can u please point me to the right direction , have anyone documented the install of the right gitlab repo in synology without using the one they sypply ???

if you please give a link or a few directions on how to install ??

Thanks you all

iv found this repo , is this the right one ??

https://github.com/jboxberger/synology-gitlab

@MACE-Zer0 Don't worry, I will guide you trough every setup

No

The repo you are currently on, is the correct one. Give me a few minutes to prepare all the data for you to set up a complete gitlab environment on Synology.

I do need the following from you:
1) Do you now how to use SSH and login into the console of a Synology ?
2) Do you want a complete Gitlab environment, with its own docker registry ?
3) Do you want a gitlab environment which can also run automatic builds of a project ?

ok thanks ..

1 - yes i know how to use ssh , iv been using ssh in synologys for years now no problem there

2- yes i would be very useful

3 - we are running in our company teamcity builds , we would like to integrate gitlab enviroment with teamcity later on , but yes we would like auto builds of projects

thanks for the help

4) I assume you will be running GitLab on a docker container.

My own Gitlab is available from https://gitlab.timmertech.nl you will not be able to get beyond the login, but it just to show you how to set it up correctly including HTTPS certificates even as a sub domain.

5) Do you want it also running on a subdomain like I do ?

Auto building can be setup using the internal of gitlab runners, which only require you to add a .gitlab-ci.yml to a project

When I know if you also want to run it on a subdomain I can get started.

4 - yes i already have docker container install , i could run on it

5 - no need to acess from outside , we regulary use vpn to our company so we can use it only internaly

i already have a dns entry to the ip of the synology to use the adress internaly only

Manual Part 1:

This manual will be taking you to prepare your environment.
Because we first need to setup several things before we can run it.

P.S.
Later on I will provide my own docker-compose.yml files which in turn will auto setup a complete environment, so you don't have to reinvent the wheel again. Of course you have to edit my files, I will make it clear where you have to edit them.

Step 1 Storage

We need to setup the environment in such a way that all of your data is saved correctly, so that you will never loose them and that it is every easy to upgrade to the latest version.

*NOTE: I have a nice bash script for auto upgrading my environment, which I also will provide, this script takes care of every thing, and when there is an update for gitlab, it will take you Synology only about 15-20min downtime of your gitlab environment on upgrade.

Because we want to preform upgrades and always run the latest secured and stable version in a safe way we need to start with a correct setup.

This manual will assume that you still have the "Synology Shared Folder" Docker present.
It should be located at /volume1/Docker its default created when you install docker.

If this folder is not present create it through the Configuration panel not through SSH, we want it as a normal Synology Shared folder, because in the future you might want to use the "Snapshot Replication" application from Synology to make incremental snapshots.

*NOTE: I will also assume that we are doing a complete fresh install, importing projects you can do later yourself. Second assumption will be that you have uninstalled the docker image and previous version of gitlab.

Created the following directory structure.
(P.S. You will notice is based upon the the linux default FS layout)
(Use SSH after /volume1/Docker exists or created by the Configuration Panel)

/volume1/Docker/gitlab

/volume1/Docker/gitlab/etc
/volume1/Docker/gitlab/etc/certs

/volume1/Docker/gitlab/var
/volume1/Docker/gitlab/var/lib
/volume1/Docker/gitlab/var/lib/gitlab
/volume1/Docker/gitlab/var/lib/postgresql
/volume1/Docker/gitlab/var/lib/redis
/volume1/Docker/gitlab/var/lib/runner-docker
/volume1/Docker/gitlab/var/lib/runner-scripts
/volume1/Docker/gitlab/var/lib/runner-shell

/volume1/Docker/gitlab/var/log
/volume1/Docker/gitlab/var/log/gitlab
/volume1/Docker/gitlab/var/log/postgresql
/volume1/Docker/gitlab/var/log/redis

Explanation

/volume1/Docker/gitlab => Root Directory containing everything for your gitlab environment

/volume1/Docker/gitlab/etc => This will contain all of your docker configuration
/volume1/Docker/gitlab/etc/certs =>Will contain SSL/TLS certificates

/volume1/Docker/gitlab/var => Will contain all DATA/LOG
/volume1/Docker/gitlab/var/lib => Will contain all DATA
/volume1/Docker/gitlab/var/lib/gitlab => Will contain the data of GitLab
/volume1/Docker/gitlab/var/lib/postgresql=> Will contain all the postgres data
/volume1/Docker/gitlab/var/lib/redis => Will contain all the Redis Data
/volume1/Docker/gitlab/var/lib/runner-docker => Will contain the configuration for docker runner
/volume1/Docker/gitlab/var/lib/runner-scripts => Will contain the shared scripts between runner
/volume1/Docker/gitlab/var/lib/runner-shell => Will contain the configuration for the shell runner

/volume1/Docker/gitlab/var/log => Will contain all log files
/volume1/Docker/gitlab/var/log/gitlab => Will contain all the log files from GitLab
/volume1/Docker/gitlab/var/log/postgresql => Will contain all the log files from postgresql
/volume1/Docker/gitlab/var/log/redis => Will contain all the logfiles from Redis

First of all thank you very much for you help and time , realy thanks

iv read all and done all , im doing a fresh install

i already have a docker folder since its the defaul one when installing docker and created all that structure like you said

ups did a mistaque ... var and lib folders outside , will move them

all corrected

Step 2 Create Secrets (Mandatory)

In order to use GitLab correctly you need to generate several secret keys, this is a one time action.

You need to generate three of them.

• Database Key
• Secret Key
• OPT Key

You only generate them once, and them you can forget about them, they will be stored within the gitlab docker configuration. Keep in mind that you don't want to lose those configuration files, but that should be obvious.

Generate Keys

Run the following command 3 times

$ date +%s | sha256sum | base64 | head -c 64 ; echo

Copy them to a text editor like notepad++ and assign each one to the following key(s):

• GITLAB_SECRETS_DB_KEY_BASE
• GITLAB_SECRETS_SECRET_KEY_BASE
• GITLAB_SECRETS_OTP_KEY_BASE

End result:
KEY=VALUE

GITLAB_SECRETS_DB_KEY_BASE=ZWRhOWJjMjEyNjAxNTk3ODgyNWYyNGFkOTUyY2E1YjY2YTllNWY4MWEwNTU3ZmY4
GITLAB_SECRETS_SECRET_KEY_BASE=N2U5MTJlNzU1NjBjZGY4ZjQxMTE1NjI4MTlkMmFjNDIyM2I3OWY2MTRhYTFmM2Q0
GITLAB_SECRETS_OTP_KEY_BASE=YjI0Y2YyMGVlOTdlMjZkODEyM2VjZTY0NjVlODUyYjE5YWNlMDI2ZWIxMzIwZjYx

save the contents above to /volume1/Docker/gitlab/etc/secrets.env

You can use either VI or whatever you like

do i need to put in the file the :

End result:
KEY=VALUE

or just these lines

GITLAB_SECRETS_DB_KEY_BASE=ZWRhOWJjMjEyNjAxNTk3ODgyNWYyNGFkOTUyY2E1YjY2YTllNWY4MWEwNTU3ZmY4

All three lines.

NOT: KEY=VALUE, this was just to illustrate that you needed to add an equal sign between the key and value.

Below the only contents of the the file:

GITLAB_SECRETS_DB_KEY_BASE=ZWRhOWJjMjEyNjAxNTk3ODgyNWYyNGFkOTUyY2E1YjY2YTllNWY4MWEwNTU3ZmY4
GITLAB_SECRETS_SECRET_KEY_BASE=N2U5MTJlNzU1NjBjZGY4ZjQxMTE1NjI4MTlkMmFjNDIyM2I3OWY2MTRhYTFmM2Q0
GITLAB_SECRETS_OTP_KEY_BASE=YjI0Y2YyMGVlOTdlMjZkODEyM2VjZTY0NjVlODUyYjE5YWNlMDI2ZWIxMzIwZjYx

Step 3 Database

This is a very easy and short step; We need to pick a password for the database, creating of user and things like that is no concern because this will be done automatically.

$ date +%s | sha256sum | base64 | head -c 16 ; echo

The command above will generate a 16 character strong password, we also never have to type this in again.

Create the following file: /volume1/Docker/gitlab/etc/database.env

Contents:

# Database Configuration
DB_USER=gitlab
DB_PASS=<INSERT PASSWORD HERE>
DB_NAME=gitlab

ok all done , thanks

done as well

Step 4 Email

This step will setup email. You have IMAP and SMTP, I have only SMTP enabled, but I do have the IMAP configuration on my system and also loaded, I simple have the flag if IMAP should be enabled on false.

This will allow you to customize the your email setup later on to your own wishes.

Create the following file: /volume1/Docker/gitlab/etc/imap.env

Contents:

# IMAP Configuration
IMAP_ENABLED=false
IMAP_HOST=imap.gmail.com
IMAP_PORT=993
[email protected]
IMAP_PASS=password
IMAP_SSL=true
IMAP_STARTTLS=false

Create the following file: /volume1/Docker/gitlab/etc/smtp.env

Contents:

# SMTP Configuration
SMTP_ENABLED=true
SMTP_DOMAIN=<SMTP HOST>
SMTP_HOST=<SMTP HOST>
SMTP_PORT=587
SMTP_USER=<INSERT USERNAME>
SMTP_PASS=<INSERT PASSWORD>
SMTP_STARTTLS=true
SMTP_AUTHENTICATION=login

It will depend on your own smtp server if you need to activate STARTTLS, of course port number is either 25 or 587 if using TLS.

If you are unsure about your settings you can for now simple set the SMTP_ENABLED to false.
If you edit this in the future it only requires a restart of your environment. That's it

havent asked you this ... the previous install of gitlab the one that synology uses , it installed mariadb , can we use maria db for the databases with this build ??

can i just use smtp env , ???

We can in theory but WE WILL NOT do that, It's very bad to use MySQL with GitLab.
Don't worry. You will get a nice setup :-) We will run a database docker container with it. Trust me it is truly the best way.

What do you mean with smtp env ?

I'm using the MailPlus Server on my Synology, I even have my MailServer completly configured with full DKIM, DMARC SSL etc.

i only need the smtp to send emails , my question if i realy need to create the imap file

You do not, its optional, but if you don't then make a mental note of it because, within a few steps we will be including these files into a docker-compose files which will manage everything. So if you do not create the imp.env files don't forget to REMOVE it from the docker-compose file.

all done the smtp and imap files

You still work faster then I can write a manual, we almost done by the way

sorry about all the trouble

Question: do you want OATH? Like importing from GitHub, like on import and GitLab wil show projects etc. of OATH and allow users to login with Google account things like that ?

Not any trouble, the only price you pay is that you submit a request to Synology and ask for an update for the Docker :-)

will do that , and have friends with synology as well , will ask them to do that as well !!!

Step 5 OATH

Create the following File: /volume1/Docker/etc/oath.env

Don't worry everything is disabled, but it will allow easier configuration in the future.
Also this file is not entirely up to date.

Within the README of this GitHub you will notice that there are more keys about OATH which have been added since I created this file.

Contents:

# OAuth Configuration
OAUTH_ENABLED=false
OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
OAUTH_ALLOW_SSO=
OAUTH_BLOCK_AUTO_CREATED_USERS=true
OAUTH_AUTO_LINK_LDAP_USER=false
OAUTH_AUTO_LINK_SAML_USER=false
OAUTH_EXTERNAL_PROVIDERS=

OAUTH_CAS3_LABEL=cas3
OAUTH_CAS3_SERVER=
OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
OAUTH_CAS3_LOGIN_URL=/cas/login
OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
OAUTH_CAS3_LOGOUT_URL=/cas/logout

OAUTH_GOOGLE_API_KEY=
OAUTH_GOOGLE_APP_SECRET=
OAUTH_GOOGLE_RESTRICT_DOMAIN=

OAUTH_FACEBOOK_API_KEY=
OAUTH_FACEBOOK_APP_SECRET=

OAUTH_TWITTER_API_KEY=
OAUTH_TWITTER_APP_SECRET=

OAUTH_GITHUB_API_KEY=
OAUTH_GITHUB_APP_SECRET=
OAUTH_GITHUB_URL=
OAUTH_GITHUB_VERIFY_SSL=

OAUTH_GITLAB_API_KEY=
OAUTH_GITLAB_APP_SECRET=

OAUTH_BITBUCKET_API_KEY=
OAUTH_BITBUCKET_APP_SECRET=

OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
OAUTH_SAML_IDP_CERT_FINGERPRINT=
OAUTH_SAML_IDP_SSO_TARGET_URL=
OAUTH_SAML_ISSUER=
OAUTH_SAML_LABEL="Our SAML Provider"
OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
OAUTH_SAML_GROUPS_ATTRIBUTE=
OAUTH_SAML_EXTERNAL_GROUPS=
OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=

OAUTH_CROWD_SERVER_URL=
OAUTH_CROWD_APP_NAME=
OAUTH_CROWD_APP_PASSWORD=

OAUTH_AUTH0_CLIENT_ID=
OAUTH_AUTH0_CLIENT_SECRET=
OAUTH_AUTH0_DOMAIN=

OAUTH_AZURE_API_KEY=
OAUTH_AZURE_API_SECRET=
OAUTH_AZURE_TENANT_ID=

ok , iv created the file , i see where i can later enter the ids of the apps i want to use with gitlab

Step 6 USER UID/GID Mapping

Maybe you have noticed that when you map a folder of a host to a container, that the files when you view them on SSH Synology access don't show a username and group but a number.

Let fix this before we start.

What we want for example is that every file created INSIDE a docker container is mapped to for example the ADMIN user of Synology.

We can do this as following:

Create the following file: /volume1/Docker/gitlab/etc/usermap.env

Contents:

# Host UID / GID Mapping
USERMAP_UID=1026
USERMAP_GID=100

If you want to know how to get the correct numers you can do that with the following command for example:

$ id admin
uid=1024(admin) gid=100(users) groups=100(users),101(administrators)
$

1026 is the UID of my own admin account 'gert-jant' on my NAS

If everything goos according to plan you have a running environment within the next 10 minutes

Step 7 Check

You should have the following files within /volume1/Docker/gitlab/etc

database.env
imap.env
oauth.env
secrets.env
smtp.env
usermap.env

Step 8 Setup Docker Network

We want all the docker containers to run nicely within there own network.

Go to the Docker Panel, Click Network.

Now click "Add"

Network name: gitlab (Lowercase)

• Enable IPv4
• User Manual Configuration
• Subnet: 172.20.0.0/16
• IP Range: 172.20.0.0/16
• Gateway: 172.20.0.1

Step 8 Configure GitLab

Create the following file: /volume1/Docker/gitlab/etc/docker-compose.yml

NOTE
This is a yml (Yaml) configuration file; important notice, there are NO TABS all idents are spaces, this is required for Yaml configuration files.

NOTE
Configuring GitLab Runners can be a bitch. So for this step I have removed them from the docker-compose file below. I have posted their configuration below, reason for this is that you need to base address of gitlab.

DON'T FORGET TO EDIT ALL THE REQUIRED ITEMS BELOW

Timezone Below is set to Europe/Amsterdam, you have to edit this to your own timezone.

I have disabled HTTPS for you, I have kept the configuration in the config, you need to place the certificates into /volume1/Docker/gitlab/etc/certs but the path for the config below is /certs because of the internal mapping of Docker

I'VANAD ENOVATION also disabled the registry, left the config because the registry requires its own host name mapping, I've solved this with the "Application Portal" of Synology

Contents:

version: '2'

services:
  gitlab-redis:
    container_name: gitlab-redis
    hostname: redis
    restart: always
    image: sameersbn/redis:latest
    command:
      - --loglevel warning
      - --logfile /var/log/redis/redis-server.log
    volumes:
      - /volume1/Docker/gitlab/var/lib/redis:/var/lib/redis
      - /volume1/Docker/gitlab/var/log/redis:/var/log/redis

  gitlab-postgresql:
    container_name: gitlab-postgresql
    hostname: postgresql
    restart: always
    image: sameersbn/postgresql:9.6-2
    command:
      - -c logging_collector=on
    volumes:
      - /volume1/Docker/gitlab/var/lib/postgresql:/var/lib/postgresql
      - /volume1/Docker/gitlab/var/log/postgresql:/var/log/postgresql
    env_file:
      - database.env
      - usermap.env
    environment:
      - DB_EXTENSION=pg_trgm
      - PG_TRUST_LOCALNET=true
      - PG_PASSWORD=<SAME PASSWORD AS IN database.env>

  gitlab:
    container_name: gitlab
    hostname: gitlab
    restart: always
    image: sameersbn/gitlab:9.0.5
    depends_on:
      - gitlab-redis
      - gitlab-postgresql
      - gitlab-registry
    links:
      - gitlab-redis:redis
      - gitlab-postgresql:postgresql
      - gitlab-registry:registry
    ports:
      - "3022:22"
      - "3080:80"
      - "3443:443"
    volumes:
      - /volume1/Docker/gitlab/etc/certs:/certs
      - /volume1/Docker/gitlab/var/lib/gitlab:/home/git/data
      - /volume1/Docker/gitlab/var/log/gitlab:/var/log/gitlab
    env_file:
      - secrets.env
      - database.env
      - smtp.env
      - imap.env
      - oauth.env
      - usermap.env
    environment:
      - DEBUG=false

      - DB_HOST=postgresql
      - REDIS_HOST=redis

      - TZ=Europe/Amsterdam
      - GITLAB_TIMEZONE=Amsterdam

      - GITLAB_HTTPS=false
      - SSL_SELF_SIGNED=false
      - SSL_KEY_PATH=/certs/privkey.pem
      - SSL_CERTIFICATE_PATH=/certs/cert.pem
      - SSL_DHPARAM_PATH=/certs/dhparam.pem

      - GITLAB_HOST=<HOST OF GITLAB, can be removed I have 'gitlab.timmertech.nl' as VALUE>

      - GITLAB_ROOT_PASSWORD=<CHOOSE ROOT PASSWORD>
      - GITLAB_ROOT_EMAIL=<ADMIN EMAIL ADDRESS>

      - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
      - GITLAB_NOTIFY_PUSHER=false

      - GITLAB_EMAIL=gitlab@<YOUR DOMAIN>
      - GITLAB_EMAIL_REPLY_TO=no-reply@<YOUR DOMAIN>
      - GITLAB_EMAIL_ENABLED=true
      - GITLAB_INCOMING_EMAIL_ENABLED=false
      - GITLAB_EMAIL_SUBJECT_SUFFIX=GitLab | 

      - GITLAB_SIGNUP_ENABLED=false
      - GITLAB_USERNAME_CHANGE=false
      - GITLAB_MAX_OBJECT_SIZE=104857600

      - GITLAB_LOG_DIR=/var/log/gitlab

      - GITLAB_BACKUP_SCHEDULE=daily
      - GITLAB_BACKUP_TIME=01:00
      - GITLAB_BACKUP_EXPIRY=86400

      - GITLAB_REGISTRY_ENABLED=false
      - GITLAB_REGISTRY_HOST=registry.timmertech.nl
      - GITLAB_REGISTRY_API_URL=http://registry:5000
      - GITLAB_REGISTRY_KEY_PATH=/certs/privkey.pem
      - SSL_REGISTRY_KEY_PATH=/certs/privkey.pem
      - SSL_REGISTRY_CERT_PATH=/certs/cert.pem

  gitlab-registry:
    container_name: gitlab-registry
    hostname: registry
    restart: always
    image: registry:2.5.1
    ports:
      - 3500:5000
    volumes:
      - /volume1/Docker/gitlab/var/lib/gitlab/shared/registry:/registry
      - /volume1/Docker/gitlab/etc/certs:/certs
    environment:
      - REGISTRY_LOG_LEVEL=info
      - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
      - REGISTRY_AUTH_TOKEN_REALM=https://<GITLAB HOST>/jwt/auth
      - REGISTRY_AUTH_TOKEN_SERVICE=container_registry
      - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
      - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/cert.pem
      - REGISTRY_STORAGE_DELETE_ENABLED=true

networks:
  default:
    external:
      name: gitlab

GitLab Runner Docker YML Config

gitlab-runner-shell:
    container_name: gitlab-runner-shell
    hostname: runner-shell
    restart: always
    depends_on:
      - gitlab
    image: datacore/gitlab-runner:1.11.2
    volumes:
      - /volume1/Docker/gitlab/var/lib/runner-shell:/data:rw
      - /volume1/Docker/gitlab/var/lib/runner-scripts:/data/scripts:rw
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - CI_SERVER_URL=https://<GITLAB HOST>/ci
      - REGISTRATION_TOKEN=pFzRKg13Qg8rAmZSePwu
      - RUNNER_EXECUTOR=shell
      - RUNNER_NAME=GitLab Runner (SHELL)
      - RUNNER_TAG_LIST=shell

  gitlab-runner-docker:
    container_name: gitlab-runner-docker
    hostname: runner-docker
    restart: always
    depends_on:
      - gitlab
    image: datacore/gitlab-runner:1.11.2
    volumes:
      - /volume1/Docker/gitlab/var/lib/runner-docker:/data
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - CI_SERVER_URL=https://<GITLAB HOST>/ci
      - REGISTRATION_TOKEN=pFzRKg13Qg8rAmZSePwu
      - RUNNER_EXECUTOR=docker
      - RUNNER_NAME=GitLab Runner (DOCKER)
      - RUNNER_TAG_LIST=docker
      - DOCKER_IMAGE=docker:latest
      - DOCKER_NETWORK_MODE=gitlab
      - DOCKER_DISABLE_CACHE=true
      - DOCKER_VOLUMES=/volume1/Docker/gitlab/var/lib/runner-scripts:/runner

NOTE
Optional trick if you want to run a script on every build
You have to place the script into /volume1/Docker/gitlab/var/lib/runner-scripts

- RUNNER_PRE_BUILD_SCRIPT=/runner/pre-build.sh

Step 9 Start it up

$ cd /volume1/Docker/gitlab/etc
$ docker-compose -f ./docker-compose.yml up -d

EDIT
About starting the containers and using docker-compose; on a Synology device only root can do this.

quick question , problem i encontered with the synology gitlab , it would not run if i set it to port 80 , even if i disabled the redirection of synology port 80 , is there any problem from gitlab from running in port 80 ???

when i changed synology gitlab to port 90 it would run with no problems , with this build will it have the same problem with port 80 ??

The image datacore/gitlab-runner:1.11.2 is a special runner image which I build specific to be fully compatible with the Docker Engine version of Synology. :-)

You will have the same problem port 80 is reserved for Synology.

But I assume you want a fix; :-)

Let's fix this for you.

can your synology be reached with a DNS ? oR only by IP within your company LAN ?

it has a dns entry

perfect

Now go to Synology Configuration Panel

Goto the "Application Portal"

Click Reverse Proxy

Click Create

Description "gitlab"
Protocol: http
Hostname: gitlab.DNS-MACE-Zer0.nl :-)
Port 80

Destination:
Proto: HTTP
Hostname: localhost
Port: 3080 => Notice this port in the docker-compose file

of course you have to change this and a few other things if you want to add TLS. but that is a different story.

My Config for GitLab in Application Portal => Reverse Proxy look like this, (I Have TLS)

ok thanks ... give me a few moments to create the step 8 in notepad ++ so to be carefull with yml spacing

and to configure its settings

You do not have to create the DNS entry within your DNS server.

This Reverse proxy will simply redirect 'FAKE' subdomain gitlab to your gitlab container under the condition that the last part of the DNS can be resolved to your synology.

--

Don't sweat it, I will go for a cigarette if you don't mind.

I will keep track of you response on my phone.

About starting the containers and using docker-compose; on a Synology device only root can do this.

this GitLab Runner Docker YML Config , what is the name of the file to create with its config ??

The files should be above the contents: filename == "docker-compose.yml"

Op do 20 apr. 2017 12:29 schreef MACE-Zer0 notifications@github.com:

this GitLab Runner Docker YML Config , what is the name of the file to
create with its config ??

—
You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-295673365,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynv48awjhBlxqGtAWO-69isCA57FjAks5rxzOjgaJpZM4NBis3
.

docker-compose.yml

To give a hint maybe goto application portal reverse proxy and do the steps above this for it and update you docker-comoose.yml to set the hosts correctly

i tough it was 2 files , your copy past was only 1 file but in 2 responses , i touhg the 2nd one was another file , but its only one docker-compose

If you created the reverse proxy lats say for example that you synology can be reached at mace.nl

Then you create a reverse proxy for gitlab.mace.nl and update you docker-compose.yml accordingly

The reason you cannot run on port 80 is because of the reverse proxy.

After you set it up and start it you can reach gitlab at http://gitlab.mace.nl on port 80 😀

Yeas it's only one file the runner can be added later sorry for the confusion

Sorry about the typo's autocorrection on my phone while smoking

got an error ,have to see if its something wrong

Now I really hope that after you start it. It does not complain about errors in your docker-compose file and everything should be up and running. You van login into you gitlab environment with user root and the root password from your docker-compose filr

Btw first time it will take some time before the gitlab is ready it has to create a shit load of content on my nas it took between 5 and 10 min

it gave an error , something is wrong in the docker compose i guess

Post the file and redact the passwords

looks like the network key is idented, this this not be the case

'network' at the bottom should be completly to the left.

the only things i changed iv put them with XXXXX

docker-compose.zip

found it

line 127-131 is the problem.

Move networks to the bottom.

and ident gitlab-runner correctly

version: '2'

services:
  gitlab-redis:
    container_name: gitlab-redis
    hostname: redis
    restart: always
    image: sameersbn/redis:latest
    command:
      - --loglevel warning
      - --logfile /var/log/redis/redis-server.log
    volumes:
      - /volume1/Docker/gitlab/var/lib/redis:/var/lib/redis
      - /volume1/Docker/gitlab/var/log/redis:/var/log/redis

  gitlab-postgresql:
    container_name: gitlab-postgresql
    hostname: postgresql
    restart: always
    image: sameersbn/postgresql:9.6-2
    command:
      - -c logging_collector=on
    volumes:
      - /volume1/Docker/gitlab/var/lib/postgresql:/var/lib/postgresql
      - /volume1/Docker/gitlab/var/log/postgresql:/var/log/postgresql
    env_file:
      - database.env
      - usermap.env
    environment:
      - DB_EXTENSION=pg_trgm
      - PG_TRUST_LOCALNET=true
      - PG_PASSWORD=<XXXXXXXX>

  gitlab:
    container_name: gitlab
    hostname: gitlab
    restart: always
    image: sameersbn/gitlab:9.0.5
    depends_on:
      - gitlab-redis
      - gitlab-postgresql
      - gitlab-registry
    links:
      - gitlab-redis:redis
      - gitlab-postgresql:postgresql
      - gitlab-registry:registry
    ports:
      - "3022:22"
      - "3080:80"
      - "3443:443"
    volumes:
      - /volume1/Docker/gitlab/etc/certs:/certs
      - /volume1/Docker/gitlab/var/lib/gitlab:/home/git/data
      - /volume1/Docker/gitlab/var/log/gitlab:/var/log/gitlab
    env_file:
      - secrets.env
      - database.env
      - smtp.env
      - imap.env
      - oauth.env
      - usermap.env
    environment:
      - DEBUG=false

      - DB_HOST=postgresql
      - REDIS_HOST=redis

      - TZ=Europe/London
      - GITLAB_TIMEZONE=London

      - GITLAB_HTTPS=false
      - SSL_SELF_SIGNED=false
      - SSL_KEY_PATH=/certs/privkey.pem
      - SSL_CERTIFICATE_PATH=/certs/cert.pem
      - SSL_DHPARAM_PATH=/certs/dhparam.pem

      - GITLAB_HOST=<HOST OF GITLAB, can be removed I have 'gitlab.timmertech.nl' as VALUE>

      - GITLAB_ROOT_PASSWORD=<XXXXXXX>
      - GITLAB_ROOT_EMAIL=<XXXXXX>

      - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
      - GITLAB_NOTIFY_PUSHER=false

      - GITLAB_EMAIL=gitlab@<XXXXXXXX>
      - GITLAB_EMAIL_REPLY_TO=no-reply@<XXXXXX>
      - GITLAB_EMAIL_ENABLED=true
      - GITLAB_INCOMING_EMAIL_ENABLED=false
      - GITLAB_EMAIL_SUBJECT_SUFFIX=GitLab | 

      - GITLAB_SIGNUP_ENABLED=false
      - GITLAB_USERNAME_CHANGE=false
      - GITLAB_MAX_OBJECT_SIZE=104857600

      - GITLAB_LOG_DIR=/var/log/gitlab

      - GITLAB_BACKUP_SCHEDULE=daily
      - GITLAB_BACKUP_TIME=01:00
      - GITLAB_BACKUP_EXPIRY=86400

      - GITLAB_REGISTRY_ENABLED=false
      - GITLAB_REGISTRY_HOST=registry.timmertech.nl
      - GITLAB_REGISTRY_API_URL=http://registry:5000
      - GITLAB_REGISTRY_KEY_PATH=/certs/privkey.pem
      - SSL_REGISTRY_KEY_PATH=/certs/privkey.pem
      - SSL_REGISTRY_CERT_PATH=/certs/cert.pem

  gitlab-registry:
    container_name: gitlab-registry
    hostname: registry
    restart: always
    image: registry:2.5.1
    ports:
      - 3500:5000
    volumes:
      - /volume1/Docker/gitlab/var/lib/gitlab/shared/registry:/registry
      - /volume1/Docker/gitlab/etc/certs:/certs
    environment:
      - REGISTRY_LOG_LEVEL=info
      - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
      - REGISTRY_AUTH_TOKEN_REALM=https://<GITLAB HOST>/jwt/auth
      - REGISTRY_AUTH_TOKEN_SERVICE=container_registry
      - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
      - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/cert.pem
      - REGISTRY_STORAGE_DELETE_ENABLED=true

  gitlab-runner-shell:
    container_name: gitlab-runner-shell
    hostname: runner-shell
    restart: always
    depends_on:
      - gitlab
    image: datacore/gitlab-runner:1.11.2
    volumes:
      - /volume1/Docker/gitlab/var/lib/runner-shell:/data:rw
      - /volume1/Docker/gitlab/var/lib/runner-scripts:/data/scripts:rw
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - CI_SERVER_URL=https://<GITLAB HOST>/ci
      - REGISTRATION_TOKEN=pFzRKg13Qg8rAmZSePwu
      - RUNNER_EXECUTOR=shell
      - RUNNER_NAME=GitLab Runner (SHELL)
      - RUNNER_TAG_LIST=shell

  gitlab-runner-docker:
    container_name: gitlab-runner-docker
    hostname: runner-docker
    restart: always
    depends_on:
      - gitlab
    image: datacore/gitlab-runner:1.11.2
    volumes:
      - /volume1/Docker/gitlab/var/lib/runner-docker:/data
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - CI_SERVER_URL=https://<GITLAB HOST>/ci
      - REGISTRATION_TOKEN=pFzRKg13Qg8rAmZSePwu
      - RUNNER_EXECUTOR=docker
      - RUNNER_NAME=GitLab Runner (DOCKER)
      - RUNNER_TAG_LIST=docker
      - DOCKER_IMAGE=docker:latest
      - DOCKER_NETWORK_MODE=gitlab
      - DOCKER_DISABLE_CACHE=true
      - DOCKER_VOLUMES=/volume1/Docker/gitlab/var/lib/runner-scripts:/runner

networks:
  default:
    external:
      name: gitlab

to finalize after this is running and up you need to setup reverse proxy and add the following key

- GITLAB_HOST=gitlab.mace.co.uk

to the env section of the gitlab container where you had it removed before but let's start the damn thing first shall we :-)

And will it run ?

thank you very much

You might need to update REGISTRY_AUTH_TOKEN_REALM for the runners, this will gives errors.

If you temporary remove both runners from the docker-compose.yml

ok , thanks , the ldap , for the users to auth with domain acounts still need to be configured inside the docker ??

We are not yet done, because reverse proxy is one of the parts unless you are confident you can figure out the rest. Also check out the readme of this github project. It has a lot of additional features.

About LDAP: You configure this with GitLab, it is GitLab which you want to link to LDAP.
This means you have probably add the correct keys into the environment section of the container.

found it about LDAP

ok , its still downloading all the files i guess , we need to wait a bit

whats the next step ??

https://docs.gitlab.com/ce/administration/auth/ldap.html

Because all the files are on you Host Synology /volume1/Docker/gitlab the only thing you have to do is configure the correct gitlab.yml file within /volume1/Docker/gitlab/var/lib/gitlab and then restart the entire environment:

Restart

docker-compose -f restart

yes iv seen this file , but with synology env , i could not find it ouside the docker , that was my prob , with your setup now is just to create a gitlab.yml with the configs that iv seen arround , and modify the bindings to my domain

here this will help

#!/bin/bash

COMPOSE_HTTP_TIMEOUT=180
PROJECT=GITLAB
GITLAB_HOME=/volume1/Docker/gitlab
GITLAB_BACKUP=/volume1/Docker/gitlab-backup
GITLAB_REGISTRY_REPOSITORIES=${GITLAB_HOME}/var/lib/gitlab/shared/registry/docker/registry/v2/repositories
GITLAB_REGISTRY_KEEP_LAST_IMAGES=1
GITLAB_REGISTRY_DRY_RUN=0

sexec() {
    local cmd=$@

    if [[ $EUID -ne 0 ]]; then
        sudo $cmd
    else
        $cmd
    fi
}

findLetsEncryptCertificateDirectory() {

    local HOST="$1"

    for CERT in $(ls /usr/syno/etc/certificate/ReverseProxy/*/cert.pem)
    do
        CERT_HOST=$(sexec openssl x509 -noout -subject -in ${CERT} | sed -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/')
        if [ "${CERT_HOST}" == "${HOST}" ]; then
            CERT_DIR="$(dirname ${CERT})"
            echo ${CERT_DIR}
            return 0
        fi
    done
}

# Copy Current Let's Encrypt Certificate from Synology Host
copyCertificate() {
    CERT_DIR=$(findLetsEncryptCertificateDirectory gitlab.timmertech.nl)
    echo -n "Copying Certificate..."
    sexec cp ${CERT_DIR}/* ${GITLAB_HOME}/etc/certs
    sexec chmod 755 -R ${GITLAB_HOME}/etc/certs
    echo " [DONE]"
}

registryGarbageCollect() {
    IFS=$'\n'
    used_hashes=`mktemp`
    marked_hashes=`mktemp`
    for repository in `find ${GITLAB_REGISTRY_REPOSITORIES} -mindepth 2 -maxdepth 2 -type d | sed "s#${GITLAB_REGISTRY_REPOSITORIES}/##"`; do
        for tag_hash in ${GITLAB_REGISTRY_REPOSITORIES}/${repository}/_manifests/tags/*/current/link; do 
            cat "${tag_hash}" | cut -d':' -f2; 
        done > "${used_hashes}"

        echo "Removing revisions of $repository:"
        ls -t ${GITLAB_REGISTRY_REPOSITORIES}/${repository}/_manifests/revisions/sha256 | fgrep -vf "${used_hashes}" | tail -n+${GITLAB_REGISTRY_KEEP_LAST_IMAGES} | tee ${marked_hashes}
        if [ ${GITLAB_REGISTRY_DRY_RUN} -ne 1 ]; then
            cat ${marked_hashes} | sed "s#^#${GITLAB_REGISTRY_REPOSITORIES}/${repository}/_manifests/revisions/sha256/#" | xargs rm -rf 
        fi
    done
    rm ${used_hashes}
    rm ${marked_hashes}

    sexec docker exec -it gitlab-registry registry garbage-collect /etc/docker/registry/config.yml
}

backupGitLab() {
    if [ ! -d ${GITLAB_BACKUP} ]; then
        mkdir ${GITLAB_BACKUP}
        cp -rav ${GITLAB_HOME} ${GITLAB_BACKUP}
    else
        echo "BACKUP DIRECTORY EXISTS"
        exit 1
    fi
}

case "$1" in
    start|up)
        copyCertificate
        sexec rm -f ${GITLAB_HOME}/var/log/gitlab/*/*
        sexec docker-compose -f ${GITLAB_HOME}/etc/docker-compose.yml -p ${PROJECT} up -d
    ;;

    stop)
        sexec docker-compose -f ${GITLAB_HOME}/etc/docker-compose.yml -p ${PROJECT} stop
    ;;

    down)
        sexec docker-compose -f ${GITLAB_HOME}/etc/docker-compose.yml -p ${PROJECT} down
    ;;

    restart)
        gitlab stop
        gitlab up
    ;;

    kill)
        sexec docker-compose -f ${GITLAB_HOME}/etc/docker-compose.yml -p ${PROJECT} kill
    ;;

    pull)
        sexec docker-compose -f ${GITLAB_HOME}/etc/docker-compose.yml -p ${PROJECT} pull
    ;;

    shell)
        if [ -z "$2" ]; then
            sexec docker exec -it gitlab /bin/bash
        else
            sexec docker exec -it gitlab-$2 /bin/sh
        fi
    ;;

    registry)
        case "$2" in
            clean)
                registryGarbageCollect
            ;;
            *)
            echo "Usage: $1 clean"
            ;;
        esac
    ;;

    upgrade)
        gitlab down
        backupGitLab
        gitlab pull
        gitlab up
    ;;

    commands)
        echo start up stop down restart kill pull shell registry upgrade
    ;;

    *)
        echo "Usage: $0 start|stop|restart|kill|pull|shell|upgrade|registry"
        exit 1
esac
exit 0

# EOF

My personal gitlab script

it also allows you to simple edit the docker-compose.yml file, only change the version number of the image. and then run

$ gitlab upgrade

for easy upgrade of image :-)
Because you are familiair with SSH I don't have to tell you how to set exec bit on file etc...

it also clones the entire /volume1/Docker/gitlab folder to /volume1/Docker/gitlab so I have a backup if the upgrade goos bad. And it refuses to upgrade if this folder exists :-)

thanks you very much for the script ,

its still downloading , we still need to setup more things right ??

at the end it have an error

Maybe the file is already created, because the internal of the container are placed on your host

check out the volume mapping for the gitlab container:
/volume1/Docker/gitlab/var/lib/gitlab:/home/git/data

First login into the container after everything is up and running of course.

$ docker exec -it gitlab sh

Check if the file exists and if not I suggest you create it on the host and map it to your container.

Like this.
/volume1/Docker/gitlab/etc/gitlab.yml:/home/git/config/gitlab.yml

If it already exists copy the contents of the file to your host first, but you get the idea
mappings can also be for specific files, and now you understand my setup of directories it keeps everything nice and neat.

all is stopped do i need to start them ?

Simply solution: create the directory. for no wuch file or directory

I think I missed it.

Best solution to restart will be....

its missing the directory for the regsitry

$ docker-compose -f <docker-compose.yml file> down
$ docker-compose -f <docker-compose.yml file> up

maybe its best to set the registry to false and remove the regsitry container and both the runners, you can add them later, after you set up the basic gitlab first.

I also started only with a gitlab, gitlab-postgresql, gitlab-redis, it only expanded over time.

this folder exists

give it chmod 777

it might be missing the exec bit on the directory to preform stat, I assume you have created it as root

$ chmod 777 -R /volume1/Docker/gitlab/var/lib/redis

iv did the chmod 777 , should i run the last command again so it downloads the creates all again ?

yes iv been creating all as root

maybe this is even better

chmod 777 -R /volume1/Docker/gitlab/

because you created everything as root, don't worry the containers will auto correct to lower permissions if required.

yes i did 777 to all gitlab

just run

$ docker-compose -f <docker-compose.yml file> down
$ docker-compose -f <docker-compose.yml file> up

down will remove all containers but the data will be kept on your host, so your containers are now separate entities in relation to the data on your disk :-)

And up will create and start the containers

Did you do a chmod -R (Recursive)

yes -R

docker-compose -f down says no such command filke

sorry my bad , spleed wrong

with I mean the path to your docker-compose.yml

still error

do i have to create a registry folder ??

yes, or remove the container entry from the docker-compose.yml

the strangue thing is the folder exist

$ mkdir -p /volume1/Docker/gitlab/var/lib/gitlab/shared/registry

this is not gitlab related but linux OS. for some reason it can not stat the directory. Who owns the directory root:root ??

can you do the following please:

$ chown -R admin:users /volume1/Docker/gitlab
$ chmod -R 777 /volume1/Docker/gitlab

drwxrwxrwx+ 3 root root 4096 Apr 18 22:03 @eaDir
drwxrwxrwx 4 root root 4096 Apr 20 10:20 gitlab

Permissions on the shared folder might not be set up yet

ahhh found the error , the name of the docker folder ... its with e little d ... and its trying with a bit D

Aha

synology created the directory .. with a little d ...

to my knowledge it should be uppercase
at least on my system

this means you need to edit docker-compose.yml and change all the paths

doing it now

gave an error for cert but started

its stopped here

should i wait ???

yes

I forget to mention.

Add the -d parameter to the end of the docker-compose command to detach it

if you now press ctrl^c it will shutdown

open second console and check command top

things like ruby, side_kick etc means it very busy.

the certs directory error we need to fix it of course

can you open your browser to http://ip_of_nas:3080

still nothing .. .will wait a bit more

because the registry is giving problems I suggest that you remove it as well as the runners.
you are missing the most important container, named: gitlab

if you remove the gitlab-regsitry, you should have 3 containers

• gitlab
• gitlab-postgresql
• gitlab-redis

this is the basic setup
So jsut press ctrl-c

bring down the containers (no -d) switch required

i hasnt created the gitlab container

it says this

git lab container is external . skipping

because of all the previous errors the first start procedure might me corrupted, lets fix it.
your most important container is missing

removed from the docker compose the registry

$ docker ps -a

remove any let over docker container

docker stop <CONTAINER_ID>
docker rm <CONTAINER_ID>

what can i run to fix the gitlab container ?

start gitlab

docker-compose -f <path to docker-compose.yml up -d

This should create 3 containers

• gitlab-redis
• gitlab-postgresql
• gitlab

don't fix it, just remove it

because it is a first run you can even simply clean it by removing all the content from /volume1/docker/gitlab/var/lib/gitlab

this will ensure clean start

how to check the ids ??

Will it start ?

oke this means you have no containers left / present

Great, now, because we want to start a complete clean start because, have you checked all the paths in the docker-compose.yml file that everything can now be resolved ?

deleted /volume1/docker/gitlab/var/lib/gitlab , it had a folder called shared , now going to run

docker-compose -f

the following setup we will do because we have several failed starts.

Delete maybe corrupt start files for gitlab, postgresql, and redis

rm -rvf /volume1/docker/gitlab/var/lib/gitlab/*
rm -rvf /volume1/docker/gitlab/var/lib/postgresql/*
rm -rvf /volume1/docker/gitlab/var/lib/redis/*

checked Docker => docker for copy-paste

after this start them with

$ docker-compose -f docker-compose.yml up -d

when it runs it doesnt show creating the gitlab container

This should create 3 containers

gitlab-redis
gitlab-postgresql
gitlab

please send me your docker-compose.yml because there is still a registry

it looks like your gitlab entry is missing

send it and I will fix it

$ cd /volume/docker/gitlab/etc
cp -v docker-compose.yml docker-compose.bak

I think I know what is wrong

it gives the error of the image above ... still git lab doesnt apear

docker-compose.zip

1) remove the gitlab-regsitry block
2) remove gitlab-registry from gitlab:depends_on
3) remove gitlab-registry from gitlab:links

backup your current gitlab docker-compose.yml

Replace docker-compose.yml with the following and correct it with all the passwords:

version: '2'

services:
  gitlab-redis:
    container_name: gitlab-redis
    hostname: redis
    restart: always
    image: sameersbn/redis:latest
    command:
      - --loglevel warning
      - --logfile /var/log/redis/redis-server.log
    volumes:
      - /volume1/docker/gitlab/var/lib/redis:/var/lib/redis
      - /volume1/docker/gitlab/var/log/redis:/var/log/redis

  gitlab-postgresql:
    container_name: gitlab-postgresql
    hostname: postgresql
    restart: always
    image: sameersbn/postgresql:9.6-2
    command:
      - -c logging_collector=on
    volumes:
      - /volume1/docker/gitlab/var/lib/postgresql:/var/lib/postgresql
      - /volume1/docker/gitlab/var/log/postgresql:/var/log/postgresql
    env_file:
      - database.env
      - usermap.env
    environment:
      - DB_EXTENSION=pg_trgm
      - PG_TRUST_LOCALNET=true
      - PG_PASSWORD=*****

  gitlab:
    container_name: gitlab
    hostname: gitlab
    restart: always
    image: sameersbn/gitlab:9.0.5
    depends_on:
      - gitlab-redis
      - gitlab-postgresql
    links:
      - gitlab-redis:redis
      - gitlab-postgresql:postgresql
    ports:
      - "3022:22"
      - "3080:80"
      - "3443:443"
    volumes:
      - /volume1/docker/gitlab/etc/certs:/certs
      - /volume1/docker/gitlab/var/lib/gitlab:/home/git/data
      - /volume1/docker/gitlab/var/log/gitlab:/var/log/gitlab
    env_file:
      - secrets.env
      - database.env
      - smtp.env
      - imap.env
      - oauth.env
      - usermap.env
    environment:
      - DEBUG=false

      - DB_HOST=postgresql
      - REDIS_HOST=redis

      - TZ=Europe/London
      - GITLAB_TIMEZONE=London

      - GITLAB_HTTPS=false
      - SSL_SELF_SIGNED=false
      - SSL_KEY_PATH=/certs/privkey.pem
      - SSL_CERTIFICATE_PATH=/certs/cert.pem
      - SSL_DHPARAM_PATH=/certs/dhparam.pem

      - GITLAB_HOST=<HOST OF GITLAB, can be removed I have 'gitlab.timmertech.nl' as VALUE>

      - GITLAB_ROOT_PASSWORD=****
      - GITLAB_ROOT_EMAIL=<[email protected]>

      - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
      - GITLAB_NOTIFY_PUSHER=false

      - GITLAB_EMAIL=gitlab@<fullsix.local>
      - GITLAB_EMAIL_REPLY_TO=no-reply@<fullsix.local>
      - GITLAB_EMAIL_ENABLED=true
      - GITLAB_INCOMING_EMAIL_ENABLED=false
      - GITLAB_EMAIL_SUBJECT_SUFFIX=GitLab | 

      - GITLAB_SIGNUP_ENABLED=false
      - GITLAB_USERNAME_CHANGE=false
      - GITLAB_MAX_OBJECT_SIZE=104857600

      - GITLAB_LOG_DIR=/var/log/gitlab

      - GITLAB_BACKUP_SCHEDULE=daily
      - GITLAB_BACKUP_TIME=01:00
      - GITLAB_BACKUP_EXPIRY=86400

      - GITLAB_REGISTRY_ENABLED=false
      - GITLAB_REGISTRY_HOST=registry.timmertech.nl
      - GITLAB_REGISTRY_API_URL=http://registry:5000
      - GITLAB_REGISTRY_KEY_PATH=/certs/privkey.pem
      - SSL_REGISTRY_KEY_PATH=/certs/privkey.pem
      - SSL_REGISTRY_CERT_PATH=/certs/cert.pem

networks:
  default:
    external:
      name: gitlab

NOTE Redacted Passwords

depends_on:
- gitlab-redis
- gitlab-postgresql
links:
- gitlab-redis:redis
- gitlab-postgresql:postgresql

anywere else ?

Let's first get Gitlab up and running, before we start adding runners and the registry. the registry took me almost an entire day to figure out.

P.S.
Make note of my gmail address within my github account, if you want to ask me questions another time :-)

no not anywhere else, remove the enitre block for gitlab-regsitry and both runners

funny thing to know, you can add them later on, when you update a yaml file you only have to give a down and up, right now I want your gitlab up and running. The additional features like runners and regsitry will come later. First up and running.

i used the file you copy pasted , it createad the git lab container , but its stoped

and gave this error

got it running by creating the certs folder

waiting for it to come up

any luck start just the 3 basic containers ?

yeah !!!!

within DSM / Docker double click the containers and check the logs

its running but the gitlab container stops after a bit

we are getting there

New Text Document.txt

stops ?!?

it will have very high CPU usage for several minutes on starting

here is the log of the container

no its only 43% top

can you send me the current screenshot for the Docker GUI as it is now ?

crap...

can you double click and get the latest log entries

almost, probably will be something we missed

you want the logs of the gitlab container ?

is Mapping UID and GID for git:git to 1024:100 still the last line ?

yeah from the container, and also /volume/docker/gitlab/var/log/gitlab

2017-04-20 12:05:37 stdout Configuring gitlab...
2017-04-20 12:05:37 stdout Installing configuration templates...
2017-04-20 12:05:37 stdout Generating OpenSSH host keys... RSA1 RSA DSA ECDSA ED25519
2017-04-20 12:05:35 stdout Initializing datadir...
2017-04-20 12:05:35 stdout Initializing logdir...
2017-04-20 12:04:06 stdout Mapping UID and GID for git:git to 1024:100

nop

i
New Text Document.txt

its done something else now

Question: did you cleaned all the folder before this start ?
Maybe the container crashed because of a partial database setup.

yes i run the rm commands u gave me

rm -rvf /volume1/docker/gitlab/var/lib/gitlab/*
rm -rvf /volume1/docker/gitlab/var/lib/postgresql/*
rm -rvf /volume1/docker/gitlab/var/lib/redis/*

oke, quick fix; probably the usermapping is going wrong, this can also be fixed later.

go into docker-compose.yml
remove 'usermap.env' from gitlab-postgresql container
remove 'usermap.env' from gitlab container

oke remove the usermap as described above.

We need to clean to do a fresh first start, because all of the trials to get it running we need it clean.

rm -rvf /volume1/docker/gitlab/var/lib/gitlab/*
rm -rvf /volume1/docker/gitlab/var/lib/postgresql/*
rm -rvf /volume1/docker/gitlab/var/lib/redis/*

ok did all that ... what command u want me to run now to start ?

and you need to do a down and an up -d

restart or start can only be used after you have a succesful first start

doing somthing it never did

is it starting ?

the web page is not responding still

look great no do NOT ctrl-C your terminal

perfect almost online

sucesssssss

last lines should look like:

2017-04-13 07:50:45,395 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
stdout
05:50:45
2017-04-13 07:50:45,395 INFO success: unicorn entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
stdout
05:50:45
2017-04-13 07:50:45,396 INFO success: gitlab-workhorse entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
stdout
05:50:45
2017-04-13 07:50:45,396 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
stdout
05:50:45
2017-04-13 07:50:45,396 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
stdout
05:50:45
2017-04-13 07:50:45,396 INFO success: sshd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
stdout
05:51:28
2017-04-13 07:51:28,782 INFO exited: sidekiq (exit status 1; not expected)
stdout
05:51:29
2017-04-13 07:51:29,787 INFO spawned: 'sidekiq' with pid 3300
stdout
05:51:31
2017-04-13 07:51:31,541 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)

error 500

not yet, now you need patience for the gitlab environment to go from bootstrap to online.
This page is normale while booting gitlab

page doesnt go out of this

page 500 probable is because of the URL

this error should be explained within the log files /volume1/docker/gitlab/var/log/gitlab

im using the ip only http://ipadresss

witch one ?

restarted container but error 500 , tryied to put ;3080/users/sign_in , same thing , you know the name of the log ??

any luck finding it. Can you try again maybe it just need time to complete its first start.
can you try again ?

can you zip the folder and send it

what are the last lines of the docker container log ?

quick way for container logs:

$ docker logs gitlab

what I find weird is that it shows on port80.

I think we have to fix the access url first

Add a reverse proxy within the application portal

and add the

- GITLAB_HOST=

Example:

This is my value for this key

- GITLAB_HOST=gitlab.timmertech.nl

P.S. What's the current value of this key in your docker compose ?? or did you remove it ?

in the docker compose you send me the value is still <HOST OF GITLAB, can be removed I have 'gitlab.timmertech.nl' as VALUE> this might causing the error

Any luck so far ?

Recap:
Have you set the reverse proxy and setup the GITLAB_HOST key ?
Can you send me the logs ?

Um Just trading something tô ser um 30 min or só uma ter back to it and tell you

Thanks

oke

Eating something damm auto corrector

not a problem I going for my afternoon cigarette

I believe you might have a wrong value in your docker-compose for the KEY GITLAB_HOST I think the value is still <HOST OF GITLAB, can be removed I have 'gitlab.timmertech.nl' as VALUE> which might cause the error.

here is the log file ,
log.zip

im seeing the docker compose to see if i can see anything wrong

still have this in the host

GITLAB_HOST=

changed the

GITLAB_HOST=<$gitlab$>

witch is the entry of the dns ..

relaunched the containers ... still have the same error 500

I found it.
The problem is with the URI.

Which means: the problem is indead with the GITLAB_HOST key

2017/04/20 13:24:22 Send static file "/home/git/gitlab/public/favicon.ico" ("") for GET "/favicon.ico"
192.168.40.210 [::1]:52820 - - [2017-04-20 13:24:22.252402897 +0100 BST] "GET /favicon.ico HTTP/1.1" 200 5430 "http://192.168.40.210/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36" 0.000355
2017/04/20 13:24:54 ErrorPage: serving predefined error page: 500

should i remove the line ??

just need to stop containers change file and up again or need to remake everything ?

Remove GITLAB_HOST from docker-compose.yml

I always re-create to be safe

to recreate i need to delete all the containers and folders ? like before ?

may I know your DNS name of your NAS to create some entries for you

No you do not need to delete the contents, they are all ok now

only re-create containers with down and up -d

whats your internal DNS ?

the name gitlab has a Host (A) to the ip adress of the nas

the ip ?

no just the name you type in your browser

like nas.local or somehting

gitlab

http://gitlab

removing the whole line

-GITLAB_HOST=xxxxxx

I was hoping on something not gitlab.

then you probably don't need a reverse proxy, after removing the GITLAB_HOST key from docker-compose.yml you should be able to access it with: http://gitlab:3080

yeah just remove the entire line from docker-compose.yml

did it .. rebuilding now

and after removing it just give

$ docker-compose -f docker-compose.yml down
$ docker-compose -f docker-compose.yml up -d

sucess

YEAH

login:

Username: root
Password:

I hope you are happy with it so far

oke now LDAP

very happy ... thanks a lot for your time and pacience ... bue the root login is not working ... i have the docker compose open ... maybe its because the password had a . in it ???

Clone Current auto generated config for safe storage

We are going to copy the current gitlab.yml file from the container to the host and create a mapping for it. so that when you add your LDAP config it will presist on disk regardless of the restart / removing of containers

$ docker cp gitlab:/home/git/gitlab/config/gitlab.yml /volume1/Docker/gitlab/etc/gitlab.yml

Now edit docker-compose.yml

and add the following entry to the volumes section of the gitlab container

- /volume1/Docker/gitlab/etc/gitlab.yml:/home/git/gitlab/config/gitlab.yml

now bring the containers down and up -d

this will persist your config on disk
now you can add your ldap config to it

please correct the path of the command I'VANAD ENOVATION used my uppercase Docker folder

I think you are getting the picture.

Let me know I you understand what this does

about password
maybe the dot is a problem

you can also google the default login maybe admin as username with some kind of default password.

check out my LDAP reboot fix for you

nop ... trying root .. already changed the pass ... and down and up the containers ... still invalid login with root and the pass in this line

• GITLAB_ROOT_PASSWORD=

no . this time ..

username: root
password: 5iveL!fe

username: root
password: 5iveL!fe

This is the install default, should work

that doesnt work as well ... :S

yo my knowledge it should really be the password in your config with username root

iv put the email here ... is it because of that ?
- GITLAB_ROOT_EMAIL=<$XXXXXXXXX$>

maybe the dot is indeed a problem, The only think you can try is to remove the key, and do a rm of the content and reinitialize.

When you have no GITLAB_ROOT_PASSWORD in your config the default password is password or 5iveL!fe

no, npo relation with EMAIL key

try password: password

I will unable to respond for some time, traveling back home, will check on you when I'm home.

iv changed this one as well .. its ok right ??

environment:
- DB_EXTENSION=pg_trgm
- PG_TRUST_LOCALNET=true
- PG_PASSWORD=<$xxxxxx$>

it has the password of the DB

ok thanks

I see the problem

You Have Kept All The < > These Where To Illustrate Where To Edit But Everything After The Equal sign is part of the password

Here is my advise:

1) Bring down the containers.
2) reset content with rm like we did before
3) edit the database.env docker-compose.yml
4) remove < and > from every key which you needed to edit

Examole if you want to set the password to password the key should look like:

GITLAB_ROOT_PASSWORD=password

Sorry about the < and > programmers tick of me to illustrate where to edit.

I hope you follow this

Reset and remove all the < and > and bring everything up. Sorry about that. Didn't notive before

Second example of how it should look in docker-compose.yml

GITLAB_ROOT_PASSWORD=5iveL!fe

I'm back checkout above for solution

iv removed all <>, still not luck , rm the containers files like before , and rebuilded everthing ... put the password:password : now its not goint in .. stuck in error 422

Can you post the exact line form docker-compose.yml with the password?

Op do 20 apr. 2017 17:22 schreef MACE-Zer0 notifications@github.com:

iv removed all <>, still not luck , rm the containers files like before ,
and rebuilded everthing ... put the password:password : now its not goint
in .. stuck in error 422

[image: image]
https://cloud.githubusercontent.com/assets/9946471/25238507/8d7c6632-25e5-11e7-9d3f-e41f11adf75d.png

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-295776804,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynv_PEiW1dAdpkdZ_P3aQOxRP7QuCQks5rx3g9gaJpZM4NBis3
.

docker-compose.zip

Maybe the password doesn't meet the requirements

tried to put the 5!life... .but now the 422 error , doesnt let me in ... since iv rm the containers

what was the command .. chown admin:users ??

oke HTTP 422 means unprossable entity.

I suggest the following (BTW sorry that it takes this long)

1) down
2) edit docker-compose.yml

• set password to the 5!life... password
• add GITHUB_HOST=http://gitlab
  Assuming this is the correct host
  3) rm content
  4) up -d

itlab:3080 [::1]:53949 - - [2017-04-20 16:22:13.44474118 +0100 BST] "GET /favicon.ico HTTP/1.1" 200 5430 "http://gitlab:3080/users/sign_in" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36" 0.007029
2017/04/20 16:22:23 ErrorPage: serving predefined error page: 422

$ chown -R admin:users /volume1/docker/gitlab

![image](https://cloud.githubusercontent.com/assets/9946471/25239434/e010961e-25e7-11e7-82e8-dfe2084bf74e.png

GITLAB_ROOT_PASSWORD=5iveL!fe

can you also try accessing the page through IP:port http://IP:3080

still login error ... with that pass

its the same .. with :3080 or not ... cant login ... wtf .. pass is good

frustrating...
can you a zip of the entire gitlab log directory

log.zip

question: is your full DNS to gitlab maybe: http://gitlab.fullsix.local ????

Question 2:is fullsix.local your domain or your DNS for your NAS ?

I'm creating a testing setup right now

yes its gitlab.fullsix.local

fullsix.local is the domain

iv recived this in the email

but after unlock still same error

so the user exists .. why isnt it acepting the pass in the docker-compose

Ther eis some thing wrong with the routing of traffic.

The value of GITLAB_HOST should be the FQDN Full Qualified domain name

GITLAB_HOST=gitlab.fullsix.local

this is my entry to compare:

- GITLAB_HOST=gitlab.timmertech.nl

I've created a second gitlab system on my nas to test this problem.

i didnt change anything in the 0auth .... could it be because of that ???

OAuth Configuration

OAUTH_ENABLED=false
OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
OAUTH_ALLOW_SSO=
OAUTH_BLOCK_AUTO_CREATED_USERS=true
OAUTH_AUTO_LINK_LDAP_USER=false
OAUTH_AUTO_LINK_SAML_USER=false
OAUTH_EXTERNAL_PROVIDERS=

no OAUTH is disabled

do you have skype or other messaging tool , or do you want to keep talking here ?

I think it has to do with the way you are connecting to your synology, routing of messages get screwed up somehow. running test right now.

can you create the following directory: /volume1/docker/gitlab-test

Now create a docker-compose.yml file in it with the following content: just copy past, everything is set to default values, and there will be no data saving to the host, do when the containers are removed, everything is removed, this is just for testing.

Content:

version: '2'

services:
  gitlab-redis-test:
    container_name: gitlab-redis-test
    hostname: redis
    restart: always
    image: sameersbn/redis:latest
    command:
      - --loglevel warning
      - --logfile /var/log/redis/redis-server.log

  gitlab-postgresql-test:
    container_name: gitlab-postgresql-test
    hostname: postgresql
    restart: always
    image: sameersbn/postgresql:9.6-2
    command:
      - -c logging_collector=on
    environment:
      - DB_EXTENSION=pg_trgm
      - PG_TRUST_LOCALNET=true
      - PG_PASSWORD=TestPassword
      - DB_USER=gitlab
      - DB_PASS=n39ByG2vRX4hcLfZ
      - DB_NAME=gitlab


  gitlab-test:
    container_name: gitlab-test
    hostname: gitlab
    restart: always
    image: sameersbn/gitlab:9.0.5
    depends_on:
      - gitlab-redis-test
      - gitlab-postgresql-test
    links:
      - gitlab-redis-test:redis
      - gitlab-postgresql-test:postgresql
    ports:
      - "9022:22"
      - "9080:80"
      - "9443:443"
    environment:
      - DEBUG=false

      - DB_USER=gitlab
      - DB_PASS=n39ByG2vRX4hcLfZ
      - DB_NAME=gitlab

      - DB_HOST=postgresql
      - REDIS_HOST=redis

      - TZ=Europe/London
      - GITLAB_TIMEZONE=London

      - GITLAB_HTTPS=false

      - GITLAB_ROOT_PASSWORD=5iveL!fe
      - SMTP_ENABLED=false

      - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
      - GITLAB_NOTIFY_PUSHER=false

      - [email protected]
      - [email protected]
      - GITLAB_EMAIL_ENABLED=true
      - GITLAB_INCOMING_EMAIL_ENABLED=false
      - GITLAB_EMAIL_SUBJECT_SUFFIX=GitLab  

      - GITLAB_SIGNUP_ENABLED=false
      - GITLAB_USERNAME_CHANGE=false
      - GITLAB_MAX_OBJECT_SIZE=104857600

      - GITLAB_BACKUP_SCHEDULE=daily
      - GITLAB_BACKUP_TIME=01:00
      - GITLAB_BACKUP_EXPIRY=86400
      - GITLAB_SECRETS_DB_KEY_BASE=f7uGU7mVJYLCbwvf4os24QTqCJepLpWZqLNDcAHiZo6YMhJRuROfRN9EfDAGJDF9
      - GITLAB_SECRETS_SECRET_KEY_BASE=UlFcH1A11LxwjkmDynm8HVHc9hhSpEA1hzvuGb03FnlT6DAKYg6DttOsIovUCOMZ
      - GITLAB_SECRETS_OTP_KEY_BASE=EGepXzA1lo6CPZRtQaMtqMCbCrlKKwjlpkKMfvLJUlkPBKiqz0oDTdwAJYEGg25p

networks:
  default:
    external:
      name: gitlab

bring down the gitlab containers

now go to /volume1/docker/gitlab-test

issue:

$ docker-compose -f docker-compose.yml up -d

now access the browser at http://IP:9080

login with:
Username: root
Password: 5iveL!fe

Yes I have skype

ok did the folder ... containers are going up with the file you posted

oke when I access it on my network with http://192.168.0.5:9080 then it works even login

iv tried ldap ... the login problem started again ... after just putting the backup compose back .. still didnt work ... when i reverted to you compose with no volumes , started working agian .. now when u put the volumes back ... the problem of the login comes back .... can it be somethiing corrupted in the volumes ???

what should i do ??

got it working after deleting content in the volumes

@MACE-Zer0 THat's very weird, can you do a restart with the docker-compose with the volumes to see if it keeps working ?

You need the volumes for persistent data.

Got all the normal stuff working ... fine with password now .... just needed to delete everything inside the containers ,, maybe something there corupted .... trying to activate ldap ... the module is up ... but the authentication is not working with domain acounts , can u check if my ldap are good ??

  - LDAP_ENABLED=true
  - LDAP_LABEL=XXXXX
  - LDAP_HOST=XXXXXXXXXXX
  - LDAP_PORT=389
  - LDAP_UID=XXXXXXXXXXX
  - LDAP_METHOD=plain
  - LDAP_BIND_DN=uid=userid,CN=Binding Services,CN=Users,DC=fullsix,DC=local
  - LDAP_PASS=XXXXXXXXXXXXXXXXXXXXXXXX
  - LDAP_ACTIVE_DIRECTORY=true
  - LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=true

Could not authenticate you from Ldapmain because "Invalid credentials".

improved a bit .. .got a new message

Could not authenticate you from Ldapmain because "Invalid filter syntax.".

suggestion, it looks like your are connection to your Synology LDAP.

This is because I see your are using the attribute uid, this is OpenLDAP, if this is this case, then its correct to get a filter error.

Set LDAP_ACTIVE_DIRECTORY to false, ACtive directory is microsoft while you are now connecting to OpenLDAP

my synology has join domain of the company , im trying to get this working , but so far nothing ... got invalid filter syntacx with LDAP_ACTIVE_DIRECTORY= false

  - LDAP_ENABLED=true
  - LDAP_LABEL=xxxxx
  - LDAP_HOST=xxxxx.local
  - LDAP_PORT=389
  - LDAP_UID=admin
  - LDAP_BASE=CN=FULLSIX,CN=Users,DC=Fullsix,DC=net
  - LDAP_BIND_DN=CN=admin,CN=Users,DC=Fullsix,DC=net
  - LDAP_PASS=XXXX
  - LDAP_METHOD=plain
  - LDAP_ACTIVE_DIRECTORY=false
  - LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=true

Can u see if anything is wrong ??

If I have time this weekend I will try to create a test setup. Which you
can you use to figure out your own variable values.

Op vr 21 apr. 2017 15:43 schreef MACE-Zer0 notifications@github.com:

my synology has join domain of the company , im trying to get this working
, but so far nothing ... got invalid filter syntacx with
LDAP_ACTIVE_DIRECTORY= false

• LDAP_ENABLED=true
• LDAP_LABEL=xxxxx
• LDAP_HOST=xxxxx.local
• LDAP_PORT=389
• LDAP_UID=admin
• LDAP_BASE=CN=FULLSIX,CN=Users,DC=Fullsix,DC=net
• LDAP_BIND_DN=CN=admin,CN=Users,DC=Fullsix,DC=net
• LDAP_PASS=XXXX
• LDAP_METHOD=plain
• LDAP_ACTIVE_DIRECTORY=false
• LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=true

Can u see if anything is wrong ??

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296194077,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynvyaDE3GBNeRAj3Z3yVbcGMFICJDHks5ryLJ9gaJpZM4NBis3
.

i just want to put it with AD ...iv been trying a lot of diferent variables , but nothing ...

You mean Microsoft active directory ?

Op vr 21 apr. 2017 17:26 schreef MACE-Zer0 notifications@github.com:

i just want to put it with AD ...iv been trying a lot of diferent
variables , but nothing ...

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296222321,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynv-MzGPZyVZTz8I7GL80iyT0Wokwqks5ryMq-gaJpZM4NBis3
.

yes .... or it cant ??

i have an ad server ... i tought it could connect with it

Maybe you are just missing some other variable for the user Base search
context. Normaly when working with ldap either openldap or AD you also need
to provide the search context. See it like a tree. The user search context
is the position from which you are starting in the tree looking for user
accounts. This is also commonly known as the filter context. If you are
unsure from where to start filtering you can also provide the ldap base
like: dc=example,dc=com

I think you have forgotten to enter the LDAP_USER_FILTER I think you should
set it to the same as the Base.

Op vr 21 apr. 2017 17:37 schreef G.J.R. Timmer gjr.timmer@gmail.com:

You mean Microsoft active directory ?

Op vr 21 apr. 2017 17:26 schreef MACE-Zer0 notifications@github.com:

i just want to put it with AD ...iv been trying a lot of diferent
variables , but nothing ...

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296222321,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynv-MzGPZyVZTz8I7GL80iyT0Wokwqks5ryMq-gaJpZM4NBis3
.

You van set the AD property to true. Also when using AD there is normally
not an attribute uid, the attribute for the username is sAMAccount name or
something

Op vr 21 apr. 2017 17:44 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Maybe you are just missing some other variable for the user Base search
context. Normaly when working with ldap either openldap or AD you also need
to provide the search context. See it like a tree. The user search context
is the position from which you are starting in the tree looking for user
accounts. This is also commonly known as the filter context. If you are
unsure from where to start filtering you can also provide the ldap base
like: dc=example,dc=com

I think you have forgotten to enter the LDAP_USER_FILTER I think you
should set it to the same as the Base.

Op vr 21 apr. 2017 17:37 schreef G.J.R. Timmer gjr.timmer@gmail.com:

You mean Microsoft active directory ?

Op vr 21 apr. 2017 17:26 schreef MACE-Zer0 notifications@github.com:

i just want to put it with AD ...iv been trying a lot of diferent
variables , but nothing ...

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296222321,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynv-MzGPZyVZTz8I7GL80iyT0Wokwqks5ryMq-gaJpZM4NBis3
.

Or it can't start searching for users

Op vr 21 apr. 2017 17:45 schreef G.J.R. Timmer gjr.timmer@gmail.com:

You van set the AD property to true. Also when using AD there is normally
not an attribute uid, the attribute for the username is sAMAccount name or
something

Op vr 21 apr. 2017 17:44 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Maybe you are just missing some other variable for the user Base search
context. Normaly when working with ldap either openldap or AD you also need
to provide the search context. See it like a tree. The user search context
is the position from which you are starting in the tree looking for user
accounts. This is also commonly known as the filter context. If you are
unsure from where to start filtering you can also provide the ldap base
like: dc=example,dc=com

I think you have forgotten to enter the LDAP_USER_FILTER I think you
should set it to the same as the Base.

Op vr 21 apr. 2017 17:37 schreef G.J.R. Timmer gjr.timmer@gmail.com:

You mean Microsoft active directory ?

Op vr 21 apr. 2017 17:26 schreef MACE-Zer0 notifications@github.com:

i just want to put it with AD ...iv been trying a lot of diferent
variables , but nothing ...

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296222321,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynv-MzGPZyVZTz8I7GL80iyT0Wokwqks5ryMq-gaJpZM4NBis3
.

  - LDAP_ENABLED=true
  - LDAP_LABEL=XXXXX
  - LDAP_HOST=XXXX
  - LDAP_PORT=389
  - LDAP_UID=XXXXX
  - LDAP_PASS=XXXXXX.
  - LDAP_BIND_DN=CN=XXXXX,DC=fullsix,DC=local
  - LDAP_BASE=OU=Users,OU=FULLSIX,DC=fullsix,DC=local
  - LDAP_USER_FILTER=(memberOf=CN=Users,CN=FULLSIX,DC=fullsix,DC=local)
  - LDAP_METHOD=plain
  - LDAP_ACTIVE_DIRECTORY=true
  - LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=true

i tried that .. gives filter error

Whi children explains your error you just forgot an important property

Op vr 21 apr. 2017 17:45 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Or it can't start searching for users

Op vr 21 apr. 2017 17:45 schreef G.J.R. Timmer gjr.timmer@gmail.com:

You van set the AD property to true. Also when using AD there is normally
not an attribute uid, the attribute for the username is sAMAccount name or
something

Op vr 21 apr. 2017 17:44 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Maybe you are just missing some other variable for the user Base search
context. Normaly when working with ldap either openldap or AD you also need
to provide the search context. See it like a tree. The user search context
is the position from which you are starting in the tree looking for user
accounts. This is also commonly known as the filter context. If you are
unsure from where to start filtering you can also provide the ldap base
like: dc=example,dc=com

I think you have forgotten to enter the LDAP_USER_FILTER I think you
should set it to the same as the Base.

Op vr 21 apr. 2017 17:37 schreef G.J.R. Timmer gjr.timmer@gmail.com:

You mean Microsoft active directory ?

Op vr 21 apr. 2017 17:26 schreef MACE-Zer0 notifications@github.com:

i just want to put it with AD ...iv been trying a lot of diferent
variables , but nothing ...

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296222321,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynv-MzGPZyVZTz8I7GL80iyT0Wokwqks5ryMq-gaJpZM4NBis3
.

Whi children = which explains

Autocorrection on mobile

Op vr 21 apr. 2017 17:46 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Whi children explains your error you just forgot an important property

Op vr 21 apr. 2017 17:45 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Or it can't start searching for users

Op vr 21 apr. 2017 17:45 schreef G.J.R. Timmer gjr.timmer@gmail.com:

You van set the AD property to true. Also when using AD there is
normally not an attribute uid, the attribute for the username is sAMAccount
name or something

Op vr 21 apr. 2017 17:44 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Maybe you are just missing some other variable for the user Base search
context. Normaly when working with ldap either openldap or AD you also need
to provide the search context. See it like a tree. The user search context
is the position from which you are starting in the tree looking for user
accounts. This is also commonly known as the filter context. If you are
unsure from where to start filtering you can also provide the ldap base
like: dc=example,dc=com

I think you have forgotten to enter the LDAP_USER_FILTER I think you
should set it to the same as the Base.

Op vr 21 apr. 2017 17:37 schreef G.J.R. Timmer gjr.timmer@gmail.com:

You mean Microsoft active directory ?

Op vr 21 apr. 2017 17:26 schreef MACE-Zer0 notifications@github.com:

i just want to put it with AD ...iv been trying a lot of diferent
variables , but nothing ...

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296222321,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynv-MzGPZyVZTz8I7GL80iyT0Wokwqks5ryMq-gaJpZM4NBis3
.

should i remove LDAP_UID , and LDAP_PASSWORD ??

I think you have some property values wrong let me check

Op vr 21 apr. 2017 17:47 schreef MACE-Zer0 notifications@github.com:

• LDAP_ENABLED=true
• LDAP_LABEL=XXXXX
• LDAP_HOST=XXXX
• LDAP_PORT=389
• LDAP_UID=XXXXX
• LDAP_PASS=XXXXXX.
• LDAP_BIND_DN=CN=XXXXX,DC=fullsix,DC=local
• LDAP_BASE=OU=Users,OU=FULLSIX,DC=fullsix,DC=local
• LDAP_USER_FILTER=(memberOf=CN=Users,CN=FULLSIX,DC=fullsix,DC=local)
• LDAP_METHOD=plain
• LDAP_ACTIVE_DIRECTORY=true
• LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=true

i tried that .. gives filter error

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296227831,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynvxqsKiyuKRH4WwDK9wg_zvql1tlqks5ryM-NgaJpZM4NBis3
.

Your LDAP_UID is wrong. There should not be xxx I think you have the entire
LDAP config misinterpreted

Op vr 21 apr. 2017 17:49 schreef G.J.R. Timmer gjr.timmer@gmail.com:

I think you have some property values wrong let me check

Op vr 21 apr. 2017 17:47 schreef MACE-Zer0 notifications@github.com:

• LDAP_ENABLED=true
• LDAP_LABEL=XXXXX
• LDAP_HOST=XXXX
• LDAP_PORT=389
• LDAP_UID=XXXXX
• LDAP_PASS=XXXXXX.
• LDAP_BIND_DN=CN=XXXXX,DC=fullsix,DC=local
• LDAP_BASE=OU=Users,OU=FULLSIX,DC=fullsix,DC=local
• LDAP_USER_FILTER=(memberOf=CN=Users,CN=FULLSIX,DC=fullsix,DC=local)
• LDAP_METHOD=plain
• LDAP_ACTIVE_DIRECTORY=true
• LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=true

i tried that .. gives filter error

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296227831,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynvxqsKiyuKRH4WwDK9wg_zvql1tlqks5ryM-NgaJpZM4NBis3
.

LDAP_UID refers to the specific ldap implemention of a vendor for the ldap
attribute which holds the "user id".

This means that for Microsoft ad the value for this key is the default; see
the readme: sAMAccountName. And for OpenLDAP the value for this key is uid

Op vr 21 apr. 2017 17:50 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Your LDAP_UID is wrong. There should not be xxx I think you have the
entire LDAP config misinterpreted

Op vr 21 apr. 2017 17:49 schreef G.J.R. Timmer gjr.timmer@gmail.com:

I think you have some property values wrong let me check

Op vr 21 apr. 2017 17:47 schreef MACE-Zer0 notifications@github.com:

• LDAP_ENABLED=true
• LDAP_LABEL=XXXXX
• LDAP_HOST=XXXX
• LDAP_PORT=389
• LDAP_UID=XXXXX
• LDAP_PASS=XXXXXX.
• LDAP_BIND_DN=CN=XXXXX,DC=fullsix,DC=local
• LDAP_BASE=OU=Users,OU=FULLSIX,DC=fullsix,DC=local
• LDAP_USER_FILTER=(memberOf=CN=Users,CN=FULLSIX,DC=fullsix,DC=local)
• LDAP_METHOD=plain
• LDAP_ACTIVE_DIRECTORY=true
• LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=true

i tried that .. gives filter error

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296227831,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynvxqsKiyuKRH4WwDK9wg_zvql1tlqks5ryM-NgaJpZM4NBis3
.

Please check your values against the readme description there is no
username when logging into ldap there is only a DN value for the user and a
password. So your LDAP_BIND_DN looks oke

Op vr 21 apr. 2017 17:52 schreef G.J.R. Timmer gjr.timmer@gmail.com:

LDAP_UID refers to the specific ldap implemention of a vendor for the ldap
attribute which holds the "user id".

This means that for Microsoft ad the value for this key is the default;
see the readme: sAMAccountName. And for OpenLDAP the value for this key is
uid

Op vr 21 apr. 2017 17:50 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Your LDAP_UID is wrong. There should not be xxx I think you have the
entire LDAP config misinterpreted

Op vr 21 apr. 2017 17:49 schreef G.J.R. Timmer gjr.timmer@gmail.com:

I think you have some property values wrong let me check

Op vr 21 apr. 2017 17:47 schreef MACE-Zer0 notifications@github.com:

• LDAP_ENABLED=true
• LDAP_LABEL=XXXXX
• LDAP_HOST=XXXX
• LDAP_PORT=389
• LDAP_UID=XXXXX
• LDAP_PASS=XXXXXX.
• LDAP_BIND_DN=CN=XXXXX,DC=fullsix,DC=local
• LDAP_BASE=OU=Users,OU=FULLSIX,DC=fullsix,DC=local
• LDAP_USER_FILTER=(memberOf=CN=Users,CN=FULLSIX,DC=fullsix,DC=local)
• LDAP_METHOD=plain
• LDAP_ACTIVE_DIRECTORY=true
• LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=true

i tried that .. gives filter error

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296227831,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynvxqsKiyuKRH4WwDK9wg_zvql1tlqks5ryM-NgaJpZM4NBis3
.

Also you set the Base to something which does not look like a Base but a
sublevel. Have should checked the values within the LDAP. When I'm
programming with ldap I always use softserra ldap browser, open source, ps
not the ldap administrator. To login to my company's ldap and get the
values I need

Op vr 21 apr. 2017 17:54 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Please check your values against the readme description there is no
username when logging into ldap there is only a DN value for the user and a
password. So your LDAP_BIND_DN looks oke

Op vr 21 apr. 2017 17:52 schreef G.J.R. Timmer gjr.timmer@gmail.com:

LDAP_UID refers to the specific ldap implemention of a vendor for the
ldap attribute which holds the "user id".

This means that for Microsoft ad the value for this key is the default;
see the readme: sAMAccountName. And for OpenLDAP the value for this key is
uid

Op vr 21 apr. 2017 17:50 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Your LDAP_UID is wrong. There should not be xxx I think you have the
entire LDAP config misinterpreted

Op vr 21 apr. 2017 17:49 schreef G.J.R. Timmer gjr.timmer@gmail.com:

I think you have some property values wrong let me check

Op vr 21 apr. 2017 17:47 schreef MACE-Zer0 notifications@github.com:

• LDAP_ENABLED=true
• LDAP_LABEL=XXXXX
• LDAP_HOST=XXXX
• LDAP_PORT=389
• LDAP_UID=XXXXX
• LDAP_PASS=XXXXXX.
• LDAP_BIND_DN=CN=XXXXX,DC=fullsix,DC=local
• LDAP_BASE=OU=Users,OU=FULLSIX,DC=fullsix,DC=local
• LDAP_USER_FILTER=(memberOf=CN=Users,CN=FULLSIX,DC=fullsix,DC=local)
• LDAP_METHOD=plain
• LDAP_ACTIVE_DIRECTORY=true
• LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=true

i tried that .. gives filter error

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296227831,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynvxqsKiyuKRH4WwDK9wg_zvql1tlqks5ryM-NgaJpZM4NBis3
.

dont know if they are correct

i have users in 2 OU in the AD ... FULLSIX and USERS .....

Fullsix has more ou inside it for each department .... users has ony users

I understand what you are saying but Base is Base. And you put your users
ou which you have now in Base as the user filter

Op vr 21 apr. 2017 17:56 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Also you set the Base to something which does not look like a Base but a
sublevel. Have should checked the values within the LDAP. When I'm
programming with ldap I always use softserra ldap browser, open source, ps
not the ldap administrator. To login to my company's ldap and get the
values I need

Op vr 21 apr. 2017 17:54 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Please check your values against the readme description there is no
username when logging into ldap there is only a DN value for the user and a
password. So your LDAP_BIND_DN looks oke

Op vr 21 apr. 2017 17:52 schreef G.J.R. Timmer gjr.timmer@gmail.com:

LDAP_UID refers to the specific ldap implemention of a vendor for the
ldap attribute which holds the "user id".

This means that for Microsoft ad the value for this key is the default;
see the readme: sAMAccountName. And for OpenLDAP the value for this key is
uid

Op vr 21 apr. 2017 17:50 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Your LDAP_UID is wrong. There should not be xxx I think you have the
entire LDAP config misinterpreted

Op vr 21 apr. 2017 17:49 schreef G.J.R. Timmer gjr.timmer@gmail.com:

I think you have some property values wrong let me check

Op vr 21 apr. 2017 17:47 schreef MACE-Zer0 notifications@github.com:

• LDAP_ENABLED=true
• LDAP_LABEL=XXXXX
• LDAP_HOST=XXXX
• LDAP_PORT=389
• LDAP_UID=XXXXX
• LDAP_PASS=XXXXXX.
• LDAP_BIND_DN=CN=XXXXX,DC=fullsix,DC=local
• LDAP_BASE=OU=Users,OU=FULLSIX,DC=fullsix,DC=local
• LDAP_USER_FILTER=(memberOf=CN=Users,CN=FULLSIX,DC=fullsix,DC=local)
• LDAP_METHOD=plain
• LDAP_ACTIVE_DIRECTORY=true
• LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=true

i tried that .. gives filter error

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296227831,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynvxqsKiyuKRH4WwDK9wg_zvql1tlqks5ryM-NgaJpZM4NBis3
.

I will have to read up on gitlab ldap. I normally connect directly from
source code like java golang, etc... So I have to check what the
documentation states about the user filter. To my knowledge just put the
real ad Base in Base and remove the entire key for user filter

First you get it working then you apply filters to speed it up. The filter
is only purpose is to speeds up the lookup. Without the filter it will
traverse the entire tree finding a user. So you always start without and
then make it nicer after you get it working.

Op vr 21 apr. 2017 18:00 schreef G.J.R. Timmer gjr.timmer@gmail.com:

I understand what you are saying but Base is Base. And you put your users
ou which you have now in Base as the user filter

Op vr 21 apr. 2017 17:56 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Also you set the Base to something which does not look like a Base but a
sublevel. Have should checked the values within the LDAP. When I'm
programming with ldap I always use softserra ldap browser, open source, ps
not the ldap administrator. To login to my company's ldap and get the
values I need

Op vr 21 apr. 2017 17:54 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Please check your values against the readme description there is no
username when logging into ldap there is only a DN value for the user and a
password. So your LDAP_BIND_DN looks oke

Op vr 21 apr. 2017 17:52 schreef G.J.R. Timmer gjr.timmer@gmail.com:

LDAP_UID refers to the specific ldap implemention of a vendor for the
ldap attribute which holds the "user id".

This means that for Microsoft ad the value for this key is the default;
see the readme: sAMAccountName. And for OpenLDAP the value for this key is
uid

Op vr 21 apr. 2017 17:50 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Your LDAP_UID is wrong. There should not be xxx I think you have the
entire LDAP config misinterpreted

Op vr 21 apr. 2017 17:49 schreef G.J.R. Timmer gjr.timmer@gmail.com:

I think you have some property values wrong let me check

Op vr 21 apr. 2017 17:47 schreef MACE-Zer0 <[email protected]

:

• LDAP_ENABLED=true
• LDAP_LABEL=XXXXX
• LDAP_HOST=XXXX
• LDAP_PORT=389
• LDAP_UID=XXXXX
• LDAP_PASS=XXXXXX.
• LDAP_BIND_DN=CN=XXXXX,DC=fullsix,DC=local
• LDAP_BASE=OU=Users,OU=FULLSIX,DC=fullsix,DC=local
• LDAP_USER_FILTER=(memberOf=CN=Users,CN=FULLSIX,DC=fullsix,DC=local)
• LDAP_METHOD=plain
• LDAP_ACTIVE_DIRECTORY=true
• LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=true

i tried that .. gives filter error

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296227831,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynvxqsKiyuKRH4WwDK9wg_zvql1tlqks5ryM-NgaJpZM4NBis3
.

Then you install ldap browser and get the correct dn for the user. I worked
with AD a few times and the dn you are using for the binding looks wrong if
it really is an Microsoft ad you want to connect to. Here is how to get the
correct dn...

Op vr 21 apr. 2017 18:06 schreef MACE-Zer0 notifications@github.com:

invalid credentials with this

LDAP_ENABLED=true
LDAP_LABEL=xxxxxx
LDAP_HOST=xxxxxxxx

LDAP_PORT=389
LDAP_UID=sAMAccountName
LDAP_PASS=XXXXXXX
LDAP_BIND_DN=CN=USER,DC=fullsix,DC=local
LDAP_BASE=OU=Users,OU=FULLSIX,DC=fullsix,DC=local
LDAP_USER_FILTER=(memberOf=OU=Users,OU=FULLSIX,DC=fullsix,DC=local)
LDAP_METHOD=plain
LDAP_ACTIVE_DIRECTORY=true
LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=true

—

You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296232753,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynv_Wm0q8YPNcEWGFSuqqWHBLXiGenks5ryNPlgaJpZM4NBis3
.

ok installing the ldap browser

Install ldap browser; setup profile.

Because you don't know the binding to login the first time you use a
company connect windows machine and select the option to connect with your
current logged in windows user. Then at the top there is a search bar which
allows you to search on username.

Double click the user entry after you found it.

The value you need is the value of the ad property called distinguishedName
right click and choose copy value

Op vr 21 apr. 2017 18:10 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Then you install ldap browser and get the correct dn for the user. I
worked with AD a few times and the dn you are using for the binding looks
wrong if it really is an Microsoft ad you want to connect to. Here is how
to get the correct dn...

Op vr 21 apr. 2017 18:06 schreef MACE-Zer0 notifications@github.com:

invalid credentials with this

LDAP_ENABLED=true
LDAP_LABEL=xxxxxx
LDAP_HOST=xxxxxxxx

LDAP_PORT=389
LDAP_UID=sAMAccountName
LDAP_PASS=XXXXXXX
LDAP_BIND_DN=CN=USER,DC=fullsix,DC=local
LDAP_BASE=OU=Users,OU=FULLSIX,DC=fullsix,DC=local
LDAP_USER_FILTER=(memberOf=OU=Users,OU=FULLSIX,DC=fullsix,DC=local)
LDAP_METHOD=plain
LDAP_ACTIVE_DIRECTORY=true
LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=true

—

You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296232753,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynv_Wm0q8YPNcEWGFSuqqWHBLXiGenks5ryNPlgaJpZM4NBis3
.

If you want I'm now traveling home I can show you with teamviewer what to
look for or help you with teamviewer if you want

Op vr 21 apr. 2017 18:14 schreef MACE-Zer0 notifications@github.com:

ok installing the ldap browser

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296234831,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynv7jao2_6q-ZvFjFj43drh8-t773aks5ryNXOgaJpZM4NBis3
.

Also the value plain is wrong for ad this is most likely something like md5

Op vr 21 apr. 2017 18:15 schreef G.J.R. Timmer gjr.timmer@gmail.com:

If you want I'm now traveling home I can show you with teamviewer what to
look for or help you with teamviewer if you want

Op vr 21 apr. 2017 18:14 schreef MACE-Zer0 notifications@github.com:

ok installing the ldap browser

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296234831,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynv7jao2_6q-ZvFjFj43drh8-t773aks5ryNXOgaJpZM4NBis3
.

dont know where to put the username for the user

password is in the LDAP_PASS

where goes the username ??

Haha that's what most people can't figure out when they are configuring
ldap. There is no username. The bind address is always the full
distinguishedName of the user object

Op vr 21 apr. 2017 18:26 schreef MACE-Zer0 notifications@github.com:

dont know where to put the username for the user

password is in the LDAP_PASS

where goes the username ??

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296238015,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynvyk2j7nVmM3u7uW7IuoMBGipXkpCks5ryNi4gaJpZM4NBis3
.

Trust me this is something everybody gets wrong. Normally with software you
login with username/password not with ldap. You bind to a user object with
its full distinguishedName and then you provide a password

Op vr 21 apr. 2017 18:33 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Haha that's what most people can't figure out when they are configuring
ldap. There is no username. The bind address is always the full
distinguishedName of the user object

Op vr 21 apr. 2017 18:26 schreef MACE-Zer0 notifications@github.com:

dont know where to put the username for the user

password is in the LDAP_PASS

where goes the username ??

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296238015,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynvyk2j7nVmM3u7uW7IuoMBGipXkpCks5ryNi4gaJpZM4NBis3
.

Skype call is maybe faster if it is not clear

Op vr 21 apr. 2017 18:36 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Trust me this is something everybody gets wrong. Normally with software
you login with username/password not with ldap. You bind to a user object
with its full distinguishedName and then you provide a password

Op vr 21 apr. 2017 18:33 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Haha that's what most people can't figure out when they are configuring
ldap. There is no username. The bind address is always the full
distinguishedName of the user object

Op vr 21 apr. 2017 18:26 schreef MACE-Zer0 notifications@github.com:

dont know where to put the username for the user

password is in the LDAP_PASS

where goes the username ??

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296238015,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynvyk2j7nVmM3u7uW7IuoMBGipXkpCks5ryNi4gaJpZM4NBis3
.

Your Base dn is the lowest from the drop down in the screenshot

Op vr 21 apr. 2017 18:37 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Skype call is maybe faster if it is not clear

Op vr 21 apr. 2017 18:36 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Trust me this is something everybody gets wrong. Normally with software
you login with username/password not with ldap. You bind to a user object
with its full distinguishedName and then you provide a password

Op vr 21 apr. 2017 18:33 schreef G.J.R. Timmer gjr.timmer@gmail.com:

Haha that's what most people can't figure out when they are configuring
ldap. There is no username. The bind address is always the full
distinguishedName of the user object

Op vr 21 apr. 2017 18:26 schreef MACE-Zer0 notifications@github.com:

dont know where to put the username for the user

password is in the LDAP_PASS

where goes the username ??

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296238015,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynvyk2j7nVmM3u7uW7IuoMBGipXkpCks5ryNi4gaJpZM4NBis3
.

i cant connect with any user using simple or md5 .... but with GSS negociate ... my user connects

does gitlab support gss like the browser ??

@MACE-Zer0 Are you following the suggested bind (when using AD)?
bind_dn: 'CN=Gitlab LDAP,CN=Users,DC=Domain,DC=tld'

Note that it's binding on a Display Name for the user, not the email (not sure if that has been fixed) -- it is also case sensitive~
In addition, try setting the base at bit narrower: base: 'CN=Users,DC=Domain,DC=tld' or apply a filter: LDAP_USER_FILTER:(employeeType=developer) -- though you can wait until you confirm that GitLab is connecting before applying a filter.

@GJRTimmer

Don't want to hijack the thread -- just wanted to drop in and say thank you for helping @MACE-Zer0 -- you have been really awesome!

I'm using the MailPlus Server on my Synology, I even have my MailServer completly configured with full DKIM, DMARC SSL etc.

If you don't already have it, are you interest on knowing how to setup the Reply by email feature on GitLab with MailPlus Server?

yes yes thanks a hugeeeeee deal to @GJRTimmer for his huge help ..... everything is working even ldap .. thanks for you help as well @avluis , everything is good now..... we dont use Mailserver sorry , i got gitlab working with the exchange server i got here in the company

Thank you all

a new version has came out !!!

Before you change the version number click on top of the readme on the
build badge to see if the servers are ready. After the new versions comes
out it can take several hours for the docker hub an qoay.io registry to
build the images. After they are done you can do a successful pull. I think
with my script you can figure it out very important to let the startup of
the new images to takes it time. Sometime upgrading the database etc can
take up to 20 min before the webpage is available. So just be patient. In
the log file docker logs of gitlab you will see a line "migrating database"

Op vr 21 apr. 2017 22:01 schreef MACE-Zer0 notifications@github.com:

a new version has came out !!!

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296292500,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynvyH7Akqu4W8N9QEGsHTNX_YIHt6rks5ryQsCgaJpZM4NBis3
.

Not a problem happy to help. Maybe share you ldap knowledge what you have
learned with the rest to improve the readme.

Case closed

Op vr 21 apr. 2017 21:52 schreef MACE-Zer0 notifications@github.com:

yes yes thanks a hugeeeeee deal to @GJRTimmer
https://github.com/GJRTimmer for his huge help ..... everything is
working even ldap .. thanks for you help as well @avluis
https://github.com/avluis , everything is good now..... we dont use
Mailserver sorry , i got gitlab working with the exchange server i got here
in the company

Thank you all

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/1180#issuecomment-296290848,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFynv5XqrsX8u88z5_JDIlSoVxX9WrJVks5ryQkRgaJpZM4NBis3
.