Setup of GitLab Docker on Synology DSM

• Introduction
• GitLab
  • Environment Variables
  • Port Settings
  • Volume
  • Links
  • Update Warning
• GitLab Runner
  • Environment Variables
  • Volume
  • Passwordless Sudoer
• GitLab Container Registry
  • Environment Variables
  • Volume
  • Port Settings
  • Links
• HTTPS
  • Reverse Proxy
  • Certificate
• Port Forwarding

Introduction

This tutorial explains how to install a complete GitLab environment, including GitLab Runner and GitLab Container Registry, with the Synology DiskStation Manager (DSM). Each GitLab module can be installed with the help of Docker container and will receive it's own subdomain.

sameersbn/docker-gitlab

GitLab itself can be installed via the Package Center. The package is called Docker GitLab. Because it is maintained by Synology itself, it should install without any problem. If they are not already installed, this package will also install the Docker package as well as the MariaDB package. If the Docker package was not installed before, a shared folder has to be created for it. In this tutorial the shared folder is called /docker. Once the installation is finished, stop the newly installed package with the help of the Package Center. This will make the Docker environment variables, port settings, volume mounts and links of the Docker containers editable. Now open the Docker package, go in the Container section, right click on the synology_gitlab container and select Edit (not shown if there are running instances of this container).

Environment Variables

Port Settings

Volume

Links

Update Warning

An update of the Docker GitLab package will revert all environment variable, volume mount, port and link changes made to the synology_gitlab and synology_redis container.

sameersbn/gitlab-ci-multi-runner

The GitLab Runner Docker image can be downloaded from Docker Hub alias Registry inside of the Synology Docker package. Search for sameersbn/gitlab-ci-multi-runner.

Because this package is not maintained from Synology directly, one steps have to be made manually first. To successfully launch a GitLab Runner, you have to create the volume that is later mounted into the Docker. Open File Station and create the folder /docker/gitlab_runner.

After that open the Docker package again, open the Image tab and launch an instance of the gitlab-ci-multi-runner. While doing so configure the environment variables and volumes within the advanced settings.

Environment Variables

Volume

Passwordless Sudoer

If the deployment instructions in the gitlab-ci.yml files require sudo permission, follow these instructions.

1. SSH into the Synology.
2. Discover the container ID of the runner.

sudo docker ps | grep 'sameersbn/gitlab-ci-multi-runner:latest' | awk '{print $1}'

3. Enter the docker container.

sudo docker exec -it DOCKER_ID bash

4. Make the gitlab_ci_multi_user passwordless sudoer.

adduser gitlab_ci_multi_user sudo
echo "gitlab_ci_multi_user ALL=NOPASSWD: ALL" > /etc/sudoers.d/gitlab_ci_multi_user

registry

The official Docker Registry container can be downloaded from Docker Hub alias Registry inside of the Synology Docker package. Search for registry. To prepare the launch of the container, you first have to setup the volumes that are mounted into the container. Open File Station and create the following folders:

• /docker/gitlab_registry
• /docker/gitlab_registry/registry
• /docker/gitlab_registry/certs

Next two self signed certificates will be created with OpenSSL. To do so SSH into your Synology DiskStation.

1. Open the certificate folder.

cd /docker/gitlab_registry/certs

2. Generate a private key and sign request for the private key.

openssl req -nodes -newkey rsa:4096 -keyout registry-auth.key -out registry-auth.csr -subj "/CN=gitlab-issuer"
openssl req -nodes -newkey rsa:4096 -keyout registry.key -out registry.csr -subj "/CN=git.your_diskstation_url.com"

3. Sign your created privated key.

openssl x509 -in registry-auth.csr -out registry-auth.crt -req -signkey registry-auth.key -days 3650
openssl x509 -in registry.csr -out registry.crt -req -signkey registry.key -days 3650

After that open the Docker package, launch a registry container and configure the environment variables, volume mounts and and links like explained below.

Environment Variables

Volume

Port Settings

Links

HTTPS

Synology's Reverse Proxy service and Let's Encrypt can be used to secure the connction to GitLab and the registry Docker over HTTPS.

Reverse Proxy

Create two new rules like the following:

Certificate

If you don't already have a certificate, create a Let's Encrypt certificate with the domain name your_diskstation_url.com and alternative names git.your_diskstation_url.com;hub.your_diskstation_url.com in the Certificate section. After that configure them to be used for the services git.your_diskstation_url.com and hub.your_diskstation_url.com.

Port Forwarding

If GitLab is running behind a firewall, for example behind a router, port forwarding need to be configured inside the router.