services:
  gitlab:
    image: gitlab/gitlab-ce:17.8.6-ce.0
    container_name: gitlab
    hostname: '${GITLAB_DOMAIN}'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        # Add any other gitlab.rb configuration here, each on its own line
        external_url 'https://${GITLAB_DOMAIN}'
        gitlab_rails['gitlab_shell_ssh_port'] = 2424
        # We need to tell GitLab to use SSH port 22 internally
        gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
        #gitlab_shell['ssh_port'] = 22
        nginx['listen_port'] = 80
        nginx['listen_https'] = false
        nginx['proxy_set_headers'] = {
          "X-Forwarded-Proto" => "https",
          "X-Forwarded-Ssl" => "on"
        }
    labels:
      - traefik.enable=true
      - traefik.docker.network=traefik
      # HTTP configuration
      - traefik.http.routers.gitlab.entrypoints=web,websecure
      - traefik.http.routers.gitlab.tls=true
      - traefik.http.routers.gitlab.tls.certresolver=le
      - traefik.http.routers.gitlab.rule=Host(`${GITLAB_DOMAIN}`)
      - traefik.http.services.gitlab.loadbalancer.server.port=80
      # TCP/SSH configuration - completely revised
      - "traefik.tcp.routers.gitlab-ssh.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.gitlab-ssh.entrypoints=gitlab-ssh"
      - "traefik.tcp.services.gitlab-ssh.loadbalancer.server.port=22"
    volumes:
      - 'gitlab-config:/etc/gitlab'
      - 'gitlab-logs:/var/log/gitlab'
      - 'gitlab-data:/var/opt/gitlab'
    shm_size: '256m'
    networks:
      - traefik
    restart: unless-stopped


volumes:
  gitlab-config:
    name: gitlab-config
  gitlab-logs:
    name: gitlab-logs
  gitlab-data:
    name: gitlab-data

networks:
  traefik:
    name: traefik
    external: true