Question How to install Gitlab

Currently reading
Question How to install Gitlab

Been dealing with this issue for a couple hours now and hit a bit of a standstill as far as my experience and google abilities. Got the most recent version of gitlab installed, after having a similar issue with the built in one of the store. It seems the one in the store is out of date, so i'd rather keep the newer one if possible, but both i cannot seem to connect via the WAN.

Previously, I was getting
me.git Crostini-Test-Branch
ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.

But now it just gets stuck
ssh: connect to host <WANIP> port 22: Connection timed out
fatal: Could not read from remote repository.

I was trying to also follow git clone error: Permission denied (publickey,password). fatal: Could not read from remote repository (#4458) · Issues · GitLab.com / GitLab.com Support Tracker but it didn't seem to help so i put it back on 22.
 
Scratch that, it's still giving me the error again.

ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
 
You might want to use jboxberger/synology-gitlab instead of the original spk.

Is ssh enable in DSM? Did you change the gitlab ssh port to prevent collision?

Did you ever consider to use gitea instead? It provides permissions on group/team/user level for repositories, has a per repo wiki and issue management. My installation usualy needs between 50-100mb RAM (Gitlab was around 1,5gb to 2gb) and is generaly very gentle to the ressources. It is a better fit for a NAS than Gitlab ever could be.
 
I mean besides the RAM usage, which the NAS has 10G on, i'm not too worried about that, is there any specific advantages?

SSH is enabled, and I have a route of 30000>80 and 30001>22. I've also confirmed I can do it from the LAN, it's just off WAN connections. I know the router isn't the issue because on the same rule I can access the webpage off the network.

That docker isn't the same that's default on the NAS is it? It seems to be very outdated and wanted to at least be in the relative updates for security and functionality.
 
Not sure if this is still true, but the package used to be more up to date than the offical spk from Synology.

Gitea is charming because it has barely any effects on the ressources and it is always responsive with a short start time.

If I would still use Gitlab, I would prefer a setup based on the docker-compose file that sameersbn provides
and change the configuration according my needs.

So you mapped the host port 30001 to the container port 22, did set GITLAB_HOST to your external domain name and set GITLAB_SSH_PORT to the wan port that your router is forwarding to port 30001 on your Diskstation?
 
Yes, i'm using a port forward range of 30000-30001 to the NAS lan IP address in the router. Plus based on the error that I'm getting, it seems to be more of authentication based issue, but i'm not sure why it would be when on the LAN it works fine.

I think at this time I would prefer to stick with Gitlab just because it's what i've known. The other looks basically the same but more of the github look to it, which i've honestly never worked with in production.
 
I assume that you added your pub key to your gitlab profile, right?

I am kind of confused what you mean by that it works in your LAN. How do you clone the repo? what remote uri does it return if you do 'git remote -v'?

I have used Gitlab in the past and neither had a problem with https/token auth or ssh/key auth.
 
That is correct,

So I can git clone on the LAN, but not on the WAN? So when i'm off network it doesn't work. But if i'm on the same network as the NAS it works. However, after coming back home today it doesn't seem to be working either so i'm not sure what it's deal is now... That was the only common denominator i had at the time.

i'm going to try to reinstall it again with the one you had mentioned earlier and see if that gets me anywhere...
 
Your statements about "works on LAN, does not work on WAN" puzzles me. If you did set GITLAB_HOST to point to a DNS entry that resolves to your WAN-IP and GITLAB_SSH_PORT to the forwarded WAN-PORT, your repos should provide a clone link that looks like git@{value of GITLAB_HOST}:{value of GITLAB_SSH_PORT}/user/repo.git.

Did you add the remote repositories for LAN and WAN and tried to perform the same action against the remote repositories from the same cloned folder?
 
Forgive me, I have to admit I am fairly new at this. I have not set GITLAB HOST as I do not know what that would do? Nor how to go about doing it. I have the DDNS setup on the NAS itself which is resolving the IP. The clone link has always been wrong and never knew there was a way of changing that.

Here is how i've set it up
 
Just to clarify, I normally go in and input the correct url/ip and port in the clone command, which has previously worked for me. I've not tried to run the command with the wrong URL, and it would seem that it's also correct because if it wasn't resolving the IP or even on a wrong port, it would just hang there instead of giving me a security failure error.
 
Last edited:
I never accessed a git server where the access uri and the hostname differ, though ssh is not domain name aware and https gives an invalid certificate error at best. So this can't be the reason for your security failure. If you added your public key to your Gitlab profile, the security failure does not realy make sense to me, except if you accidently added a wrong pub key. Are you sure that the user on the client machine has the private key present in ~/.ssh/id_rsa?

You screenshots surprise me. Synology's Gitlab package bases on sameersbn/gitlab (not sure if this is still true,though) Thus, i would have expected to see way more environment variables in your screenshot.

Strong advise: download the docker-compose.yml from the link I posted earlier and configure it for your needs. The documentation is great and more than sufficient to get everything up and running. This permits to configure each and every aspect according your needs. If you don't plan to use any OAUTH provider for user authentifcation, you can remove all the
OAUTH_* entries. You just need to configure the env variables starting with GITLAB_. You can change values anytime you want and just run 'docker-compose up -d' to restart the container and update the configuration.
 
Okay, forgive me again i'm learning as I go on. I've been able to catch up to you abit and see why there may have been some confusion earlier. I'm still having issues so i'd like to go with what you sent me, but from what I can gather I can't use docker compose on the synology without going CLI, is that correct?
 
Last edited:
Though, there is another option to skip the cli completly: you can run a Portainer container and start docker compose stacks from there.

In order to start a Portainer container, you can create a Task that starts it on each boot event.

Create a "Triggered Task" in "Task Scheduler" -> "user-defined script". Name it however you like and keep the settings for user=root and event=boot up, then switch to the tab "Task Settings" and paste the content of the code block in the "user-defined script" block:
Bash:
# get path of the docker share
docker_dir=$(synoshare --get docker | grep Path | tr -d '[:blank:]Path.[]')
# create docker.sock symlink in the docker share
ln -sf /var/run/docker.sock ${docker_dir}/docker.sock
#  create a data folder for portainer
mkdir -p ${docker_dir}/portainer
# run portainer
portainer_container_id=$(docker ps --filter name=watchtower -qa)
if [ "x${portainer_container_id}" == "x" ]; then
  docker run -d -p 9000:9000 --name portainer --restart always -v ${docker_dir}/docker.sock:/var/run/docker.sock -v ${docker_dir}/portainer:/data portainer/portainer
fi

Though, you don't need to restart your NAS to execute it while the NAS is running.
Just select the new task, press the run button and use a browser to navigate to http://{dsm-ip}:9000.
You will have to pick a username and passwort on the first start.

To start a compose stack, you have to navigate to "Stacks", click "Add stack" and either upload a docker-compose.yml or paste its content. Once Portainer is aware of the stack, you can modify it as you like - portainer will redeploy whatever is changed.
 
I'm trying to do the CLI way, but i'm getting stuck by the terminology again. They are saying to create a volume, and then put the docker file in it. When they say volume, do they mean a docker volume or something else? If it's a docker volume, is it just a file in /volume1/docker/gitlab?
 
Well the portainer option ended up working perfectly... Still though i'd like to clarify the cli part if that's okay with you. Sorry for all the trouble. I'm in the process of editing the stack as needed and trying to deploy it. Fortunately I have dealt with portainer before, but when I tried to get it to work previously the local was disconnected and I couldn't figure out why.
 
Also guess what...

ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

So again, I know we were having a mix up earlier regarding when i ment i was off network. So i can connect to the webpage for gitlab, and the git server. Okay, so I hop off network. I again can get the website, so we are doing good! Until I try to git clone, and get that error. I still have no idea why, when everthing is working as it should otherwise.
 
I'm trying to do the CLI way, but i'm getting stuck by the terminology again. They are saying to create a volume, and then put the docker file in it. When they say volume, do they mean a docker volume or something else? If it's a docker volume, is it just a file in /volume1/docker/gitlab?
I have no idea in which context you are right now. Can you paste the part of the documentation where you get stuck ? If it is in inside the docker-compose.yml it is definitly a docker volume, though, usualy it is a folder mapping where a host path is mapped into a container path. Gitlab requires at leat three folder mappings. Make sure to create those folders before.

Are you sure that you added you public key (as in the content of id_rsa.pub) to your Gitlab profie?
 
I have no idea in which context you are right now. Can you paste the part of the documentation where you get stuck ? If it is in inside the docker-compose.yml it is definitly a docker volume, though, usualy it is a folder mapping where a host path is mapped into a container path. Gitlab requires at leat three folder mappings. Make sure to create those folders before.

Are you sure that you added you public key (as in the content of id_rsa.pub) to your Gitlab profie?

I didn't look at the documentation, usually don't quite understand it plus if there was any any difference between the normal way and docker, so I tried finding people who also did this via synology's.

"ehighkid
1 point·5 months ago
No app. All CLI via SSH- here's the jist:
Enable ssh in synology Create a directory in one of your volumes to use for storage/config in synology app Login via SSH for the following : Create a docker-compose.yml file in the directory you created (search for examples) Run docker-compose up -d to start containers in detached mode
Now your containers will be running and visible in the docker app and van see config set."

And yes, I have an SSH Key in the gitlab profile. Would it need to be anywhere else?
 

Attachments

  • Screenshot 2019-07-15 at 8.23.32 AM.png
    Screenshot 2019-07-15 at 8.23.32 AM.png
    7.4 KB · Views: 51

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Replies
5
Views
2,498
@fredbert & @Telos THANKS... these were great points and I have now turned off the feature:
Replies
4
Views
1,643

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top