Configuring local GitLab server with LDAPS authentication and Grafana dashboards.

• Check REPORT.md for more details

• GitLab-CE and LLDAP containers communicating over LDAPS (LDAP over TLS).
• Provisioned Grafana dashboards for monitoring GitLab-exported Prometheus metrics
• Nginx config for enforcing HTTPS to web services.

0. Clone project

   git clone https://github.com/sh3b0/gitlab-ldap
   cd gitlab-ldap

1. Create locally-trusted certs quickly with mkcert

   mkdir certs
   cd certs/
   mkcert "*.internal.test"
   mkcert -install
   
   # Shorter file names used in configs
   mv _wildcard.internal.test-key.pem tls.key
   mv _wildcard.internal.test.pem tls.crt

2. Update /etc/hosts with domains for internal services

   127.0.0.1       grafana.internal.test
   127.0.0.1       ldap.internal.test
   127.0.0.1       gitlab.internal.test

3. As per docs, you need to copy tls.crt and tls.key content into ./conf/gitlab.rb.

   • Tweak other properties as desired [template]

     # conf/gitlab.rb:29
     ...
     tls_options:
       ssl_version: 'TLSv1_2'
       cert: '-----BEGIN CERTIFICATE----- <REDACTED> -----END CERTIFICATE -----'
       key: '-----BEGIN PRIVATE KEY----- <REDACTED> -----END PRIVATE KEY -----'
     ...
     
     # Update permissions for mounting into gitlab-ce container
     chmod root:root ./conf/gitlab.rb

4. Create secrets for LLDAP server

   ./scripts/generate_secrets.sh > .env

5. Run services with docker compose

   docker compose up -d

• https://docs.gitlab.com/ee/administration/auth/ldap/
• https://github.com/lldap/lldap
• https://grafana.com/docs/grafana/latest/administration/provisioning/
• https://nginx.org/en/docs/http/configuring_https_servers.html