Skip to main content
GitLab integration in Dokploy uses OAuth 2.0 authentication with support for both GitLab.com and self-hosted GitLab instances.

Features

  • OAuth 2.0 authentication with automatic token refresh
  • Support for GitLab.com and self-hosted instances
  • Group filtering for large organizations
  • Repository and branch browsing
  • Automatic token refresh with expiry management
  • Internal URL support for same-network deployments

Prerequisites

  • A GitLab account (GitLab.com or self-hosted)
  • Access to the repositories you want to deploy
  • Admin access to create OAuth applications
  • Your Dokploy instance must be accessible for OAuth callbacks

Creating a GitLab OAuth Application

1

Navigate to Applications

For GitLab.com:
  1. Go to your GitLab profile
  2. Click Settings → Applications
  3. Click Add new application
For Self-hosted GitLab:
  1. Go to Admin Area → Applications
  2. Click New application
You can also create user-level applications in User Settings → Applications
2

Configure Application Details

Fill in the application information:Name: Choose a descriptive name (e.g., “Dokploy Production”)Redirect URI: Your Dokploy callback URL:
https://your-dokploy-domain.com/api/providers/gitlab/callback
The redirect URI must be exact. GitLab does not allow wildcards.
3

Set Scopes

Enable the following scopes:
  • api - Full API access
  • read_user - Read user information
  • read_repository - Read repository content
  • write_repository - Clone repositories
The api scope provides comprehensive access. For more restrictive access, use only read scopes.
4

Create Application

Click Save application to create the OAuth app.
5

Copy Credentials

After creation, save these values:
  • Application ID: Used as Client ID
  • Secret: Used as Client Secret
The secret is only shown once. Store it securely.

Configuring in Dokploy

1

Navigate to Git Providers

In Dokploy dashboard:
  1. Go to SettingsGit Providers
  2. Click Add Git Provider
  3. Select GitLab
2

Enter Configuration

Fill in the GitLab OAuth details:Provider Name: A friendly name (e.g., “GitLab Production”)GitLab URL:
  • For GitLab.com: https://gitlab.com
  • For self-hosted: https://gitlab.yourdomain.com
GitLab Internal URL (optional):
  • Leave empty if not on same network
  • For same-network: http://gitlab.internal:8080
Internal URL is used for token operations when Dokploy and GitLab are on the same network, reducing latency.
Application ID: The Application ID from GitLabSecret: The Secret from GitLabGroup Name (optional): Filter repositories by group
mygroup,mygroup/subgroup
Comma-separated list of group paths.
3

Save and Authorize

  1. Click Save
  2. You’ll be redirected to GitLab
  3. Click Authorize to grant access
  4. You’ll be redirected back to Dokploy
4

Test Connection

After authorization:
  1. Click Test Connection
  2. Verify the number of accessible repositories
If using group filtering, only repositories in specified groups are counted.

Self-Hosted GitLab Configuration

Basic Setup

For self-hosted GitLab instances: 
GitLab URL: https://gitlab.company.com
Application ID: abc123...
Secret: xyz789...

Internal URL Configuration

When Dokploy and GitLab are on the same network: 
GitLab URL: https://gitlab.company.com  # External, for OAuth redirect
GitLab Internal URL: http://gitlab:8080  # Internal, for API calls
Benefits:
  • Faster token refresh operations
  • Reduced external network usage
  • Works even if external URL is behind firewall

Basic Authentication in URL

If your GitLab instance requires basic auth: 
https://username:password@gitlab.company.com
Dokploy automatically:
  1. Extracts credentials from URL
  2. Adds Authorization: Basic header
  3. Removes credentials from subsequent URLs
Only use basic auth over HTTPS to protect credentials.

Using GitLab in Applications

Deploying from GitLab

1

Create or Edit Application

When creating/editing an application:
  1. Set Source Type to “Git”
  2. Select your GitLab provider
2

Select Repository

Choose from accessible repositories:
  • Format: namespace/project-name
  • Includes personal and group repositories
  • Filtered by group name if configured
3

Configure Deployment

Branch: Select the branch to deployPath Namespace: Automatically set to namespace/projectAuto Deploy (optional):
  • Enable for automatic deployments
  • Currently supports manual triggers

Repository Structure

GitLab repositories include: 
{
  id: 12345,
  name: "my-project",
  url: "namespace/my-project",  // Used as pathNamespace
  owner: {
    username: "namespace"
  }
}

Token Management

Automatic Token Refresh

Dokploy automatically refreshes expired tokens:
  1. Before Each Operation: Checks token expiry
  2. Safety Margin: Refreshes 60 seconds before expiry
  3. Refresh Flow: 
    POST {gitlabUrl}/oauth/token
{
  grant_type: "refresh_token",
  refresh_token: "...",
  client_id: "...",
  client_secret: "..."
}
  4. Store New Tokens: Updates access and refresh tokens in database

Token Expiration

  • Default Expiry: 2 hours (7200 seconds)
  • Stored as Unix Timestamp: expiresAt field
  • Automatic Refresh: Happens transparently during:
    • Repository listing
    • Branch fetching
    • Repository cloning
    • Connection testing

Group Filtering

Single Group

Filter by a single group: 
mygroup
Shows repositories in:
  • mygroup/project1
  • mygroup/project2

Multiple Groups

Comma-separated groups: 
frontend,backend,infrastructure

Subgroups

Include subgroups: 
mygroup/frontend,mygroup/backend
Matches:
  • mygroup/frontend/app1
  • mygroup/frontend/app2
  • mygroup/backend/api

No Filtering

Leave empty to show:
  • All personal repositories
  • All group repositories you have access to

API Integration

Repository Listing

Fetches projects with pagination: 
GET {gitlabUrl}/api/v4/projects?membership=true&page=1&per_page=100
Authorization: Bearer {accessToken}
Pagination:
  • 100 projects per page (GitLab maximum)
  • Uses x-total header for total count
  • Fetches all pages automatically

Branch Listing

Fetches branches for a project: 
GET {gitlabUrl}/api/v4/projects/{projectId}/repository/branches?page=1&per_page=100
Authorization: Bearer {accessToken}
Returns: 
[
  {
    id: "main",
    name: "main",
    commit: { id: "abc123..." }
  }
]

Repository Cloning

Clone command format: 
git clone --branch {branch} --depth 1 \
  https://oauth2:{accessToken}@{gitlabUrl}/{pathNamespace}.git \
  {outputPath}
Features:
  • Uses OAuth2 token authentication
  • Shallow clone (—depth 1) for speed
  • Optional submodule support

Troubleshooting

Symptoms: Redirect loop or “Invalid redirect URI” errorSolutions:
  1. Check Redirect URI: Must exactly match: 
    https://your-dokploy-domain.com/api/providers/gitlab/callback
  2. Verify HTTPS: GitLab requires HTTPS for OAuth (except localhost)
  3. Check Application Status: Ensure application is not revoked
  4. Review Scopes: Ensure all required scopes are enabled
Symptoms: Test connection succeeds but no repositories availableSolutions:
  1. Check Group Filter: Verify group names are correct
  2. Review Permissions: User must have at least Reporter role
  3. Test API Access: 
    curl -H "Authorization: Bearer TOKEN" \
  https://gitlab.com/api/v4/projects?membership=true
  4. Clear and Reconnect: Remove and re-add the provider
Symptoms: “Failed to refresh token” errors in logsSolutions:
  1. Check Secret: Ensure client secret is correct
  2. Verify Application: Application might be deleted or revoked
  3. Review Internal URL: If set, must be accessible from Dokploy
  4. Reauthorize: Remove provider and go through OAuth flow again
Symptoms: “Repository configuration failed” during deploymentSolutions:
  1. Verify Required Fields:
    • Repository name
    • Owner/namespace
    • Branch name
    • Path namespace
  2. Check Token: Use Test Connection to verify
  3. Review Permissions: Ensure read_repository scope
  4. Test Manually: 
    git ls-remote https://oauth2:TOKEN@gitlab.com/namespace/project.git
Symptoms: SSL/TLS errors when connectingSolutions:
  1. Valid Certificate: Ensure GitLab has valid SSL certificate
  2. Internal URL: Use HTTP for internal URL if on same network
  3. Certificate Trust: Dokploy must trust the CA
  4. Disable SSL Verification (not recommended): Configure in GitLab settings if absolutely necessary

Security Best Practices

1. OAuth Secret Management

  • Store client secret securely
  • Never commit to version control
  • Rotate periodically
  • Use different applications for different environments

2. Scope Limitation

Request only necessary scopes:
  • Minimum: read_user, read_repository
  • Standard: Add write_repository for full functionality
  • Avoid: sudo or admin scopes unless absolutely required

3. Group Filtering

For large organizations:
  • Use group filtering to limit repository access
  • Separate providers for different teams
  • Regular access audits

4. Token Storage

  • Tokens are encrypted in database
  • Never logged or exposed in UI
  • Automatically refreshed before expiry
  • Invalidated when provider is removed

5. Self-Hosted Security

  • Use HTTPS for external URLs
  • Keep GitLab instance updated
  • Configure internal URLs only on trusted networks
  • Regular security audits

Advanced Configuration

Multiple GitLab Providers

Configure separate providers for:
  • Different Instances: GitLab.com + self-hosted
  • Different Groups: Frontend team, Backend team
  • Different Environments: Production, Staging
Each provider maintains:
  • Separate OAuth tokens
  • Independent group filters
  • Isolated repository access

Webhook Integration (Future)

While not currently implemented, prepare for webhook support:
  1. Note your Dokploy webhook endpoint
  2. Plan webhook events needed (Push, Tag, Merge Request)
  3. Prepare secret token generation

API Response Examples

Project List Response

[
  {
    "id": 12345,
    "name": "my-project",
    "path_with_namespace": "mygroup/my-project",
    "namespace": {
      "path": "mygroup",
      "full_path": "mygroup",
      "kind": "group"
    }
  }
]

Branch List Response

[
  {
    "name": "main",
    "commit": {
      "id": "abc123...",
      "short_id": "abc123",
      "created_at": "2024-01-15T10:30:00.000Z"
    }
  }
]

Next Steps

Deploy an Application

Create your first deployment from GitLab

GitHub Integration

Compare with GitHub integration

Gitea Integration

Self-hosted Git alternative

Git Providers Overview

Compare all Git provider options