Run GitLab Runner in a Docker Container

Manually register and start GitLab Runner in a Docker container for isolation.

Tags:

SSH into the container and become root:

vagrant ssh pxd-runner1

We can see the GitLab Runner registered by Ansible, the one with docker executor, by running command:

gitlab-runner list

Show me

root@pxd-runner1:~# gitlab-runner list
Runtime platform                                    arch=amd64 os=linux pid=13752 revision=07e534ba version=18.9.0
Listing configured runners                          ConfigFile=/etc/gitlab-runner/config.toml
pxd-runner1                                         Executor=docker Token=glrt-da-EkqfgDuB2DwnKLKEzwmc6MwpvOjEKdDoyCnU6MQ8.01.1715ibixv URL=https://gitlab.c2platform.org

Create Runner

Go to the Runners page https://gitlab.c2platform.org/groups/c2platform/c2/-/runnersand create a new Runner.

This will generate a registration token, for example: glrt-wKo7f7cpkPHGTybhg8ybTmc6MwpvOjEKdDoyCnU6MQ8.01.170xmsrvn.

Register

To manually register a GitLab Runner using a Docker container, follow these steps. This method runs the registration process inside a temporary container, which is useful for isolated or testing environments. For production, you might prefer installing and registering directly on the host.

First, ensure Docker is installed on the host (pxd-runner1 in this case).

Pull the official GitLab Runner Docker image if not already available:

docker pull gitlab/gitlab-runner:latest

Now, run the registration command using the Docker image. This starts a temporary container to perform the registration. Mount the config volume to persist the configuration and the CA certificates directory to handle TLS verification for the self-signed certificate.

docker run --rm -i \
  -v /srv/gitlab-runner/config:/etc/gitlab-runner \
  -v /usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro \
  --entrypoint sh gitlab/gitlab-runner:latest -c \
  'update-ca-certificates && gitlab-runner register \
  --non-interactive \
  --url "https://gitlab.c2platform.org/" \
  --token "glrt-wKo7f7cpkPHGTybhg8ybTmc6MwpvOjEKdDoyCnU6MQ8.01.170xmsrvn" \
  --executor "docker" \
  --docker-image "alpine:latest" \
  --tls-ca-file "/usr/local/share/ca-certificates/c2.crt.crt" \
  --description "Manual Docker Runner"'

This command first updates the container’s CA trust store to include the custom certificate, ensuring the registration API call succeeds. Adjust parameters as needed:

--url: The URL of your GitLab instance.
--token: The registration token you obtained.
--executor: Set to “docker” for Docker executor.
--docker-image: Default image for jobs.
--tls-ca-file: Path to the CA certificate inside the container.
Other flags for description, tags, etc.

Start

After successful registration, start the runner service in a container:

docker run -d --name gitlab-runner --restart always \
  -v /srv/gitlab-runner/config:/etc/gitlab-runner \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro \
  gitlab/gitlab-runner:latest

This mounts the Docker socket to allow the runner to spawn job containers and the CA certificates for TLS trust. Ensure the config directory exists on the host (/srv/gitlab-runner/config).

Verify the runner is registered and running by checking in the GitLab UI or using gitlab-runner list on the host if installed there.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified February 25, 2026: phx gitlab runner manual setup PHX-561 PHX-547 (7f2b325)