diff --git a/.env.default b/.env.default
index 5392528..526c84d 100644
--- a/.env.default
+++ b/.env.default
@@ -2,5 +2,6 @@ GITLAB_CE_VERSION=10.1.0-ce.0
 GITLAB_HOST=gitlab.mydomain.io
 GITLAB_SSH_IP=5.6.7.8
 GITLAB_SSH_PORT=22
+GITLAB_TRUSTED_PROXY=172.18.0.0/16
 LETSENCRYPT_EMAIL=contact@mydomain.io
 TZ=Europe/Paris
diff --git a/.gitignore b/.gitignore
index f07a50d..1edfc98 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 volumes/
+.idea/
 .env
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..186a846
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,10 @@
+DOCKER_IMAGE := gitlab/gitlab-ce
+
+all: build
+
+bash:
+	@source .env
+	@docker run --rm --net=host -it ${DOCKER_IMAGE}:${GITLAB_CE_VERSION} /bin/sh
+
+build:
+	@bash scripts/buildEnv.sh
diff --git a/README.md b/README.md
index a08c3f3..d78545c 100644
--- a/README.md
+++ b/README.md
@@ -29,6 +29,7 @@ docker-compose up -d
 ```bash
 source .env
 docker run --rm -it gitlab/gitlab-ce:${GITLAB_CE_VERSION} postgres --version
+# docker exec -it gitlab vim /etc/gitlab/gitlab.rb
 ```
 
 
diff --git a/scripts/buildEnv.sh b/scripts/buildEnv.sh
new file mode 100644
index 0000000..71dbccb
--- /dev/null
+++ b/scripts/buildEnv.sh
@@ -0,0 +1,5 @@
+set -a
+source .env
+
+echo "Building \"gitlab.rb\" via envsubst"
+envsubst < templates/gitlab.rb > "volumes/config/gitlab.rb"
diff --git a/templates/gitlab.rb b/templates/gitlab.rb
new file mode 100644
index 0000000..99f61b4
--- /dev/null
+++ b/templates/gitlab.rb
@@ -0,0 +1,61 @@
+## GitLab configuration settings
+##! This file is generated during initial installation and **is not** modified
+##! during upgrades.
+##! Check out the latest version of this file to know about the different
+##! settings that can be configured by this file, which may be found at:
+##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template
+
+
+## GitLab URL
+##! URL on which GitLab will be reachable.
+##! For more details on configuring external_url see:
+##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
+external_url 'https://${GITLAB_HOST}'
+
+### Trusted proxies
+###! Customize if you have GitLab behind a reverse proxy which is running on a
+###! different machine.
+###! **Add the IP address for your reverse proxy to the list, otherwise users
+###!   will appear signed in from that address.**
+gitlab_rails['trusted_proxies'] = ['${GITLAB_TRUSTED_PROXY}']
+
+### GitLab database settings
+###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
+###! **Only needed if you use an external database.**
+gitlab_rails['db_host'] = "postgres"
+
+### GitLab Redis settings
+###! Connect to your own Redis instance
+###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
+gitlab_rails['redis_host'] = "redis"
+
+################################################################
+## GitLab PostgreSQL
+################################################################
+
+###! Changing any of these settings requires a restart of postgresql.
+###! By default, reconfigure reloads postgresql if it is running. If you
+###! change any of these settings, be sure to run `gitlab-ctl restart postgresql`
+###! after reconfigure in order for the changes to take effect.
+postgresql['enable'] = false
+
+################################################################################
+## GitLab Redis
+##! **Can be disabled if you are using your own Redis instance.**
+##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
+################################################################################
+
+redis['enable'] = false
+
+################################################################################
+## GitLab NGINX
+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
+################################################################################
+
+##! **Override only if you use a reverse proxy**
+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
+nginx['listen_port'] = 80
+
+##! **Override only if your reverse proxy internally communicates over HTTP**
+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
+nginx['listen_https'] = false