gitlab docker registry with external nginx and omnibus
I already run a gitlab server inside a docker container with an external nginx server inside an other docker container, so the gitlab nginx server is deactivated. Now I want
-
I also had the same problem like you and got it to work with the following:
Nginx:
## Lines starting with two hashes (##) are comments with information. ## Lines starting with one hash (#) are configuration parameters that can be uncommented. ## ################################### ## configuration ## ################################### ## Redirects all HTTP traffic to the HTTPS host server { listen *:80; server_name registry.project-oc.de; server_tokens off; ## Don't show the nginx version number, a security best practice return 301 https://$http_host:$request_uri; access_log /var/log/nginx/gitlab_registry_access.log; error_log /var/log/nginx/gitlab_registry_error.log; } server { # If a different port is specified in https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182, # it should be declared here as well listen *:443 ssl http2; server_name registry.project-oc.de; server_tokens off; ## Don't show the nginx version number, a security best practice client_max_body_size 0; chunked_transfer_encoding on; ## Strong SSL Security ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ ssl on; ssl_certificate /etc/letsencrypt/live/registry.project-oc.de/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/registry.project-oc.de/privkey.pem; # managed by Certbot ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_session_timeout 5m; access_log /var/log/gitlab/nginx/gitlab_registry_access.log; error_log /var/log/gitlab/nginx/gitlab_registry_error.log; location / { proxy_set_header Host $http_host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; proxy_pass http://localhost:5000; } }gitlab.rb
registry_external_url 'https://registry.project-oc.de' registry_nginx['listen_port'] = 5000 gitlab_rails['registry_enabled'] = true registry_nginx['enable'] = false registry['enable'] = trueAfter editing the both files you have to restart nginx and gitlab
讨论(0) -
ok i got it work.
## Lines starting with two hashes (##) are comments with information. ## Lines starting with one hash (#) are configuration parameters that can be uncommented. ## ################################### ## configuration ## ################################### upstream docker-registry { server <ip_of_gitlab_docker_container>:<port_of_gitlab_container>; } ## Redirects all HTTP traffic to the HTTPS host server { listen *:80; server_name sub.domain.tld; server_tokens off; ## Don't show the nginx version number, a security best practice return 301 https://$http_host:$request_uri; access_log /var/log/nginx/gitlab_registry_access.log; error_log /var/log/nginx/gitlab_registry_error.log; } server { # If a different port is specified in https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182, # it should be declared here as well listen *:443 ssl http2; server_name sub.domain.tld; server_tokens off; ## Don't show the nginx version number, a security best practice client_max_body_size 0; chunked_transfer_encoding on; ## Strong SSL Security ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ ssl on; ssl_certificate /etc/letsencrypt/live/sub.domain.tld/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sub.domain.tld/privkey.pem; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_session_timeout 5m; access_log /var/log/nginx/gitlab_registry_access.log; error_log /var/log/nginx/gitlab_registry_error.log; location / { # let Nginx know about our auth file proxy_pass http://docker-registry; proxy_set_header Host $host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /v2/ { # To add basic authentication to v2 use auth_basic setting plus # add_header add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always; proxy_pass http://docker-registry; proxy_set_header Host $http_host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; } }Maybe the nginx configuration of Andrioshe also work, but I did some change and mix up with other configurations while trying. I think a configuration file for normal docker-regsitry will also work... will try it in future.
But the more important thing is the gitlab omnibus configuration.
registry_external_url 'https://sub.domain.tld' registry['registry_http_addr'] = "<ip_of_gitlab_docker_container>:<port_of_gitlab_container>" registry_nginx['enable'] = false registry['enable'] = trueIt is important to set the 'regsitry_http_addr' to the gitlab docker registry ip and port instead of localhost.
讨论(0) -
I faced the same issue after updating Gitlab from docker.
Just fixed by adding :
gitlab_rails['registry_enabled'] = true registry_nginx['enable'] = false registry['enable'] = true讨论(0)
加载中...
- 热议问题