Quantcast
Channel: Active questions tagged docker-registry - DevOps Stack Exchange
Viewing all articles
Browse latest Browse all 60

SELF HOSTED DOCKER GITLAB BEHIND NGINX: There are no container images stored for this project [closed]

$
0
0

this is the solution.. posted the question on stackoverflow

I was able to solve the problem creating a certificate in docker host as reported here:

mkdir certscd certs# Generate a random password password_file used in the next commandsopenssl rand -hex -out password_file 32# Create a PKCS#10 certificate requestopenssl req -new -passout file:password_file -newkey rsa:4096 -batch > registry.csr# Convert RSA keyopenssl rsa -passin file:password_file -in privkey.pem -out registry.key# Generate certificateopenssl x509 -in registry.csr -out registry.crt -req -signkey registry.key -days 10000

then assigned the certs folder to the two (gitlab and registry) containers.

this certificate configuration allow gitlab and gitlab registry to sort of auto-login and talk to each other.

the docker-compose.yml file will finally look like this:

version: '3.6'services:  web:    image: 'gitlab/gitlab-ee:latest'    container_name: gitlab-ee    restart: always    hostname: 'gitlab.example.com'    environment:      GITLAB_OMNIBUS_CONFIG: |        external_url 'https://gitlab.example.org'        nginx['listen_port'] = 80        nginx['listen_https'] = false        gitlab_rails['gitlab_shell_ssh_port'] = 222        gitlab_rails['registry_enabled'] = true;        gitlab_rails['registry_api_url'] = 'http://<docker-host-ip>:5001'        gitlab_rails['registry_key_path'] = '/certs/registry.key'        registry_external_url 'https://gitlab-reg.example.com'        registry_nginx['listen_port'] = 5001        registry_nginx['listen_https'] = false        registry_nginx['proxy_set_headers'] = {"X-Forwarded_Proto" => "https","X-Forwarded_Ssl" => "on"        }    ports:      - '8081:80'      - '222:22'    volumes:      - '$GITLAB_HOME/config:/etc/gitlab'      - '$GITLAB_HOME/logs:/var/log/gitlab'      - '$GITLAB_HOME/data:/var/opt/gitlab'      - './certs:/certs'    shm_size: '256m'  registry:    image: registry    container_name: registry    restart: always    ports:      - '5001:5000'    volumes:      - '$GITLAB_REG/registry:/var/lib/registry'      - './certs:/certs'#    environment:#      - REGISTRY_AUTH_TOKEN_REALM=https://gl.aitribe.it/jwt/auth#      - REGISTRY_AUTH_TOKEN_SERVICE=container_registry#      - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer#      - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry.crt  gitlab-runner:    image: gitlab/gitlab-runner:latest    container_name: gitlab-runner    restart: always    volumes:      - /srv/gitlab-runner/config:/etc/gitlab-runner      - /var/run/docker.sock:/var/run/docker.sock

SO MANY NOTES to use this docker-compose.yml file:

  • gitlab and gitlab registry are on different subdomains (that is not given for grant) and are behind a reverse proxy with ssl termination on the proxy (thats the reason why headers need to be set)
  • the default registry_api_url (GITLAB_REGISTRY_API_URL in the link above where configuration doesn't involve OMNIBUS) point by default to 127.0.0.1:5000: this will obviously never work on a docker gitlab installation: for this reason it must be set to the docker host ip, specifying the port;
  • for some reason I'm still trying to catch (I read it somewhere trying to find the solution bud didnt give it that much care) the container needs to be set NOT ON PORT 5000
  • if u set the env variables as suggested in the docs reported above (commented out in the yml file above), u wont be able to login to the registry via user and password anymore and u will need to generate a token in gitlab

Viewing all articles
Browse latest Browse all 60

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>