带有外部nginx和omnibus的gitlab docker注册表 [英] gitlab docker registry with external nginx and omnibus

问题描述

我已经在docker容器内运行了gitlab服务器，而在另一个docker容器内运行了外部nginx服务器，因此gitlab nginx服务器已停用.现在我想使用gitlab服务器中包含的docker注册表.

I already run a gitlab server inside a docker container with an external nginx server inside an other docker container, so the gitlab nginx server is deactivated. Now I want to use the docker registry included in the gitlab server.

我尝试从管理手册中获取信息: https://docs.gitlab .com/ee/administration/container_registry.html

I try to get the information from the administration manual: https://docs.gitlab.com/ee/administration/container_registry.html

并从链接文件中使用合适的nginx配置: https://gitlab.com/gitlab -org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl

and use a fitted nginx config from linked file: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl

我添加到的gitlab.rb:

to the gitlab.rb I added:

... 
registry_external_url 'url'
registry_nginx['enable'] = false
registry['enable'] = true
...

但是，如果我尝试登录(docker登录网址)，只会收到502 Bad Gateway错误.我还尝试了其他带有ombination的配置，但总是遇到相同的错误.有人能奏效吗?是否需要我向omnibus文件添加更多设置，还是仍然无法将gitlab内部docker注册表与omnibus和外部nginx一起使用?

But if I try to login (docker login url), I only get an 502 Bad Gateway error. I also tried some other configuration with ombinations, but gotting always the same error. Do anybody get it work? Need I to add more settings to the omnibus file or is it still not possible to use the gitlab internal docker registry with omnibus and external nginx?

推荐答案

好，我知道了.

## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
###################################
##         configuration         ##
###################################

upstream docker-registry {
 server <ip_of_gitlab_docker_container>:<port_of_gitlab_container>;
}

## Redirects all HTTP traffic to the HTTPS host
server {
  listen *:80;
  server_name  sub.domain.tld;
  server_tokens off; ## Don't show the nginx version number, a security best practice
  return 301 https://$http_host:$request_uri;
  access_log  /var/log/nginx/gitlab_registry_access.log;
  error_log   /var/log/nginx/gitlab_registry_error.log;
}


server {
  # If a different port is specified in https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182,
  # it should be declared here as well
  listen *:443 ssl http2;
  server_name  sub.domain.tld;
  server_tokens off; ## Don't show the nginx version number, a security best practice

  client_max_body_size 0;
  chunked_transfer_encoding on;

  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
   ssl on;
   ssl_certificate /etc/letsencrypt/live/sub.domain.tld/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/sub.domain.tld/privkey.pem;

  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_session_timeout  5m;

  access_log  /var/log/nginx/gitlab_registry_access.log;
  error_log   /var/log/nginx/gitlab_registry_error.log;


    location /
{
     # let Nginx know about our auth file
     proxy_pass http://docker-registry;
     proxy_set_header Host $host; # required for docker client's sake
     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
 }

 location /v2/ {
     # To add basic authentication to v2 use auth_basic setting plus
     # add_header
     add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
     proxy_pass http://docker-registry;
     proxy_set_header Host $http_host; # required for docker client's sake
     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_read_timeout 900;
 }

}

也许Andrioshe的nginx配置也可以使用，但是我进行了一些更改并在尝试时将其与其他配置混在一起.我认为普通docker-regsitry的配置文件也可以工作...将来会尝试使用.

Maybe the nginx configuration of Andrioshe also work, but I did some change and mix up with other configurations while trying. I think a configuration file for normal docker-regsitry will also work... will try it in future.

但是更重要的是gitlab omnibus配置.

But the more important thing is the gitlab omnibus configuration.

registry_external_url 'https://sub.domain.tld'
registry['registry_http_addr'] = "<ip_of_gitlab_docker_container>:<port_of_gitlab_container>"
registry_nginx['enable'] = false
registry['enable'] = true

将'regsitry_http_addr'设置为gitlab Docker注册表IP和端口而非本地主机非常重要.

It is important to set the 'regsitry_http_addr' to the gitlab docker registry ip and port instead of localhost.

这篇关于带有外部nginx和omnibus的gitlab docker注册表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！