带有外部 nginx 和综合的 gitlab docker 注册表 [英] gitlab docker registry with external nginx and omnibus
问题描述
我已经在一个 docker 容器内运行了一个 gitlab 服务器,并在另一个 docker 容器内运行了一个外部 nginx 服务器,因此 gitlab nginx 服务器被停用.现在我想使用 gitlab 服务器中包含的 docker 注册表.
我尝试从管理手册中获取信息:https://docs.gitlab.com/ee/administration/container_registry.html
并使用来自链接文件的合适的 nginx 配置:https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl
到我添加的 gitlab.rb:
<代码>...registry_external_url '网址'registry_nginx['启用'] = false注册表['启用'] = true...
但如果我尝试登录(docker login url),我只会收到 502 Bad Gateway 错误.我还尝试了其他一些带有组合的配置,但总是遇到同样的错误.有人得到它的工作吗?我需要向综合文件添加更多设置,还是仍然无法将 gitlab 内部 docker 注册表与综合和外部 nginx 一起使用?
好的,我搞定了.
## 以两个哈希 (##) 开头的行是带有信息的注释.## 以一个哈希 (#) 开头的行是可以取消注释的配置参数.###################################### 配置 ####################################上游码头登记处{服务器<ip_of_gitlab_docker_container>:<port_of_gitlab_container>;}## 将所有 HTTP 流量重定向到 HTTPS 主机服务器 {听 *:80;server_name sub.domain.tld;server_tokens 关闭;##不显示nginx版本号,安全最佳实践返回 301 https://$http_host:$request_uri;access_log/var/log/nginx/gitlab_registry_access.log;错误日志/var/log/nginx/gitlab_registry_error.log;}服务器 {# 如果在 https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182 中指定了不同的端口,# 它也应该在这里声明听 *:443 ssl http2;server_name sub.domain.tld;server_tokens 关闭;##不显示nginx版本号,安全最佳实践client_max_body_size 0;chunked_transfer_encoding 开启;## 强大的 SSL 安全性## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html &https://cipherli.st/开启ssl;ssl_certificate/etc/letsencrypt/live/sub.domain.tld/fullchain.pem;ssl_certificate_key/etc/letsencrypt/live/sub.domain.tld/privkey.pem;ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers 开启;ssl_session_cache 内置:1000 共享:SSL:10m;ssl_session_timeout 5m;access_log/var/log/nginx/gitlab_registry_access.log;错误日志/var/log/nginx/gitlab_registry_error.log;地点/{# 让 Nginx 知道我们的 auth 文件proxy_pass http://docker-registry;proxy_set_header 主机 $host;# 为了 docker 客户端需要proxy_set_header X-Real-IP $remote_addr;# 传递真实客户的IPproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;}位置/v2/{# 要向 v2 添加基本身份验证,请使用 auth_basic 设置加# add_headeradd_header 'Docker-Distribution-Api-Version' 'registry/2.0' 总是;proxy_pass http://docker-registry;proxy_set_header 主机 $http_host;# 为了 docker 客户端需要proxy_set_header X-Real-IP $remote_addr;# 传递真实客户的IPproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_read_timeout 900;}}
也许 Andrioshe 的 nginx 配置也可以,但我在尝试时做了一些更改并与其他配置混合.我认为普通 docker-regsitry 的配置文件也可以工作......将来会尝试.
但更重要的是gitlab综合配置.
registry_external_url 'https://sub.domain.tld'注册表['registry_http_addr'] = "<ip_of_gitlab_docker_container>:<port_of_gitlab_container>"registry_nginx['启用'] = false注册表['启用'] = true
<块引用>
将 'regsitry_http_addr' 设置为 gitlab docker 注册表 ip 和端口而不是 localhost,这一点很重要.
I already run a gitlab server inside a docker container with an external nginx server inside an other docker container, so the gitlab nginx server is deactivated. Now I want to use the docker registry included in the gitlab server.
I try to get the information from the administration manual: https://docs.gitlab.com/ee/administration/container_registry.html
and use a fitted nginx config from linked file: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl
to the gitlab.rb I added:
...
registry_external_url 'url'
registry_nginx['enable'] = false
registry['enable'] = true
...
But if I try to login (docker login url), I only get an 502 Bad Gateway error. I also tried some other configuration with ombinations, but gotting always the same error. Do anybody get it work? Need I to add more settings to the omnibus file or is it still not possible to use the gitlab internal docker registry with omnibus and external nginx?
ok i got it work.
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
###################################
## configuration ##
###################################
upstream docker-registry {
server <ip_of_gitlab_docker_container>:<port_of_gitlab_container>;
}
## Redirects all HTTP traffic to the HTTPS host
server {
listen *:80;
server_name sub.domain.tld;
server_tokens off; ## Don't show the nginx version number, a security best practice
return 301 https://$http_host:$request_uri;
access_log /var/log/nginx/gitlab_registry_access.log;
error_log /var/log/nginx/gitlab_registry_error.log;
}
server {
# If a different port is specified in https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182,
# it should be declared here as well
listen *:443 ssl http2;
server_name sub.domain.tld;
server_tokens off; ## Don't show the nginx version number, a security best practice
client_max_body_size 0;
chunked_transfer_encoding on;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
ssl on;
ssl_certificate /etc/letsencrypt/live/sub.domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sub.domain.tld/privkey.pem;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 5m;
access_log /var/log/nginx/gitlab_registry_access.log;
error_log /var/log/nginx/gitlab_registry_error.log;
location /
{
# let Nginx know about our auth file
proxy_pass http://docker-registry;
proxy_set_header Host $host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /v2/ {
# To add basic authentication to v2 use auth_basic setting plus
# add_header
add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
proxy_pass http://docker-registry;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}
Maybe the nginx configuration of Andrioshe also work, but I did some change and mix up with other configurations while trying. I think a configuration file for normal docker-regsitry will also work... will try it in future.
But the more important thing is the gitlab omnibus configuration.
registry_external_url 'https://sub.domain.tld'
registry['registry_http_addr'] = "<ip_of_gitlab_docker_container>:<port_of_gitlab_container>"
registry_nginx['enable'] = false
registry['enable'] = true
It is important to set the 'regsitry_http_addr' to the gitlab docker registry ip and port instead of localhost.
这篇关于带有外部 nginx 和综合的 gitlab docker 注册表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!