带有外部 nginx 和综合的 gitlab docker 注册表 [英] gitlab docker registry with external nginx and omnibus

问题描述

我已经在一个 docker 容器内运行了一个 gitlab 服务器，并在另一个 docker 容器内运行了一个外部 nginx 服务器，因此 gitlab nginx 服务器被停用.现在我想使用 gitlab 服务器中包含的 docker 注册表.

我尝试从管理手册中获取信息:https://docs.gitlab.com/ee/administration/container_registry.html

并使用来自链接文件的合适的 nginx 配置:https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl

到我添加的 gitlab.rb:

<代码>...registry_external_url '网址'registry_nginx['启用'] = false注册表['启用'] = true...

但如果我尝试登录(docker login url)，我只会收到 502 Bad Gateway 错误.我还尝试了其他一些带有组合的配置，但总是遇到同样的错误.有人得到它的工作吗?我需要向综合文件添加更多设置，还是仍然无法将 gitlab 内部 docker 注册表与综合和外部 nginx 一起使用?

解决方案

好的，我搞定了.

## 以两个哈希 (##) 开头的行是带有信息的注释.## 以一个哈希 (#) 开头的行是可以取消注释的配置参数.######################################         配置         ####################################上游码头登记处{服务器<ip_of_gitlab_docker_container>:<port_of_gitlab_container>;}## 将所有 HTTP 流量重定向到 HTTPS 主机服务器 {听 *:80;server_name sub.domain.tld;server_tokens 关闭；##不显示nginx版本号，安全最佳实践返回 301 https://$http_host:$request_uri;access_log/var/log/nginx/gitlab_registry_access.log；错误日志/var/log/nginx/gitlab_registry_error.log；}服务器 {# 如果在 https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182 中指定了不同的端口，# 它也应该在这里声明听 *:443 ssl http2;server_name sub.domain.tld;server_tokens 关闭；##不显示nginx版本号，安全最佳实践client_max_body_size 0；chunked_transfer_encoding 开启；## 强大的 SSL 安全性## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html &https://cipherli.st/开启ssl；ssl_certificate/etc/letsencrypt/live/sub.domain.tld/fullchain.pem；ssl_certificate_key/etc/letsencrypt/live/sub.domain.tld/privkey.pem；ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';ssl_protocols TLSv1 TLSv1.1 TLSv1.2；ssl_prefer_server_ciphers 开启；ssl_session_cache 内置:1000 共享:SSL:10m；ssl_session_timeout 5m;access_log/var/log/nginx/gitlab_registry_access.log；错误日志/var/log/nginx/gitlab_registry_error.log；地点/{# 让 Nginx 知道我们的 auth 文件proxy_pass http://docker-registry;proxy_set_header 主机 $host;# 为了 docker 客户端需要proxy_set_header X-Real-IP $remote_addr;# 传递真实客户的IPproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;}位置/v2/{# 要向 v2 添加基本身份验证，请使用 auth_basic 设置加# add_headeradd_header 'Docker-Distribution-Api-Version' 'registry/2.0' 总是；proxy_pass http://docker-registry;proxy_set_header 主机 $http_host;# 为了 docker 客户端需要proxy_set_header X-Real-IP $remote_addr;# 传递真实客户的IPproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_read_timeout 900；}}

也许 Andrioshe 的 nginx 配置也可以，但我在尝试时做了一些更改并与其他配置混合.我认为普通 docker-regsitry 的配置文件也可以工作......将来会尝试.

但更重要的是gitlab综合配置.

registry_external_url 'https://sub.domain.tld'注册表['registry_http_addr'] = "<ip_of_gitlab_docker_container>:<port_of_gitlab_container>"registry_nginx['启用'] = false注册表['启用'] = true

<块引用>

将 'regsitry_http_addr' 设置为 gitlab docker 注册表 ip 和端口而不是 localhost，这一点很重要.

I already run a gitlab server inside a docker container with an external nginx server inside an other docker container, so the gitlab nginx server is deactivated. Now I want to use the docker registry included in the gitlab server.

I try to get the information from the administration manual: https://docs.gitlab.com/ee/administration/container_registry.html

and use a fitted nginx config from linked file: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl

to the gitlab.rb I added:

... 
registry_external_url 'url'
registry_nginx['enable'] = false
registry['enable'] = true
...

But if I try to login (docker login url), I only get an 502 Bad Gateway error. I also tried some other configuration with ombinations, but gotting always the same error. Do anybody get it work? Need I to add more settings to the omnibus file or is it still not possible to use the gitlab internal docker registry with omnibus and external nginx?

解决方案

ok i got it work.

## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
###################################
##         configuration         ##
###################################

upstream docker-registry {
 server <ip_of_gitlab_docker_container>:<port_of_gitlab_container>;
}

## Redirects all HTTP traffic to the HTTPS host
server {
  listen *:80;
  server_name  sub.domain.tld;
  server_tokens off; ## Don't show the nginx version number, a security best practice
  return 301 https://$http_host:$request_uri;
  access_log  /var/log/nginx/gitlab_registry_access.log;
  error_log   /var/log/nginx/gitlab_registry_error.log;
}


server {
  # If a different port is specified in https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182,
  # it should be declared here as well
  listen *:443 ssl http2;
  server_name  sub.domain.tld;
  server_tokens off; ## Don't show the nginx version number, a security best practice

  client_max_body_size 0;
  chunked_transfer_encoding on;

  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
   ssl on;
   ssl_certificate /etc/letsencrypt/live/sub.domain.tld/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/sub.domain.tld/privkey.pem;

  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_session_timeout  5m;

  access_log  /var/log/nginx/gitlab_registry_access.log;
  error_log   /var/log/nginx/gitlab_registry_error.log;


    location /
{
     # let Nginx know about our auth file
     proxy_pass http://docker-registry;
     proxy_set_header Host $host; # required for docker client's sake
     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
 }

 location /v2/ {
     # To add basic authentication to v2 use auth_basic setting plus
     # add_header
     add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
     proxy_pass http://docker-registry;
     proxy_set_header Host $http_host; # required for docker client's sake
     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_read_timeout 900;
 }

}

Maybe the nginx configuration of Andrioshe also work, but I did some change and mix up with other configurations while trying. I think a configuration file for normal docker-regsitry will also work... will try it in future.

But the more important thing is the gitlab omnibus configuration.

registry_external_url 'https://sub.domain.tld'
registry['registry_http_addr'] = "<ip_of_gitlab_docker_container>:<port_of_gitlab_container>"
registry_nginx['enable'] = false
registry['enable'] = true

It is important to set the 'regsitry_http_addr' to the gitlab docker registry ip and port instead of localhost.

这篇关于带有外部 nginx 和综合的 gitlab docker 注册表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！