带有外部nginx和omnibus的gitlab docker注册表

本文介绍了带有外部nginx和omnibus的gitlab docker注册表的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我已经在docker容器内运行了gitlab服务器，而在另一个docker容器内运行了外部nginx服务器，因此gitlab nginx服务器已停用.现在我想使用gitlab服务器中包含的docker注册表.

I already run a gitlab server inside a docker container with an external nginx server inside an other docker container, so the gitlab nginx server is deactivated. Now I want to use the docker registry included in the gitlab server.

我尝试从管理手册中获取信息: docs.gitlab /ee/administration/container_registry.html

I try to get the information from the administration manual: docs.gitlab/ee/administration/container_registry.html

并从链接文件中使用合适的nginx配置: gitlab/gitlab -org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl

and use a fitted nginx config from linked file: gitlab/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl

我添加到的gitlab.rb:

to the gitlab.rb I added:

... registry_external_url 'url' registry_nginx['enable'] = false registry['enable'] = true ...

但是，如果我尝试登录(docker登录网址)，只会收到502 Bad Gateway错误.我还尝试了其他带有ombination的配置，但总是遇到相同的错误.有人能奏效吗?是否需要我向omnibus文件添加更多设置，还是仍然无法将gitlab内部docker注册表与omnibus和外部nginx一起使用?

But if I try to login (docker login url), I only get an 502 Bad Gateway error. I also tried some other configuration with ombinations, but gotting always the same error. Do anybody get it work? Need I to add more settings to the omnibus file or is it still not possible to use the gitlab internal docker registry with omnibus and external nginx?

推荐答案

好，我知道了.

## Lines starting with two hashes (##) are comments with information. ## Lines starting with one hash (#) are configuration parameters that can be uncommented. ## ################################### ## configuration ## ################################### upstream docker-registry { server <ip_of_gitlab_docker_container>:<port_of_gitlab_container>; } ## Redirects all HTTP traffic to the HTTPS host server { listen *:80; server_name sub.domain.tld; server_tokens off; ## Don't show the nginx version number, a security best practice return 301 $http_host:$request_uri; access_log /var/log/nginx/gitlab_registry_access.log; error_log /var/log/nginx/gitlab_registry_error.log; } server { # If a different port is specified in gitlab/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182, # it should be declared here as well listen *:443 ssl http2; server_name sub.domain.tld; server_tokens off; ## Don't show the nginx version number, a security best practice client_max_body_size 0; chunked_transfer_encoding on; ## Strong SSL Security ## raymii/s/tutorials/Strong_SSL_Security_On_nginx.html & cipherli.st/ ssl on; ssl_certificate /etc/letsencrypt/live/sub.domain.tld/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sub.domain.tld/privkey.pem; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_session_timeout 5m; access_log /var/log/nginx/gitlab_registry_access.log; error_log /var/log/nginx/gitlab_registry_error.log; location / { # let Nginx know about our auth file proxy_pass docker-registry; proxy_set_header Host $host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /v2/ { # To add basic authentication to v2 use auth_basic setting plus # add_header add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always; proxy_pass docker-registry; proxy_set_header Host $http_host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; } }

也许Andrioshe的nginx配置也可以使用，但是我进行了一些更改并在尝试时将其与其他配置混在一起.我认为普通docker-regsitry的配置文件也可以工作...将来会尝试使用.

Maybe the nginx configuration of Andrioshe also work, but I did some change and mix up with other configurations while trying. I think a configuration file for normal docker-regsitry will also work... will try it in future.

但是更重要的是gitlab omnibus配置.

But the more important thing is the gitlab omnibus configuration.

registry_external_url 'sub.domain.tld' registry['registry_http_addr'] = "<ip_of_gitlab_docker_container>:<port_of_gitlab_container>" registry_nginx['enable'] = false registry['enable'] = true

将'regsitry_http_addr'设置为gitlab Docker注册表IP和端口而非本地主机非常重要.

It is important to set the 'regsitry_http_addr' to the gitlab docker registry ip and port instead of localhost.