[英]Expose port in docker-compose or configure second letsencrypt certificate
I'm running a selfhosted gitlab docker instance, but I'm facing some problems configuring the registry as I do get the error 我正在运行一个自托管的gitlab docker实例,但是在遇到错误时配置我遇到了一些问题
Error response from daemon: Get https://example.com:4567/v2/: dial tcp <IP>:4567: connect: connection refused
for doing docker login example.com:4567
. 用于执行
docker login example.com:4567
。
So it seems that I have to expose the port 4567
somehow. 因此,似乎必须以某种方式公开端口
4567
。
An (better) alternative would be to configure a second domain for the registry - like registry.example.com
. (更好的)替代方案是为注册表配置第二个域,例如
registry.example.com
。 As you can see below I'm using letsencrypt certificates for my gitlab instance. 如下所示,我正在为gitlab实例使用letencrypt证书。 But how do I get a second certificate for the registry?
但是,如何获得注册表的第二份证书?
This is how my docker-compose looks like - I'm using jwilder/nginx-proxy
for my reverse proxy. 这就是我的
jwilder/nginx-proxy
-compose的样子-我将jwilder/nginx-proxy
用于反向代理。
docker-compose.yml 泊坞窗,compose.yml
gitlab:
image: gitlab/gitlab-ce:11.9.0-ce.0
container_name: gitlab
networks:
- reverse-proxy
restart: unless-stopped
ports:
- '50022:22'
volumes:
- /opt/gitlab/config:/etc/gitlab
- /opt/gitlab/logs:/var/log/gitlab
- /opt/gitlab/data:/var/opt/gitlab
- /opt/nginx/conf.d:/etc/nginx/conf.d
- /opt/nginx/certs:/etc/nginx/certs:ro
environment:
VIRTUAL_HOST: example.com
VIRTUAL_PROTO: https
VIRTUAL_PORT: 443
LETSENCRYPT_HOST: example.com
LETSENCRYPT_EMAIL: certs@example.com
gitlab.rb gitlab.rb
external_url 'https://example.com'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = '/etc/nginx/certs/example.com/fullchain.pem'
nginx['ssl_certificate_key'] = '/etc/nginx/certs/example.com/key.pem'
gitlab_rails['backup_keep_time'] = 604800
gitlab_rails['backup_path'] = '/backups'
gitlab_rails['registry_enabled'] = true
registry_external_url 'https://example.com:4567'
registry_nginx['ssl_certificate'] = "/etc/nginx/certs/example.com/fullchain.pem"
registry_nginx['ssl_certificate_key'] = "/etc/nginx/certs/example.com/key.pem"
For the second alternative it would look like: 对于第二种选择,它看起来像:
registry_external_url 'https://registry.example.com'
registry_nginx['ssl_certificate'] = "/etc/nginx/certs/registry.example.com/fullchain.pem"
registry_nginx['ssl_certificate_key'] = "/etc/nginx/certs/registry.example.com/key.pem"
But how do I set this up in my docker-compose? 但是如何在docker-compose中设置呢?
Update 更新
Im configuring nginx just via jwilder package, without changing anyhting. 我只是通过jwilder软件包配置了nginx,没有任何改变。 So this part of my docker-compose.yml file just looks like this:
所以我的docker-compose.yml文件的这一部分看起来像这样:
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
networks:
- reverse-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /opt/nginx-proxy/vhost.d:/etc/nginx/vhost.d:rw
- /opt/nginx/certs:/etc/nginx/certs:ro
- html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
networks:
- reverse-proxy
depends_on:
- nginx-proxy
volumes:
- /opt/nginx-proxy/vhost.d:/etc/nginx/vhost.d:rw
- html:/usr/share/nginx/html
- /opt/nginx/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:rw
environment:
NGINX_PROXY_CONTAINER: "nginx-proxy"
TL; TL; DR:
DR:
So it seems that I have to expose the port 4567 somehow.
因此,似乎必须以某种方式公开端口4567。
Yes, however jwilder/nginx-proxy
does not support more than one port per virtual host and port 443
is already exposed. 是的,但是
jwilder/nginx-proxy
不支持每个虚拟主机一个以上的端口,并且端口443
已公开。 There is a pull request for that feature but it has not been merged yet. 该功能有一个拉取请求 ,但尚未合并。 You'll need to expose this port another way (see below)
您需要以其他方式公开此端口(请参见下文)
You are using jwilder/nginx-proxy
as reverse proxy to access a Gitlab instance in a container but with your current configuration onlyport 443
is exposed: 您正在使用
jwilder/nginx-proxy
作为反向代理来访问容器中的Gitlab实例,但使用当前配置,仅公开了端口443
:
environment:
VIRTUAL_HOST: example.com
VIRTUAL_PROTO: https
VIRTUAL_PORT: 443
All other Gitlab services (including the registry on port 4567
) are not proxied and therefore not reachable through example.com
. 所有其他Gitlab服务(包括端口
4567
上的注册表)均未被代理,因此无法通过example.com
访问。
Unfortunately it is not possible yet to expose multiple port on a single hostname with jwilder/nginx-proxy
. 不幸的是, 尚无法使用
jwilder/nginx-proxy
在单个主机名上公开多个端口。 There is a pull request open for that use case but it had not been merged yet (you are not the only one with this kind of issue). 该用例有一个拉取请求 ,但尚未被合并(您不是唯一遇到这种问题的人)。
An (better) alternative would be to configure a second domain for the registry
(更好的)替代方案是为注册表配置第二个域
This won't work if you keep using jwilder/nginx-proxy
as even if you changed registry_external_url
, you'll still be stuck with the port issue, and you cannot allocate the same port to two different services. 如果您继续使用
jwilder/nginx-proxy
,即使您更改了registry_external_url
,这也将无法正常工作,您仍然会遇到端口问题,并且无法将同一端口分配给两个不同的服务。
What you can do: 你可以做什么:
VIRTUAL_HOST=example.com:443,example.com:4567
VIRTUAL_HOST=example.com:443,example.com:4567
类的内容配置您的撰写 nginx
container in addition with your current configuration which would specifically do this, or re-configure your entire proxying scheme without using jwilder images nginx
容器,或者专门配置此代理,或者重新配置整个代理方案而无需使用jwilder映像 I am aware this does not provide a finite solution but I hope it helps. 我知道这不能提供有限的解决方案,但希望对您有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.