Gitlab vs Registry in docker 容器后面的代理错误
[英]Gitlab vs Registry in docker container behind proxy ERROR
问题描述
I'm trying to enable gitlab registry running in docker behing nginx proxy on centos lxd container:)
我正在尝试启用 gitlab 注册表在 docker 中运行 nginx 代理在 ZCDC872DB616AC66ADB3831666 上
Nginx's configuration on centos Nginx在centos上的配置
server {
listen *:80;
server_name registry.site.name;
return 301 https://$server_name$request_uri;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
}
server{
listen 443 ssl http2;
server_name registry.site.name;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/site.name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.name/privkey.pem;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=63072000" always;
location /{
proxy_pass http://localhost:8085;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Url-Scheme $scheme;
}
}
Gitlab.rb configuration Gitlab.rb配置
registry_external_url 'https://registry.site.name'
gitlab_rails['registry_enabled'] = true
registry['enable'] = true
registry['registry_http_addr'] = "git.site.name:8085" # (it is the same as gitlab ip - 172.17.0.3:8085)
registry_nginx['enable'] = false
Docker-compose Docker-compose
version: '2.3'
services:
web:
image: 'gitlab/gitlab-ce:latest'
restart: always
container_name: 'git'
hostname: 'git.site.name'
ports:
- '22:22'
- '8081:8081'
- '8085:8085'
volumes:
- '/data/Projects/git/config:/etc/gitlab'
- '/var/log/git:/var/log/gitlab'
- '/data/Projects/git/data:/var/opt/gitlab'
network_mode: bridge
Looks good.看起来不错。 If i make a request to registry.site.name, i see it in gitlab/registry/current log.如果我向 registry.site.name 发出请求,我会在 gitlab/registry/current 日志中看到它。 Registry page also opens good in the project.注册表页面在项目中也打开良好。
But, i can't use CLI Every time i'm trying to docker login registry.site.name it fails with但是,我每次尝试docker login registry.site.name时都无法使用 CLI
Error response from daemon: Get https://registry.site.name/v2/: remote error: tls: protocol version not supported
And this request stopped before git docker container, my nginx proxy logs:并且此请求在 git docker 容器之前停止,我的 nginx 代理日志:
2020/08/05 10:42:21 [crit] 268168#0: *9 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 10.200.3.1, server: 0.0.0.0:443
The same error is triggered if i try to check tls1.2 connection with curl -I -v -L --tlsv1.2 --tls-max 1.2 registry.site.name如果我尝试检查 tls1.2 与curl -I -v -L --tlsv1.2 --tls-max 1.2 registry.site.name连接,则会触发相同的错误
So maybe docker login uses tls 1.2 but i don't understand why it is not working, because i set it up in nginx config.所以也许 docker 登录使用 tls 1.2 但我不明白为什么它不起作用,因为我在 nginx 配置中设置了它。
I also tried nginx configuraton from that question gitlab docker registry with external nginx and omnibus我还尝试了 nginx 配置从该问题gitlab docker 注册表与外部 ZEE434023CF64F0D7DFD94ZF6 和
but still no luck但仍然没有运气
1 个解决方案
解决方案1
0 2020-08-05 11:01:40
The mistake was that nginx config FOR git.site.conf didn't contain TLSv1.2错误是 git.site.conf 的 nginx 配置不包含 TLSv1.2
So be sure that both config (git®istry) have tls 1.2 support所以请确保两个配置(git®istry)都支持 tls 1.2
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.