堆栈内存溢出
  简体   繁体   English

Gitlab CI - 注册表和 nginx

[英]Gitlab CI - registry and nginx

 原文  2020-12-16 10:08:16       docker/ nginx/ ssl/ gitlab/ gitlab-ci

问题描述

I am trying to setup self hosted gitlab CI with its own registry.我正在尝试使用自己的注册表设置自托管 gitlab CI。 I am also using self signed certificates for TLS, signed this certificate using my own CA, which is installed as a trusted CA in my host machine我还使用 TLS 的自签名证书,使用我自己的 CA 签署了这个证书,它作为受信任的 CA 安装在我的主机中

Gitlab-CE 13.6.3 version is installed on Ubuntu 18.04. Gitlab-CE 13.6.3版本安装在Ubuntu 18.04上。 Have installed snap microk8s cluster on the same host已在同一主机上安装 snap microk8s 集群

Questions (some very basics)问题(一些非常基础的)

  • Does Gitlab registry use the docker daemon? Gitlab 注册表是否使用 docker 守护程序?

  • How is the connectivity achieved连接性是如何实现的

    Docker client --> NGINX (5050) --> Gitlab registry (5000) Docker 客户端 --> NGINX (5050) --> Gitlab 注册表 (5000)

  • I have below configuration in gitlab.rb file我在 gitlab.rb 文件中有以下配置

registry['enable'] = true
registry['registry_http_addr'] = "127.0.0.1:5000"
registry['log_directory'] = "/var/log/gitlab/registry"
registry['env'] = {
  'SSL_CERT_DIR' => "/etc/gitlab/ssl"
}

# Below you can find settings that are exclusive to "Registry NGINX"
registry_nginx['enable'] = true
registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.local.crt"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.local.key"

registry_nginx['proxy_set_headers'] = {
 "Host" => "$http_host",
 "X-Real-IP" => "$remote_addr",
 "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
 "X-Forwarded-Proto" => "https",
 "X-Forwarded-Ssl" => "on"
}

# When the registry is automatically enabled using the same domain as `external_url`,
# it listens on this port
registry_nginx['listen_port'] = 5050
registry_nginx['listen_addresses'] = ['*', '[::]']

When I try to docker login, following errors are observed.当我尝试 docker 登录时,观察到以下错误。 Is it expected based on the above configuration?根据上面的配置是否可以预期?

   - with URL: https://127.0.0.1:5000 - > Login Success
   - with URL: https://127.0.0.1:5050 - > Login Success 
   - with URL: https://gitlab.local:5050 - > x509 certificate signed by unknown authority
  • I have gitlab k8s & docker runners, Can they access the gitlab registry (nginx) port 5050 from within the container?我有 gitlab k8s 和 docker 跑步者,他们可以从容器内访问 gitlab 注册表(nginx)端口 5050 吗?
    [[runners]]
      name = "docker"
      token = "xxxxxxx"
      executor = "docker"
      [runners.docker]
        image = "docker:stable"
        privileged = true
        volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]

Note: I tried various gitlab forums/posts about the certificate issues on gitlab registry to build/push images, but to no success注意:我尝试了各种关于 gitlab 注册表上的证书问题的 gitlab 论坛/帖子来构建/推送图像,但没有成功

Thank you谢谢

1 个解决方案

解决方案1
 0  2020-12-16 14:46:27

Try by placing the certificate in docker by:尝试通过以下方式将证书放在 docker 中:

sudo mkdir -p /etc/docker/certs.d/gitlab.local:5050
cp /yourcerts/gitlab.local.crt /etc/docker/certs.d/gitlab.local:5050/ca.crt
sudo service docker reload

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 GitLab CI ssh注册表登录 - GitLab CI ssh registry login CI/CD Gitlab 与 Harbor Registry - CI/CD Gitlab with Harbor Registry 对GitLab CI使用私有Docker注册表 - Using private docker registry for GitLab CI 在 CI 中使用来自 gitlab Registry 的图像 - use image from gitlab Registry in CI Gitlab CI/CD 与 JHipster 和 Docker 注册表 - Gitlab CI/CD with JHipster and Docker registry 为 gitlab-ci 使用没有注册表的 docker - Use docker without registry for gitlab-ci GitLab CI 从私有注册表中提取 docker - GitLab CI pull docker from private registry Gitlab CI 不适用于 Gitlab 注册表中的私有图像 - Gitlab CI doesn't work with private image in Gitlab Registry gitlab docker 注册与外部 nginx 和综合 - gitlab docker registry with external nginx and omnibus GitLab CI/CD - nginx 容器上的供应商目录 - GitLab CI/CD - vendor directory on nginx container
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM