[英]Gitlab CI - registry and nginx
I am trying to setup self hosted gitlab CI with its own registry.我正在尝试使用自己的注册表设置自托管 gitlab CI。 I am also using self signed certificates for TLS, signed this certificate using my own CA, which is installed as a trusted CA in my host machine
我还使用 TLS 的自签名证书,使用我自己的 CA 签署了这个证书,它作为受信任的 CA 安装在我的主机中
Gitlab-CE 13.6.3 version is installed on Ubuntu 18.04. Gitlab-CE 13.6.3版本安装在Ubuntu 18.04上。 Have installed snap microk8s cluster on the same host
已在同一主机上安装 snap microk8s 集群
Questions (some very basics)问题(一些非常基础的)
Does Gitlab registry use the docker daemon? Gitlab 注册表是否使用 docker 守护程序?
How is the connectivity achieved连接性是如何实现的
Docker client --> NGINX (5050) --> Gitlab registry (5000) Docker 客户端 --> NGINX (5050) --> Gitlab 注册表 (5000)
I have below configuration in gitlab.rb file我在 gitlab.rb 文件中有以下配置
registry['enable'] = true
registry['registry_http_addr'] = "127.0.0.1:5000"
registry['log_directory'] = "/var/log/gitlab/registry"
registry['env'] = {
'SSL_CERT_DIR' => "/etc/gitlab/ssl"
}
# Below you can find settings that are exclusive to "Registry NGINX"
registry_nginx['enable'] = true
registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.local.crt"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.local.key"
registry_nginx['proxy_set_headers'] = {
"Host" => "$http_host",
"X-Real-IP" => "$remote_addr",
"X-Forwarded-For" => "$proxy_add_x_forwarded_for",
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
# When the registry is automatically enabled using the same domain as `external_url`,
# it listens on this port
registry_nginx['listen_port'] = 5050
registry_nginx['listen_addresses'] = ['*', '[::]']
When I try to docker login, following errors are observed.当我尝试 docker 登录时,观察到以下错误。 Is it expected based on the above configuration?
根据上面的配置是否可以预期?
- with URL: https://127.0.0.1:5000 - > Login Success
- with URL: https://127.0.0.1:5050 - > Login Success
- with URL: https://gitlab.local:5050 - > x509 certificate signed by unknown authority
[[runners]]
name = "docker"
token = "xxxxxxx"
executor = "docker"
[runners.docker]
image = "docker:stable"
privileged = true
volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]
Note: I tried various gitlab forums/posts about the certificate issues on gitlab registry to build/push images, but to no success注意:我尝试了各种关于 gitlab 注册表上的证书问题的 gitlab 论坛/帖子来构建/推送图像,但没有成功
Thank you谢谢
Try by placing the certificate in docker by:尝试通过以下方式将证书放在 docker 中:
sudo mkdir -p /etc/docker/certs.d/gitlab.local:5050
cp /yourcerts/gitlab.local.crt /etc/docker/certs.d/gitlab.local:5050/ca.crt
sudo service docker reload
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.