堆栈内存溢出
  繁体   English   中英

gitlab docker 注册与外部 nginx 和综合

[英]gitlab docker registry with external nginx and omnibus

 原文  2017-12-01 00:26:51       docker/ nginx/ gitlab/ docker-registry/ gitlab-omnibus

问题描述

我已经在 docker 容器内运行了一个 gitlab 服务器,在另一个 docker 容器内运行了一个外部 nginx 服务器,因此 gitlab nginx 服务器被停用。 现在我想使用 gitlab 服务器中包含的 docker 注册表。

我尝试从管理手册中获取信息: https://docs.gitlab.com/ee/administration/container_registry.html

并使用链接文件中的 nginx 配置: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl

到 gitlab.rb 我添加了:

... 
registry_external_url 'url'
registry_nginx['enable'] = false
registry['enable'] = true
...

但是如果我尝试登录(docker 登录 url),我只会收到 502 Bad Gateway 错误。 我还尝试了一些其他的组合配置,但总是得到同样的错误。 有人让它工作吗? 我需要向综合文件添加更多设置,还是仍然无法将 gitlab 内部 884065722228588 注册表与综合和外部 nginx 一起使用?

5 个解决方案

解决方案1
 8 已采纳  2018-04-02 15:44:37

好的,我搞定了。

## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
###################################
##         configuration         ##
###################################

upstream docker-registry {
 server <ip_of_gitlab_docker_container>:<port_of_gitlab_container>;
}

## Redirects all HTTP traffic to the HTTPS host
server {
  listen *:80;
  server_name  sub.domain.tld;
  server_tokens off; ## Don't show the nginx version number, a security best practice
  return 301 https://$http_host:$request_uri;
  access_log  /var/log/nginx/gitlab_registry_access.log;
  error_log   /var/log/nginx/gitlab_registry_error.log;
}


server {
  # If a different port is specified in https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182,
  # it should be declared here as well
  listen *:443 ssl http2;
  server_name  sub.domain.tld;
  server_tokens off; ## Don't show the nginx version number, a security best practice

  client_max_body_size 0;
  chunked_transfer_encoding on;

  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
   ssl on;
   ssl_certificate /etc/letsencrypt/live/sub.domain.tld/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/sub.domain.tld/privkey.pem;

  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_session_timeout  5m;

  access_log  /var/log/nginx/gitlab_registry_access.log;
  error_log   /var/log/nginx/gitlab_registry_error.log;


    location /
{
     # let Nginx know about our auth file
     proxy_pass http://docker-registry;
     proxy_set_header Host $host; # required for docker client's sake
     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
 }

 location /v2/ {
     # To add basic authentication to v2 use auth_basic setting plus
     # add_header
     add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
     proxy_pass http://docker-registry;
     proxy_set_header Host $http_host; # required for docker client's sake
     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_read_timeout 900;
 }

}

也许 Andrioshe 的 nginx 配置也有效,但我在尝试时做了一些更改并与其他配置混合。 我认为普通 docker-regsitry 的配置文件也可以使用......将来会尝试。

但更重要的是gitlab综合配置。

registry_external_url 'https://sub.domain.tld'
registry['registry_http_addr'] = "<ip_of_gitlab_docker_container>:<port_of_gitlab_container>"
registry_nginx['enable'] = false
registry['enable'] = true

将 'regsitry_http_addr' 设置为 gitlab docker 注册表 ip 和端口而不是 localhost 很重要。

解决方案2
 3  2018-03-09 23:08:20

我也有和你一样的问题,并让它与以下一起工作:

nginx:

## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
###################################
##         configuration         ##
###################################

## Redirects all HTTP traffic to the HTTPS host
server {
  listen *:80;
  server_name  registry.project-oc.de;
  server_tokens off; ## Don't show the nginx version number, a security best practice
  return 301 https://$http_host:$request_uri;
  access_log  /var/log/nginx/gitlab_registry_access.log;
  error_log   /var/log/nginx/gitlab_registry_error.log;
}

server {
  # If a different port is specified in https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182,
  # it should be declared here as well
  listen *:443 ssl http2;
  server_name  registry.project-oc.de;
  server_tokens off; ## Don't show the nginx version number, a security best practice

  client_max_body_size 0;
  chunked_transfer_encoding on;

  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
  ssl on;
  ssl_certificate /etc/letsencrypt/live/registry.project-oc.de/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/registry.project-oc.de/privkey.pem; # managed by Certbot

  ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_session_timeout  5m;

  access_log  /var/log/gitlab/nginx/gitlab_registry_access.log;
  error_log   /var/log/gitlab/nginx/gitlab_registry_error.log;

  location / {
    proxy_set_header  Host              $http_host;   # required for docker client's sake
    proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
    proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Proto $scheme;
    proxy_read_timeout                  900;

    proxy_pass          http://localhost:5000;
  }
}

gitlab.rb

registry_external_url 'https://registry.project-oc.de'
registry_nginx['listen_port'] = 5000
gitlab_rails['registry_enabled'] = true
registry_nginx['enable'] = false
registry['enable'] = true

编辑完这两个文件后,您必须重新启动 nginx 和 gitlab

解决方案3
 1  2021-04-16 19:46:05

上面的答案很好,但不太适合我的设置,所以我会在这里添加我的配置,以便它可以帮助某人。 我正在使用 compose 运行官方 GitLab Docker 映像,并且已经将 Traefik v2 设置为反向代理。 这些设置取自官方 GitLab Omnibus 设置

在 docker-compose.yml 的 gitlab.rb 环境变量部分:

gitlab_rails['registry_enabled'] = true
registry['enable'] = true
registry_external_url 'https://registry.example.com'
registry_nginx['listen_port'] = 80
registry_nginx['listen_https'] = false"

然后在 docker-compose.yml 中添加以下标签:

- "traefik.http.routers.gitlab-registry.rule=Host(`registry.example.com`)"
- "traefik.http.routers.gitlab-registry.tls=true"
- "traefik.http.routers.gitlab-registry.entrypoints=websecure"
- "traefik.http.routers.gitlab-registry.service=gitlab-registry-service"
- "traefik.http.services.gitlab-registry-service.loadbalancer.server.port=80"

这些设置应该适用于注册表的相同或单独域。 运行注册表的 nginx 服务器被告知在端口 80 上运行纯 http,这使得与 Traefik 集成非常容易。

解决方案4
 0  2019-06-03 09:09:38

从 docker 更新 Gitlab 后,我遇到了同样的问题。

刚刚通过添加修复:

gitlab_rails['registry_enabled'] = true
registry_nginx['enable'] = false
registry['enable'] = true

解决方案5
 0  2022-12-13 22:59:07

问题可能是注册表端口仅绑定到 localhost.network 接口,这是默认设置。

将以下内容添加到 gitlab.rb

registry_external_url 'https://registry.gitlab.example.com'
gitlab_rails['registry_enabled'] = true

registry['enable'] = true
registry['username'] = "registry"
registry['group'] = "registry"
registry['dir'] = "/var/opt/gitlab/registry"
registry['registry_http_addr'] = "0.0.0.0:5050"
registry['debug_addr'] = "0.0.0.0:5051"
registry['log_directory'] = "/var/log/gitlab/registry"
registry['log_level'] = "info"

registry_nginx['enable'] = false

在 docker 上绑定端口5050:5050

创建外部 nginx 配置以侦听从https://registry.gitlab.example.comhttp://127.0.0.1:5050的重定向流量

sudo tee /etc/nginx/sites-available/registry.gitlab.example.com <<EOF
server {
   listen 81;
   server_name registry.gitlab.example.com;

   server_tokens off; ## Don't show the nginx version number, a security best practice

   client_max_body_size 0;
   chunked_transfer_encoding on;

   location /
   {
      # let Nginx know about our auth file
      proxy_pass http://127.0.0.1:5050;
      proxy_set_header Host $host; # required for docker client's sake
      proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
   }
}
EOF

使用 let's encrypt certbot 或任何其他提供商生成证书sudo certbot --nginx -d registry.gitlab.example.com

您现在应该能够访问注册表。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Gitlab CI - 注册表和 nginx Gitlab 免费 docker 注册表 GitLab 综合 Docker 引导循环(以前工作)修复? OmniBus GitLab CE Multirunner 与 Docker 执行器克隆问题 带有nginx的docker Registry:没有这样的主机 使用 nginx 重定向到 docker 注册表 Gitlab Docker 登录到错误的注册表 使用 GitLab 的私有 Docker-Registry 带有 GitLab、docker 和 docker 私有注册表的 CD 如何将 Gitlab Docker Registry 迁移到另一个 Docker Registry?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM