Access restrictions for container registry

I’m new to GitLab … well, from the admin side anyway.
I have installed via docker container and docker-compose. (latest image. 16.6)
Install smooth. No issues.
Git push of code … no problem.
My issue comes in that I want to limit access to images in the container registry. I have created an additional user for testing, made that user a member of the project. But so far, they only way to have that user able to pull the image is when the project is public, and the container registry is set to “anyone with access.” Regardless of the user’s role. ( Even set as owner, it is not able to pull if I change the container registry visibility to “only project members”.) I feel like I have missed something REALLY obvious, but have been staring at it on and off for 3 days now.
I’ve been looking here, and I feel like I understand what is being said, but either something is missing in the docs, I’m just not getting it.

Please help …


You did login to your Gitlab instance when the repo is private?

docker login

as this would be required before you can pull an image. I have private groups and projects, and can pull images fine, so I expect it’s because the machine trying to pull the image, isn’t logged into your Gitlab server.

Yes. Even tried logout/login again to make sure.
No change.

To add to my confusion …

I created a new project.
The project is set private.

I login as the user I created the project as and …

[scott@frankfurt ~]$ docker login -u myusername

Login Succeeded
[scott@frankfurt ~]$ docker push
Using default tag: latest
The push refers to repository []
5f70bf18a086: Preparing 
035fbe036b9a: Waiting 
denied: access forbidden

Figured it out …
I was not including the port 5050 in the URL for the docker login command . . . . . .
So I guess I was logging into the website instead of the container registry

I knew it was something stupid …


1 Like