I have finally gotten the Container Registry showing up and when I open the page for the registry on my instance of GitLab http://10.2.3.221/outside-sales/outsidesales-app/container_registry it gives the login information at the bottom: docker login 10.2.3.221:5050. But if I try that from my Docker server I get a 503 error:
Error response from daemon: login attempt to https://10.2.3.221:5050/v2/ failed with status: 503 Service Unavailable .
These are on the same network segment and no firewall between. I was getting the error:
Error response from daemon: Get "https://10.2.3.221/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
so I copied my self-signed san certificate to /etc/ssl/certs and symlink’d it to the Docker cert folder: ln -s /etc/ssl/certs /etc/docker/certs.d .
Not sure what is sideways here. Pointers appreciated.
Jesse.
To clarify, are you still having the 509 cert error and now trying to fix the 503, or are you currently getting both errors?
Are you seeing connection attempts in the registry log for connection attempts?
tail -f /var/log/gitlab/registry/
I am only getting the 503 error. I have not had time today to work on this. I will update later when I can.
Thank you for your attention.
Hello @mattfody67 I am just getting back to this.
Here is the log tail you asked about.
2024-01-17_15:36:10.79452 {“content_type”:“application/json”,“correlation_id”:“01HMC11K9A3EGAYN3QZJMM9W9Q”,“duration_ms”:0,“host”:“10.2.3.221:5050”,“level”:“info”,“method”:“GET”,“msg”:“access”,“proto”:“HTTP/1.1”,“referrer”:“”,“remote_addr”:“127.0.0.1:52546”,“remote_ip”:“127.0.0.1”,“status”:503,“system”:“http”,“time”:“2024-01-17T15:36:10.794Z”,“ttfb_ms”:0,“uri”:“/v2/”,“user_agent”:“docker/24.0.6 go/go1.20.7 git-commit/1a79695 kernel/5.4.0-163-generic os/linux arch/amd64 UpstreamClient(Docker-Client/24.0.6 \(linux\))”,“written_bytes”:125}
2024-01-17_15:36:10.79720 {“content_type”:“application/json”,“correlation_id”:“01HMC11K9DY4H5G07H2RBNVPC0”,“duration_ms”:0,“host”:“10.2.3.221:5050”,“level”:“info”,“method”:“GET”,“msg”:“access”,“proto”:“HTTP/1.1”,“referrer”:“”,“remote_addr”:“127.0.0.1:52558”,“remote_ip”:“127.0.0.1”,“status”:503,“system”:“http”,“time”:“2024-01-17T15:36:10.797Z”,“ttfb_ms”:0,“uri”:“/v2/”,“user_agent”:“docker/24.0.6 go/go1.20.7 git-commit/1a79695 kernel/5.4.0-163-generic os/linux arch/amd64 UpstreamClient(Docker-Client/24.0.6 \(linux\))”,“written_bytes”:125}
netstat shows I have these listening ports:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5050 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN
in the log file I tailed, shouldn’t it reflect the client connecting on 127.0.0.1:5000 and not just the localhost IP?
It shows the 127.0.0.1 IP address because all incoming requests are going through an nginx proxy.
“remote_addr”:“127.0.0.1:52558”,
“remote_ip”:“127.0.0.1”
Is this only happening from the docker server?
Are you able to login using a local docker instance?
Do you have any gitlab runners / pipelines that connect to the container registry?