Can't self hosted gitlab container registry behind nginx reverse proxy

How to Use GitLab
,
1

Hi all. I can’t get rid of error

Error response from daemon: Get “https://cr.domain.com:5050/v2/”: Get “/jwt/auth?account=root&client_id=docker&offline_token=true&service=container_registry”: unsupported protocol scheme “”

I’ll change all the domain name to fake ones.
I’ve gor router where 80,443 and 5050 ports forwarded to nginx revers proxy (172.16.10.150).
I’ve got nginx reverse proxy (172.16.10.150) with such configs.

reg.domain.com.conf

server {
listen 80;
server_name reg.domain.com;
return 301 https://$server_name$request_uri;
}

server {
server_name reg.domain.com;

location / {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 10000;
proxy_send_timeout 10000;
proxy_read_timeout 10000;
send_timeout 10000;
client_max_body_size 1000m;
    proxy_pass  http://172.16.10.157;
}


listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/reg.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/reg.domain.com/privkey.pem; # managed by Certbot
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

}

cr.domain.com.conf

server {
server_name cr.domain.com;

location / {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 10000;
proxy_send_timeout 10000;
proxy_read_timeout 10000;
send_timeout 10000;
client_max_body_size 1000m;
proxy_redirect          off;
proxy_set_header        X-Forwarded-Proto https;
proxy_set_header        Host              $http_host;
proxy_set_header        X-Real-IP         $remote_addr;
proxy_set_header        X-Forwarded-Ssl   on;
proxy_set_header        X-Frame-Options   SAMEORIGIN;
proxy_cache off;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
    proxy_pass  http://172.16.10.157:5050;
}


listen 5050 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cr.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cr.domain.com/privkey.pem; # managed by Certbot
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

}

server {
listen 80;
server_name cr.domain.com;
return 301 https://$server_name$request_uri;
}

172.16.10.157 is a VM with a gitlab where i try to start container registry.

gitlab.rb

external_url = ‘https://reg.domain.com
nginx[‘listen_port’] = 80
nginx[‘listen_https’] = false
nginx[‘proxy_protocol’] = true
nginx[‘real_ip_trusted_addresses’] = [ “127.0.0.0/8”, “172.16.10.150/32”]
nginx[‘proxy_set_headers’] = {
“X-Forwarded-Proto” => “http”,
“CUSTOM_HEADER” => “VALUE”
}

registry_external_url = ‘https://cr.domain.com
gitlab_rails[‘registry_enabled’] = true
registry[‘enable’] = true
registry_nginx[‘enable’] = true
registry_nginx[‘proxy_set_headers’] = {
“Host” => “$http_host”,
“X-Real-IP” => “$remote_addr”,
“X-Forwarded-For” => “$proxy_add_x_forwarded_for”,
“X-Forwarded-Proto” => “https”,
“X-Forwarded-Ssl” => “on”
}
registry_nginx[‘listen_port’] = 5050
registry_nginx[‘listen_https’] = false

gitlab_rails[‘registry_enabled’] = true
gitlab_rails[‘registry_host’] = “cr.domain.com
gitlab_rails[‘registry_port’] = “5050”
gitlab_rails[‘registry_path’] = “/var/opt/gitlab/gitlab-rails/shared/registry”
registry[‘registry_http_addr’] = “127.0.0.1:5000”

How can i get rid of this error with a reverse proxy using?
Thanks

2

In my case eror “unsupported protocol scheme “”” seems solved by adding “registry[‘token_realm’] = ‘https://reg.domain.com’” to the /etc/gitlab/gitlab.rb

gitlab-ee/now 15.3.2-ee.0 amd64 [installed,local]

1 Like