Change default Docker registry


I am running a self-hosted GitLab (14.3.3-ee) instance with a shared runner on Centos7. I am also running a self-hosted Harbor Docker registry, and I would like it to be the default registry where the runner pulls all of its images from. For example, if I have a project with a .gitlab-ci.yaml file, starting with let’s say image: alpine:latest, I would like the runner to pull this image from my registry without me having to write image: I already researched about this, but I never found exactly what I wanted.

How do I achieve this?



I was looking for the same thing. An answer to this would be great!

Have you tried changing docker to run through a proxy? Registry as a pull through cache | Docker Documentation

I read this :

Mirrors of Docker Hub are still subject to Docker’s fair usage policy.

I would like to circumvent the pull quotas with my registry. This doesn’t sound like what I need.

(post deleted by author)

Got this working.

The documentation that @jmanko (thanks for the tip) mentioned has the solution. Basically, this work needs to be done on the gitlab-runner, not the GitLab server.

update your daemon.json file for docker (mine was at /etc/docker/daemon.json)

    "log-opts": {
       "max-size": "50m",
       "max-file": "3"

    "registry-mirrors": [""],
    "insecure-registries" : [""]

from here, perform a docker restart. I’m working on Centos7:

sudo systemctl restart docker

now in my .gitlab-ci.yml instead of:

image: "${DOCKER_REGISTRY_ADDRESS}/path/to/container/<container>:<tag>"

I can just use:

image: "path/to/container/<container>:<tag>"

Another thing to note - if the majority of your pipelines leverage the same image (lets call it your “base image”), you can set your base image in your config.toml gitelab-runner config. This will allow you to not specify an image for jobs that leverage this base image:

  name = "<name of runner>"
  url = "<https://<gitlab URL>"
  token = "<token>"
  executor = "docker"
    tls_verify = false
    image = "<container>:<tag>"
    privileged = false
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0

Hope this helps!

1 Like

Thanks for that information, @sobedrinker42 !!!

1 Like

I tried this but it still does not work. A solution for this would be very welcome.

As an admin of the Runner, I would like that the users of the Runner do not have to specify the registry url. What I would need is some script that takes the image given by the user and automatically add the registry url before it before pulling the image.

Hi! Sorry to write again, but I really would like to find out how to do this. Surely I am not the first one trying.