Please execuse my mention of the earlier post. There was an existing discussion on this topic. @Fraeco @wei @xak2000
However, I am still confused on how the reverse proxy for registry can be set up.
In my system, I have Gitlab served in docker container using http. Https is made possible by apache2 reverse proxy.
I’ve read that the registry service has better to be on https service to avoid a bunch of configuration issues.
Does that mean I have to reverse proxy https for my registry service container (https->https)? Can I use the way I set up with Gitlab to serve my registry container as well (https->http)?
My configuration:
Apache2 frontend:
<Location "/">
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Ssl on
RequestHeader set X-Url-Scheme https
</Location>
ProxyPass / http://localhost:5000/
ProxyPassReverse / http://localhost:5000/
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/registry.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/registry.example.com/privkey.pem
Docker container backend (docker-compose.yml):
web:
image: 'gitlab/gitlab-ce:latest'
restart: always
hostname: my-ip-address-for-example.com
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.example.com'
nginx['proxy_set_headers'] = {"X-Forwarded-Proto" => "http", "CUSTOM_HEADER" => "VALUE"}
nginx['real_ip_trusted_addresses'] = [ '10.0.0.0/24' ]
nginx['real_ip_header'] = 'X-Forwarded-For'
nginx['real_ip_recursive'] = 'on'
nginx['listen_port'] = 1081
nginx['listen_https'] = false
registry_external_url 'https://registry.example.com'
registry_nginx['listen_port'] = 5050
registry_nginx['listen_https'] = false
registry_nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
# Add any other gitlab.rb configuration here, each on its own line
ports:
- '5000:5050'
- '1081:1081'
- '1022:22'
volumes:
- '/home/gitlab/config:/etc/gitlab'
- '/home/gitlab/logs:/var/log/gitlab'
- '/home/gitlab/data:/var/opt/gitlab'
I only got a blank page when accessing the “registry.example.com”.
Thank you for any help.