Container registry behind reverse proxy

Hi,

I’m hosting a Gitlab CE run out docker for a small development firm. They’re set up with CI right now to push to dockerhub right now. Customer has asked if it is possible to use the registry functionality of GitLab itself.

The setup seems straightforward, however there are a lot of blanks when you’re running behind a reverse proxy.

The domain is using Cloudflare for the SSL and I’ve configured my cloudflare origin certificates in my reverse proxy. The communication between the reverse proxy (rancher haproxy) and the gitlab container is http.
This is done by using the following parameters in omnibus
nginx[‘listen_port’] = 80
nginx[‘listen_https’] = false
external_url ‘https://gitlab.customer.com

Are there similar parameters to set up the container registry through a reverse proxy that strips the SSL?

Thanks in advance!

1 Like

I think you can do something similar :

  registry_nginx['listen_port'] = 5000 
  registry_nginx['listen_https'] = false
  registry_nginx['proxy_set_headers'] = {
    "X-Forwarded-Proto" => "https",
    "X-Forwarded-Ssl" => "on"
  }

This is what I used for my instance.

5 Likes

It works, but in my case (I run gitlab using it’s official all-in-one docker image) it was required to use different port for registry_nginx because 5000 is used by docker registry itself, that gitlab runs.

So, I set:

registry_nginx['listen_port'] = 5005

And run gitlab docker image with additional port mapping 5000:5005 (host:container)

The proxy chain is like that:

[public nginx]:443 -> [docker container port mapping]:5000 -> [gitlab nginx]:5005 -> [gitlab docker registry]:5000