Enabled "package registry" in gitlab

Hello I started learn container, docker, etc since last week and I have a question.

I created a gitlab-ce container with the image available on the dockerhub : https://hub.docker.com/r/gitlab/gitlab-ce/

I used a docker-compose.yaml to add the volumes and keep my modifications.

But when I go on my gitlab web interface I don’t see the “registry” section and I can’t enable it in the settings …

So what is the problem ?
Is gitlab registry only available on Gitlab-ee ? Is Gitlab registry not available in gitlab container ?

Best regards,

Hi,

can you share the content of your docker-compose.yml?

The container registry listens on a dedicated port, which needs to be exposed separately.

Cheers,
Michael

Hi,

Here the content of my docker-compose.yaml file :

version: '3'
services:
    db:
        image: gitlab/gitlab-ce:latest

        volumes:
        - /home/test-docker/gitlab/volumes/config:/etc/gitlab
        - /home/test-docker/gitlab/volumes/logs:/var/log/gitlab
        - /home/test-docker/gitlab/volumes/data:/var/opt/gitlab

        hostname : gitlab.testdocker.com
        restart: always

        ports:
        - "80:80"
        - "443:443"
        - "8082:22"

Hi,

then add 5050 to the port mapping and check whether it is detected reachable.

https://docs.gitlab.com/ee/administration/packages/container_registry.html#enable-the-container-registry

Cheers,
Michael

So here my new docker-compose.yaml :slight_smile:

version: '3'
services:
    db:
        image: gitlab/gitlab-ce:latest
        volumes:
        - /home/test_docker/volumes/config:/etc/gitlab
        - /home/test_docker/volumes/logs:/var/log/gitlab
        - /home/test_docker/volumes/data:/var/opt/gitlab
        hostname : gitlab.testdocker.com
        restart: always
        ports:
        - "80:80"
        - "443:443"
        - "8082:22"
        - "5050:5050"

But the registry is still not enabled …

I deployed a registry container then I modified my gitlab.yml , but I still see no differences …

Hm, which version of the GitLab Docker image are you using? Easiest way to check is via /help on the GitLab server itself.

I tried with 2 versions, from docker hub :

  • GitLab Community Edition : 12.6.4
  • Gitlab Enterprise Edition : 12.6.4

I still have this message :

But I still can’t enable container registry, it’s my gitlab so I am the administrator …

Here my docker compose with the registry and the gitlab-ee :

version: '3'
services:
    registry:
        restart: always
        image: registry:latest
        ports:
        - 5000:5000
        environment:
             REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
             REGISTRY_HTTP_TLS_KEY: /certs/domain.key
             REGISTRY_AUTH: htpasswd
             REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
             REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
        volumes:
        - /home/test_docker/registry/volumes/data:/var/lib/registry
        - /home/test_docker/registry/volumes/certs:/certs
        - /home/test_docker/registry/volumes/auth:/auth
        
    gitlab-ee:
        depends_on : 
        - registry
        image: gitlab/gitlab-ee
        volumes:
        - /home/test_docker/gitlab_ee/volumes/config:/etc/gitlab
        - /home/test_docker/gitlab_ee/volumes/logs:/var/log/gitlab
        - /home/test_docker/gitlab_ee/volumes/data:/var/opt/gitlab
        hostname : gitlab.example.com
        restart: always
        ports:
        - "80:80"
        - "443:443"
        - "8082:22"
        - "5050:5050"

Here the content of my gitlab.yml :

registry:
  enabled: true
  host: registry.gitlab.example.com
  port: 5005
  api_url: http://localhost:5000/
  key: config/registry.key
  path: shared/registry
  issuer: gitlab-issuer

Hi there,

I would say that your setup is not the right one when you want use the GitLab internal Docker registry.

  • A Docker registry is bundled in the official CE or EE containers - you should remove the registry service from the compose file!
  • GitLab will show you the registry inside the GUI only when the internal one is configured correctly.
  • I’m running also a container based GitLab but this is using an gitlab.rb not a yaml file?

Here an example for gitlab.rb:

registry_external_url "https://registry.mac.pro"
gitlab_rails['registry_enabled'] = true
registry['enable'] = true
registry_nginx['enable'] = true
registry_nginx['listen_port'] = 5001
registry_nginx['listen_https'] = false
registry_nginx['proxy_set_headers'] = {
  "Host"              => "$http_host",
  "X-Real-IP"         => "$remote_addr",
  "X-Forwarded-For"   => "$proxy_add_x_forwarded_for",
  "X-Forwarded-Proto" => "https",
  "X-Forwarded-Ssl"   => "on"
}

The port 5001 must be exposed in the compose file. I’m using an additional nginx container as reverse proxy - that’s the purpose that https is disabled and the X-Forwarded-* flags are set.

Good luck!

2 Likes

Thank you,

I removed the registry from my docker compose and just modify the gitlab.rb and now the registry is available.

However I don’t know why, I can connect to my registry but I can’t push in it.

root@test-gitlab-2:/home/test_docker# docker push registry.example.com/root/test/contai
ner_registry/test-hello-world

> 
> The push refers to repository [registry.example.com/root/test/container_registry/test-h
> ello-world]
> af0b15c8625b: Preparing 
> error parsing HTTP 404 response body: invalid character '<' looking for beginning of va
> lue: "<!DOCTYPE html>\n<html>\n<head>\n  <meta content=\"width=device-width, initial-sc
> ale=1, maximum-scale=1\" name=\"viewport\">\n  <title>The page you're looking for could
>  not be found (404)</title>\n  <style>\n    body {\n      color: #666;\n      text-alig
> n: center;\n      font-family: \"Helvetica Neue\", Helvetica, Arial, sans-serif;\n     
>  margin: auto;\n      font-size: 14px;\n    }\n\n    h1 {\n      font-size: 56px;\n    
>   line-height: 100px;\n      font-weight: 400;\n      color: #456;\n    }\n\n    h2 {\n
>       font-size: 24px;\n      color: #666;\n      line-height: 1.5em;\n    }\n\n    h3 
> {\n      color: #456;\n      font-size: 20px;\n      font-weight: 400;\n      line-heig
> ht: 28px;\n    }\n\n    hr {\n      max-width: 800px;\n      margin: 18px auto;\n      
> border: 0;\n      border-top: 1px solid #EEE;\n      border-bottom: 1px solid white;\n 
>    }\n\n    img {\n      max-width: 40vw;\n      display: block;\n      margin: 40px au
> to;\n    }\n\n    a {\n      line-height: 100px;\n      font-weight: 400;\n      color:
>  #4A8BEE;\n      font-size: 18px;\n      text-decoration: none;\n    }\n\n    .containe
> r {\n      margin: auto 20px;\n    }\n\n    .go-back {\n      display: none;\n    }\n\n
>   </style>\n</head>\n\n<body>\n  <a href=\"/\">\n    <img src=\"data:image/svg+xml;base
> 64,PHN2ZyB3aWR0aD0iMjEwIiBoZWlnaHQ9IjIxMCIgdmlld0JveD0iMCAwIDIxMCAyMTAiIHhtbG5zPSJodHRw
> Oi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CiAgPHBhdGggZD0iTTEwNS4wNjE0IDIwMy42NTVsMzguNjQtMTE4Ljk
> yMWgtNzcuMjhsMzguNjQgMTE4LjkyMXoiIGZpbGw9IiNlMjQzMjkiLz4KICA8cGF0aCBkPSJNMTA1LjA2MTQgMj
> AzLjY1NDhsLTM4LjY0LTExOC45MjFoLTU0LjE1M2w5Mi43OTMgMTE4LjkyMXoiIGZpbGw9IiNmYzZkMjYiLz4KI
> CA8cGF0aCBkPSJNMTIuMjY4NSA4NC43MzQxbC0xMS43NDIgMzYuMTM5Yy0xLjA3MSAzLjI5Ni4xMDIgNi45MDcg
> Mi45MDYgOC45NDRsMTAxLjYyOSA3My44MzgtOTIuNzkzLTExOC45MjF6IiBmaWxsPSIjZmNhMzI2Ii8+CiAgPHB
> hdGggZD0iTTEyLjI2ODUgODQuNzM0Mmg1NC4xNTNsLTIzLjI3My03MS42MjVjLTEuMTk3LTMuNjg2LTYuNDExLT
> MuNjg1LTcuNjA4IDBsLTIzLjI3MiA3MS42MjV6IiBmaWxsPSIjZTI0MzI5Ii8+CiAgPHBhdGggZD0iTTEwNS4wN
> jE0IDIwMy42NTQ4bDM4LjY0LTExOC45MjFoNTQuMTUzbC05Mi43OTMgMTE4LjkyMXoiIGZpbGw9IiNmYzZkMjYi
> Lz4KICA8cGF0aCBkPSJNMTk3Ljg1NDQgODQuNzM0MWwxMS43NDIgMzYuMTM5YzEuMDcxIDMuMjk2LS4xMDIgNi4
> 5MDctMi45MDYgOC45NDRsLTEwMS42MjkgNzMuODM4IDkyLjc5My0xMTguOTIxeiIgZmlsbD0iI2ZjYTMyNiIvPg
> ogIDxwYXRoIGQ9Ik0xOTcuODU0NCA4NC43MzQyaC01NC4xNTNsMjMuMjczLTcxLjYyNWMxLjE5Ny0zLjY4NiA2L
> jQxMS0zLjY4NSA3LjYwOCAwbDIzLjI3MiA3MS42MjV6IiBmaWxsPSIjZTI0MzI5Ii8+Cjwvc3ZnPgo=\"\n    
>    alt=\"GitLab Logo\" />\n  </a>\n  <h1>\n    404\n  </h1>\n  <div class=\"container\"
> >\n  <h3>The page could not be found or you don't have permission to view it.</h3>\n 
>    <hr />\n    <p>The resource that you are attempting to access does not exist or you 
> don't have the necessary permissions to view it.</p>\n    <p>Make sure the address is c
> orrect and that the page hasn't moved.</p>\n    <p>Please contact your GitLab administr
> ator if you think this is a mistake.</p>\n    <a href=\"javascript:history.back()\" cla
> ss=\"js-go-back go-back\">Go back</a>\n  </div>\n  <script>\n    (function () {\n      
> var goBack = document.querySelector('.js-go-back');\n\n      if (history.length > 1) {\
> n        goBack.style.display = 'inline';\n      }\n    })();\n  </script>\n</body>\n</
> html>\n"
>

I also tried :

root@test-gitlab-2:/home/test_docker# docker push registry.example.com/root/test/test-h
ello-world

The push refers to repository [registry.example.com/root/test/test-hello-world]

af0b15c8625b: Preparing
error parsing HTTP 404 response body: invalid character ‘<’ looking for beginning of va
lue: “\n\n\n <meta content=“width=device-width, initial-sc
ale=1, maximum-scale=1” name=“viewport”>\n The page you’re looking for could
not be found (404)\n \n body {\n color: #666;\n text-alig
n: center;\n font-family: “Helvetica Neue”, Helvetica, Arial, sans-serif;\n
margin: auto;\n font-size: 14px;\n }\n\n h1 {\n font-size: 56px;\n
line-height: 100px;\n font-weight: 400;\n color: #456;\n }\n\n h2 {\n
font-size: 24px;\n color: #666;\n line-height: 1.5em;\n }\n\n h3
{\n color: #456;\n font-size: 20px;\n font-weight: 400;\n line-heig
ht: 28px;\n }\n\n hr {\n max-width: 800px;\n margin: 18px auto;\n
border: 0;\n border-top: 1px solid #EEE;\n border-bottom: 1px solid white;\n
}\n\n img {\n max-width: 40vw;\n display: block;\n margin: 40px au
to;\n }\n\n a {\n line-height: 100px;\n font-weight: 400;\n color:
#4A8BEE;\n font-size: 18px;\n text-decoration: none;\n }\n\n .containe
r {\n margin: auto 20px;\n }\n\n .go-back {\n display: none;\n }\n\n
\n\n\n\n <a href=”/">\n <img src=“data:image/svg+xml;base
64,PHN2ZyB3aWR0aD0iMjEwIiBoZWlnaHQ9IjIxMCIgdmlld0JveD0iMCAwIDIxMCAyMTAiIHhtbG5zPSJodHRw
Oi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CiAgPHBhdGggZD0iTTEwNS4wNjE0IDIwMy42NTVsMzguNjQtMTE4Ljk
yMWgtNzcuMjhsMzguNjQgMTE4LjkyMXoiIGZpbGw9IiNlMjQzMjkiLz4KICA8cGF0aCBkPSJNMTA1LjA2MTQgMj
AzLjY1NDhsLTM4LjY0LTExOC45MjFoLTU0LjE1M2w5Mi43OTMgMTE4LjkyMXoiIGZpbGw9IiNmYzZkMjYiLz4KI
CA8cGF0aCBkPSJNMTIuMjY4NSA4NC43MzQxbC0xMS43NDIgMzYuMTM5Yy0xLjA3MSAzLjI5Ni4xMDIgNi45MDcg
Mi45MDYgOC45NDRsMTAxLjYyOSA3My44MzgtOTIuNzkzLTExOC45MjF6IiBmaWxsPSIjZmNhMzI2Ii8+CiAgPHB
hdGggZD0iTTEyLjI2ODUgODQuNzM0Mmg1NC4xNTNsLTIzLjI3My03MS42MjVjLTEuMTk3LTMuNjg2LTYuNDExLT
MuNjg1LTcuNjA4IDBsLTIzLjI3MiA3MS42MjV6IiBmaWxsPSIjZTI0MzI5Ii8+CiAgPHBhdGggZD0iTTEwNS4wN
jE0IDIwMy42NTQ4bDM4LjY0LTExOC45MjFoNTQuMTUzbC05Mi43OTMgMTE4LjkyMXoiIGZpbGw9IiNmYzZkMjYi
Lz4KICA8cGF0aCBkPSJNMTk3Ljg1NDQgODQuNzM0MWwxMS43NDIgMzYuMTM5YzEuMDcxIDMuMjk2LS4xMDIgNi4
5MDctMi45MDYgOC45NDRsLTEwMS42MjkgNzMuODM4IDkyLjc5My0xMTguOTIxeiIgZmlsbD0iI2ZjYTMyNiIvPg
ogIDxwYXRoIGQ9Ik0xOTcuODU0NCA4NC43MzQyaC01NC4xNTNsMjMuMjczLTcxLjYyNWMxLjE5Ny0zLjY4NiA2L
jQxMS0zLjY4NSA3LjYwOCAwbDIzLjI3MiA3MS42MjV6IiBmaWxsPSIjZTI0MzI5Ii8+Cjwvc3ZnPgo=”\n
alt=“GitLab Logo” />\n \n

\n 404\n

\n <div class=“container”

\n

The page could not be found or you don’t have permission to view it.

\n

\n

The resource that you are attempting to access does not exist or you don't have the necessary permissions to view it.

\n

Make sure the address is c orrect and that the page hasn't moved.

\n

Please contact your GitLab administr ator if you think this is a mistake.

\n Go back\n \n \n\n\n"

I configured like this (only the following lines) :

registry_external_url 'https://registry.example.com'
gitlab_rails['registry_enabled'] = true
registry['enable'] = true
nginx['listen_https'] = false
registry_nginx['enable'] = true
registry_nginx['proxy_set_headers'] = {
 "Host" => "$http_host",
 "X-Real-IP" => "$remote_addr",
 "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
 "X-Forwarded-Proto" => "https",
 "X-Forwarded-Ssl" => "on"
}
 registry_nginx['listen_port'] = 5050

Is it enought ?
Is this normal that the following lines staid uncomment like this ?

# gitlab_rails['registry_host'] = "registry.gitlab.example.com"
# gitlab_rails['registry_port'] = "5005"
# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
# Notification secret, it's used to authenticate notification requests to GitLab appli$
# You only need to change this when you use external Registry service, otherwise
# it will be taken directly from notification settings of your Registry
# gitlab_rails['registry_notification_secret'] = nil
###! **Do not change the following 3 settings unless you know what you are
###!   doing**
#  gitlab_rails['registry_api_url'] = "http://localhost:5000"
#  gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
#  gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"

# registry['username'] = "registry"
# registry['group'] = "registry"
# registry['uid'] = nil
# registry['gid'] = nil
# registry['dir'] = "/var/opt/gitlab/registry"
# registry['registry_http_addr'] = "localhost:5000"
# registry['debug_addr'] = "localhost:5001"
#  registry['log_directory'] = "/var/log/gitlab/registry"
#  registry['env_directory'] = "/opt/gitlab/etc/registry/env"
#  registry['env'] = {
#    'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
#  }
# registry['log_level'] = "info"
# registry['log_formatter'] = "text"
# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
# registry['health_storagedriver_enabled'] = true
# registry['storage_delete_enabled'] = true
# registry['validation_enabled'] = false
# registry['autoredirect'] = false
# registry['compatibility_schema1_enabled'] = false
### Registry backend storage
###! Docs: https://docs.gitlab.com/ee/administration/container_registry.html#container$
# registry['storage'] = {
#  's3' => {
#     'accesskey' => 'AKIAKIAKI',
#     'secretkey' => 'secret123',
#     'region' => 'us-east-1',
#     'bucket' => 'gitlab-registry-bucket-AKIAKIAKI'
#   }
# }

I had my " registry.gitlab.example.com " in my hosts file with 127.0.01

The push also doesn’t work with 127.0.01 or localhost.

The docker push command URL misses the port where the registry is listening on. Try using https://registry.example.com:5050/.....

OK the configuration is not correct for the network. In the error response you’ll find this Go back this comes from the GitLab web frontend when the login fails. I would say you are not contacting the registry it’s the git part.

When you add different FQDNs in your hosts file all with the same IP it will not work? You must use different ports.

In your config you have a mixture of http and https - when you have not configured certificates set all to http and ssl to off.

Add the exposed port to registry_external_url - this URL you see in the Web fronend for copy/paste etc. and this should work. Start with a docker login…

The settings in the config which are disable showing the configured default. If you not need to change them ignore them.

1 Like

Thank you, I modified everything and it’s now working perfectly.

Enjoy!

@nightman68 can you shared your final config here please

A post was split to a new topic: Container registry with reverse proxy throws < token errors on auth