Context:
I create a small infrascture for DevOps on private network with Gitlab running in docker container (gitlab-ce), gitlab runner and an external container registry.
I have a Wildcard SSL certificate provide by a private CA authority (interpreted as self signed certificate by Gitlab).
I use Gitlab as an auth endpoint: can login and push images on container registry.
I setup an external nginx container to redirect to my domains (gitlab and the external container registry).
All of containers have the SSL certificate and the private key if needed.
I also add the cert to /etc/gitlab/trusted-certs refer to this section in the documentation.
Issue:
When I try to visit the container registry feature via Gitlab web interface, i get a “Docker connection error”. Logs in the GitLab container refers to this error: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
I also observed that when i try to remove a group containing projects (didn’t try with empty group), the group cannot be removed due to this same error.
gitlab.rb config:
gitlab_rails[‘gitlab_shell_ssh_port’] = ‘2202’
external_url ‘https://gitlab.example.com’
letsencrypt[‘enable’] = false
gitlab_rails[‘registry_enabled’] = true
gitlab_rails[‘registry_host’] = “registry-gitlab.example.com”
gitlab_rails[‘registry_port’] = “443”
gitlab_rails[‘registry_api_url’] = “https://registry-gitlab.example.com”
gitlab_rails[‘registry_issuer’] = “gitlab-issuer”
registry[‘internal_key’] = “-----BEGIN RSA PRIVATE KEY-----*****\n-----END RSA PRIVATE KEY-----” gitlab_rails[‘registry_key_path’] = “/etc/gitlab/ssl/registry.key”
Thank you