External Docker registry not working ({"unmatched_route"=>"v2"})

Hi there,

Im currently trying to set up an external Docker Registry which should use Gitlab as authentication provider. I followed the documentation from https://docs.gitlab.com but when I try to do a docker login registry.example.com it always says “Login Succeeded” even if I enter a completely wrong password… I’m running all these services as Docker containers behind a Traefik load balancer which terminates the SSL/TLS.

The Gitlab container shows the following error:

gitlab_1  | ==> /var/log/gitlab/gitlab-rails/production.log <==
gitlab_1  | Started GET "/v2/" for 172.19.0.1 at 2018-04-04 11:38:08 +0000
gitlab_1  | Processing by ApplicationController#route_not_found as HTML
gitlab_1  |   Parameters: {"unmatched_route"=>"v2"}
gitlab_1  | Completed 401 Unauthorized in 2ms (ActiveRecord: 0.0ms)

The Docker-compose.yml parts of the registry and gitlab looks like this:

registry:
  image: registry:2.6.2
  volumes:
    - /opt/data/gitlab/registry/certs:/opt/certs/:Z
    - /opt/data/gitlab/registry/data:/opt/data:Z
  environment:
    - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/opt/data
    - REGISTRY_AUTH_TOKEN_REALM=https://gitlab/jwt/auth
    - REGISTRY_AUTH_TOKEN_SERVICE=container_registry
    - REGISTRY_AUTH_TOKEN_ISSUER=omnibus-gitlab-issuer
    - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/opt/certs/registry.crt
    - REGISTRY_HTTP_SECRET=<my-secret>
    - REGISTRY_LOG_LEVEL=info
  networks:
    - mynet
  labels:
    - traefik.enable=false

gitlab:
  image: gitlab/gitlab-ce:10.4.3-ce.0
  restart: always
  depends_on:
    - db
  env_file:
    - settings.env
  environment:
    GITLAB_OMNIBUS_CONFIG: |
      ### General GitLab settings
      external_url 'https://gitlab.example.com'
      nginx['listen_port'] = 80
      nginx['listen_https'] = false

      ### Git settings
      gitlab_rails['gitlab_shell_ssh_port'] = 8822;
      gitlab_rails['lfs_enabled'] = true
      gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"

      # Monitoring
      prometheus_monitoring['enable'] = false

      ### Registry settings
      registry_nginx['proxy_set_headers'] = {
       "Host" => "$http_host",
       "X-Real-IP" => "$remote_addr",
       "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
       "X-Forwarded-Proto" => "https",
       "X-Forwarded-Ssl" => "on"
      }
      registry['registry_http_addr'] = "registry:5000"
      gitlab_rails['registry_enabled'] = true
      gitlab_rails['registry_host'] = "registry.example.com"
      gitlab_rails['registry_port'] = "443"
      gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
      gitlab_rails['registry_api_url'] = "http://registry:5000"
      gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/etc/registry.key"
      registry['internal_key'] = "-----BEGIN PRIVATE KEY-----\n....secret...==\n-----END PRIVATE KEY-----"
      gitlab_rails['gitlab_default_projects_features_container_registry'] = true

  ports:
    - "8822:22"
  volumes:
    - /opt/data/gitlab/gitlab/config:/etc/gitlab:Z
    - /opt/data/gitlab/gitlab/logs:/var/log/gitlab:Z
    - /opt/data/gitlab/gitlab/data:/var/opt/gitlab:Z
  networks:
    - mynet
  labels:
    - traefik.port=80
    - traefik.frontend.rule=Host:gitlab.example.com,registry.example.com
    - traefik.protocol=http

networks:
  mynet:
     driver: bridge

Does any one have a hint how to solve this issue? Any docker-compose.yml examples from working external Docker Registry Gitlab setups are welcome too.

Thanks.

Regards,
Philip

1 Like