Hi there,
Im currently trying to set up an external Docker Registry which should use Gitlab as authentication provider. I followed the documentation from https://docs.gitlab.com but when I try to do a docker login registry.example.com
it always says “Login Succeeded” even if I enter a completely wrong password… I’m running all these services as Docker containers behind a Traefik load balancer which terminates the SSL/TLS.
The Gitlab container shows the following error:
gitlab_1 | ==> /var/log/gitlab/gitlab-rails/production.log <==
gitlab_1 | Started GET "/v2/" for 172.19.0.1 at 2018-04-04 11:38:08 +0000
gitlab_1 | Processing by ApplicationController#route_not_found as HTML
gitlab_1 | Parameters: {"unmatched_route"=>"v2"}
gitlab_1 | Completed 401 Unauthorized in 2ms (ActiveRecord: 0.0ms)
The Docker-compose.yml parts of the registry and gitlab looks like this:
registry:
image: registry:2.6.2
volumes:
- /opt/data/gitlab/registry/certs:/opt/certs/:Z
- /opt/data/gitlab/registry/data:/opt/data:Z
environment:
- REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/opt/data
- REGISTRY_AUTH_TOKEN_REALM=https://gitlab/jwt/auth
- REGISTRY_AUTH_TOKEN_SERVICE=container_registry
- REGISTRY_AUTH_TOKEN_ISSUER=omnibus-gitlab-issuer
- REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/opt/certs/registry.crt
- REGISTRY_HTTP_SECRET=<my-secret>
- REGISTRY_LOG_LEVEL=info
networks:
- mynet
labels:
- traefik.enable=false
gitlab:
image: gitlab/gitlab-ce:10.4.3-ce.0
restart: always
depends_on:
- db
env_file:
- settings.env
environment:
GITLAB_OMNIBUS_CONFIG: |
### General GitLab settings
external_url 'https://gitlab.example.com'
nginx['listen_port'] = 80
nginx['listen_https'] = false
### Git settings
gitlab_rails['gitlab_shell_ssh_port'] = 8822;
gitlab_rails['lfs_enabled'] = true
gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"
# Monitoring
prometheus_monitoring['enable'] = false
### Registry settings
registry_nginx['proxy_set_headers'] = {
"Host" => "$http_host",
"X-Real-IP" => "$remote_addr",
"X-Forwarded-For" => "$proxy_add_x_forwarded_for",
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
registry['registry_http_addr'] = "registry:5000"
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = "registry.example.com"
gitlab_rails['registry_port'] = "443"
gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
gitlab_rails['registry_api_url'] = "http://registry:5000"
gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/etc/registry.key"
registry['internal_key'] = "-----BEGIN PRIVATE KEY-----\n....secret...==\n-----END PRIVATE KEY-----"
gitlab_rails['gitlab_default_projects_features_container_registry'] = true
ports:
- "8822:22"
volumes:
- /opt/data/gitlab/gitlab/config:/etc/gitlab:Z
- /opt/data/gitlab/gitlab/logs:/var/log/gitlab:Z
- /opt/data/gitlab/gitlab/data:/var/opt/gitlab:Z
networks:
- mynet
labels:
- traefik.port=80
- traefik.frontend.rule=Host:gitlab.example.com,registry.example.com
- traefik.protocol=http
networks:
mynet:
driver: bridge
Does any one have a hint how to solve this issue? Any docker-compose.yml
examples from working external Docker Registry Gitlab setups are welcome too.
Thanks.
Regards,
Philip