GitLab Registry with existing Nginx reversed proxy (https)

Hello gitlab community,

I got problems with enabling my gitlab docker registry. I tried to do it like the example in the gitlab docs but I actually stuck with getting the docker registry enabled.


upstream registry {
  server gitlab_gitlab:5000;

## Redirects all HTTP traffic to the HTTPS host
server {
  listen 80;
  return 301 https://$http_host:$request_uri;
  access_log  /var/log/nginx/gitlab_registry_access.log;
  error_log   /var/log/nginx/gitlab_registry_error.log;

server {
  # If a different port is specified in,
  # it should be declared here as well
  listen 443 ssl http2;

  client_max_body_size 0;
  chunked_transfer_encoding on;

  ssl on;
  # ssl_certificate /path/to/cert;
  # ssl_certificate_key /path/to/certkey;

  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_session_timeout  5m;

  access_log  /var/log/nginx/gitlab_registry_access.log;
  error_log   /var/log/nginx/gitlab_registry_error.log;

  location / {
    proxy_set_header  Host              $http_host;   # required for docker client's sake
    proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
    proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Proto $scheme;
    proxy_read_timeout                  900;

    proxy_pass          http://registry;

    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot


registry_external_url ''
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_port'] = "5005"
registry['enable'] = true

I actually tested it with

docker login docker login
and I get a “connection refused”. I already checked my firewall.