Hi, I am trying to get my docker registry running again.
First my setup: The Gitlab WebGUI is behind a reverse proxy (ports 80 and 443). The SSH Port for cloning and the docker registry (port 5005) are bind to my public IPv4 address. I have a lets encrypt certificate which is configured on my nginx reverse proxy. My gitlab runs in a docker environment.
Now I tried to configure my docker registry in “gitlab.rb” to use the same certificate. To do that I copied the fullchain.pem and privkey.pem to mydomain.crt and mydomain.key under /etc/gitlab/ssl.
This is what I configured in “gitlab.rb”:
registry_external_url 'https://mydomain:5005' gitlab_rails['registry_enabled'] = true gitlab_rails['registry_host'] = "mydomain" gitlab_rails['registry_port'] = "5005" gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" registry_nginx['enable'] = true registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/mydomain.crt" registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/mydomain.key"
When I try to login with docker or try to let a runner running (I already had gitlab registry in use but then I switched to reverse proxy and also changed the domain) I get the following error:
ERROR: Preparation failed: Error response from daemon: Get https://mydomain:5005/v2/: x509: certificate signed by unknown authority (executor_docker.go:175:0s)
I also have read the documentation on Container Registry in Gitlab (https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-container-registry-under-its-own-domain) and tried the Troubleshooting steps. The problem here is that the logs are not very detailed and not very helpful.
Does anybody know what I am doing wrong?