How do I setup an insecure GitLab Container Registry on an instance of the GitLab Omnibus Docker Container?

Hi,

Maybe I’m doing the setup wrong, but I can’t seem to get the container registry to work. For some background, my GitLab server is not outward facing at all, but I’m hoping to make use of the container registry.

I guess to start, this is my docker-compose setup:

version: '3.7'

services:
    web:
        image: 'gitlab/gitlab-ce:latest'
        restart: always
        hostname: '10.1.1.13'
        environment:
            GITLAB_OMNIBUS_CONFIG: |
                external_url 'http://10.1.1.13'
                registry_external_url 'http://10.1.1.13:5000'
                # Add any other gitlab.rb configuration here, each on its own line
                gitlab_rails['smtp_enable'] = true
                gitlab_rails['smtp_address'] = "smtp.gmail.com"
                gitlab_rails['smtp_port'] = 587
                gitlab_rails['smtp_user_name'] = "email@gmail.com"
                gitlab_rails['smtp_password'] = "password"
                gitlab_rails['smtp_domain'] = "smtp.gmail.com"
                gitlab_rails['smtp_authentication'] = "login"
                gitlab_rails['smtp_enable_starttls_auto'] = true
                gitlab_rails['smtp_tls'] = false
                gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
                gitlab_rails['gitlab_email_from'] = 'email@gmail.com'
                gitlab_rails['gitlab_email_reply_to'] = 'email@gmail.com'
        ports:
            - '80:80'
            - '443:443'
            - '22:22'
            - '5000:5000'
        volumes:
            - '/docker/gitlab/config:/etc/gitlab'
            - '/docker/gitlab/logs:/var/log/gitlab'
            - '/docker/gitlab/data:/var/opt/gitlab'
            - '/docker/registry:/var/opt/gitlab/gitlab-rails/shared/registry'
        networks:
            - externalDockerBridgeNetwork

networks:
    externalDockerBridgeNetwork:
        external: true

According to this: https://docs.gitlab.com/ee/administration/container_registry.html#enable-the-container-registry
I only needed to configure a domain name as per instructions here: https://docs.gitlab.com/ee/administration/container_registry.html#container-registry-domain-configuration
from there, of the two methods it offered, the method I chose was: https://docs.gitlab.com/ee/administration/container_registry.html#configure-container-registry-under-an-existing-gitlab-domain
and I added this line registry_external_url 'http://10.1.1.13:5000' to my docker-compose file under environment. I did not add the other two lines pertaining to the certificates because I planned to setup an insecure registry, and do not have a certificate.
I also got the volume in the docker-compose file: /docker/registry:/var/opt/gitlab/gitlab-rails/shared/registry from here: https://docs.gitlab.com/ee/administration/container_registry.html#container-registry-storage-path
I restarted with docker-compose down and docker-compose up -d afterwards.

Then, I followed this link: https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry
and created a file named /etc/docker/daemon.json on my client machine and put this in it:

{
  "insecure-registries" : ["10.1.1.13:5000"]
}

from there, I restarted my daemon with sudo systemctl restart docker and tried docker login 10.1.1.13:5000
but I get this error: Error response from daemon: login attempt to http://10.1.1.13:5000/v2/ failed with status: 400 Bad Request

What am I doing wrong?

I get the sneaking suspicion that I’ve followed instructions to enable the feature on GitLab, but literally did nothing to setup and start a registry

1 Like

@weilun I am also in the same scenario and facing same issue. Did you find any solution for this?