Hi!
I have the Ubuntu server with docker+ docker registry (https://git-registry.local.com/v2/_catalog
I install GitLab-ee server to this server (It is currently working on a port 80). But I want it to answer the URL https://git-gitlab.local.com
How it is possible? Need used GitLab-Nginx for other URL! Or maybe need install individual Nginx!
Nginx reverse proxy can split every source URL to own dns name? And what is the example!?
By default after installing, GitLab nginx is enabled?
This work. I see both site as https. But registry is a problem for remote images push to registry. I didn’t find how registry:2 allow remote access with HTTP
I resolv it. I configure all remote docker hosts for insecure-registries:
cat > /etc/docker/daemon.json
{
“insecure-registries” : [“hostanme.ip:5000”]
}
and add in nginx.conf sub http
#set client body size to *M #
client_max_body_size 1024M;
Well done. I assume that you’re using your own CA for the certificates?! Have a look here. Place the CA cert in the described directory and you don’t need the insecure setting. For me it works without the port included in the directory name.
The client_max_body_size if 1G is probably a bit small when you try to push larger images…
What OS you’re using? Some OS probably using different path - refer to the docker link I provided earlier. Provide the logs when you discover error during the pull operation.
What release of GitLab you’re using, there were some changes with the certificates handling?
The configuration you mentioned under point 1 and 2 is not necessary I would say. I do not use them and push and pull works fine.
To what you mentioned in point 3 the following:
I’m using only the CA certificate nothing else. Including the entire chain should work.
Using IP adresses in certificates is probably not the best choice, use a CNAME!
I don’t know godady - just try to access a URL with such a certificate with Chrome or Firefox. When the browser worrying about the authentizity it is not part of the system certificate key chain and not accepted by any tool.
It’s not such an easy think to configure the SSL configuration. I spend a lot of time. Use Google when you have error messages during access.
I use Ubuntu (16.04 UP) and Debian (8 UP) OS. This server is a Ubuntu 17.
I use GitLab-ee latest
After 1) 2) 3) configured to all remote docker and Kubernetes hosts. Deploy (pull/push) happened well. Which method helped I don’t know. Most likely ca.crt, because I don’t restart any dockers daemon.