Registry served by traefik: 400 http error

I’m configuring gitlab with registry with docker behind a traefik load balancer.
I got to the point that gitlab shows the registry active (packages/registry) and suggests how to push an image, but I cannot even login.

I close the ssl endpoint correctly in traefix and reach nginx on a domain, and nginx is configured to proxy to http://localhost:5000 w/o encryption:

  location / {

    proxy_set_header Host $http_host_with_default;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-Ssl on;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    proxy_read_timeout                  900;
    proxy_cache off;
    proxy_buffering off;
    proxy_request_buffering off;
    proxy_http_version 1.1;

    proxy_pass          http://localhost:5000;

My believe is that it is possible to reach the registry in this way as this is that default configuration, but I’d appreciate a confirmation by somebody that knows better the registry.

The problem is that if I try to login:

docker login -u my_account registry.gitlab.mydomain
Error response from daemon: login attempt to failed with status: 400 Bad Request

I see the request in nginx logs gitlab_registry_access.log but I don’t see it in gitlab_registry_error.log
and that’s strange for me.

As 400 is a symptom that request is wrong I would believe that registry is expecting ssl but I don’t see any way to set it.

I’m currently on 12.3 and an upgrade is scheduled within this week, in case this has change in some way.

I’d appreciate any hints or suggestion on how to debug.

Solved. By mistake I copied the nginx configuration from global section. The default (not adding any configuration) is already correct.

In particular the problematic lines where:

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

At this point I can correctly login with docker and upload a docker image.

1 Like

@sandroden So glad you were able to solve this quickly!

Welcome to the forum, and don’t hesitate to reach back out if you need anything at all! :blush: