Setting up GitLab Private Registry as Nexus Docker Proxy Repository

ashish_s · February 23, 2023, 5:23pm

Dear All,

We are trying to setup a GitLab private container registry as nexus docker proxy repository. Nexus is running in as airgap environment and accessing gitlab via proxy server. We have trusted all the required SSL certs (of gitlab and proxy) in Nexus.

However when we are trying to pull images stored in gitlab, we keep getting manifest unknown error as mentioned below. We also notice that nexus automatically adds v2 in front of registry name, not sure if there is any way to avoid this.

admin org-sonatype.nexus. repository. docker. internal. v2Handlers - Is the remote url a valid docker endpoint? Remote host https://registry.qutlab.com/ with path /v2/<registry_name>/manifests /<version> did not return the expected response. Error message: manitest unknown

Kindly suggest if we need to configure some properties differently, and how can we overcome this issue?

TIA.

legoguy1000 · March 21, 2023, 7:27pm

I too have run into this and am hoping for a solution.

ashish_s · March 28, 2023, 10:50am

Just to share quick update on this (still issue persists):

We further figured out that proxy doesn’t have any role (or concern) here
If we allow all outbound internet traffic (from nexus server) this starts to work fine
But if we only allow registry.gitlab.com traffic this gives the error as shared above.

So now the question is - Which additional URLs (outbound) we need to allow/whitelist so this would work fine.

legoguy1000 · March 28, 2023, 10:39pm

What was ur config in nexus to make it work. I can’t seem to get it to work at all and I don’t have any outbound firewall rules

ashish_s · March 29, 2023, 1:28am

@legoguy1000 As I mentioned above, its still not yet fixed for us as we are not allowed to make server internet facing to allow all outbound traffic.
Is you server airgap? If you have internet access then standard nexus docker proxy configuration should work.