Troubles enabling Container Registry behind Traefik reverse proxy


I’ve started putting up my self-hosted Gitlab instance and I’m putting it behind a Traefik2 reverse proxy. Everything is working, I can reach gitlab just fine and the ssh connection also works. Gitlab runners are already active.

However now I’m trying to get the container registry up and running and I have not been able to do that so I’m going to the experts.

I use the latest version of Gitlab-ce via docker-compose. Below you will find the contents of my compose file.

Normally most of my stuff is behind an OAUTH instance but in this case I already tried to not put the registry behind that.

    image: gitlab/gitlab-ce:latest
    container_name: gitlab
        ipv4_address: # You can specify a static IP
      - no-new-privileges:true
    restart: always
    hostname: gitlab.$DOMAINNAME_CLOUD_SERVER
      - $DOCKERDIR/appdata/gitlab/data:/var/opt/gitlab
      - $DOCKERDIR/appdata/gitlab/logs:/var/log/gitlab
      - $DOCKERDIR/appdata/gitlab/config:/etc/gitlab
      - github_omniauth_app_id
      - github_omniauth_app_secret
        external_url 'http://gitlab.$DOMAINNAME_CLOUD_SERVER'
        nginx['listen_port'] = 80
        nginx['listen_https'] = false
        nginx['proxy_set_headers'] = {
          "X-Forwarded-Proto" => "https",
          "X-Forwarded-Ssl" => "on"
        registry_external_url 'http://registry.$DOMAINNAME_CLOUD_SERVER'
        registry['enable'] = true
        registry_nginx['listen_https'] = false
        registry_nginx['listen_port'] = 5005
        registry_nginx['proxy_set_headers'] = {
          "X-Forwarded-Proto" => "https",
          "X-Forwarded-Ssl" => "on"
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.gitlab-rtr.entrypoints=https"
      - "traefik.http.routers.gitlab-rtr.rule=Host(`gitlab.$DOMAINNAME_CLOUD_SERVER`)"
      ## Middlewares
      - "traefik.http.routers.gitlab-rtr.middlewares=chain-oauth@file"
      ## HTTP Services
      - "traefik.http.routers.gitlab-rtr.service=gitlab-svc"
      - ""
      # To ensure ssh works
      - 'traefik.tcp.routers.gitlab-ssh.entrypoints=ssh'
      - 'traefik.tcp.routers.gitlab-ssh.rule=HostSNI(`*`)'
      - 'traefik.tcp.routers.gitlab-ssh.service=gitlab-ssh-svc'
      - ''
      ## HTTP Routers
      - "traefik.http.routers.gitlab-registry.entrypoints=https"
      - "traefik.http.routers.gitlab-registry.rule=Host(`registry.$DOMAINNAME_CLOUD_SERVER`)"
      ## Middlewares
      - "traefik.http.routers.gitlab-registry.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.gitlab-registry.service=gitlab-registry-svc"
      - ""

What have I tried
I have tried various settings combinations for the GITLAB_OMNIBUS_CONFIG but I cannot find the correct working one.

With the example above when I do a docker login -u USER -p TOKEN I end up with a:

Error response from daemon: Get "": unable to decode token response: invalid character '<' looking for beginning of value

I already searched the forum for various topics on this subject but they have not given me the right answer yet unfortunately.

Topics like:

Thanks for taking the time to be thorough in your request, it really helps! :blush: