Unable to log into container registry behind nginx reverse proxy

TorbenJ · November 5, 2020, 8:43pm

Hi there,

I’m trying to configure container registries on my Gitlab instance.
The Gitlab instance runs on docker using the gitlab/gitlab-ce:13.5.3-ce.0 image.

The host system runs an nginx reverse proxy for https support using let’s encrypt certificates.
Gitlab itself works fine but container registries don’t want to work.

In gitlab.rb I configured the following settings to enable CRs:

registry_external_url 'https://registry.domain.com'

### Settings used by GitLab application
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = "http://registry.domain.com:5050"
gitlab_rails['registry_port'] = "5050"
gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"

registry_nginx['enable'] = true
registry_nginx['proxy_set_headers'] = {
 "Host" => "$http_host",
 "X-Real-IP" => "$remote_addr",
 "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
 "X-Forwarded-Proto" => "https",
 "X-Forwarded-Ssl" => "on"
}

registry_nginx['listen_port'] = 5050
registry_nginx['listen_https'] = false

Nginx is configured to proxy_pass http://localhost:5050; any request on registry.domain.com.

The Container Registry entry now shows up in my repository and on the registry page it tells me to use docker login registry.domain.com:5050 to login using docker.

If I try this I get the error message Error response from daemon: Get "https://registry.domain.com:5050/v2/": http: server gave HTTP response to HTTPS client.
I got these quite often in the beginning of my configuration attempts so if I leave the port and just execute docker login registry.domain.com I now get Error response from daemon: Get "https://registry.domain.com/v2/": denied: access forbidden

That’s the furthest I came so far, no matter what I tried next I always ended up with this denied: access forbidden error. My account is the repository owner and Gitlab administrator, so permissions shouldn’t be an issue.

Currently I fell back to shotgun debugging, I looked up many posts on different sites but none of them got me any further.

I really hope anyone of you can help me out on this.

arejay73 · February 18, 2021, 5:41pm

Did you every get this solved? I am having the same problem.

arejay73 · February 18, 2021, 6:34pm

This topic got me further, but now I have error, “User interaction is not allowed.”

Topic		Replies	Views
Proxying to correct container registry ports How to Use GitLab	1	1698	February 1, 2019
Gitlab container registry behind nginx proxy How to Use GitLab	3	5405	June 11, 2019
GitLab Registry with existing Nginx reversed proxy (https) How to Use GitLab	0	1195	March 12, 2018
Container registry behind reverse proxy How to Use GitLab	12	25835	September 9, 2024
Container Registry can't be reacher, but shows in WebUI Self-managed	7	2677	August 6, 2021

Unable to log into container registry behind nginx reverse proxy

Related topics