Using CI to build with docker-compose but cannot login to registry with self-signed cert

Using CI/CD to build with docker-compose but cannot login to registry with self-signed cert

I’m have project which I want to deploy using CI/CD. We use docker-compose to build (and deploy) the project. It’s an internal project so the registry that we’re using on our internal gitlab instance (running on docker) is using a self-signed certificate.

When I try to docker login to our registry, it fails with the error message:

$ echo “pqz5e8KcbsjkGfqDSLA7” | docker login -u referral-manager --password-stdin $CI_REGISTRY
time=“2020-06-25T04:39:50Z” level=info msg=“Error logging in to v2 endpoint, trying next endpoint: Get x509: certificate signed by unknown authority”
Get x509: certificate signed by unknown authority

After quite a lot of looking around I found some instructions on

Describe your question in as much detail as possible:

  • What are you seeing, and how does that differ from what you expect to see?

  • Consider including screenshots, error messages, and/or other helpful visuals

  • What version are you on? Are you using self-managed or

    • GitLab (Hint: /help):
    • Runner (Hint: /admin/runners):
  • Add the CI configuration from .gitlab-ci.yml and other configuration if relevant (e.g. docker-compose.yml)

  • What troubleshooting steps have you already taken? Can you link to any docs or other resources so we know where you have been?

Thanks for taking the time to be thorough in your request, it really helps! :blush:

Hello there,

This looks like you may need help with an insecure registry for docker rather than gitlab ci.

You can check out this docker link on how to use insecure registries.

This was a mangled first try to submit this post which I cannot work out how to delete. Sigh. I posted a fuller description of what I was seeing here

I had seen that page that you reference and I can’t work out how to set up the self-signed cert so I can login to the registry. I had thought that the:

command: ["–”]

would be passed into the container to set up the insecure registry config. I tried following how the scripts in the docker:dind image handle the arguments but I got very lost.