Using private networking for CI builds / registry

I’ve got a GitLab CE instance installed via omnibus running on a VPS, and I have a runner on a separate VPS in the same datacenter. My datacenter provides private networking between hosts, with no data caps and much higher transfer speeds than using the public interfaces.

My question is, has anyone set up a CI runner to connect to a GitLab Docker Registry via private networking? This should significantly reduce pull/push time.

Documentation for the GitLab Container Registry with CI runner proposes the following sample configuration:

 build:
   image: docker:latest
   services:
   - docker:dind
   stage: build
   script:
     - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.example.com
     - docker build -t registry.example.com/group/project:latest .
     - docker push registry.example.com/group/project:latest

I didn’t find any relevant settings for GitLab nor GitLab multi-runner that would help. Using the above example as a template for discussion, I tried changing

docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.example.com

to

docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN private_registry.example.com

where private_registry.example.com was set as a DNS A record to the private IP of the GitLab CE host. But I got an error during prebuild:

Checking out 284260f2 as master...
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN private_registry.example.com
Error response from daemon: Get https://private_registry.example.com/v1/users/: dial tcp w.x.y.z:443: getsockopt: connection refused
ERROR: Build failed: exit status 1

Anyone waded into these waters before? Is there any documentation I’m missing?