What are the requirements for configuring a container registry under its own domain

We currently have the container registry working for our self-hosted Omnibus GitLab instance (running 16.0.1). It is running on port 5050. We now want to move that off of our gitlab.mycompany.com to a new registry.mycompany.com machine. The documentation for doing so (GitLab Container Registry administration | GitLab) just seems to make a bunch of assumptions as to the configuration of the new registry.mycompany.com machine. I am hoping someone can clarify things for us.

What should be installed on the registry.mycompany.com machine to have the registry running there? I assume it’s another GitLab Omnibus installation but configured to just run the registry (similar to what we did to enable Pages on another server). However, the documentation says nothing about that…at least as far as I can understand them. It seems like all you need to do is to have registry.mycompany.com available as a host. We created a new RHEL VM to serve as registry.mycompany.com and installed a GitLab Omnibus instance. Is that what we should have done? We are now struggling with authentication to registry.mycompany.com at the moment. I’m not convinced we are doing things correctly though.

Replying to my own post here with a question. We are struggling to get a container registry up and running on registry.mycompany.com and I think it boils down to the GitLab documentation not being clear at all. When standing up a container registry on a separate machine, we see two options:

  1. Install a second GitLab Omnibus instance and have it run the container registry. Our gitlab.mycompany.com server will be configured to point to the registry running on the GitLab Omnibus instance on registry.mycompany.com.

  2. Install a Docker registry on registry.mycompany.com and configure our GitLab instance to point to that registry. The complication here is how does authentication work.

Which one is the correct option? Or is there a third option?

You don’t need to install a second Gitlab instance, and you don’t need docker either.

It’s enough to configure /etc/gitlab/gitlab.rb with the following:

registry_external_url 'https://registry.mycompany.com'
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = "registry.mycompany.com"

make sure your external_url is not the same as your registry url, but I think you have that configured as gitlab.mycompany.com if so then that means it will be OK.

I use that configuration, and it works, with both available on HTTPS port 443. Obviously after editing gitlab.rb:

gitlab-ctl reconfigure
gitlab-ctl restart