What are the requirements for configuring a container registry under its own domain

We currently have the container registry working for our self-hosted Omnibus GitLab instance (running 16.0.1). It is running on port 5050. We now want to move that off of our gitlab.mycompany.com to a new registry.mycompany.com machine. The documentation for doing so (GitLab Container Registry administration | GitLab) just seems to make a bunch of assumptions as to the configuration of the new registry.mycompany.com machine. I am hoping someone can clarify things for us.

What should be installed on the registry.mycompany.com machine to have the registry running there? I assume it’s another GitLab Omnibus installation but configured to just run the registry (similar to what we did to enable Pages on another server). However, the documentation says nothing about that…at least as far as I can understand them. It seems like all you need to do is to have registry.mycompany.com available as a host. We created a new RHEL VM to serve as registry.mycompany.com and installed a GitLab Omnibus instance. Is that what we should have done? We are now struggling with authentication to registry.mycompany.com at the moment. I’m not convinced we are doing things correctly though.

Replying to my own post here with a question. We are struggling to get a container registry up and running on registry.mycompany.com and I think it boils down to the GitLab documentation not being clear at all. When standing up a container registry on a separate machine, we see two options:

  1. Install a second GitLab Omnibus instance and have it run the container registry. Our gitlab.mycompany.com server will be configured to point to the registry running on the GitLab Omnibus instance on registry.mycompany.com.

  2. Install a Docker registry on registry.mycompany.com and configure our GitLab instance to point to that registry. The complication here is how does authentication work.

Which one is the correct option? Or is there a third option?

You don’t need to install a second Gitlab instance, and you don’t need docker either.

It’s enough to configure /etc/gitlab/gitlab.rb with the following:

registry_external_url 'https://registry.mycompany.com'
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = "registry.mycompany.com"

make sure your external_url is not the same as your registry url, but I think you have that configured as gitlab.mycompany.com if so then that means it will be OK.

I use that configuration, and it works, with both available on HTTPS port 443. Obviously after editing gitlab.rb:

gitlab-ctl reconfigure
gitlab-ctl restart

nice guide,
but my Gitlab server run by IP and it does not run by domain name.
Gitlab CE install on ubuntu server and we use it for our local projects.
I want run container registry on this server.
the option of Container registry not enable by default on on Deploy option
I use V16.7.3 CE edition

Since you want to do it via a single IP address, then you need to configure as per the docs exposing the port (single domain). My example above was for multiple domains whereby for example gitlab.example.com is for normal gitlab access, and registry.example.com is for container registry access.

The Gitlab docs explain how to do for single domain (IP in your case): GitLab container registry administration | GitLab the key part being you use a specific port - since you cannot use port 443 for Gitlab and Container registry at the same time on a single domain entry, or single IP address. If you want to do as per my example above, but without domains, then you would need to make sure your server has two IP addresses - one for Gitlab, one for registry.

If I can add another IP for this server , how I config gitlab.rb for Container registry by IP?

It’s in the documentation:

registry_external_url 'https://gitlab.example.com:5050'

change hostname/domain to IP of server (the same as also explained in my previous post in this topic when giving a working example for someone). I don’t use it with IP - I use proper host and domain names which I also encourage that you also use as well, since this is the proper way to use Gitlab, as with pretty much any application that should be accessed. A hostname/domain name is far easier to remember, and makes things like configuring something far easier.

I wish this work with http
my Gitlab server use http

Then you need to configure Docker or whatever you are using with the insecure-registries option.