Gitalb gotchas: Difference between revisions
Jump to navigation
Jump to search
(Created page with " [https://sleeplessbeastie.eu/2020/06/29/how-to-enable-gitlab-container-registry/| Source Notes] <pre> Enable GitLab Container Registry on an instance running HAProxy. Edit...") |
mNo edit summary |
||
| Line 42: | Line 42: | ||
registry_nginx['ssl_certificate_key'] = '/etc/gitlab/ssl/iwillfearnoevil.com.pem' | registry_nginx['ssl_certificate_key'] = '/etc/gitlab/ssl/iwillfearnoevil.com.pem' | ||
</pre> | </pre> | ||
Login gotcha: you must sudo!! | |||
<pre> | |||
chubbard@guyver-office:~$ docker login --username chubbard gitlab01.iwillfearnoevil.com:5050 | |||
Password: | |||
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.24/auth: dial unix /var/run/docker.sock: connect: permission denied | |||
chubbard@guyver-office:~$ sudo docker login --username chubbard gitlab01.iwillfearnoevil.com:5050 | |||
Password: | |||
WARNING! Your password will be stored unencrypted in /root/.docker/config.json. | |||
Configure a credential helper to remove this warning. See | |||
https://docs.docker.com/engine/reference/commandline/login/#credentials-store | |||
Login Succeeded | |||
chubbard@guyver-office:~$ | |||
</pre> | |||
[[Category:Gitlab]] | [[Category:Gitlab]] | ||
Revision as of 16:46, 3 February 2022
Enable GitLab Container Registry on an instance running HAProxy. Edit /etc/gitlab/gitlab.rb GitLab configuration file to define registry address. registry_external_url 'https://registry.example.org/' Beware, parameters like nginx['listen_https'] = false and nginx['listen_port'] = 80 have no effect here. Ensure that /etc/gitlab/ssl directory exists. $ sudo mkdir /etc/gitlab/ssl Generate a self-signed SSL certificate. $ sudo openssl req -subj "/commonName=registry.example.org/" -x509 -nodes -days 730 -newkey rsa:2048 -keyout /etc/gitlab/ssl/registry.example.org.key -out /etc/gitlab/ssl/registry.example.org.crt Reconfigure GitLab instance. $ sudo gitlab-ctl reconfigure
Working config for iwillfearnoevil.com
Caution must be used, as using a WC cert, does to allow for registry.gitlab, and TBH should be by IP. However the ELB/HAProxy host can have the registry and forward to 5050 for outside world connections
External URL is what the local machine is offering, a different name can be used on a LB and forward TO that external URL. Same deal with registry, however it is an odd duck. Recommend using IP address from what is seen over the internet.
Gitlab BUG describing this behavior
external_url 'http://gitlab01.iwillfearnoevil.com' letsencrypt['enable'] = false registry_external_url 'https://192.168.15.190:5050' nginx['enable'] = true nginx['redirect_http_to_https'] = true nginx['ssl_certificate'] = '/etc/gitlab/ssl/iwillfearnoevil.com.pem' nginx['ssl_certificate_key'] = '/etc/gitlab/ssl/iwillfearnoevil.com.pem' registry_nginx['enable'] = true registry_nginx['listen_port'] = 5050 registry_nginx['ssl_certificate'] = '/etc/gitlab/ssl/iwillfearnoevil.com.pem' registry_nginx['ssl_certificate_key'] = '/etc/gitlab/ssl/iwillfearnoevil.com.pem'
Login gotcha: you must sudo!!
chubbard@guyver-office:~$ docker login --username chubbard gitlab01.iwillfearnoevil.com:5050 Password: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.24/auth: dial unix /var/run/docker.sock: connect: permission denied chubbard@guyver-office:~$ sudo docker login --username chubbard gitlab01.iwillfearnoevil.com:5050 Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded chubbard@guyver-office:~$