Gitalb gotchas
Jump to navigation
Jump to search
Enable GitLab Container Registry on an instance running HAProxy. Edit /etc/gitlab/gitlab.rb GitLab configuration file to define registry address. registry_external_url 'https://registry.example.org/' Beware, parameters like nginx['listen_https'] = false and nginx['listen_port'] = 80 have no effect here. Ensure that /etc/gitlab/ssl directory exists. $ sudo mkdir /etc/gitlab/ssl Generate a self-signed SSL certificate. $ sudo openssl req -subj "/commonName=registry.example.org/" -x509 -nodes -days 730 -newkey rsa:2048 -keyout /etc/gitlab/ssl/registry.example.org.key -out /etc/gitlab/ssl/registry.example.org.crt Reconfigure GitLab instance. $ sudo gitlab-ctl reconfigure
Working config for iwillfearnoevil.com
Caution must be used, as using a WC cert, does to allow for registry.gitlab, and TBH should be by IP. However the ELB/HAProxy host can have the registry and forward to 5050 for outside world connections
External URL is what the local machine is offering, a different name can be used on a LB and forward TO that external URL. Same deal with registry, however it is an odd duck. Recommend using IP address from what is seen over the internet.
Gitlab BUG describing this behavior
external_url 'http://gitlab01.iwillfearnoevil.com' letsencrypt['enable'] = false registry_external_url 'https://192.168.15.190:5050' nginx['enable'] = true nginx['redirect_http_to_https'] = true nginx['ssl_certificate'] = '/etc/gitlab/ssl/iwillfearnoevil.com.pem' nginx['ssl_certificate_key'] = '/etc/gitlab/ssl/iwillfearnoevil.com.pem' registry_nginx['enable'] = true registry_nginx['listen_port'] = 5050 registry_nginx['ssl_certificate'] = '/etc/gitlab/ssl/iwillfearnoevil.com.pem' registry_nginx['ssl_certificate_key'] = '/etc/gitlab/ssl/iwillfearnoevil.com.pem'