因此,我花了一些时间尝试为自托管的Gitlab服务器配置容器注册表。我对在5005端口上运行的Docker容器IS感到幸运,并且正在响应请求,但是每次尝试运行docker登录时,它都会失败。
因此设置:
服务器:Ubuntu 18.04 bionic
Gitlab版本:
- GitLab:
12.4.0 (1425a56c75b)
OMNIBUS
- GitLab Shell:
10.2.0
- GitLab主力军:
8.14.0
- GitLab API:
v4
- Ruby:
2.6.3p62
- 路轨:
5.2.3
gitlab.rb设置:
registry_external_url 'https://registry.<domain>.com'
### Settings used by GitLab application
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = "registry.<domain>.com"
gitlab_rails['registry_port'] = "5005"
gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
### Settings used by Registry application
registry['enable'] = true
registry['username'] = "registry"
registry['group'] = "registry"
registry['uid'] = nil
registry['gid'] = nil
registry['dir'] = "/var/opt/gitlab/registry"
registry['registry_http_addr'] = "127.0.0.1:5005"
registry['debug_addr'] = "localhost:5001"
registry['log_directory'] = "/var/log/gitlab/registry"
registry['env_directory'] = "/opt/gitlab/etc/registry/env"
registry['env'] = {}
registry['log_level'] = "info"
registry['rootcertbundle'] = "/etc/gitlab/ssl/fullchain.pem"
registry['health_storagedriver_enabled'] = true
registry['storage_delete_enabled'] = true
我使用的是我自己的Nginx安装,而不是Gitlab的预打包版本,并且使用了他们提供的设置:
server {
if ($host = registry.<domain>.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen *:80;
server_name registry.<domain>.com;
server_tokens off;
return 301 https://$http_host$request_uri;
access_log /var/log/nginx/gitlab_registry_access.log;
error_log /var/log/nginx/gitlab_registry_error.log;
}
server {
listen *:443 ssl http2;
server_name registry.<domain>.com;
server_tokens off;
client_max_body_size 0;
chunked_transfer_encoding on;
access_log /var/log/gitlab/nginx/gitlab_registry_access.log;
error_log /var/log/gitlab/nginx/gitlab_registry_error.log;
location ^~ /.well-known/acme-challenge {
allow all;
alias /var/www/acme;
}
location / {
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
proxy_pass http://localhost:5005;
}
ssl_certificate /etc/letsencrypt/live/registry.<domain>.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/registry.<domain>.com/privkey.pem; # managed by Certbot
}
现在我每次执行以下命令:docker login registry.<domain>.com
只会给我以下响应:
Error response from daemon: Get https://registry.<domain>.com/v2/: unauthorized: HTTP Basic: access denied
来自/var/log/gitlab/nginx/gitlab_registry_error.log
2019/11/04 12:36:16 [error] 30957#30957: *92 no live upstreams while connecting to upstream,client: <personal_ip>,server: registry.<domain>.com,request: "GET /v2/ HTTP/1.1",upstream: "http://localhost/v2/",host: "registry.<domain>.com"
2019/11/04 12:52:33 [error] 30957#30957: *320 connect() failed (111: Connection refused) while connecting to upstream,client: <server_ip>,upstream: "http://127.0.0.1:5005/v2/",host: "registry.<domain>.com"
2019/11/04 12:52:33 [error] 30957#30957: *324 no live upstreams while connecting to upstream,host: "registry.<domain>.com"
我不太确定下一步是什么,我一直在不停地谷歌搜索,但是没有真正的答案,我发现的大多数问题都与gitlab运行程序有关。
任何帮助将不胜感激,我只想知道我的设置是否有问题,我可以在输出日志中看到与connect()有关的内容,但是我不确定自己缺少什么或如何修复日志,以便如果有人可以将我指向正确的方向,将不胜感激。