因此，我花了一些时间尝试为自托管的Gitlab服务器配置容器注册表。我对在5005端口上运行的Docker容器IS感到幸运，并且正在响应请求，但是每次尝试运行docker登录时，它都会失败。

因此设置：

服务器：Ubuntu 18.04 bionic

Gitlab版本：

• GitLab：12.4.0 (1425a56c75b) OMNIBUS
• GitLab Shell：10.2.0
• GitLab主力军：8.14.0
• GitLab API：v4
• Ruby：2.6.3p62
• 路轨：5.2.3

gitlab.rb设置：

registry_external_url 'https://registry.<domain>.com'

### Settings used by GitLab application
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = "registry.<domain>.com"
gitlab_rails['registry_port'] = "5005"
gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"

### Settings used by Registry application
registry['enable'] = true
registry['username'] = "registry"
registry['group'] = "registry"
registry['uid'] = nil
registry['gid'] = nil
registry['dir'] = "/var/opt/gitlab/registry"
registry['registry_http_addr'] = "127.0.0.1:5005"
registry['debug_addr'] = "localhost:5001"
registry['log_directory'] = "/var/log/gitlab/registry"
registry['env_directory'] = "/opt/gitlab/etc/registry/env"
registry['env'] = {}
registry['log_level'] = "info"
registry['rootcertbundle'] = "/etc/gitlab/ssl/fullchain.pem"
registry['health_storagedriver_enabled'] = true
registry['storage_delete_enabled'] = true

我使用的是我自己的Nginx安装，而不是Gitlab的预打包版本，并且使用了他们提供的设置：

server {
    if ($host = registry.<domain>.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen *:80;
    server_name  registry.<domain>.com;
    server_tokens off;
    return 301 https://$http_host$request_uri;
    access_log  /var/log/nginx/gitlab_registry_access.log;
    error_log   /var/log/nginx/gitlab_registry_error.log;


}

server {
    listen *:443 ssl http2;
    server_name  registry.<domain>.com;
    server_tokens off;
    client_max_body_size 0;
    chunked_transfer_encoding on;
    access_log  /var/log/gitlab/nginx/gitlab_registry_access.log;
    error_log   /var/log/gitlab/nginx/gitlab_registry_error.log;

    location ^~ /.well-known/acme-challenge { 
        allow all; 
        alias /var/www/acme;
    }

    location / {
        proxy_set_header  Host              $http_host;   # required for docker client's sake
        proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto $scheme;
        proxy_read_timeout                  900;
        proxy_pass          http://localhost:5005;
    }

    ssl_certificate /etc/letsencrypt/live/registry.<domain>.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/registry.<domain>.com/privkey.pem; # managed by Certbot
}

现在我每次执行以下命令：docker login registry.<domain>.com只会给我以下响应：

Error response from daemon: Get https://registry.<domain>.com/v2/: unauthorized: HTTP Basic: access denied

来自/var/log/gitlab/nginx/gitlab_registry_error.log

2019/11/04 12:36:16 [error] 30957#30957: *92 no live upstreams while connecting to upstream,client: <personal_ip>,server: registry.<domain>.com,request: "GET /v2/ HTTP/1.1",upstream: "http://localhost/v2/",host: "registry.<domain>.com"
2019/11/04 12:52:33 [error] 30957#30957: *320 connect() failed (111: Connection refused) while connecting to upstream,client: <server_ip>,upstream: "http://127.0.0.1:5005/v2/",host: "registry.<domain>.com"
2019/11/04 12:52:33 [error] 30957#30957: *324 no live upstreams while connecting to upstream,host: "registry.<domain>.com"

我不太确定下一步是什么，我一直在不停地谷歌搜索，但是没有真正的答案，我发现的大多数问题都与gitlab运行程序有关。

任何帮助将不胜感激，我只想知道我的设置是否有问题，我可以在输出日志中看到与connect（）有关的内容，但是我不确定自己缺少什么或如何修复日志，以便如果有人可以将我指向正确的方向，将不胜感激。