问GitLab专用注册表-登录错误

EN

$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://gitlab.MYDOMAIN:4501/v2/: denied: access forbidden

- registry url is reachable from outside (can call it from my browser with the default response `UNAUTHORIZED - authentication required`

image: docker

services:
  - name: docker:dind
    command: ["--insecure-registry=gitlab.MYDOMAIN:4501"]

before_script:
  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

stages:
  - build

build:
  stage: build
  script:
    - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG .
    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
  only:
    - master

concurrent = 1
check_interval = 0

[[runners]]
  name = "olaf"
  url = "https://gitlab.MYDOMAIN"
  token = "xxxxxxxxxxxxx"
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "ruby:2.1"
    privileged = true
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0
  [runners.cache]

$ docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 18.05.0-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: xxxxxxxxxxxxxxxx
runc version: xxxxxxxxxxxxxxx
init version: xxxxxxxxx
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.0-6-amd64
Operating System: Alpine Linux v3.7 (containerized)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.29GiB
Name: xxxxxxxxxxxxx
ID: xxxxxxxxxxxxxx
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 gitlab.MYDOMAIN:4501
 127.0.0.0/8
Live Restore Enabled: false

Running with gitlab-runner 10.8.0 (079aad9e)
  on olaf 2467327f
Using Docker executor with image docker ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
Using docker image sha256:1f44348b3ad523d5dc4ae7d53bd873879e06e0df2d686e9029a666945443ef42 for docker:dind ...
Waiting for services to be up and running...
Pulling docker image docker ...
Using docker image sha256:2232c0bbbb8cc9238eefc10721db5662156a2624bc7405dc1cade624dde9aaec for docker ...
Running on runner-2467327f-project-17-concurrent-0 via 4ba803c01c0b...
Fetching changes...
HEAD is now at c8dff7b Update .gitlab-ci.yml
warning: redirecting to https://gitlab.MYDOMAIN:443/kwinkel/imagetest.git/
From http://gitlab.MYDOMAIN/kwinkel/imagetest
   c8dff7b..dc1b150  master     -> origin/master
Checking out dc1b1501 as master...
Skipping Git submodules setup
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://gitlab.MYDOMAIN:4501/v2/: denied: access forbidden
ERROR: Job failed: exit code 1

2018-06-02_19:27:03.50891 time="2018-06-02T19:27:03.50886204Z" level=warning msg="error authorizing context: authorization token required" 
environment=production go.version=go1.9.2 http.request.host="registry.gitlab.MYDOMAIN:4567" 
http.request.id=336c98a1-743a-47a5-9760-c20f5b77116a http.request.method=GET http.request.remoteaddr=- http.request.uri="/v2/" 
http.request.useragent="docker/18.03.1-ce go/go1.9.5 git-commit/9ee9f40 kernel/4.9.0-6-amd64 os/linux arch/amd64 
UpstreamClient(Docker-Client/18.03.1-ce \\(linux\\))" instance.id=1024a4ad-7a80-49c9-92c6-77cbcff85bf6 service=registry version=v2.6.2-2-g91c17ef