文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
首页
学习
活动
专区
圈层
工具
MCP广场
返回腾讯云官网
社区首页 >问答首页 >带有外部nginx和omnibus的gitlab码头注册中心

带有外部nginx和omnibus的gitlab码头注册中心
EN

Stack Overflow用户
提问于 2017-12-01 00:26:51
回答 4查看 10.4K关注 0票数 12

我已经在一个码头容器中运行了一个gitlab服务器,在另一个码头容器中运行了一个外部的nginx服务器,所以gitlab nginx服务器被停用了。现在,我想使用gitlab服务器中包含的坞注册中心。

我试图从管理手册中获得信息:registry.html

并使用链接文件中的适当的nginx配置:https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl

我在gitlab.rb中添加了以下内容:

代码语言:javascript
复制
... 
registry_external_url 'url'
registry_nginx['enable'] = false
registry['enable'] = true
...

但如果我尝试登录(停靠者登录网址),我只得到一个502坏网关错误。我也尝试了一些其他的配置,但总是出现同样的错误。有人成功了吗?需要我添加更多的设置到总括文件,还是仍然不可能使用gitlab内部对接注册与总括和外部nginx?

nginx
gitlab
docker-registry
gitlab-omnibus
docker
EN

回答 4

Stack Overflow用户

回答已采纳

发布于 2018-04-02 15:44:37

好的,我开始工作了。

代码语言:javascript
复制
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
###################################
##         configuration         ##
###################################

upstream docker-registry {
 server <ip_of_gitlab_docker_container>:<port_of_gitlab_container>;
}

## Redirects all HTTP traffic to the HTTPS host
server {
  listen *:80;
  server_name  sub.domain.tld;
  server_tokens off; ## Don't show the nginx version number, a security best practice
  return 301 https://$http_host:$request_uri;
  access_log  /var/log/nginx/gitlab_registry_access.log;
  error_log   /var/log/nginx/gitlab_registry_error.log;
}


server {
  # If a different port is specified in https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182,
  # it should be declared here as well
  listen *:443 ssl http2;
  server_name  sub.domain.tld;
  server_tokens off; ## Don't show the nginx version number, a security best practice

  client_max_body_size 0;
  chunked_transfer_encoding on;

  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
   ssl on;
   ssl_certificate /etc/letsencrypt/live/sub.domain.tld/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/sub.domain.tld/privkey.pem;

  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_session_timeout  5m;

  access_log  /var/log/nginx/gitlab_registry_access.log;
  error_log   /var/log/nginx/gitlab_registry_error.log;


    location /
{
     # let Nginx know about our auth file
     proxy_pass http://docker-registry;
     proxy_set_header Host $host; # required for docker client's sake
     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
 }

 location /v2/ {
     # To add basic authentication to v2 use auth_basic setting plus
     # add_header
     add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
     proxy_pass http://docker-registry;
     proxy_set_header Host $http_host; # required for docker client's sake
     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_read_timeout 900;
 }

}

也许Andrioshe的nginx配置也能工作,但我在尝试时做了一些更改,并与其他配置混在一起。我觉得一个正常的码头配置文件也能用.以后再试一试。

但更重要的是gitlab的总括配置。

代码语言:javascript
复制
registry_external_url 'https://sub.domain.tld'
registry['registry_http_addr'] = "<ip_of_gitlab_docker_container>:<port_of_gitlab_container>"
registry_nginx['enable'] = false
registry['enable'] = true

重要的是将“regsitry_http_addr”设置为gitlab停靠注册中心ip和端口,而不是本地主机。

票数 8
EN

Stack Overflow用户

发布于 2018-03-09 23:08:20

我也遇到了和你一样的问题,并让它处理好了以下几个方面:

Nginx:

代码语言:javascript
复制
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
###################################
##         configuration         ##
###################################

## Redirects all HTTP traffic to the HTTPS host
server {
  listen *:80;
  server_name  registry.project-oc.de;
  server_tokens off; ## Don't show the nginx version number, a security best practice
  return 301 https://$http_host:$request_uri;
  access_log  /var/log/nginx/gitlab_registry_access.log;
  error_log   /var/log/nginx/gitlab_registry_error.log;
}

server {
  # If a different port is specified in https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182,
  # it should be declared here as well
  listen *:443 ssl http2;
  server_name  registry.project-oc.de;
  server_tokens off; ## Don't show the nginx version number, a security best practice

  client_max_body_size 0;
  chunked_transfer_encoding on;

  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
  ssl on;
  ssl_certificate /etc/letsencrypt/live/registry.project-oc.de/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/registry.project-oc.de/privkey.pem; # managed by Certbot

  ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_session_timeout  5m;

  access_log  /var/log/gitlab/nginx/gitlab_registry_access.log;
  error_log   /var/log/gitlab/nginx/gitlab_registry_error.log;

  location / {
    proxy_set_header  Host              $http_host;   # required for docker client's sake
    proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
    proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Proto $scheme;
    proxy_read_timeout                  900;

    proxy_pass          http://localhost:5000;
  }
}

gitlab.rb

代码语言:javascript
复制
registry_external_url 'https://registry.project-oc.de'
registry_nginx['listen_port'] = 5000
gitlab_rails['registry_enabled'] = true
registry_nginx['enable'] = false
registry['enable'] = true

编辑完这两个文件之后,您必须重新启动nginx和gitlab。

票数 4
EN

Stack Overflow用户

发布于 2021-04-16 19:46:05

上面的答案是好的,但不太适合我的设置,所以我将在这里添加我的配置,这样它可能会帮助到某人。我正在运行正式的GitLab码头形象与撰写,我已经设置了Traefik v2反向代理。这些设置是从官方的GitLab Omnibus设置中提取的。

在docker-Compose.yml的gitlab.rb环境变量部分:

代码语言:javascript
复制
gitlab_rails['registry_enabled'] = true
registry['enable'] = true
registry_external_url 'https://registry.example.com'
registry_nginx['listen_port'] = 80
registry_nginx['listen_https'] = false"

然后在docker-Compose.yml中使用以下标签:

代码语言:javascript
复制
- "traefik.http.routers.gitlab-registry.rule=Host(`registry.example.com`)"
- "traefik.http.routers.gitlab-registry.tls=true"
- "traefik.http.routers.gitlab-registry.entrypoints=websecure"
- "traefik.http.routers.gitlab-registry.service=gitlab-registry-service"
- "traefik.http.services.gitlab-registry-service.loadbalancer.server.port=80"

这些设置应该适用于注册表的相同或单独的域。运行注册表的nginx服务器被告知运行在端口80上的普通http上,这使得与Traefik集成非常容易。

票数 1
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/47584834

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2025 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 深公网安备号 44030502008569

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号 | 京公网安备号11010802020287

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档