我在example.domain.com
上运行了带有 docker 注册表的 docker
docker run -d -p 5000:5000 --restart=always --name registry
-v /etc/ssl/certs/:/certs
-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry
-v /git/docker_registry:/var/lib/registry
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/server.key
registry:2
我可以推送和拉取到这个 docker 注册表,但是当我尝试将其与在同一台机器上运行的 gitlab 连接时example.domain.com
gitlab.yml
配置:
registry:
enabled: true
host: example.domain.com
port: 5005
api_url: http://localhost:5000/
key: /etc/ssl/certs/server.key
path: /git/docker_registry
在Web浏览器中,在项目上启用docker注册表工作正常,但是当我转到项目页面并打开Regisry page
时,出现错误500
Gitlab 日志显示:
Started POST "/api/v3/internal/allowed" for 10.10.200.96 at 2016-11-25 10:15:01 +0100
Started POST "/api/v3/internal/allowed" for 10.10.200.96 at 2016-11-25 10:15:01 +0100
Started POST "/api/v3/internal/allowed" for 10.10.200.96 at 2016-11-25 10:15:01 +0100
Started GET "/data-access-servicess/centipede-rest/container_registry" for 10.11.0.232 at 2016-11-25 10:15:01 +0100
Processing by Projects::ContainerRegistryController#index as HTML
Parameters: {"namespace_id"=>"data-access-servicess", "project_id"=>"centipede-rest"}
Completed 500 Internal Server Error in 195ms (ActiveRecord: 25.9ms)
Faraday::ConnectionFailed (wrong status line: "x15x03x01x00x02x02"):
lib/container_registry/client.rb:19:in `repository_tags'
lib/container_registry/repository.rb:22:in `manifest'
lib/container_registry/repository.rb:31:in `tags'
app/controllers/projects/container_registry_controller.rb:8:in `index'
lib/gitlab/request_profiler/middleware.rb:15:in `call'
lib/gitlab/middleware/go.rb:16:in `call'
和 Docker 注册表日志:
2016/11/25 09:15:01 http: TLS handshake error from 172.17.0.1:44608: tls: first record does not look like a TLS handshake
问题是 gitlab 尝试通过 http 而不是 httpS 连接到注册表。因此,您收到TLS握手错误。
将 gitlab 配置从
registry:
api_url: http://localhost:5000/
自
registry:
api_url: https://localhost:5000/
如果您使用的是自签名证书,请不要忘记在安装了 gitlab 的计算机上信任它。请参阅 -> https://docs.docker.com/registry/insecure/#troubleshooting-insecure-registry